initial corosync/pacemaker setup with upstream modules
This commit is contained in:
parent
bdca123b99
commit
bcf06cbbc9
|
@ -265,4 +265,8 @@
|
||||||
];
|
];
|
||||||
} ];
|
} ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
site.cluster = {
|
||||||
|
corosyncAuthKey = "8V82ry1A6Ki6EXWj2X8PJYC89xITLsgFteQbr6tiegUQLbbtMzWmT8ynyVn5cHiah52ANNfQk6yLrvAJrVDVlTFowG5D1GClOHQmmZi+Xv3nJ2fCUjCYa97/tSdV/1NnsNKkxMxJndef2TrknHAR4DBAM32USADBhP94nuv5FmdMOTLBDbvdlOrCGbdnaZKgIrhuN61atQ1iRexz0prHO+3WfOEx39N+Tzr4";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
description = "Zentralwerk network";
|
description = "Zentralwerk network";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/release-21.11";
|
nixpkgs.url = "github:astro/nixpkgs/pacemaker";
|
||||||
nixpkgs-master.url = "github:NixOS/nixpkgs";
|
nixpkgs-master.url = "github:astro/nixpkgs/pacemaker";
|
||||||
openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
|
openwrt.url = "git+https://git.openwrt.org/openwrt/openwrt.git?ref=openwrt-21.02";
|
||||||
openwrt.flake = false;
|
openwrt.flake = false;
|
||||||
};
|
};
|
||||||
|
|
|
@ -577,6 +577,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
vpn.wireguard = vpnOpts;
|
vpn.wireguard = vpnOpts;
|
||||||
|
|
||||||
|
cluster.corosyncAuthKey = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config.warnings =
|
config.warnings =
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, nixpkgs-master, ... }:
|
{ config, lib, pkgs, nixpkgs-master, ... }:
|
||||||
{
|
{
|
||||||
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
boot.kernelModules = [ "kvm-intel" "pppoe" ];
|
||||||
boot.kernelParams = [ "nomodeset" ];
|
boot.kernelParams = [ "nomodeset" ];
|
||||||
|
@ -7,10 +7,38 @@
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages =
|
||||||
wget vim git screen
|
with pkgs;
|
||||||
ipmitool
|
let
|
||||||
];
|
containers = builtins.attrNames (
|
||||||
|
lib.filterAttrs (_: { role, ... }:
|
||||||
|
role == "container"
|
||||||
|
) config.site.hosts
|
||||||
|
);
|
||||||
|
resources = builtins.toFile "cib-resources.xml" ''
|
||||||
|
<resources>
|
||||||
|
${lib.concatMapStrings (container: ''
|
||||||
|
<primitive id="${container}" class="systemd" type="${container}">
|
||||||
|
<operations>
|
||||||
|
<op id=""${container}-start" name="start" interval="0" timeout="10s"/>
|
||||||
|
<op id=""${container}-stop" name="start" interval="0" timeout="10s"/>
|
||||||
|
<op id="${container}-monitor" name="monitor" interval="10s" timeout="10s"/>
|
||||||
|
</operations>
|
||||||
|
</primitive>
|
||||||
|
'') containers}
|
||||||
|
</resources>
|
||||||
|
'';
|
||||||
|
cib-set-resources = writeScriptBin "cib-set-resources" ''
|
||||||
|
!# ${runtimeShell} -e
|
||||||
|
|
||||||
|
crm_attribute -t crm_config -n stonith-enabled -v false
|
||||||
|
cibadmin --replace --scope resources --xml-file ${resources}
|
||||||
|
'';
|
||||||
|
in [
|
||||||
|
wget vim git screen
|
||||||
|
ipmitool
|
||||||
|
cib-set-resources
|
||||||
|
];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.permitRootLogin = "prohibit-password";
|
services.openssh.permitRootLogin = "prohibit-password";
|
||||||
|
|
||||||
|
@ -20,4 +48,29 @@
|
||||||
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
# FIXME: IPMI is only available with nixpkgs-21.11 onwards
|
||||||
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
package = nixpkgs-master.legacyPackages.${pkgs.system}.collectd;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.corosync = {
|
||||||
|
enable = true;
|
||||||
|
clusterName = "zentralwerk-network";
|
||||||
|
nodelist =
|
||||||
|
lib.imap (n: hostName: {
|
||||||
|
nodeid = n;
|
||||||
|
name = hostName;
|
||||||
|
ring_addrs = map (net:
|
||||||
|
config.site.net.${net}.hosts4.${hostName}
|
||||||
|
) [ "cluster" "mgmt" ];
|
||||||
|
}) (
|
||||||
|
builtins.filter (hostName:
|
||||||
|
config.site.hosts.${hostName}.role == "server"
|
||||||
|
) (builtins.attrNames config.site.hosts)
|
||||||
|
);
|
||||||
|
};
|
||||||
|
environment.etc."corosync/authkey" = {
|
||||||
|
source = builtins.toFile "authkey" config.site.cluster.corosyncAuthKey;
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.pacemaker = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue