Dual home installation support (separate interconnect network) (#57)

* moved ansible-playbook command line options to separate config file
* dual-headed options for node startup
* better examples
* table profile samples
* moved examples to separate folder
* updated configuration samples
* tls command samples

.gitignore

@@ -3,7 +3,6 @@ hosts-*
 group_vars/all
 group_vars/ydbd_static
 group_vars/ydbd_dynamic
-files/config*.yaml
 files/secret
 *.bak
 *.tmp

examples/debian-tls-commands.txt

@@ -0,0 +1,2 @@
+sudo cp -v dc2016-ca.pem /usr/local/share/ca-certificates/dc2016-ca.crt
+sudo update-ca-certificates

examples/full-dualhomed/cluster-config.yaml

@@ -0,0 +1,266 @@
+storage_config_generation: 0
+static_erasure: mirror-3-dc
+
+host_configs:
+- drive:
+  - path: /dev/disk/by-partlabel/ydb_disk_1
+    type: SSD
+  - path: /dev/disk/by-partlabel/ydb_disk_2
+    type: SSD
+  - path: /dev/disk/by-partlabel/ydb_disk_3
+    type: SSD
+  host_config_id: 1
+
+hosts:
+- host: b-ydbd-1.back.private
+  node_id: 1
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-a'
+    rack: '1'
+- host: b-ydbd-2.back.private
+  node_id: 2
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-b'
+    rack: '1'
+- host: b-ydbd-3.back.private
+  node_id: 3
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-c'
+    rack: '1'
+- host: b-ydbd-4.back.private
+  node_id: 4
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-a'
+    rack: '2'
+- host: b-ydbd-5.back.private
+  node_id: 5
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-b'
+    rack: '2'
+- host: b-ydbd-6.back.private
+  node_id: 6
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-c'
+    rack: '2'
+- host: b-ydbd-7.back.private
+  node_id: 7
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-a'
+    rack: '3'
+- host: b-ydbd-8.back.private
+  node_id: 8
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-b'
+    rack: '3'
+- host: b-ydbd-9.back.private
+  node_id: 9
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-c'
+    rack: '3'
+- host: b-ydbd-10.back.private
+  node_id: 10
+  host_config_id: 1
+  walle_location:
+    body: 2
+    data_center: 'zone-a'
+    rack: '1'
+- host: b-ydbd-11.back.private
+  node_id: 11
+  host_config_id: 1
+  walle_location:
+    body: 2
+    data_center: 'zone-b'
+    rack: '1'
+- host: b-ydbd-12.back.private
+  node_id: 12
+  host_config_id: 1
+  walle_location:
+    body: 2
+    data_center: 'zone-c'
+    rack: '1'
+
+domains_config:
+  domain:
+  - name: cluster1
+    storage_pool_types:
+    - kind: ssd
+      pool_config:
+        box_id: 1
+        erasure_species: mirror-3-dc
+        kind: ssd
+        pdisk_filter:
+        - property:
+          - type: SSD
+        vdisk_kind: Default
+  state_storage:
+  - ring:
+      node: [1, 2, 3, 4, 5, 6, 7, 8, 9]
+      nto_select: 9
+    ssid: 1
+  security_config:
+    enforce_user_token_requirement: true      # User 'root' with the empty password out of box
+    monitoring_allowed_sids:
+    - "root"
+    - "ADMINS"
+    - "DATABASE-ADMINS"
+    administration_allowed_sids:
+    - "root"
+    - "ADMINS"
+    - "DATABASE-ADMINS"
+    viewer_allowed_sids:
+    - "root"
+    - "ADMINS"
+    - "DATABASE-ADMINS"
+    register_dynamic_node_allowed_sids:
+    - "root@builtin" # required, does not add any real extra permissions
+    - "registerNode@cert"
+
+client_certificate_authorization:
+  request_client_certificate: true
+  client_certificate_definitions:
+    - member_groups: ["registerNode@cert"]
+      subject_terms:
+      - short_name: "O"
+        values: ["YDB Self-Signed Authority"]
+
+blob_storage_config:
+  service_set:
+    groups:
+    - erasure_species: mirror-3-dc
+      rings:
+      - fail_domains:
+        - vdisk_locations:
+          - node_id: b-ydbd-1.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-4.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-7.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+      - fail_domains:
+        - vdisk_locations:
+          - node_id: b-ydbd-2.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-5.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-8.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+      - fail_domains:
+        - vdisk_locations:
+          - node_id: b-ydbd-3.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-6.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: b-ydbd-9.back.private
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+
+channel_profile_config:
+  profile:
+  - channel:
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1   # 0=ROT, 1=SSD, 2=NVME
+      storage_pool_kind: ssd
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1
+      storage_pool_kind: ssd
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1
+      storage_pool_kind: ssd
+    profile_id: 0
+
+interconnect_config:
+    start_tcp: true
+    encryption_mode: OPTIONAL
+    path_to_certificate_file: "/opt/ydb/certs/node.crt"
+    path_to_private_key_file: "/opt/ydb/certs/node.key"
+    path_to_ca_file: "/opt/ydb/certs/ca.crt"
+
+grpc_config:
+    cert: "/opt/ydb/certs/node.crt"
+    key: "/opt/ydb/certs/node.key"
+    ca: "/opt/ydb/certs/ca.crt"
+    worker_threads: 2
+    workers_per_completion_queue: 1
+    handlers_per_completion_queue: 1000
+    grpc_proxy_count: 2
+    services_enabled:
+    - legacy
+
+tracing_config:
+  backend:
+    opentelemetry:
+      collector_url: grpc://gw0:4317
+      service_name: ydb
+  external_throttling:
+    - max_traces_per_minute: 10
+
+table_service_config:
+  sql_version: 1
+  index_auto_choose_mode: MAX_USED_PREFIX
+  enable_kqp_data_query_stream_lookup: true
+  enable_kqp_data_query_stream_idx_lookup_join: true
+  resource_manager:
+    kqp_pattern_cache_compiled_capacity_bytes: 524288000
+    kqp_pattern_cache_capacity_bytes: 524288000
+
+feature_flags:
+  enable_views: true
+  enable_data_shard_volatile_transactions: true
+  enable_grpc_audit: false
+  enable_get_node_labels: false
+
+bootstrap_config:
+  shared_cache_config: {memory_limit: '51539607552'}
+
+resource_broker_config:
+  queues:
+  - name: queue_restore
+    limit:
+      cpu: 8
+  - name: queue_backup
+    limit:
+      cpu: 8
+
+audit_config:
+  file_backend:
+    format: JSON
+    file_path: "ydb-audit.log"
+
+# Actor system config is appended to the configuration file by Ansible task.
+# Provided here in the commented form for reference
+#actor_system_config:
+#  use_auto_config: true
+#  node_type: STORAGE # STORAGE or COMPUTE
+#  cpu_count: 6

examples/full-dualhomed/group_vars-all

@@ -0,0 +1,81 @@
+# Configuration settings for all YDB cluster nodes
+
+ansible_python_interpreter: /usr/bin/python3
+
+# YDB cluster domain (aka cluster identifier), Root in the documentation
+ydb_domain: cluster1
+
+# YDB software installation directory
+ydb_dir: /opt/ydb
+
+# Source directory with TLS keys and certificares
+ydb_tls_dir: ../tls
+
+# YDB server software release
+ydb_version: 24.3.13.4
+
+# YDB server software archive
+ydb_archive: "../yasubd-{{ ydb_version }}-linux-amd64.tar.xz"
+
+# Extra options passed to tar for unpack, typically "--strip-component=1"
+ydb_unpack_options: "--strip-component=1"
+
+# Database name for the dynamic nodes
+ydb_dbname: testdb
+
+# YDB default storage pool kind, as specified in the static nodes
+#   configuration file in the storage_pool_types.kind field
+ydb_pool_kind: ssd
+
+# Default number of groups per newly created database
+ydb_default_groups: 26
+
+# Name of YDB cluster configuration file
+ydb_config: cluster-config.yaml
+
+# Number of cores for static and dynamic nodes
+ydb_cores_static: 15
+ydb_cores_dynamic: 22
+
+# YDB physical disk device names and labels for static nodes
+ydb_disks:
+    - name: /dev/vdb
+      label: ydb_disk_1
+    - name: /dev/vdc
+      label: ydb_disk_2
+    - name: /dev/vdd
+      label: ydb_disk_3
+
+# The list of exactly three node brokers (static nodes)
+ydb_brokers:
+  - b-ydbd-1.back.private
+  - b-ydbd-2.back.private
+  - b-ydbd-3.back.private
+
+# The list of dynnodes to run on each host
+#  instance is the service suffix
+#  offset is the integer added to base port numbers
+#  affinity is optional, and is the vCPU mask to run the service
+# To check: for pid in `pgrep ydbd`; do sudo taskset -cp $pid; done
+ydb_dynnodes:
+  - { instance: 'a', offset: 0 }
+
+# Optional parameter defining the CPU affinity of static nodes' services
+# ydb_affinity_static: '0-10'
+
+# Extra sleep time to allow dynamic nodes to settle up
+dynnode_restart_sleep_seconds: 10
+
+# Source path to Unified Agent binary
+unified_agent_binary: ../unified_agent
+# Unified Agent installation root
+unified_agent_home: /opt/ydb/unified_agent
+
+# Optional network congestion control setting, htcp recommended
+ydb_congestion_setting: htcp
+# Optional module to load the congestion control algorithm
+ydb_congestion_module: tcp_htcp
+
+# Should only be defined when YDB cluster extension is performed.
+# Must not be defined during the initial cluster setup.
+# ydb_cluster_extension: true

examples/full-dualhomed/ydb-ca-nodes.txt

@@ -0,0 +1,36 @@
+ydbd-1.front.private b-ydbd-1.back.private
+ydbd-2.front.private b-ydbd-2.back.private
+ydbd-3.front.private b-ydbd-3.back.private
+ydbd-4.front.private b-ydbd-4.back.private
+ydbd-5.front.private b-ydbd-5.back.private
+ydbd-6.front.private b-ydbd-6.back.private
+ydbd-7.front.private b-ydbd-7.back.private
+ydbd-8.front.private b-ydbd-8.back.private
+ydbd-9.front.private b-ydbd-9.back.private
+ydbd-10.front.private b-ydbd-10.back.private
+ydbd-11.front.private b-ydbd-11.back.private
+ydbd-12.front.private b-ydbd-12.back.private
+ydbd-13.front.private b-ydbd-13.back.private
+ydbd-14.front.private b-ydbd-14.back.private
+ydbd-15.front.private b-ydbd-15.back.private
+ydbd-16.front.private b-ydbd-16.back.private
+ydbd-17.front.private b-ydbd-17.back.private
+ydbd-18.front.private b-ydbd-18.back.private
+ydbx-1.front.private b-ydbx-1.back.private
+ydbx-2.front.private b-ydbx-2.back.private
+ydbx-3.front.private b-ydbx-3.back.private
+ydbx-4.front.private b-ydbx-4.back.private
+ydbx-5.front.private b-ydbx-5.back.private
+ydbx-6.front.private b-ydbx-6.back.private
+ydbx-7.front.private b-ydbx-7.back.private
+ydbx-8.front.private b-ydbx-8.back.private
+ydbx-9.front.private b-ydbx-9.back.private
+ydbx-10.front.private b-ydbx-10.back.private
+ydbx-11.front.private b-ydbx-11.back.private
+ydbx-12.front.private b-ydbx-12.back.private
+ydbx-13.front.private b-ydbx-13.back.private
+ydbx-14.front.private b-ydbx-14.back.private
+ydbx-15.front.private b-ydbx-15.back.private
+ydbx-16.front.private b-ydbx-16.back.private
+ydbx-17.front.private b-ydbx-17.back.private
+ydbx-18.front.private b-ydbx-18.back.private