Update to 2022-08-29 11:00

This commit is contained in:
Daniel Berteaud
2022-08-29 11:00:17 +02:00
parent f17ab3267b
commit b213df4df4
30 changed files with 282 additions and 29 deletions

View File

@@ -0,0 +1,23 @@
---
# Port on which the controller will listen for plain (http) requests
linctl_api_port: 3370
# List of IP/CIDR for which the API port will be opened
linctl_api_src_ip: []
# List of linstor controllers. Default is only localhost:3370 but when using HA you can define
# a list of controllers to try, the first answering will be used
linctl_controllers:
- http://localhost:3370
# When HA is enabled, ansible will not try to start or enabled the service
# As this will be handled by drbd-reactor
# It'll also restart the service on config change only if the service is already running
linctl_ha: False
# When running HA, set the name of the resource which holds the controller data
linctl_ha_res: linstor_db
# If set, and linctl_ha is True, this IP will be configured on the current active node
# linctl_ha_ip: 10.99.5.23

View File

@@ -0,0 +1,8 @@
---
- name: restart linstor-controller
service: name=linstor-controller state=restarted
# Only restart if the service wasn't just started, and if either HA is not used, or the service was running (so it's the current active instance)
when:
- not linctl_started.changed
- not linctl_ha or linctl_services.ansible_facts.services['linstor-controller.service'] is defined and linctl_services.ansible_facts.services['linstor-controller.service'].state == 'started'

View File

@@ -0,0 +1,4 @@
---
dependencies:
- role: drbd_reactor

View File

@@ -0,0 +1,26 @@
---
- name: Deploy linstor-controller conf
template: src=linstor.toml.j2 dest=/etc/linstor/linstor.toml mode=640
notify: restart linstor-controller
tags: drbd
- name: Deploy linstor-client configuration
template: src=linstor-client.conf.j2 dest=/etc/linstor/linstor-client.conf
tags: drbd
- name: Setup logrotate
template: src=logrotate.j2 dest=/etc/logrotate.d/linstor-controller
tags: drbd
- name: Remove old reactor conf
file: path=/etc/drbd-reactor.d/linstor_db.toml state=absent
notify: restart drbd-reactor
tags: drbd
- when: linctl_ha
name: Configure the drbd-reactor promoter
template: src=drbd-reactor.toml.j2 dest=/etc/drbd-reactor.d/linstor-controller.toml
notify: restart drbd-reactor
tags: drbd

View File

@@ -0,0 +1,17 @@
---
- name: Create conf dir
file: path=/etc/linstor state=directory
tags: drbd
#- name: Create data directory
# file: path=/var/lib/linstor state=directory owner=root group=linstor-controller mode=u=rwX,g=rwX,o=- recurse=True
# tags: drbd
- name: Create systemd unit snippet dir
file: path=/etc/systemd/system/linstor-controller.service.d state=directory
tags: drbd
#- name: Set permission on log dir
# file: path=/var/log/linstor-controller state=directory owner=root group=linstor-controller mode=u=rwX,g=rwX,o=- recurse=True
# tags: drbd

View File

@@ -0,0 +1,16 @@
---
# Load distribution specific variables
- include_vars: "{{ item }}"
with_first_found:
- "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
- "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
- "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
tags: drbd
- name: Check the state of the service
service_facts:
register: linctl_service
tags: drbd

View File

@@ -0,0 +1,44 @@
---
- name: Install packages
package: name={{ linctl_packages }}
tags: drbd
- name: Custimize systemd unit
copy:
content: |
[Service]
#User=linstor-controller
#Group=linstor-controller
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
SyslogIdentifier=linstor-controller
Restart=on-failure
StartLimitInterval=0
RestartSec=15
dest: /etc/systemd/system/linstor-controller.service.d/99-ansible.conf
notify: restart linstor-controller
register: linctl_unit
tags: drbd
- name: Install mount unit
copy:
content: |
[Unit]
Description=Filesystem for the LINSTOR controller
[Mount]
# you can use the minor like /dev/drbdX or the udev symlink
What=/dev/drbd/by-res/{{ linctl_ha_res }}/0
Where=/var/lib/linstor
dest: /etc/systemd/system/var-lib-linstor.mount
register: linctl_data_unit
when: linctl_ha
tags: drbd
- name: Reload systemd
systemd: daemon_reload=True
when: linctl_unit.changed or (linctl_data_unit is defined and linctl_data_unit.changed)
tags: drbd

View File

@@ -0,0 +1,9 @@
---
- name: Handle API ports
iptables_raw:
name: linctl_api_port
state: "{{ (linctl_api_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ linctl_api_port }} -s {{ linctl_api_src_ip | join(',') }} -j ACCEPT"
tags: firewall,drbd

View File

@@ -0,0 +1,26 @@
---
- include_tasks: facts.yml
tags: always
#- include_tasks: user.yml
# tags: always
- include_tasks: directories.yml
tags: always
- include_tasks: install.yml
tags: always
#- include_tasks: directories.yml
# tags: always
- include_tasks: conf.yml
tags: always
- include_tasks: iptables.yml
when: iptables_manage | default(True)
tags: always
- include_tasks: services.yml
tags: always

View File

@@ -0,0 +1,16 @@
---
- when: not linctl_ha
name: Start and enable the service
service: name=linstor-controller state=started enabled=True
register: linctl_started
tags: drbd
- when: linctl_ha
block:
- name: Ensure the service is disabled and managed by drbd-reactor
service: name=linstor-controller enabled=False
- name: Ensure the data mount unit is disabled
systemd: name=var-lib-linstor.mount enabled=False
tags: drbd

View File

@@ -0,0 +1,9 @@
---
- name: Create linstor-controller user
user:
name: linstor-controller
system: True
shell: /sbin/nologin
home: /var/lib/linstor
tags: drbd

View File

@@ -0,0 +1,13 @@
[[promoter]]
id = "{{ linctl_ha_res }}"
[promoter.resources.{{ linctl_ha_res }}]
start = [
{% if linctl_ha_ip is defined %}
"ocf:heartbeat:IPaddr2 service_ip cidr_netmask=32 ip={{ linctl_ha_ip }}",
{% endif %}
"var-lib-linstor.mount",
"linstor-controller.service"
]
stop-services-on-exit = true

View File

@@ -0,0 +1,2 @@
[global]
controllers={{ linctl_controllers | join(',') }}

View File

@@ -0,0 +1,16 @@
[db]
user = "linstor"
password = "linstor"
connection_url = "jdbc:h2:/var/lib/linstor/linstordb"
[http]
enabled = true
listen_addr = "0.0.0.0"
port = {{ linctl_api_port }}
[logging]
level = "info"
linstor_level = "info"
rest_access_log_path = "/var/log/linstor-controller/rest-access.log"
rest_access_log_mode = "APPEND"

View File

@@ -0,0 +1,8 @@
/var/log/linstor/rest-access.log {
daily
rotate 180
compress
notifempty
missingok
copytruncate
}

View File

@@ -0,0 +1,5 @@
---
linctl_packages:
- linstor-controller
- linstor-client