From d842e74fe29ebce836b93950b1631ce03d78b43a Mon Sep 17 00:00:00 2001 From: Maksim Zinal Date: Mon, 28 Oct 2024 17:15:08 +0300 Subject: [PATCH] Merge fixes to pre-collections (#47) - Extra fixes for directory permissions set-up based on feedback from users with restricted umask setup - Dynamic configuration example configuration and command list added --- dynconf/Commands.txt | 5 + dynconf/step0.yaml | 11 ++ dynconf/step1.yaml | 38 ++++++ roles/ydbd/tasks/main.yml | 119 ++++++++++++++---- roles/ydbd_dynamic/tasks/main.yml | 8 -- .../ydbd_dynamic/templates/dynnode-service.j2 | 1 + roles/ydbd_static/tasks/main.yml | 8 -- roles/ydbd_static/templates/static-service.j2 | 5 +- .../tasks/upgrade_dynamic.yml | 29 +++-- .../tasks/upgrade_static.yml | 29 +++-- 10 files changed, 184 insertions(+), 69 deletions(-) create mode 100644 dynconf/Commands.txt create mode 100644 dynconf/step0.yaml create mode 100644 dynconf/step1.yaml diff --git a/dynconf/Commands.txt b/dynconf/Commands.txt new file mode 100644 index 0000000..94fe02b --- /dev/null +++ b/dynconf/Commands.txt @@ -0,0 +1,5 @@ +ydb auth get-token -f >ydbd-token +./ydbd -s grpcs://bigpig1:2135 --ca-file ../tls/ca.crt -f ydbd-token admin console configs dump-yaml >step0.yaml +cp step0.yaml step1.yaml +vi step1.yaml +ydb admin config replace -f step1.yaml diff --git a/dynconf/step0.yaml b/dynconf/step0.yaml new file mode 100644 index 0000000..aeb6c7a --- /dev/null +++ b/dynconf/step0.yaml @@ -0,0 +1,11 @@ +config: + shared_cache_config: + memory_limit: 34359738368 +allowed_labels: + node_id: + type: string + host: + type: string + tenant: + type: string +selector_config: [] diff --git a/dynconf/step1.yaml b/dynconf/step1.yaml new file mode 100644 index 0000000..c27d27f --- /dev/null +++ b/dynconf/step1.yaml @@ -0,0 +1,38 @@ +metadata: + kind: MainConfig + cluster: "" + version: 0 +config: + yaml_config_enabled: true +allowed_labels: + node_id: + type: string + host: + type: string + tenant: + type: string +selector_config: +- description: cookie=INIT-00 merge_strategy=MERGE id=1.1 + selector: + tenant: /Domain0/testdb + config: + shared_cache_config: + memory_limit: 34359738368 + table_service_config: !inherit + enable_implicit_query_parameter_types: true + query_limits: !inherit + result_rows_limit: 20000 + actor_system_config: + executor: + - {name: System, spin_threshold: '10', threads: 2, max_threads: 11, type: BASIC} + - {name: User, spin_threshold: '1', threads: 5, max_threads: 12, type: BASIC} + - {name: Batch, spin_threshold: '1', threads: 2, max_threads: 4, type: BASIC} + - {name: IO, threads: 1, type: IO} + - {name: IC, spin_threshold: '10', threads: 5, max_threads: 11, time_per_mailbox_micro_secs: 100, max_avg_ping_deviation: 500, type: BASIC} + scheduler: {progress_threshold: '10000', resolution: '64', spin_threshold: '0'} + sys_executor: 0 + user_executor: 1 + batch_executor: 2 + io_executor: 3 + service_executor: + - {executor_id: 4, service_name: Interconnect} diff --git a/roles/ydbd/tasks/main.yml b/roles/ydbd/tasks/main.yml index 5e1c869..0a14b92 100644 --- a/roles/ydbd/tasks/main.yml +++ b/roles/ydbd/tasks/main.yml @@ -101,13 +101,27 @@ command: "/sbin/sysctl --system" - name: Create the YDB base directory - file: state=directory path={{ ydb_dir }} group=bin owner=root mode='0755' + file: + state: directory + path: "{{ ydb_dir }}" + group: bin + owner: root + mode: '0755' - name: Create the ydb group - group: name=ydb system=true + group: + name: ydb + system: true - name: Create the ydb user - user: name=ydb group=ydb groups=disk system=true create_home=true home={{ ydb_dir }}/home comment="YDB Service Account" + user: + name: ydb + group: ydb + groups: disk + system: true + create_home: true + home: "{{ ydb_dir }}/home" + comment: "YDB Service Account" - name: Create the Ansible remote_tmp for ydb user file: @@ -116,29 +130,55 @@ recurse: true group: ydb owner: ydb - -- name: Create the YDB release directory - file: state=directory path={{ ydb_dir }}/release group=bin owner=root mode='0755' + mode: '0750' - name: Create the YDB configuration directory - file: state=directory path={{ ydb_dir }}/cfg group=bin owner=root mode='0755' + file: + state: directory + path: "{{ ydb_dir }}/cfg" + group: bin + owner: root + mode: '0755' - name: Create the YDB audit base directory - file: state=directory path={{ ydb_dir }}/audit group=ydb owner=ydb mode='0700' + file: + state: directory + path: "{{ ydb_dir }}/audit" + group: ydb + owner: ydb + mode: '0700' - name: Create the YDB certs directory - file: state=directory path={{ ydb_dir }}/certs group=ydb owner=ydb mode='0700' + file: + state: directory + path: "{{ ydb_dir }}/certs" + group: ydb + owner: ydb + mode: '0700' - name: Create the YDB configuration backup directory - file: state=directory path={{ ydb_dir }}/reserve group=ydb owner=ydb mode='0700' + file: + state: directory + path: "{{ ydb_dir }}/reserve" + group: ydb + owner: ydb + mode: '0700' + +- name: Create the YDB release directory + file: + state: directory + path="{{ ydb_dir }}/release" + group: bin + owner: root + mode: '0755' - name: Create the YDB server binary directory - file: state=directory - path="{{ ydb_dir }}/release/{{ ydb_version }}" - recurse=true - group=bin - owner=root - mode='0755' + file: + state: directory + path: "{{ ydb_dir }}/release/{{ ydb_version }}" + group: bin + owner: root + mode: '0755' - name: Install the YDB server binary package ansible.builtin.unarchive: @@ -149,20 +189,47 @@ src: "{{ ydb_archive }}" extra_opts: "{{ ydb_unpack_options }}" +- name: Ensure permissions for the YDB server binary directory + file: + state: directory + path: "{{ ydb_dir }}/release/{{ ydb_version }}" + group: bin + owner: root + mode: '0755' + - name: Symlink the YDB binaries - file: path="{{ ydb_dir }}/bin" - src="./release/{{ ydb_version }}/bin" - state=link - force=yes + file: + path: "{{ ydb_dir }}/bin" + src: "./release/{{ ydb_version }}/bin" + state: link + group: bin + owner: root + mode: '0755' + force: yes - name: Symlink the YDB libraries - file: path="{{ ydb_dir }}/lib" - src="./release/{{ ydb_version }}/lib" - state=link - force=yes + file: + path: "{{ ydb_dir }}/lib" + src: "./release/{{ ydb_version }}/lib" + state: link + group: bin + owner: root + mode: '0755' + force: yes - name: Create the YDB CLI default binary directory - file: state=directory path={{ ydb_dir }}/home/ydb/bin recurse=true group=ydb owner=ydb mode='0700' + file: + state: directory + path: "{{ ydb_dir }}/home/ydb/bin" + recurse: true + group: ydb + owner: ydb + mode: '0755' - name: Disable YDB CLI version checks - copy: src=ydb-cli-config.json dest={{ ydb_dir }}/home/ydb/bin/config.json group=ydb owner=ydb mode='0644' + ansible.builtin.copy: + src: "ydb-cli-config.json" + dest: "{{ ydb_dir }}/home/ydb/bin/config.json" + group: ydb + owner: ydb + mode: '0644' diff --git a/roles/ydbd_dynamic/tasks/main.yml b/roles/ydbd_dynamic/tasks/main.yml index 9e5d43e..4b9f6bc 100644 --- a/roles/ydbd_dynamic/tasks/main.yml +++ b/roles/ydbd_dynamic/tasks/main.yml @@ -1,14 +1,6 @@ --- # ydbd dynamic node deployment -- name: Create the YDB audit base directory - file: - state: directory - path: "{{ ydb_dir }}/audit" - group: ydb - owner: ydb - mode: '0700' - - name: Create the YDB audit directories for database nodes file: state: directory diff --git a/roles/ydbd_dynamic/templates/dynnode-service.j2 b/roles/ydbd_dynamic/templates/dynnode-service.j2 index b534cca..a228eea 100644 --- a/roles/ydbd_dynamic/templates/dynnode-service.j2 +++ b/roles/ydbd_dynamic/templates/dynnode-service.j2 @@ -31,6 +31,7 @@ ExecStart={{ ydb_dir }}/bin/ydbd server --tenant /{{ ydb_domain }}/{{ ydb_dbname --data-center {{ ydb_node_dc }} --rack {{ ydb_node_rack }} --body {{ ydb_node_body }} \ {%- endif %} --ca {{ ydb_dir }}/certs/ca.crt --grpc-ca {{ ydb_dir }}/certs/ca.crt \ + --grpc-cert {{ ydb_dir }}/certs/node.crt --grpc-key {{ ydb_dir }}/certs/node.key \ --mon-cert {{ ydb_dir }}/certs/web.pem LimitNOFILE=65536 LimitCORE=0 diff --git a/roles/ydbd_static/tasks/main.yml b/roles/ydbd_static/tasks/main.yml index 19cad46..0d8f468 100644 --- a/roles/ydbd_static/tasks/main.yml +++ b/roles/ydbd_static/tasks/main.yml @@ -1,14 +1,6 @@ --- # ydbd static node deployment -- name: Create the YDB audit base directory - file: - state: directory - path: "{{ ydb_dir }}/audit" - group: ydb - owner: ydb - mode: '0700' - - name: Create the YDB audit directory for the storage node file: state: directory diff --git a/roles/ydbd_static/templates/static-service.j2 b/roles/ydbd_static/templates/static-service.j2 index 2dd9b36..e5459ab 100644 --- a/roles/ydbd_static/templates/static-service.j2 +++ b/roles/ydbd_static/templates/static-service.j2 @@ -19,7 +19,10 @@ WorkingDirectory={{ ydb_dir }}/audit/storage Environment=LD_LIBRARY_PATH={{ ydb_dir }}/lib ExecStart={{ ydb_dir }}/bin/ydbd server --node static --tcp \ --yaml-config {{ ydb_dir }}/cfg/ydbd-static.yaml \ - --grpcs-port 2135 --ic-port 19001 --mon-port 8765 --mon-cert {{ ydb_dir }}/certs/web.pem + --grpcs-port 2135 --ic-port 19001 --mon-port 8765 \ + --ca {{ ydb_dir }}/certs/ca.crt --grpc-ca {{ ydb_dir }}/certs/ca.crt \ + --grpc-cert {{ ydb_dir }}/certs/node.crt --grpc-key {{ ydb_dir }}/certs/node.key \ + --mon-cert {{ ydb_dir }}/certs/web.pem LimitNOFILE=65536 LimitCORE=0 #LimitCORE=infinity diff --git a/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml b/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml index c12537f..9872236 100644 --- a/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml +++ b/roles/ydbd_upgrade_dynamic/tasks/upgrade_dynamic.yml @@ -2,11 +2,12 @@ # YDB upgrade dynamic nodes on a single host - name: Create the YDB server binary directory - file: state=directory - path="{{ ydb_dir }}/release/{{ ydb_version }}" - recurse=true - group=bin - owner=root + file: + state: directory + path: "{{ ydb_dir }}/release/{{ ydb_version }}" + group: bin + owner: root + mode: '0755' delegate_to: "{{ dynnode_name }}" delegate_facts: true any_errors_fatal: true @@ -24,19 +25,21 @@ any_errors_fatal: true - name: Symlink the YDB binaries - file: path="{{ ydb_dir }}/bin" - src="./release/{{ ydb_version }}/bin" - state=link - force=yes + file: + path: "{{ ydb_dir }}/bin" + src: "./release/{{ ydb_version }}/bin" + state: link + force: yes delegate_to: "{{ dynnode_name }}" delegate_facts: true any_errors_fatal: true - name: Symlink the YDB libraries - file: path="{{ ydb_dir }}/lib" - src="./release/{{ ydb_version }}/lib" - state=link - force=yes + file: + path: "{{ ydb_dir }}/lib" + src: "./release/{{ ydb_version }}/lib" + state: link + force: yes delegate_to: "{{ dynnode_name }}" delegate_facts: true any_errors_fatal: true diff --git a/roles/ydbd_upgrade_static/tasks/upgrade_static.yml b/roles/ydbd_upgrade_static/tasks/upgrade_static.yml index b64ed54..69e5ea3 100644 --- a/roles/ydbd_upgrade_static/tasks/upgrade_static.yml +++ b/roles/ydbd_upgrade_static/tasks/upgrade_static.yml @@ -2,11 +2,12 @@ # YDB single static node upgrade tasks - name: Create the YDB server binary directory - file: state=directory - path="{{ ydb_dir }}/release/{{ ydb_version }}" - recurse=true - group=bin - owner=root + file: + state: directory + path: "{{ ydb_dir }}/release/{{ ydb_version }}" + group: bin + owner: root + mode: '0755' delegate_to: "{{ snode_name }}" delegate_facts: true any_errors_fatal: true @@ -24,19 +25,21 @@ any_errors_fatal: true - name: Symlink the YDB binaries - file: path="{{ ydb_dir }}/bin" - src="./release/{{ ydb_version }}/bin" - state=link - force=yes + file: + path: "{{ ydb_dir }}/bin" + src: "./release/{{ ydb_version }}/bin" + state: link + force: yes delegate_to: "{{ snode_name }}" delegate_facts: true any_errors_fatal: true - name: Symlink the YDB libraries - file: path="{{ ydb_dir }}/lib" - src="./release/{{ ydb_version }}/lib" - state=link - force=yes + file: + path: "{{ ydb_dir }}/lib" + src: "./release/{{ ydb_version }}/lib" + state: link + force: yes delegate_to: "{{ snode_name }}" delegate_facts: true any_errors_fatal: true