forked from zentralwerk/network
Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
cffdd7bbd7 | |||
a474577abd | |||
48b050b283 | |||
531df7e594 | |||
|
2720d3d9ac |
|
@ -65,11 +65,13 @@
|
|||
keycloak = "172.20.73.59";
|
||||
sdrweb = "172.20.73.60";
|
||||
bind = "172.20.73.61";
|
||||
blogs = "172.20.73.62";
|
||||
};
|
||||
subnets6.dn42 = "fd23:42:c3d2:582::/64";
|
||||
subnets6.up4 = "2a00:8180:2c00:282::/64";
|
||||
hosts6.dn42 = {
|
||||
bind = "fd23:42:c3d2:582:cd7:56ff:fe69:6366";
|
||||
blogs = "fd42:42:c3d2:582:b8a8:7dff:fee8:5ac2";
|
||||
c3d2-web = "fd23:42:c3d2:582:642e:95ff:fe34:49f9";
|
||||
dns = "fd23:42:c3d2:582:2:0:0:2";
|
||||
dnscache = "fd23:42:c3d2:582:f096:dbff:fee8:427d";
|
||||
|
@ -95,6 +97,7 @@
|
|||
};
|
||||
hosts6.up4 = {
|
||||
bind = "2a00:8180:2c00:282:cd7:56ff:fe69:6366";
|
||||
blogs = "2a00:8180:2c00:282:b8a8:7dff:fee8:5ac2";
|
||||
c3d2-web = "2a00:8180:2c00:282:642e:95ff:fe34:49f9";
|
||||
dns = "2a00:8180:2c00:282:2:0:0:2";
|
||||
dnscache = "2a00:8180:2c00:282:f096:dbff:fee8:427d";
|
||||
|
|
|
@ -348,6 +348,12 @@
|
|||
reflect = true;
|
||||
sourcePort = 995;
|
||||
}
|
||||
{
|
||||
destination = "172.20.73.162:22";
|
||||
proto = "tcp";
|
||||
reflect = true;
|
||||
sourcePort = 2323;
|
||||
}
|
||||
];
|
||||
interfaces = {
|
||||
core = {
|
||||
|
|
22
flake.lock
22
flake.lock
|
@ -2,27 +2,27 @@
|
|||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1636997306,
|
||||
"narHash": "sha256-lzZka8I/y/CRKeXkfyafFx6/dh5LnIBUIM7VfPHy1I4=",
|
||||
"lastModified": 1639061333,
|
||||
"narHash": "sha256-rG04piqc/mCGM+6IU0o1JRlH+iqwOXbuuqA1Wtszexw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0a8bc59854397f48461bf043c5f61d90e170755d",
|
||||
"rev": "fe4ebb5a53789ecea5eddaf48589f69701c125c3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-21.05",
|
||||
"ref": "release-21.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1637013565,
|
||||
"narHash": "sha256-moN0tzKsEmPnTk3JMqODi98DwaVfCReRMERYyeCRba4=",
|
||||
"lastModified": 1639061474,
|
||||
"narHash": "sha256-iCrfAyfrQo7y1OFyp98lEcTFDGL6oJMduI1B8bwYZdg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4890bee027a805e2265e68f98abd1035b9449609",
|
||||
"rev": "61727e0e57e73113aca16981ea00275b299fbf94",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -34,11 +34,11 @@
|
|||
"openwrt": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1636309300,
|
||||
"narHash": "sha256-upY6H8I58zslHqEWKAueJjFnx3exkUVODY8aNyd9/VM=",
|
||||
"lastModified": 1638708860,
|
||||
"narHash": "sha256-6az+TFKk6A94YEFvrNRBuCnDfTG2y9HT9xivx5wknhU=",
|
||||
"ref": "openwrt-21.02",
|
||||
"rev": "4b0f87729c2e3c0571663e6f882fe726fef99f74",
|
||||
"revCount": 50796,
|
||||
"rev": "c67509efd7d0c43eb3f622f06c8a31aa28d22f6e",
|
||||
"revCount": 50860,
|
||||
"type": "git",
|
||||
"url": "https://git.openwrt.org/openwrt/openwrt.git"
|
||||
},
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
description = "Zentralwerk network";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/release-21.05";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/release-21.11";
|
||||
nixpkgs-master.url = "github:NixOS/nixpkgs";
|
||||
openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
|
||||
openwrt.flake = false;
|
||||
|
|
|
@ -293,11 +293,6 @@ let
|
|||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
diskSize = mkOption {
|
||||
type = types.int;
|
||||
default = 64;
|
||||
description = "Root disk size for containers in MB";
|
||||
};
|
||||
interfaces = mkOption {
|
||||
default = {};
|
||||
type = with types; attrsOf (submodule interfaceOpts);
|
||||
|
|
|
@ -3,11 +3,8 @@
|
|||
imports = [
|
||||
./defaults.nix
|
||||
./network.nix
|
||||
./drbd-utils.nix
|
||||
./lxc-containers.nix
|
||||
./qemu.nix
|
||||
./pacemaker.nix
|
||||
./ha.nix
|
||||
# host-specific configuration
|
||||
(./. + "/${hostName}.nix")
|
||||
];
|
||||
|
|
|
@ -11,8 +11,6 @@
|
|||
wget vim git screen
|
||||
ipmitool
|
||||
];
|
||||
|
||||
systemd.services."systemd-networkd-wait-online".enable = false;
|
||||
services.openssh.enable = true;
|
||||
services.openssh.permitRootLogin = "prohibit-password";
|
||||
|
||||
|
|
|
@ -1,66 +0,0 @@
|
|||
{ self, config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
|
||||
let cfg = config.services.drbd-utils; in
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.drbd-utils.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable support for DRBD, the Distributed Replicated
|
||||
Block Device.
|
||||
'';
|
||||
};
|
||||
|
||||
services.drbd-utils.config = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Contents of the <filename>drbd.conf</filename> configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# use the latest drbd-utils from outside nixpkgs
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
drbd = self.packages.${pkgs.system}.drbd-utils;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.drbd ];
|
||||
services.udev.packages = [ pkgs.drbd ];
|
||||
boot.kernelModules = [ "drbd" ];
|
||||
|
||||
boot.extraModprobeConfig =
|
||||
''
|
||||
options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
|
||||
'';
|
||||
|
||||
environment.etc."drbd.conf" =
|
||||
{ source = pkgs.writeText "drbd.conf" cfg.config; };
|
||||
|
||||
systemd.services.drbd = {
|
||||
after = [ "systemd-udev.settle.service" "network-online.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
wants = [ "systemd-udev.settle.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.drbd ];
|
||||
script = ''
|
||||
drbdadm up all
|
||||
'';
|
||||
preStop = ''
|
||||
drbdadm down all
|
||||
'';
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
{
|
||||
services.pacemaker.enable = true;
|
||||
services.corosync = {
|
||||
clusterName = "zentralwerk";
|
||||
nodelist = lib.imap1 (i: hostName: {
|
||||
nodeid = i;
|
||||
name = hostName;
|
||||
ring_addrs = map (net:
|
||||
config.site.net.${net}.hosts6.dn42.${hostName}
|
||||
) [ "cluster" "mgmt" ];
|
||||
}) (
|
||||
builtins.attrNames (
|
||||
lib.filterAttrs (_: { role, ... }: role == "server")
|
||||
config.site.hosts
|
||||
)
|
||||
);
|
||||
};
|
||||
}
|
|
@ -1,13 +1,6 @@
|
|||
{ hostName, self, config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
drbdPortBase = 17000;
|
||||
|
||||
servers =
|
||||
lib.filterAttrs (_: { role, ... }:
|
||||
role == "server"
|
||||
) config.site.hosts;
|
||||
|
||||
# Containers that are run on this host
|
||||
containers =
|
||||
lib.filterAttrs (_: { role, model, ... }:
|
||||
|
@ -116,7 +109,14 @@ let
|
|||
esac
|
||||
|
||||
echo Installing $c
|
||||
ln -fs $SYSTEM /var/lib/lxc/$c/system
|
||||
for d in \
|
||||
bin dev etc home mnt \
|
||||
nix/store nix/var \
|
||||
proc root run sys tmp var usr ; \
|
||||
do
|
||||
mkdir -p /var/lib/lxc/$c/rootfs/$d
|
||||
done
|
||||
ln -fs $SYSTEM/init /var/lib/lxc/$c/rootfs/init
|
||||
done
|
||||
|
||||
# Activate all the desired container after all of them are
|
||||
|
@ -138,6 +138,15 @@ let
|
|||
set -e
|
||||
'';
|
||||
|
||||
enable-script = pkgs.writeScriptBin "enable-containers" ''
|
||||
touch /etc/start-containers
|
||||
systemctl start lxc-containers.target
|
||||
'';
|
||||
|
||||
disable-script = pkgs.writeScriptBin "disable-containers" ''
|
||||
rm /etc/start-containers
|
||||
systemctl stop lxc-containers.target lxc@\*.service
|
||||
'';
|
||||
in
|
||||
{
|
||||
boot.kernel.sysctl = lib.mkIf enabled {
|
||||
|
@ -150,7 +159,6 @@ in
|
|||
"net.ipv6.neigh.default.gc_thresh3" = 8192;
|
||||
"kernel.keys.maxkeys" = 2000;
|
||||
};
|
||||
boot.kernelModules = [ "loop" ];
|
||||
|
||||
virtualisation.lxc = lib.mkIf enabled {
|
||||
enable = true;
|
||||
|
@ -165,6 +173,7 @@ in
|
|||
# `lxc-attach` et al
|
||||
pkgs.lxc build-script
|
||||
# User scripts
|
||||
enable-script disable-script
|
||||
];
|
||||
|
||||
# Create lxc.container.conf files
|
||||
|
@ -181,9 +190,8 @@ in
|
|||
# Handled by lxc@.service
|
||||
lxc.start.auto = 0
|
||||
lxc.rootfs.path = /var/lib/lxc/${ctName}/rootfs
|
||||
lxc.init.cmd = "/system/init"
|
||||
lxc.init.cmd = "/init"
|
||||
|
||||
lxc.mount.entry = /var/lib/lxc/${ctName}/system system none bind,ro 0 0
|
||||
lxc.mount.entry = /nix/store nix/store none bind,ro 0 0
|
||||
lxc.mount.entry = none tmp tmpfs defaults 0 0
|
||||
lxc,mount.auto = proc:mixed sys:ro cgroup:mixed
|
||||
|
@ -217,9 +225,9 @@ in
|
|||
systemd.services."lxc@" = {
|
||||
description = "LXC container '%i'";
|
||||
after = [ "network.target" ];
|
||||
requires = [ "lxc-rootfs@%i.service" ];
|
||||
unitConfig.ConditionPathExists = [
|
||||
"/var/lib/lxc/%i/system"
|
||||
"/var/lib/lxc/%i/rootfs/init"
|
||||
"/etc/start-containers"
|
||||
];
|
||||
serviceConfig = with pkgs; {
|
||||
Type = "simple";
|
||||
|
@ -242,125 +250,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services."lxc-rootfs@" = {
|
||||
wants = [ "drbd.service" ];
|
||||
unitConfig.ConditionPathExists = [
|
||||
"/dev/drbd/by-res/%i"
|
||||
];
|
||||
serviceConfig =
|
||||
let
|
||||
mkScript = name: content:
|
||||
"${pkgs.writeShellScriptBin name ''
|
||||
PATH=$PATH:/run/current-system/sw/bin
|
||||
${content}
|
||||
''}/bin/${name} %i";
|
||||
in {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = mkScript "lxc-rootfs-start" ''
|
||||
drbdadm primary $1
|
||||
ROOT=/var/lib/lxc/$1/rootfs
|
||||
mkdir -p $ROOT
|
||||
mount /dev/drbd/by-res/$1 $ROOT
|
||||
for DIR in \
|
||||
bin dev etc home mnt \
|
||||
nix/store nix/var \
|
||||
proc root run sys \
|
||||
system tmp var usr \
|
||||
; do
|
||||
mkdir -p $ROOT/$DIR
|
||||
done
|
||||
'';
|
||||
ExecStop = mkScript "lxc-rootfs-stop" ''
|
||||
umount /var/lib/lxc/$1/rootfs
|
||||
drbdadm secondary $1
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# systemd.services.drbd.wants = [ "lxc-volumes.service" ];
|
||||
systemd.services.lxc-volumes = {
|
||||
description = "Create LXC rootfs for drbd";
|
||||
wantedBy = [ "drbd.service" ];
|
||||
path = with pkgs; [ drbd coreutils util-linux e2fsprogs ];
|
||||
script = ''
|
||||
create() {
|
||||
file=$1
|
||||
size=$2
|
||||
[ -e $file ] || \
|
||||
dd if=/dev/zero of=$file bs=1024 seek=$(($size - 1)) count=1
|
||||
}
|
||||
|
||||
${lib.concatStrings (lib.imap0 (i: container: ''
|
||||
mkdir -p /var/lib/lxc/${container}
|
||||
cd /var/lib/lxc/${container}
|
||||
|
||||
if [ ! -e rootfs.img ]; then
|
||||
create rootfs.img ${toString (containers.${container}.diskSize * 1024)}
|
||||
mkfs.ext4 rootfs.img
|
||||
else
|
||||
losetup -d /dev/loop${toString (2 * i)} 2> /dev/null || true
|
||||
fi
|
||||
# TODO: zfsPool
|
||||
losetup /dev/loop${toString (2 * i)} rootfs.img
|
||||
|
||||
if [ ! -e rootfs.meta ]; then
|
||||
create rootfs.meta ${toString (((4095 + 36 + (containers.${container}.diskSize / 32)) / 4096) * 4096)}
|
||||
losetup /dev/loop${toString (2 * i + 1)} rootfs.meta
|
||||
drbdadm create-md ${container}
|
||||
else
|
||||
losetup /dev/loop${toString (2 * i + 1)} rootfs.meta
|
||||
fi
|
||||
'') (builtins.attrNames containers))}
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.drbd-utils = {
|
||||
enable = true;
|
||||
config = ''
|
||||
global {
|
||||
# Do not participate in online survey
|
||||
usage-count no;
|
||||
}
|
||||
|
||||
common {
|
||||
# Protocol A: write IO is reported as completed, if it has
|
||||
# reached local disk and local TCP send buffer.
|
||||
protocol A;
|
||||
syncer {
|
||||
rate 60M;
|
||||
}
|
||||
}
|
||||
|
||||
${lib.concatStrings (lib.imap0 (i: container: ''
|
||||
resource ${container} {
|
||||
net {
|
||||
cram-hmac-alg sha1;
|
||||
shared-secret "TODO";
|
||||
}
|
||||
device minor ${toString i};
|
||||
# /var/lib/lxc/${container}/rootfs.img
|
||||
disk /dev/loop${toString (i * 2)};
|
||||
# /var/lib/lxc/${container}/rootfs.meta
|
||||
meta-disk /dev/loop${toString (i * 2 + 1)};
|
||||
${lib.concatMapStrings (server: ''
|
||||
on ${server} {
|
||||
address ${config.site.net.cluster.hosts4.${server}}:${toString (drbdPortBase + i)};
|
||||
}
|
||||
'') (builtins.attrNames servers)}
|
||||
}
|
||||
'') (builtins.attrNames containers))}
|
||||
'';
|
||||
};
|
||||
networking.firewall.allowedTCPPorts =
|
||||
lib.imap0 (i: _server: drbdPortBase + i)
|
||||
(builtins.attrNames servers);
|
||||
|
||||
services.pacemaker.services =
|
||||
map (ctName: "lxc@${ctName}.service")
|
||||
# Starts all the containers after boot
|
||||
systemd.targets.lxc-containers = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = map (ctName: "lxc@${ctName}.service")
|
||||
(builtins.attrNames containers);
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,205 +0,0 @@
|
|||
{ self, pkgs, lib, config, ... }:
|
||||
let
|
||||
description = "Pacemaker HA cluster manager";
|
||||
cfg = config.services.pacemaker;
|
||||
in {
|
||||
options.services = with lib; {
|
||||
corosync = {
|
||||
clusterName = mkOption {
|
||||
type = types.str;
|
||||
default = "nixcluster";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
nodelist = mkOption {
|
||||
description = "Corosync nodelist: all cluster members";
|
||||
default = [];
|
||||
type = with types; listOf (submodule {
|
||||
options = {
|
||||
nodeid = mkOption {
|
||||
type = int;
|
||||
};
|
||||
name = mkOption {
|
||||
type = str;
|
||||
};
|
||||
ring_addrs = mkOption {
|
||||
type = listOf str;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
pacemaker = {
|
||||
enable = mkEnableOption description;
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = self.packages.${pkgs.system}.pacemaker;
|
||||
};
|
||||
|
||||
services = mkOption {
|
||||
description = "Systemd services to create resources for";
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
corosync = pkgs.corosync.overrideAttrs ({ buildInputs, configureFlags, ... }: {
|
||||
buildInputs = buildInputs ++ [
|
||||
pkgs.systemd.dev
|
||||
];
|
||||
configureFlags = configureFlags ++ [
|
||||
# allows Type=notfiy in the systemd.service
|
||||
"--enable-systemd"
|
||||
];
|
||||
});
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
corosync
|
||||
cfg.package
|
||||
];
|
||||
|
||||
environment.etc."corosync/corosync.conf".text = ''
|
||||
totem {
|
||||
version: 2
|
||||
secauth: off
|
||||
cluster_name: ${config.services.corosync.clusterName}
|
||||
transport: knet
|
||||
# TODO: secauth
|
||||
}
|
||||
|
||||
nodelist {
|
||||
${lib.concatMapStrings ({ nodeid, name, ring_addrs }: ''
|
||||
node {
|
||||
nodeid: ${toString nodeid}
|
||||
name: ${name}
|
||||
${lib.concatStrings (lib.imap0 (i: addr: ''
|
||||
ring${toString i}_addr: ${addr}
|
||||
'') ring_addrs)}
|
||||
}
|
||||
'') config.services.corosync.nodelist}
|
||||
}
|
||||
|
||||
quorum {
|
||||
# only corosync_votequorum is supported
|
||||
provider: corosync_votequorum
|
||||
wait_for_all: 0
|
||||
${lib.optionalString (builtins.length config.services.corosync.nodelist < 3) ''
|
||||
two_node: 1
|
||||
''}
|
||||
}
|
||||
|
||||
logging {
|
||||
to_syslog: yes
|
||||
}
|
||||
'';
|
||||
environment.etc."corosync/uidgid.d/root".text = ''
|
||||
# allow pacemaker connection by root
|
||||
uidgid {
|
||||
uid: 0
|
||||
gid: 0
|
||||
}
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/corosync 0700 root root -"
|
||||
"d /var/lib/pacemaker 0700 hacluster pacemaker -"
|
||||
"d /var/lib/pacemaker/cib 0700 hacluster pacemaker -"
|
||||
];
|
||||
|
||||
# used by pacemaker
|
||||
users.users.hacluster = {
|
||||
isSystemUser = true;
|
||||
group = "pacemaker";
|
||||
};
|
||||
users.groups.pacemaker = {};
|
||||
|
||||
systemd.services = {
|
||||
# see ${corosync.src}/init/corosync.service.in
|
||||
corosync = {
|
||||
requires = [ "network-online.target" ];
|
||||
after= [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.corosync}/sbin/corosync -f ${config.services.corosync.extraOptions}";
|
||||
ExecStop= "${pkgs.corosync}/sbin/corosync-cfgtool -H --force";
|
||||
Type = "notify";
|
||||
StandardError = "null";
|
||||
};
|
||||
};
|
||||
|
||||
# see ${pacemaker.src}/daemons/pacemakerd/pacemaker.service.in
|
||||
pacemaker = {
|
||||
inherit description;
|
||||
after = [
|
||||
"network.target" "time-sync.target" "dbus.service"
|
||||
#"resource-agents-deps.target"
|
||||
"corosync.service"
|
||||
];
|
||||
wants = [ "dbus.service" ];
|
||||
requires = [ "corosync.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart = ''
|
||||
cp -srf ${cfg.package}/var/lib/pacemaker/* /var/lib/pacemaker/
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${cfg.package}/sbin/pacemakerd";
|
||||
KillMode = "process";
|
||||
NotifyAccess = "main";
|
||||
SuccessExitStatus = 100;
|
||||
TasksMax = "infinity";
|
||||
SendSIGKILL = false;
|
||||
TimeoutStopSec = "30min";
|
||||
TimeoutStartSec = "60s";
|
||||
Restart = "on-failure";
|
||||
StandardError = "null";
|
||||
};
|
||||
};
|
||||
|
||||
pacemaker-config = {
|
||||
after = [ "pacemaker.service" ];
|
||||
requires = [ "pacemaker.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
path = [ cfg.package ];
|
||||
script = let
|
||||
mangleId = builtins.replaceStrings [ "@" ] [ "." ];
|
||||
resources = builtins.toFile "cib-resources.xml" ''
|
||||
<resources>
|
||||
${lib.concatMapStrings (service: ''
|
||||
<primitive id="${mangleId service}" class="systemd" type="${service}">
|
||||
<operations>
|
||||
<op id="${mangleId "${service}-start"}" name="start" interval="0" timeout="5s"/>
|
||||
<op id="${mangleId "${service}-monitor"}" name="monitor" interval="10s" timeout="10s"/>
|
||||
</operations>
|
||||
</primitive>
|
||||
'') cfg.services}
|
||||
</resources>
|
||||
'';
|
||||
in ''
|
||||
# Give Pacemaker time to come up
|
||||
sleep 1
|
||||
|
||||
crm_attribute -t crm_config -n stonith-enabled -v false
|
||||
cibadmin --replace --scope resources --xml-file ${resources}
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
# Options for running under qemu (vm-packages)
|
||||
{ inputs, lib, config, options, ... }:
|
||||
{ inputs, lib, options, ... }:
|
||||
{
|
||||
# Get internet from qemu user networking
|
||||
systemd.network = lib.optionalAttrs (options.virtualisation ? qemu) {
|
||||
|
@ -23,11 +23,6 @@
|
|||
# keep the store paths built inside the VM across reboots
|
||||
writableStoreUseTmpfs = false;
|
||||
qemu.options = [ "-enable-kvm" ];
|
||||
qemu.networkingOptions = [
|
||||
# Useful for cluster dev
|
||||
"-net nic,netdev=net.0,model=virtio"
|
||||
"-netdev tap,id=net.0,ifname=${config.networking.hostName},script=no,downscript=no"
|
||||
];
|
||||
};
|
||||
|
||||
# Let the nix registry point to the state of your local checkout
|
||||
|
|
|
@ -91,35 +91,9 @@ let
|
|||
subnetplans = import ./subnetplans.nix {
|
||||
inherit self nixpkgs system;
|
||||
};
|
||||
|
||||
drbd-utils = pkgs.callPackage ./drbd-utils.nix {
|
||||
inherit ocf-resource-agents;
|
||||
};
|
||||
drbd-utilsForOCF = pkgs.callPackage ./drbd-utils.nix {
|
||||
inherit ocf-resource-agents;
|
||||
forOCF = true;
|
||||
};
|
||||
|
||||
resource-agents = pkgs.callPackage ./resource-agents.nix {};
|
||||
|
||||
ocf-resource-agents = pkgs.callPackage ./ocf-resource-agents.nix {
|
||||
inherit resource-agents
|
||||
drbd-utilsForOCF
|
||||
pacemakerForOCF
|
||||
;
|
||||
};
|
||||
|
||||
pacemakerForOCF = pkgs.callPackage ./pacemaker.nix {
|
||||
inherit ocf-resource-agents;
|
||||
forOCF = true;
|
||||
};
|
||||
pacemaker = pkgs.callPackage ./pacemaker.nix {
|
||||
inherit ocf-resource-agents;
|
||||
};
|
||||
in
|
||||
rootfs-packages // vm-packages // device-templates // network-graphs // starlink // subnetplans // {
|
||||
inherit all-rootfs export-openwrt-models export-config dns-slaves
|
||||
encrypt-secrets decrypt-secrets switch-to-production
|
||||
drbd-utils pacemaker
|
||||
;
|
||||
}
|
||||
|
|
|
@ -1,128 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, docbook_xml_dtd_44
|
||||
, docbook_xml_dtd_45
|
||||
, docbook_xsl
|
||||
, asciidoctor
|
||||
, fetchurl
|
||||
, flex
|
||||
, kmod
|
||||
, libxslt
|
||||
, nixosTests
|
||||
, perl
|
||||
, systemd
|
||||
|
||||
# drbd-utils are compiled twice, once with forOCF = true to extract
|
||||
# its OCF definitions for use in the ocf-resource-agents derivation,
|
||||
# then again with forOCF = false, where the ocf-resource-agents is
|
||||
# provided as the OCF_ROOT.
|
||||
, forOCF ? false
|
||||
, ocf-resource-agents
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "drbd-utils";
|
||||
version = "9.19.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://pkg.linbit.com/downloads/drbd/utils/${pname}-${version}.tar.gz";
|
||||
sha256 = "1l99kcrb0j85wxxmrdihpx9bk1a4sdi7wlp5m1x5l24k8ck1m5cf";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
flex
|
||||
libxslt
|
||||
docbook_xsl
|
||||
asciidoctor
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
perl
|
||||
# perlPackages.Po4a used by ja documentation
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
"--libdir=${placeholder "out"}/lib"
|
||||
"--sbindir=${placeholder "out"}/bin"
|
||||
"--localstatedir=/var"
|
||||
"--sysconfdir=/etc"
|
||||
"--without-distro"
|
||||
];
|
||||
|
||||
makeFlags = [
|
||||
"SOURCE_DATE_EPOCH=1"
|
||||
"WANT_DRBD_REPRODUCIBLE_BUILD=1"
|
||||
] ++ lib.optional (!forOCF) "OCF_ROOT=${ocf-resource-agents}/usr/lib/ocf}";
|
||||
|
||||
installFlags = [
|
||||
"prefix="
|
||||
"DESTDIR=${placeholder "out"}"
|
||||
"localstatedir=/var"
|
||||
"DRBD_LIB_DIR=/var/lib"
|
||||
"INITDIR=/etc/init.d"
|
||||
"udevrulesdir=/etc/udev/rules.d"
|
||||
"sysconfdir=/etc"
|
||||
"sbindir=/bin"
|
||||
"datadir="
|
||||
"LIBDIR=/lib/drbd"
|
||||
"mandir=/share/man"
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
patchShebangs .
|
||||
substituteInPlace user/v84/drbdadm_usage_cnt.c \
|
||||
--replace '"/lib/drbd");' \
|
||||
'"${placeholder "out"}/lib/drbd");'
|
||||
substituteInPlace user/v9/drbdsetup_linux.c \
|
||||
--replace 'ret = system("/sbin/modprobe drbd");' \
|
||||
'ret = system("${kmod}/bin/modprobe drbd");'
|
||||
substituteInPlace user/v84/drbdsetup.c \
|
||||
--replace 'system("/sbin/modprobe drbd")' \
|
||||
'system("${kmod}/bin/modprobe drbd")'
|
||||
substituteInPlace documentation/ra2refentry.xsl \
|
||||
--replace "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" \
|
||||
"${docbook_xml_dtd_44}/xml/dtd/docbook/docbookx.dtd"
|
||||
function patch_docbook45() {
|
||||
substituteInPlace $1 \
|
||||
--replace "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" \
|
||||
"${docbook_xml_dtd_45}/xml/dtd/docbook/docbookx.dtd"
|
||||
}
|
||||
patch_docbook45 documentation/v9/drbd.conf.xml.in
|
||||
patch_docbook45 documentation/v9/drbdsetup.xml.in
|
||||
patch_docbook45 documentation/v84/drbdsetup.xml
|
||||
patch_docbook45 documentation/v84/drbd.conf.xml
|
||||
# The ja documentation is disabled because:
|
||||
# make[1]: Entering directory '/build/drbd-utils-9.16.0/documentation/ja/v84'
|
||||
# /nix/store/wyx2nn2pjcn50lc95c6qgsgm606rn0x2-perl5.32.1-po4a-0.62/bin/po4a-translate -f docbook -M utf-8 -L utf-8 -keep 0 -m ../../v84/drbdsetup.xml -p drbdsetup.xml.po -l drbdsetup.xml
|
||||
# Use of uninitialized value $args[1] in sprintf at /nix/store/wyx2nn2pjcn50lc95c6qgsgm606rn0x2-perl5.32.1-po4a-0.62/lib/perl5/site_perl/Locale/Po4a/Common.pm line 134.
|
||||
# Invalid po file drbdsetup.xml.po:
|
||||
substituteInPlace Makefile.in \
|
||||
--replace 'DOC_DIRS := documentation/v9 documentation/ja/v9' \
|
||||
'DOC_DIRS := documentation/v9' \
|
||||
--replace 'DOC_DIRS += documentation/v84 documentation/ja/v84' \
|
||||
'DOC_DIRS += documentation/v84' \
|
||||
--replace '$(MAKE) -C documentation/ja/v9 doc' \
|
||||
"" \
|
||||
--replace '$(MAKE) -C documentation/ja/v84 doc' \
|
||||
""
|
||||
substituteInPlace user/v9/drbdtool_common.c \
|
||||
--replace 'add_component_to_path("/lib/drbd");' \
|
||||
'add_component_to_path("${placeholder "out"}/lib/drbd");'
|
||||
'';
|
||||
|
||||
preConfigure = ''
|
||||
export PATH=${systemd}/sbin:$PATH
|
||||
'';
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
passthru.tests.drbd = nixosTests.drbd;
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://linbit.com/drbd/";
|
||||
description = "DRBD userspace utilities";
|
||||
license = licenses.gpl2Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ ryantm ];
|
||||
};
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
# This combines together OCF definitions from other derivations.
|
||||
# https://github.com/ClusterLabs/resource-agents/blob/master/doc/dev-guides/ra-dev-guide.asc
|
||||
{ stdenv
|
||||
, lib
|
||||
, runCommand
|
||||
, lndir
|
||||
, resource-agents
|
||||
, drbd-utilsForOCF
|
||||
, pacemakerForOCF
|
||||
} :
|
||||
|
||||
runCommand "ocf-resource-agents" {} ''
|
||||
mkdir -p $out/usr/lib/ocf
|
||||
${lndir}/bin/lndir -silent "${resource-agents}/lib/ocf/" $out/usr/lib/ocf
|
||||
${lndir}/bin/lndir -silent "${drbd-utilsForOCF}/usr/lib/ocf/" $out/usr/lib/ocf
|
||||
${lndir}/bin/lndir -silent "${pacemakerForOCF}/usr/lib/ocf/" $out/usr/lib/ocf
|
||||
''
|
|
@ -1,94 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, autoconf
|
||||
, automake
|
||||
, bash
|
||||
, bzip2
|
||||
, corosync
|
||||
, dbus
|
||||
, fetchFromGitHub
|
||||
, glib
|
||||
, gnutls
|
||||
, libqb
|
||||
, libtool
|
||||
, libuuid
|
||||
, libxml2
|
||||
, libxslt
|
||||
, pam
|
||||
, pkg-config
|
||||
, python3
|
||||
|
||||
# Pacemaker is compiled twice, once with forOCF = true to extract its
|
||||
# OCF definitions for use in the ocf-resource-agents derivation, then
|
||||
# again with forOCF = false, where the ocf-resource-agents is provided
|
||||
# as the OCF_ROOT.
|
||||
, forOCF ? false
|
||||
, ocf-resource-agents
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pacemaker";
|
||||
version = "2.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ClusterLabs";
|
||||
repo = pname;
|
||||
rev = "Pacemaker-${version}";
|
||||
sha256 = "0grzw3yv6l8l83pi0pdn1fps3qh7hk3fl2xbv3vx1ixri29m3438";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoconf
|
||||
automake
|
||||
libtool
|
||||
pkg-config
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
bash
|
||||
bzip2
|
||||
corosync
|
||||
dbus.dev
|
||||
glib
|
||||
gnutls
|
||||
libqb
|
||||
libuuid
|
||||
libxml2.dev
|
||||
libxslt.dev
|
||||
pam
|
||||
python3
|
||||
];
|
||||
|
||||
preConfigure = "./autogen.sh";
|
||||
|
||||
configureFlags = [
|
||||
"--exec-prefix=${placeholder "out"}"
|
||||
"--sysconfdir=/etc"
|
||||
"--datadir=/var/lib"
|
||||
"--localstatedir=/var"
|
||||
"--enable-systemd"
|
||||
"--with-systemdsystemunitdir=/etc/systemd/system"
|
||||
"--with-corosync"
|
||||
] ++ lib.optional (!forOCF) "--with-ocfdir=${ocf-resource-agents}/usr/lib/ocf";
|
||||
|
||||
installFlags = [ "DESTDIR=${placeholder "out"}" ];
|
||||
|
||||
NIX_CFLAGS_COMPILE = lib.optionals stdenv.cc.isGNU [
|
||||
"-Wno-error=strict-prototypes"
|
||||
];
|
||||
enableParallelBuilding = true;
|
||||
|
||||
postInstall = ''
|
||||
mv $out$out/* $out
|
||||
rm -r $out/nix
|
||||
ln -sf /var/lib/pacemaker/cib $out/var/lib/pacemaker/cib
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://clusterlabs.org/pacemaker/";
|
||||
description = "Pacemaker is an open source, high availability resource manager suitable for both small and large clusters.";
|
||||
license = licenses.gpl2Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ ryantm ];
|
||||
};
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
{ lib, stdenv
|
||||
, fetchFromGitHub
|
||||
, autoreconfHook
|
||||
, pkg-config
|
||||
, python3
|
||||
, glib
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "resource-agents";
|
||||
version = "4.8.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ClusterLabs";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256:1mdrwr3yqdqaifh3ynnhzdc59yfn4x00iygxqvh33p53jgf7cqir";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
pkg-config
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
glib
|
||||
python3
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/ClusterLabs/resource-agents";
|
||||
description = "Combined repository of OCF agents from the RHCS and Linux-HA projects";
|
||||
license = licenses.gpl2Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ ryantm ];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user