nixos-module/server/cluster: break out
This commit is contained in:
parent
e2bd1439e1
commit
94331e5de2
|
@ -18,6 +18,7 @@ in {
|
||||||
] ++
|
] ++
|
||||||
optionals (hostConfig.role == "server") [
|
optionals (hostConfig.role == "server") [
|
||||||
./server/default.nix
|
./server/default.nix
|
||||||
|
./server/cluster.nix
|
||||||
] ++
|
] ++
|
||||||
optionals (hostConfig.role == "container") [
|
optionals (hostConfig.role == "container") [
|
||||||
./container/defaults.nix
|
./container/defaults.nix
|
||||||
|
|
56
nix/nixos-module/server/cluster.nix
Normal file
56
nix/nixos-module/server/cluster.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
environment.systemPackages =
|
||||||
|
with pkgs;
|
||||||
|
let
|
||||||
|
containers = builtins.attrNames (
|
||||||
|
lib.filterAttrs (_: { role, ... }:
|
||||||
|
role == "container"
|
||||||
|
) config.site.hosts
|
||||||
|
);
|
||||||
|
resources = builtins.toFile "cib-resources.xml" ''
|
||||||
|
<resources>
|
||||||
|
${lib.concatMapStrings (container: ''
|
||||||
|
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
|
||||||
|
<operations>
|
||||||
|
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
|
||||||
|
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
|
||||||
|
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
|
||||||
|
</operations>
|
||||||
|
</primitive>
|
||||||
|
'') containers}
|
||||||
|
</resources>
|
||||||
|
'';
|
||||||
|
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
||||||
|
#! ${runtimeShell} -e
|
||||||
|
|
||||||
|
crm_attribute -t crm_config -n stonith-enabled -v false
|
||||||
|
cibadmin --replace --scope resources --xml-file ${resources}
|
||||||
|
'';
|
||||||
|
in [ cib-set-resources ];
|
||||||
|
|
||||||
|
services.corosync = {
|
||||||
|
enable = true;
|
||||||
|
clusterName = "zentralwerk-network";
|
||||||
|
nodelist =
|
||||||
|
lib.imap (n: hostName: {
|
||||||
|
nodeid = n;
|
||||||
|
name = hostName;
|
||||||
|
ring_addrs = map (net:
|
||||||
|
config.site.net.${net}.hosts4.${hostName}
|
||||||
|
) [ "cluster" "mgmt" ];
|
||||||
|
}) (
|
||||||
|
builtins.filter (hostName:
|
||||||
|
config.site.hosts.${hostName}.role == "server"
|
||||||
|
) (builtins.attrNames config.site.hosts)
|
||||||
|
);
|
||||||
|
};
|
||||||
|
environment.etc."corosync/authkey" = {
|
||||||
|
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.pacemaker = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, nixpkgs-master, ... }:
|
{ pkgs, nixpkgs-master, ... }:
|
||||||
{
|
{
|
||||||
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
||||||
boot.kernelParams = [ "nomodeset" ];
|
boot.kernelParams = [ "nomodeset" ];
|
||||||
|
@ -7,37 +7,9 @@
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages = with pkgs; [
|
||||||
with pkgs;
|
|
||||||
let
|
|
||||||
containers = builtins.attrNames (
|
|
||||||
lib.filterAttrs (_: { role, ... }:
|
|
||||||
role == "container"
|
|
||||||
) config.site.hosts
|
|
||||||
);
|
|
||||||
resources = builtins.toFile "cib-resources.xml" ''
|
|
||||||
<resources>
|
|
||||||
${lib.concatMapStrings (container: ''
|
|
||||||
<primitive id="lxc-${container}" class="systemd" type="lxc@${container}">
|
|
||||||
<operations>
|
|
||||||
<op id="stop-${container}" name="start" interval="0" timeout="10s"/>
|
|
||||||
<op id="start-${container}" name="start" interval="0" timeout="10s"/>
|
|
||||||
<op id="monitor-${container}" name="monitor" interval="10s" timeout="10s"/>
|
|
||||||
</operations>
|
|
||||||
</primitive>
|
|
||||||
'') containers}
|
|
||||||
</resources>
|
|
||||||
'';
|
|
||||||
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
|
||||||
#! ${runtimeShell} -e
|
|
||||||
|
|
||||||
crm_attribute -t crm_config -n stonith-enabled -v false
|
|
||||||
cibadmin --replace --scope resources --xml-file ${resources}
|
|
||||||
'';
|
|
||||||
in [
|
|
||||||
wget vim git screen
|
wget vim git screen
|
||||||
ipmitool
|
ipmitool
|
||||||
cib-set-resources
|
|
||||||
];
|
];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.permitRootLogin = "prohibit-password";
|
services.openssh.permitRootLogin = "prohibit-password";
|
||||||
|
@ -48,29 +20,4 @@
|
||||||
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
||||||
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.corosync = {
|
|
||||||
enable = true;
|
|
||||||
clusterName = "zentralwerk-network";
|
|
||||||
nodelist =
|
|
||||||
lib.imap (n: hostName: {
|
|
||||||
nodeid = n;
|
|
||||||
name = hostName;
|
|
||||||
ring_addrs = map (net:
|
|
||||||
config.site.net.${net}.hosts4.${hostName}
|
|
||||||
) [ "cluster" "mgmt" ];
|
|
||||||
}) (
|
|
||||||
builtins.filter (hostName:
|
|
||||||
config.site.hosts.${hostName}.role == "server"
|
|
||||||
) (builtins.attrNames config.site.hosts)
|
|
||||||
);
|
|
||||||
};
|
|
||||||
environment.etc."corosync/authkey" = {
|
|
||||||
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
|
||||||
mode = "0400";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.pacemaker = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user