nixos-module/server/cluster: break out
This commit is contained in:
parent
e2bd1439e1
commit
94331e5de2
|
@ -18,6 +18,7 @@ in {
|
|||
] ++
|
||||
optionals (hostConfig.role == "server") [
|
||||
./server/default.nix
|
||||
./server/cluster.nix
|
||||
] ++
|
||||
optionals (hostConfig.role == "container") [
|
||||
./container/defaults.nix
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages =
|
||||
with pkgs;
|
||||
let
|
||||
containers = builtins.attrNames (
|
||||
lib.filterAttrs (_: { role, ... }:
|
||||
role == "container"
|
||||
) config.site.hosts
|
||||
);
|
||||
resources = builtins.toFile "cib-resources.xml" ''
|
||||
<resources>
|
||||
${lib.concatMapStrings (container: ''
|
||||
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
|
||||
<operations>
|
||||
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
|
||||
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
|
||||
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
|
||||
</operations>
|
||||
</primitive>
|
||||
'') containers}
|
||||
</resources>
|
||||
'';
|
||||
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
||||
#! ${runtimeShell} -e
|
||||
|
||||
crm_attribute -t crm_config -n stonith-enabled -v false
|
||||
cibadmin --replace --scope resources --xml-file ${resources}
|
||||
'';
|
||||
in [ cib-set-resources ];
|
||||
|
||||
services.corosync = {
|
||||
enable = true;
|
||||
clusterName = "zentralwerk-network";
|
||||
nodelist =
|
||||
lib.imap (n: hostName: {
|
||||
nodeid = n;
|
||||
name = hostName;
|
||||
ring_addrs = map (net:
|
||||
config.site.net.${net}.hosts4.${hostName}
|
||||
) [ "cluster" "mgmt" ];
|
||||
}) (
|
||||
builtins.filter (hostName:
|
||||
config.site.hosts.${hostName}.role == "server"
|
||||
) (builtins.attrNames config.site.hosts)
|
||||
);
|
||||
};
|
||||
environment.etc."corosync/authkey" = {
|
||||
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
services.pacemaker = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, nixpkgs-master, ... }:
|
||||
{ pkgs, nixpkgs-master, ... }:
|
||||
{
|
||||
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
||||
boot.kernelParams = [ "nomodeset" ];
|
||||
|
@ -7,37 +7,9 @@
|
|||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
environment.systemPackages =
|
||||
with pkgs;
|
||||
let
|
||||
containers = builtins.attrNames (
|
||||
lib.filterAttrs (_: { role, ... }:
|
||||
role == "container"
|
||||
) config.site.hosts
|
||||
);
|
||||
resources = builtins.toFile "cib-resources.xml" ''
|
||||
<resources>
|
||||
${lib.concatMapStrings (container: ''
|
||||
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
|
||||
<operations>
|
||||
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
|
||||
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
|
||||
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
|
||||
</operations>
|
||||
</primitive>
|
||||
'') containers}
|
||||
</resources>
|
||||
'';
|
||||
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
||||
#! ${runtimeShell} -e
|
||||
|
||||
crm_attribute -t crm_config -n stonith-enabled -v false
|
||||
cibadmin --replace --scope resources --xml-file ${resources}
|
||||
'';
|
||||
in [
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git screen
|
||||
ipmitool
|
||||
cib-set-resources
|
||||
];
|
||||
services.openssh.enable = true;
|
||||
services.openssh.permitRootLogin = "prohibit-password";
|
||||
|
@ -48,29 +20,4 @@
|
|||
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
||||
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
||||
};
|
||||
|
||||
services.corosync = {
|
||||
enable = true;
|
||||
clusterName = "zentralwerk-network";
|
||||
nodelist =
|
||||
lib.imap (n: hostName: {
|
||||
nodeid = n;
|
||||
name = hostName;
|
||||
ring_addrs = map (net:
|
||||
config.site.net.${net}.hosts4.${hostName}
|
||||
) [ "cluster" "mgmt" ];
|
||||
}) (
|
||||
builtins.filter (hostName:
|
||||
config.site.hosts.${hostName}.role == "server"
|
||||
) (builtins.attrNames config.site.hosts)
|
||||
);
|
||||
};
|
||||
environment.etc."corosync/authkey" = {
|
||||
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
services.pacemaker = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue