libretic/ansible-role-apache
6
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-apache synced 2025-01-09 11:20:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3 from jsmartin/riak

Browse source 
Merge riak deployment playbooks.
This commit is contained in:
Tim Gerla 2013-06-29 19:47:32 -07:00
commit e0b0a9f306
33 changed files with 899 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
riak/README.md Normal file
View file

@ -0,0 +1,82 @@
#### Introduction
These example playbooks should help you get an idea of how to use the riak ansible module. These playbooks were tested on Ubuntu Precise (12.04) and CentOS 6.4, both on x86_64.
These playbooks do not currently support selinux.
#### About Riak
Riak is distributed key-value store that is architected for:
* **Availability**: Riak replicates and retrieves data intelligently so it is available for read and write operations, even in failure conditions
* **Fault-Tolerance**: You can lose access to many nodes due to network partition or hardware failure without losing data
* **Operational Simplicity**: Add new machines to your Riak cluster easily without incurring a larger operational burden the same ops tasks apply to small clusters as large clusters
* **Scalability**: Riak automatically distributes data around the cluster and yields a near-linear performance increase as you add capacity.
For more information, please visit [http://docs.basho.com/riak/latest/](http://docs.basho.com/riak/latest/)
#### Requirements
This playbook requires ansible 1.2.
#### Hosts File Naming Conventions
In the hosts file, we use a host variable **node_type** to ease the cluster joining process. The following values of **node_type** can be used.
* **primary** - all nodes attempt to join this node.
* **last** - this node plans and commits changes to the cluster, in this example, the joining of the nodes.
* **middle** - all nodes in between **primary** and **last**
### group_vars ###
All sorts of configuration settings can be tuned in group_vars/all. Here's a breakdown.
* **firewall**: **True** - whether you'd like to enabled iptables for the configuration
* riak:
* **version**: *1.3.1* - the version of the package you want to install. For Debian/Ubuntu distributions it needs to contain the distro. For example: *1.3.1~precise1*
* **iface**: *eth1* - the interface Riak will be listening on
* **handoff_port**: *8099* - the port used for handoffs
* **http_port**: *8098* - the port used for Riak's rest interface.
* **pb_port**: *8087* - the port used for Riak's protocol buffers interface.
* **mountpoint**: */var/lib/riak* - the mount point where the riak data partition lives.
* **partition**: */dev/mapper/VolGroup-lv_riak* - the partition where riak is mounted
* **physical_disk**: *sda* - the physical disk that is associated with the partition riak is mounted
* **scheduler**: *noop* - the I/O scheduler you want to use
* **backend**: *bitcask* - the Riak backend you want to use
* **ring_size**: *64* - the number of vnodes in the distributed ring
* **log_rotate**: *4* - how often log rotated should occur.
There is no concept of node roles in Riak proper, it is master-less.
You can build an entire cluster by first modifying the hosts file to fit your
network.
#### Using the Playbooks
Here are the playbooks that you can use with the ansible-playbook commands:
* **site.yml** - creates a complete riak cluster, it calls setup_riak.yml and form_cluster.yml
* **setup_riak.yml** - installs riak onto nodes
* **form_cluster.yml** - forms a riak cluster
* **rolling_restart.yml** - demonstrates the ability to perform a rolling
configuration change. Similar principals could apply to performing
rolling upgrades of Riak itself.
#### Using Vagrant
Install vagrant!
First choose an OS in your Vagrantfile.
run:
vagrant up
launch the playbook, when prompted for password, enter "vagrant"
ansible-playbook -v -u vagrant site.yml -i hosts -k
ssh to your nodes
vagrant ssh riak-1.local

33
riak/Vagrantfile vendored Normal file
View file

@ -0,0 +1,33 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
require 'fileutils'
Vagrant::Config.run do |config|
# choices for virtual machines:
#config.vm.box = 'ubuntu-1204'
#config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
config.vm.box = 'centos-6.4'
#config.vm.box_url = 'http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box'
# specify all Riak VMs:
nodes = 3
baseip = 5
(1..nodes).each do |n|
ip = "10.42.0.#{baseip + n.to_i}"
name = "riak-#{n}.local"
config.vm.define name do |cfg|
cfg.vm.host_name = name
cfg.vm.network :hostonly, ip
# give all nodes a little bit more memory:
cfg.vm.customize ["modifyvm", :id, "--memory", 1024, '--cpus', '1']
#get those gems installed
#cfg.vm.provision :shell, :path => "shellprovision/bootstrap.sh"
end
end
end

29
riak/form_cluster.yml Normal file
View file

@ -0,0 +1,29 @@
- hosts: riak_cluster
sudo: True
tasks:
- name: Create a group based on riak node type.
group_by: key={{ node_type }}
- name: collect riak facts
riak: command=ping
register: riak_outputs
- hosts: middle:last
vars:
primary_node: "{{ hostvars[groups['primary'][0]]['riak_outputs']['node_name'] }}"
sudo: True
tasks:
- name: join riak cluster
riak: command=join target_node={{ primary_node }}
- hosts: last
sudo: True
tasks:
- name: plan cluster changes
riak: command=plan
notify:
- commit cluster changes
- wait for handoffs
- wait for ring
handlers:
- include: roles/riak/common/handlers/main.yml

15
riak/group_vars/all Normal file
View file

@ -0,0 +1,15 @@
---
firewall: True
riak:
version: 1.3.1
iface: eth1
handoff_port: 8099
http_port: 8098
pb_port: 8087
mountpoint: /
partition: /dev/mapper/VolGroup-lv_root
physical_disk: sda
scheduler: noop
backend: bitcask
ring_size: 64
log_rotate: 4

4
riak/hosts Normal file
View file

@ -0,0 +1,4 @@
[riak_cluster]
10.42.0.6 node_type=primary
10.42.0.7 node_type=middle
10.42.0.8 node_type=last

100
riak/library/ufw Normal file
View file

@ -0,0 +1,100 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2013, James Martin <jmartin@basho.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
DOCUMENTATION = '''
---
module: uffw
short_description: This module handles some basic ubuntu ufw operations
description:
- This module handles some basic ubuntu ufw operations
version_added: "1.2"
options:
allow:
description:
- The application you want to allow. Must have a ufw app definiation already defined.
required: false
default: OpenSSH
aliases: []
enable:
description:
- Enable the firewall
required: false
default: False
aliases: []
'''
def main():
ansible_facts = {}
arg_spec = dict(
allow=dict( default='OpenSSH'),
enable=dict(default=False, type='bool')
)
result = {}
module = AnsibleModule(argument_spec=arg_spec)
enable = module.params.get('enable')
app = module.params.get('allow')
#we always need ssh for ansible
rc, out, err = module.run_command("ufw allow OpenSSH")
if rc == 1:
module.fail_json(msg=out + err)
rc, out, err = module.run_command("ufw allow %s" % app)
if rc == 1:
module.fail_json(msg=out + err)
if out.find('Skipping') != -1:
result['changed'] = False
else:
result['changed'] = True
result['output'] = out
rc, out, err = module.run_command("ufw status|grep Status|cut -f2 -d ' '")
out=out.strip()
result['status'] = out
if rc == 1:
module.fail_json(msg=out + err)
if out == 'inactive' and enable == True:
rc, out, err = module.run_command("ufw -f enable")
result['changed'] = True
if out == 'active' and enable == False:
rc, out, err = module.run_command("ufw disable")
result['changed'] = True
result['status'] = out
module.exit_json(**result)
# this is magic, see lib/ansible/module_common.py
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
main()

4
riak/roles/bootstrap/common/files/etc_security_limits.d_riak.conf Normal file
View file

@ -0,0 +1,4 @@
riak soft nofile 65336
riak hard nofile 65336
root soft nofile 65336
root hard nofile 65336

9
riak/roles/bootstrap/common/files/etc_sysctl.d_riak.conf Normal file
View file

@ -0,0 +1,9 @@
vm.swappiness = 0
net.ipv4.tcp_max_syn_backlog = 40000
net.core.somaxconn=4000
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_tw_reuse = 1

6
riak/roles/bootstrap/common/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: update sysctl
command: sysctl -e -p /etc/sysctl.d/riak.conf
- name: source rclocal
command: /bin/bash /etc/rc.local

19
riak/roles/bootstrap/common/tasks/main.yml Normal file
View file

@ -0,0 +1,19 @@
---
- name: Create groups based on distribution
group_by: key={{ ansible_distribution }}
- name: update pam configuration
copy: src=etc_security_limits.d_riak.conf dest=/etc/security/limits.d/riak.conf owner=root group=root mode=0644
- name: mount the riak volume with optmized settings
mount: name={{ riak.mountpoint }} src={{ riak.partition }} opts="noatime,barrier=0,errors=remount-ro" fstype=ext4 state=mounted
- name: confgure rc.local
template: src=etc_rc.local.j2 dest=/etc/rc.local owner=root group=root mode=0755
notify: source rclocal
- name: create sysctl.d
file: dest=/etc/sysctl.d state=directory
- name: configure sysctl
copy: src=etc_sysctl.d_riak.conf dest=/etc/sysctl.d/riak.conf owner=root group=root mode=0644
notify: update sysctl

17
riak/roles/bootstrap/common/templates/etc_rc.local.j2 Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
echo {{ riak.scheduler }} > /sys/block/{{ riak.physical_disk }}/queue/scheduler
echo 1024 > /sys/block/{{ riak.physical_disk }}/queue/nr_requests
exit 0

21
riak/roles/bootstrap/common/templates/iptables.j2 Normal file
View file

@ -0,0 +1,21 @@
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#allow access to epmd
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4369 -j ACCEPT
#riak handoff port
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.handoff_port }} -j ACCEPT
#allow access to Riak's http port
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.http_port }} -j ACCEPT
#allow access to Riak's protocol buffer port
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.pb_port }} -j ACCEPT
#allows access to distributed Erlang ports
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6000:7999 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

3
riak/roles/bootstrap/redhat/handlers/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- name: restart iptables
service: name=iptables state=restarted

6
riak/roles/bootstrap/redhat/tasks/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: fetch yum repository
get_url: url=http://yum.basho.com/gpg/basho-release-6-1.noarch.rpm dest=/tmp
- name: configure the basho repository
yum: name=/tmp/basho-release-6-1.noarch.rpm

1
riak/roles/bootstrap/ubuntu/files/etc_default_riak_ulimit Normal file
View file

@ -0,0 +1 @@
ulimit -n 65536

3
riak/roles/bootstrap/ubuntu/handlers/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- name: restore iptables
shell: iptables-restore < /etc/iptables.rules

15
riak/roles/bootstrap/ubuntu/tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: update pam configuration
lineinfile: line="session required pam_limits.so" dest={{ item }} regexp="session required pam_limits.so" insertafter="^# end of pam-auth-update config"
with_items:
- /etc/pam.d/common-session
- /etc/pam.d/common-session-noninteractive
- name: get the basho apt key
apt_key: url=http://apt.basho.com/gpg/basho.apt.key state=present
- name: configure the basho repository
template: src=etc_apt_sources.list.d_basho.list.j2 dest=/etc/apt/sources.list.d/basho.list
- name: update cache
apt: update_cache=yes

1
riak/roles/bootstrap/ubuntu/templates/etc_apt_sources.list.d_basho.list.j2 Normal file
View file

@ -0,0 +1 @@
deb http://apt.basho.com {{ ansible_distribution_release }} main

4
riak/roles/riak/common/files/etc_security_limits.d_riak.conf Normal file
View file

@ -0,0 +1,4 @@
riak soft nofile 65336
riak hard nofile 65336
root soft nofile 65336
root hard nofile 65336

18
riak/roles/riak/common/handlers/main.yml Normal file
View file

@ -0,0 +1,18 @@
---
- name: restart riak
service: name=riak state=restarted
- name: wait for http
wait_for: port={{ riak.http_port }}
- name: wait for kv
riak: wait_for_service=kv
- name: commit cluster changes
riak: command=commit
- name: wait for handoffs
riak: wait_for_handoffs=600
- name: wait for ring
riak: wait_for_ring=600

25
riak/roles/riak/common/tasks/main.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: configure app.config
template: src=etc_riak_app.config.j2 dest=/etc/riak/app.config
tags: configfiles
notify:
- restart riak
- wait for http
- wait for kv
- name: configure vm.args
template: src=etc_riak_vm.args.j2 dest=/etc/riak/vm.args
tags: configfiles
notify:
- restart riak
- wait for http
- wait for kv
- name: start riak
service: name=riak state=started
- name: wait for port to become active
wait_for: port={{ riak.http_port }}
- name: wait for riak_kv service to start
riak: wait_for_service=kv

360
riak/roles/riak/common/templates/etc_riak_app.config.j2 Normal file
View file

@ -0,0 +1,360 @@
{% if ansible_os_family == 'Debian' %}
{% set libdir = '/usr/lib' %}
{% elif ansibe_os_family == 'RedHat' %}
{% set libdir = '/usr/lib64' %}
{% else %}
{% set libdir = '/usr/lib64' %}
{% endif %}
%% -*- mode: erlang;erlang-indent-level: 4;indent-tabs-mode: nil -*-
%% ex: ft=erlang ts=4 sw=4 et
[
{ kernel, [
{inet_dist_listen_min, 6000},
{inet_dist_listen_max, 7999}
]},
%% Riak Client APIs config
{riak_api, [
%% pb_backlog is the maximum length to which the queue of pending
%% connections may grow. If set, it must be an integer >= 0.
%% By default the value is 5. If you anticipate a huge number of
%% connections being initialised *simultaneously*, set this number
%% higher.
%% {pb_backlog, 64},
%% pb_ip is the IP address that the Riak Protocol Buffers interface
%% will bind to. If this is undefined, the interface will not run.
{pb_ip, "0.0.0.0" },
%% pb_port is the TCP port that the Riak Protocol Buffers interface
%% will bind to
{pb_port, {{ riak.pb_port }} }
]},
%% Riak Core config
{riak_core, [
%% Default location of ringstate
{ring_state_dir, "/var/lib/riak/ring"},
%% Default ring creation size. Make sure it is a power of 2,
%% e.g. 16, 32, 64, 128, 256, 512 etc
{ring_creation_size, {{ riak.ring_size }} },
%% http is a list of IP addresses and TCP ports that the Riak
%% HTTP interface will bind.
{http, [ {"0.0.0.0", {{ riak.http_port }} } ]},
%% https is a list of IP addresses and TCP ports that the Riak
%% HTTPS interface will bind.
%{https, [{ "127.0.0.1", 8098 }]},
%% Default cert and key locations for https can be overridden
%% with the ssl config variable, for example:
%{ssl, [
% {certfile, "/etc/riak/cert.pem"},
% {keyfile, "/etc/riak/key.pem"}
% ]},
%% riak_handoff_port is the TCP port that Riak uses for
%% intra-cluster data handoff.
{handoff_port, 8099 },
%% To encrypt riak_core intra-cluster data handoff traffic,
%% uncomment the following line and edit its path to an
%% appropriate certfile and keyfile. (This example uses a
%% single file with both items concatenated together.)
%{handoff_ssl_options, [{certfile, "/tmp/erlserver.pem"}]},
%% DTrace support
%% Do not enable 'dtrace_support' unless your Erlang/OTP
%% runtime is compiled to support DTrace. DTrace is
%% available in R15B01 (supported by the Erlang/OTP
%% official source package) and in R14B04 via a custom
%% source repository & branch.
{dtrace_support, false},
%% Health Checks
%% If disabled, health checks registered by an application will
%% be ignored. NOTE: this option cannot be changed at runtime.
%% To re-enable, the setting must be changed and the node restarted.
{enable_health_checks, true},
%% Platform-specific installation paths (substituted by rebar)
{platform_bin_dir, "/usr/sbin"},
{platform_data_dir, "/var/lib/riak"},
{platform_etc_dir, "/etc/riak"},
{platform_lib_dir, "{{ libdir }}/riak/lib"},
{platform_log_dir, "/var/log/riak"}
]},
%% Riak KV config
{riak_kv, [
%% Storage_backend specifies the Erlang module defining the storage
%% mechanism that will be used on this node.
{% if riakcs %}
{add_paths, ["{{ libdir }}/riak-cs/lib/riak_cs-{{ riakcs.version }}/ebin"]},
{storage_backend, riak_cs_kv_multi_backend},
{multi_backend_prefix_list, [{<<"0b:">>, be_blocks}]},
{multi_backend_default, be_default},
{multi_backend, [
{be_default, riak_kv_eleveldb_backend, [
{max_open_files, 50},
{data_root, "/var/lib/riak/leveldb"}
]},
{be_blocks, riak_kv_bitcask_backend, [
{data_root, "/var/lib/riak/bitcask"}
]}
]},
{% else %}
{storage_backend, riak_kv_{{ riak.backend }}_backend},
{% endif %}
%% raw_name is the first part of all URLS used by the Riak raw HTTP
%% interface. See riak_web.erl and raw_http_resource.erl for
%% details.
%{raw_name, "riak"},
%% Enable active anti-entropy subsystem + optional debug messages:
%% {anti_entropy, {on|off, []}},
%% {anti_entropy, {on|off, [debug]}},
{anti_entropy, {on, []}},
%% Restrict how fast AAE can build hash trees. Building the tree
%% for a given partition requires a full scan over that partition's
%% data. Once built, trees stay built until they are expired.
%% Config is of the form:
%% {num-builds, per-timespan-in-milliseconds}
%% Default is 1 build per hour.
{anti_entropy_build_limit, {1, 3600000}},
%% Determine how often hash trees are expired after being built.
%% Periodically expiring a hash tree ensures the on-disk hash tree
%% data stays consistent with the actual k/v backend data. It also
%% helps Riak identify silent disk failures and bit rot. However,
%% expiration is not needed for normal AAE operation and should be
%% infrequent for performance reasons. The time is specified in
%% milliseconds. The default is 1 week.
{anti_entropy_expire, 604800000},
%% Limit how many AAE exchanges/builds can happen concurrently.
{anti_entropy_concurrency, 2},
%% The tick determines how often the AAE manager looks for work
%% to do (building/expiring trees, triggering exchanges, etc).
%% The default is every 15 seconds. Lowering this value will
%% speedup the rate that all replicas are synced across the cluster.
%% Increasing the value is not recommended.
{anti_entropy_tick, 15000},
%% The directory where AAE hash trees are stored.
{anti_entropy_data_dir, "/var/lib/riak/anti_entropy"},
%% The LevelDB options used by AAE to generate the LevelDB-backed
%% on-disk hashtrees.
{anti_entropy_leveldb_opts, [{write_buffer_size, 4194304},
{max_open_files, 20}]},
%% mapred_name is URL used to submit map/reduce requests to Riak.
{mapred_name, "mapred"},
%% mapred_2i_pipe indicates whether secondary-index
%% MapReduce inputs are queued in parallel via their own
%% pipe ('true'), or serially via a helper process
%% ('false' or undefined). Set to 'false' or leave
%% undefined during a rolling upgrade from 1.0.
{mapred_2i_pipe, true},
%% Each of the following entries control how many Javascript
%% virtual machines are available for executing map, reduce,
%% pre- and post-commit hook functions.
{map_js_vm_count, 8 },
{reduce_js_vm_count, 6 },
{hook_js_vm_count, 2 },
%% js_max_vm_mem is the maximum amount of memory, in megabytes,
%% allocated to the Javascript VMs. If unset, the default is
%% 8MB.
{js_max_vm_mem, 8},
%% js_thread_stack is the maximum amount of thread stack, in megabyes,
%% allocate to the Javascript VMs. If unset, the default is 16MB.
%% NOTE: This is not the same as the C thread stack.
{js_thread_stack, 16},
%% js_source_dir should point to a directory containing Javascript
%% source files which will be loaded by Riak when it initializes
%% Javascript VMs.
%{js_source_dir, "/tmp/js_source"},
%% http_url_encoding determines how Riak treats URL encoded
%% buckets, keys, and links over the REST API. When set to 'on'
%% Riak always decodes encoded values sent as URLs and Headers.
%% Otherwise, Riak defaults to compatibility mode where links
%% are decoded, but buckets and keys are not. The compatibility
%% mode will be removed in a future release.
{http_url_encoding, on},
%% Switch to vnode-based vclocks rather than client ids. This
%% significantly reduces the number of vclock entries.
%% Only set true if *all* nodes in the cluster are upgraded to 1.0
{vnode_vclocks, true},
%% This option toggles compatibility of keylisting with 1.0
%% and earlier versions. Once a rolling upgrade to a version
%% > 1.0 is completed for a cluster, this should be set to
%% true for better control of memory usage during key listing
%% operations
{listkeys_backpressure, true},
%% This option configures the riak_kv health check that monitors
%% message queue lengths of riak_kv vnodes. The value is a 2-tuple,
%% {EnableThreshold, DisableThreshold}. If a riak_kv_vnode's message
%% queue length reaches DisableThreshold the riak_kv service is disabled
%% on this node. The service will not be re-enabled until the message queue
%% length drops below EnableThreshold.
{vnode_mailbox_limit, {1, 5000}}
]},
%% Riak Search Config
{riak_search, [
%% To enable Search functionality set this 'true'.
{enabled, false}
]},
%% Merge Index Config
{merge_index, [
%% The root dir to store search merge_index data
{data_root, "/var/lib/riak/merge_index"},
%% Size, in bytes, of the in-memory buffer. When this
%% threshold has been reached the data is transformed
%% into a segment file which resides on disk.
{buffer_rollover_size, 1048576},
%% Overtime the segment files need to be compacted.
%% This is the maximum number of segments that will be
%% compacted at once. A lower value will lead to
%% quicker but more frequent compactions.
{max_compact_segments, 20}
]},
%% Bitcask Config
{bitcask, [
%% Configure how Bitcask writes data to disk.
%% erlang: Erlang's built-in file API
%% nif: Direct calls to the POSIX C API
%%
%% The NIF mode provides higher throughput for certain
%% workloads, but has the potential to negatively impact
%% the Erlang VM, leading to higher worst-case latencies
%% and possible throughput collapse.
{io_mode, erlang},
{data_root, "/var/lib/riak/bitcask"}
]},
%% eLevelDB Config
{eleveldb, [
{data_root, "/var/lib/riak/leveldb"}
]},
%% Lager Config
{lager, [
%% What handlers to install with what arguments
%% The defaults for the logfiles are to rotate the files when
%% they reach 10Mb or at midnight, whichever comes first, and keep
%% the last 5 rotations. See the lager README for a description of
%% the time rotation format:
%% https://github.com/basho/lager/blob/master/README.org
%%
%% If you wish to disable rotation, you can either set the size to 0
%% and the rotation time to "", or instead specify a 2-tuple that only
%% consists of {Logfile, Level}.
%%
%% If you wish to have riak log messages to syslog, you can use a handler
%% like this:
%% {lager_syslog_backend, ["riak", daemon, info]},
%%
{handlers, [
{lager_file_backend, [
{"/var/log/riak/error.log", error, 10485760, "$D0", {{ riak.log_rotate }} },
{"/var/log/riak/console.log", info, 10485760, "$D0", {{ riak.log_rotate }} }
]}
] },
%% Whether to write a crash log, and where.
%% Commented/omitted/undefined means no crash logger.
{crash_log, "/var/log/riak/crash.log"},
%% Maximum size in bytes of events in the crash log - defaults to 65536
{crash_log_msg_size, 65536},
%% Maximum size of the crash log in bytes, before its rotated, set
%% to 0 to disable rotation - default is 0
{crash_log_size, 10485760},
%% What time to rotate the crash log - default is no time
%% rotation. See the lager README for a description of this format:
%% https://github.com/basho/lager/blob/master/README.org
{crash_log_date, "$D0"},
%% Number of rotated crash logs to keep, 0 means keep only the
%% current one - default is 0
{crash_log_count, 5},
%% Whether to redirect error_logger messages into lager - defaults to true
{error_logger_redirect, true}
]},
%% riak_sysmon config
{riak_sysmon, [
%% To disable forwarding events of a particular type, use a
%% limit of 0.
{process_limit, 30},
{port_limit, 2},
%% Finding reasonable limits for a given workload is a matter
%% of experimentation.
%% NOTE: Enabling the 'gc_ms_limit' monitor (by setting non-zero)
%% can cause performance problems on multi-CPU systems.
{gc_ms_limit, 0},
{heap_word_limit, 40111000},
%% Configure the following items to 'false' to disable logging
%% of that event type.
{busy_port, true},
{busy_dist_port, true}
]},
%% SASL config
{sasl, [
{sasl_error_logger, false}
]},
%% riak_control config
{riak_control, [
%% Set to false to disable the admin panel.
{enabled, false},
%% Authentication style used for access to the admin
%% panel. Valid styles are 'userlist' <TODO>.
{auth, userlist},
%% If auth is set to 'userlist' then this is the
%% list of usernames and passwords for access to the
%% admin panel.
{userlist, [{"user", "pass"}
]},
%% The admin panel is broken up into multiple
%% components, each of which is enabled or disabled
%% by one of these settings.
{admin, true}
]}
].

51
riak/roles/riak/common/templates/etc_riak_vm.args.j2 Normal file
View file

@ -0,0 +1,51 @@
## Name of the riak node
-name riak@{{ ip_addr }}
## Cookie for distributed erlang. All nodes in the same cluster
## should use the same cookie or they will not be able to communicate.
-setcookie riak
## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
## (Disabled by default..use with caution!)
##-heart
## Enable kernel poll and a few async threads
+K true
+A 64
## Treat error_logger warnings as warnings
+W w
{% if ansible_processor_cores == 'NA' or ansible_processor_cores == 1 %}
-smp enable
{% endif %}
## Increase number of concurrent ports/sockets
-env ERL_MAX_PORTS 4096
## Tweak GC to run more often
-env ERL_FULLSWEEP_AFTER 0
## Set the location of crash dumps
-env ERL_CRASH_DUMP /var/log/riak/erl_crash.dump
## Raise the ETS table limit
-env ERL_MAX_ETS_TABLES 8192
+swt very_low
+P 256000
+zdbbl 65536
-kernel net_ticktime 10
## Begin SSL distribution items, DO NOT DELETE OR EDIT THIS COMMENT
## To enable SSL encryption of the Erlang intra-cluster communication,
## un-comment the three lines below and make certain that the paths
## point to correct PEM data files. See docs TODO for details.
## -proto_dist inet_ssl
## -ssl_dist_opt client_certfile "/etc/riak/erlclient.pem"
## -ssl_dist_opt server_certfile "/etc/riak/erlserver.pem"
## End SSL distribution items, DO NOT DELETE OR EDIT THIS COMMENT

1
riak/roles/riak/common/vars/main.yml Normal file
View file

@ -0,0 +1 @@
ip_addr: "{{ hostvars[inventory_hostname]['ansible_' + riak.iface]['ipv4']['address'] }}"

4
riak/roles/riak/redhat/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: lokkit
command: lokkit --custom-rules /etc/sysconfig/iptables.riak --update

9
riak/roles/riak/redhat/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: install riak
yum: name=riak-{{ riak.version }} state=present
- name: configure iptables
template: src=iptables.j2 dest=/etc/sysconfig/iptables.riak owner=root group=root
notify:
- lokkit
when: firewall is defined

5
riak/roles/riak/redhat/templates/iptables.j2 Normal file
View file

@ -0,0 +1,5 @@
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4369 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.handoff_port }} -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.http_port }} -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.pb_port }} -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6000:7999 -j ACCEPT

1
riak/roles/riak/ubuntu/files/etc_default_riak_ulimit Normal file
View file

@ -0,0 +1 @@
ulimit -n 65536

14
riak/roles/riak/ubuntu/tasks/main.yml Normal file
View file

@ -0,0 +1,14 @@
---
- name: install riak
apt: pkg=riak={{ riak.version }}
- name: set the riak ulimit
copy: src=etc_default_riak_ulimit dest=/etc/default/riak
- name: configure iptables
template: src=iptables.j2 dest=/etc/ufw/applications.d/riak owner=root group=root mode=0644
when: firewall is defined
- name: update fw
ufw: enable=yes allow=riak
when: firewall is defined

4
riak/roles/riak/ubuntu/templates/iptables.j2 Normal file
View file

@ -0,0 +1,4 @@
[riak]
title=Riak NOSQL Database
description=Riak is a NOSQL database
ports=4369,{{ riak.handoff_port }},{{ riak.http_port }},{{ riak.pb_port }},6000:7999/tcp

9
riak/rolling_restart.yml Normal file
View file

@ -0,0 +1,9 @@
---
- hosts: riak_cluster
serial: 1
sudo: True
pre_tasks:
- name: make sure there are no transfers happening
riak: wait_for_handoffs=600
roles:
- riak/common

23
riak/setup_riak.yml Normal file
View file

@ -0,0 +1,23 @@
---
- hosts: riak_cluster
sudo: True
roles:
- bootstrap/common
- hosts: Ubuntu
gather_facts: no
sudo: True
roles:
- bootstrap/ubuntu
- riak/ubuntu
- riak/common
- hosts: CentOS:RedHat
gather_facts: no
sudo: True
roles:
- bootstrap/redhat
- riak/redhat
- riak/common

3
riak/site.yml Normal file
View file

@ -0,0 +1,3 @@
---
- include: setup_riak.yml
- include: form_cluster.yml