Merge fixes to pre-collections (#47)

- Extra fixes for directory permissions set-up based on feedback from users with restricted umask setup - Dynamic configuration example configuration and command list added
ydb-platform · Oct 28, 2024 · d842e74 · d842e74
1 parent 48c7dbe
commit d842e74
Show file tree

Hide file tree

Showing 10 changed files with 184 additions and 69 deletions.
diff --git a/dynconf/Commands.txt b/dynconf/Commands.txt
@@ -0,0 +1,5 @@
+ydb auth get-token -f >ydbd-token
+./ydbd -s grpcs://bigpig1:2135 --ca-file ../tls/ca.crt -f ydbd-token admin console configs dump-yaml >step0.yaml
+cp step0.yaml step1.yaml
+vi step1.yaml
+ydb admin config replace -f step1.yaml 
diff --git a/dynconf/step0.yaml b/dynconf/step0.yaml
@@ -0,0 +1,11 @@
+config:
+  shared_cache_config:
+    memory_limit: 34359738368
+allowed_labels:
+  node_id:
+    type: string
+  host:
+    type: string
+  tenant:
+    type: string
+selector_config: []
diff --git a/dynconf/step1.yaml b/dynconf/step1.yaml
@@ -0,0 +1,38 @@
+metadata:
+  kind: MainConfig
+  cluster: ""
+  version: 0
+config:
+  yaml_config_enabled: true
+allowed_labels:
+  node_id:
+    type: string
+  host:
+    type: string
+  tenant:
+    type: string
+selector_config:
+- description: cookie=INIT-00 merge_strategy=MERGE id=1.1
+  selector:
+    tenant: /Domain0/testdb
+  config:
+    shared_cache_config:
+      memory_limit: 34359738368
+    table_service_config: !inherit
+      enable_implicit_query_parameter_types: true
+      query_limits: !inherit
+        result_rows_limit: 20000
+    actor_system_config:
+      executor:
+      - {name: System, spin_threshold: '10', threads: 2, max_threads: 11, type: BASIC}
+      - {name: User, spin_threshold: '1', threads: 5, max_threads: 12, type: BASIC}
+      - {name: Batch, spin_threshold: '1', threads: 2, max_threads: 4, type: BASIC}
+      - {name: IO, threads: 1, type: IO}
+      - {name: IC, spin_threshold: '10', threads: 5, max_threads: 11, time_per_mailbox_micro_secs: 100, max_avg_ping_deviation: 500, type: BASIC}
+      scheduler: {progress_threshold: '10000', resolution: '64', spin_threshold: '0'}
+      sys_executor: 0
+      user_executor: 1
+      batch_executor: 2
+      io_executor: 3
+      service_executor:
+      - {executor_id: 4, service_name: Interconnect}
diff --git a/roles/ydbd/tasks/main.yml b/roles/ydbd/tasks/main.yml
@@ -101,13 +101,27 @@
   command: "/sbin/sysctl --system"
 
 - name: Create the YDB base directory
-  file: state=directory path={{ ydb_dir }} group=bin owner=root mode='0755'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}"
+    group: bin
+    owner: root
+    mode: '0755'
 
 - name: Create the ydb group
-  group: name=ydb system=true
+  group:
+    name: ydb
+    system: true
 
 - name: Create the ydb user
-  user: name=ydb group=ydb groups=disk system=true create_home=true home={{ ydb_dir }}/home comment="YDB Service Account"
+  user:
+    name: ydb
+    group: ydb
+    groups: disk
+    system: true
+    create_home: true
+    home: "{{ ydb_dir }}/home"
+    comment: "YDB Service Account"
 
 - name: Create the Ansible remote_tmp for ydb user
   file:
@@ -116,29 +130,55 @@
     recurse: true
     group: ydb
     owner: ydb
-
-- name: Create the YDB release directory
-  file: state=directory path={{ ydb_dir }}/release group=bin owner=root mode='0755'
+    mode: '0750'
 
 - name: Create the YDB configuration directory
-  file: state=directory path={{ ydb_dir }}/cfg group=bin owner=root mode='0755'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/cfg"
+    group: bin
+    owner: root
+    mode: '0755'
 
 - name: Create the YDB audit base directory
-  file: state=directory path={{ ydb_dir }}/audit group=ydb owner=ydb mode='0700'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/audit"
+    group: ydb
+    owner: ydb
+    mode: '0700'
 
 - name: Create the YDB certs directory
-  file: state=directory path={{ ydb_dir }}/certs group=ydb owner=ydb mode='0700'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/certs"
+    group: ydb
+    owner: ydb
+    mode: '0700'
 
 - name: Create the YDB configuration backup directory
-  file: state=directory path={{ ydb_dir }}/reserve group=ydb owner=ydb mode='0700'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/reserve"
+    group: ydb
+    owner: ydb
+    mode: '0700'
+
+- name: Create the YDB release directory
+  file:
+    state: directory
+    path="{{ ydb_dir }}/release"
+    group: bin
+    owner: root
+    mode: '0755'
 
 - name: Create the YDB server binary directory
-  file: state=directory
-        path="{{ ydb_dir }}/release/{{ ydb_version }}"
-        recurse=true
-        group=bin
-        owner=root
-        mode='0755'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/release/{{ ydb_version }}"
+    group: bin
+    owner: root
+    mode: '0755'
 
 - name: Install the YDB server binary package
   ansible.builtin.unarchive:
@@ -149,20 +189,47 @@
     src: "{{ ydb_archive }}"
     extra_opts: "{{ ydb_unpack_options }}"
 
+- name: Ensure permissions for the YDB server binary directory
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/release/{{ ydb_version }}"
+    group: bin
+    owner: root
+    mode: '0755'
+
 - name: Symlink the YDB binaries
-  file: path="{{ ydb_dir }}/bin"
-        src="./release/{{ ydb_version }}/bin"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/bin"
+    src: "./release/{{ ydb_version }}/bin"
+    state: link
+    group: bin
+    owner: root
+    mode: '0755'
+    force: yes
 
 - name: Symlink the YDB libraries
-  file: path="{{ ydb_dir }}/lib"
-        src="./release/{{ ydb_version }}/lib"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/lib"
+    src: "./release/{{ ydb_version }}/lib"
+    state: link
+    group: bin
+    owner: root
+    mode: '0755'
+    force: yes
 
 - name: Create the YDB CLI default binary directory
-  file: state=directory path={{ ydb_dir }}/home/ydb/bin recurse=true group=ydb owner=ydb mode='0700'
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/home/ydb/bin"
+    recurse: true
+    group: ydb
+    owner: ydb
+    mode: '0755'
 
 - name: Disable YDB CLI version checks
-  copy: src=ydb-cli-config.json dest={{ ydb_dir }}/home/ydb/bin/config.json group=ydb owner=ydb mode='0644'
+  ansible.builtin.copy:
+    src: "ydb-cli-config.json"
+    dest: "{{ ydb_dir }}/home/ydb/bin/config.json"
+    group: ydb
+    owner: ydb
+    mode: '0644'
diff --git a/roles/ydbd_dynamic/tasks/main.yml b/roles/ydbd_dynamic/tasks/main.yml
@@ -1,14 +1,6 @@
 ---
 # ydbd dynamic node deployment
 
-- name: Create the YDB audit base directory
-  file:
-    state: directory
-    path: "{{ ydb_dir }}/audit"
-    group: ydb
-    owner: ydb
-    mode: '0700'
-
 - name: Create the YDB audit directories for database nodes
   file:
     state: directory

diff --git a/roles/ydbd_dynamic/templates/dynnode-service.j2 b/roles/ydbd_dynamic/templates/dynnode-service.j2
@@ -31,6 +31,7 @@ ExecStart={{ ydb_dir }}/bin/ydbd server --tenant /{{ ydb_domain }}/{{ ydb_dbname
     --data-center {{ ydb_node_dc }} --rack {{ ydb_node_rack }} --body {{ ydb_node_body }} \
 {%- endif %}
     --ca {{ ydb_dir }}/certs/ca.crt --grpc-ca {{ ydb_dir }}/certs/ca.crt \
+    --grpc-cert {{ ydb_dir }}/certs/node.crt --grpc-key {{ ydb_dir }}/certs/node.key \
     --mon-cert {{ ydb_dir }}/certs/web.pem
 LimitNOFILE=65536
 LimitCORE=0

diff --git a/roles/ydbd_static/tasks/main.yml b/roles/ydbd_static/tasks/main.yml
@@ -1,14 +1,6 @@
 ---
 # ydbd static node deployment
 
-- name: Create the YDB audit base directory
-  file:
-    state: directory
-    path: "{{ ydb_dir }}/audit"
-    group: ydb
-    owner: ydb
-    mode: '0700'
-
 - name: Create the YDB audit directory for the storage node
   file:
     state: directory

diff --git a/roles/ydbd_static/templates/static-service.j2 b/roles/ydbd_static/templates/static-service.j2
@@ -19,7 +19,10 @@ WorkingDirectory={{ ydb_dir }}/audit/storage
 Environment=LD_LIBRARY_PATH={{ ydb_dir }}/lib
 ExecStart={{ ydb_dir }}/bin/ydbd server --node static --tcp \
     --yaml-config  {{ ydb_dir }}/cfg/ydbd-static.yaml \
-    --grpcs-port 2135 --ic-port 19001 --mon-port 8765 --mon-cert {{ ydb_dir }}/certs/web.pem
+    --grpcs-port 2135 --ic-port 19001 --mon-port 8765 \
+    --ca {{ ydb_dir }}/certs/ca.crt --grpc-ca {{ ydb_dir }}/certs/ca.crt \
+    --grpc-cert {{ ydb_dir }}/certs/node.crt --grpc-key {{ ydb_dir }}/certs/node.key \
+    --mon-cert {{ ydb_dir }}/certs/web.pem
 LimitNOFILE=65536
 LimitCORE=0
 #LimitCORE=infinity

diff --git a/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml b/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml
@@ -2,11 +2,12 @@
 # YDB upgrade dynamic nodes on a single host
 
 - name: Create the YDB server binary directory
-  file: state=directory
-        path="{{ ydb_dir }}/release/{{ ydb_version }}"
-        recurse=true
-        group=bin
-        owner=root
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/release/{{ ydb_version }}"
+    group: bin
+    owner: root
+    mode: '0755'
   delegate_to: "{{ dynnode_name }}"
   delegate_facts: true
   any_errors_fatal: true
@@ -24,19 +25,21 @@
   any_errors_fatal: true
 
 - name: Symlink the YDB binaries
-  file: path="{{ ydb_dir }}/bin"
-        src="./release/{{ ydb_version }}/bin"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/bin"
+    src: "./release/{{ ydb_version }}/bin"
+    state: link
+    force: yes
   delegate_to: "{{ dynnode_name }}"
   delegate_facts: true
   any_errors_fatal: true
 
 - name: Symlink the YDB libraries
-  file: path="{{ ydb_dir }}/lib"
-        src="./release/{{ ydb_version }}/lib"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/lib"
+    src: "./release/{{ ydb_version }}/lib"
+    state: link
+    force: yes
   delegate_to: "{{ dynnode_name }}"
   delegate_facts: true
   any_errors_fatal: true

diff --git a/roles/ydbd_upgrade_static/tasks/upgrade_static.yml b/roles/ydbd_upgrade_static/tasks/upgrade_static.yml
@@ -2,11 +2,12 @@
 # YDB single static node upgrade tasks
 
 - name: Create the YDB server binary directory
-  file: state=directory
-        path="{{ ydb_dir }}/release/{{ ydb_version }}"
-        recurse=true
-        group=bin
-        owner=root
+  file:
+    state: directory
+    path: "{{ ydb_dir }}/release/{{ ydb_version }}"
+    group: bin
+    owner: root
+    mode: '0755'
   delegate_to: "{{ snode_name }}"
   delegate_facts: true
   any_errors_fatal: true
@@ -24,19 +25,21 @@
   any_errors_fatal: true
 
 - name: Symlink the YDB binaries
-  file: path="{{ ydb_dir }}/bin"
-        src="./release/{{ ydb_version }}/bin"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/bin"
+    src: "./release/{{ ydb_version }}/bin"
+    state: link
+    force: yes
   delegate_to: "{{ snode_name }}"
   delegate_facts: true
   any_errors_fatal: true
 
 - name: Symlink the YDB libraries
-  file: path="{{ ydb_dir }}/lib"
-        src="./release/{{ ydb_version }}/lib"
-        state=link
-        force=yes
+  file:
+    path: "{{ ydb_dir }}/lib"
+    src: "./release/{{ ydb_version }}/lib"
+    state: link
+    force: yes
   delegate_to: "{{ snode_name }}"
   delegate_facts: true
   any_errors_fatal: true