mirror of
https://github.com/geerlingguy/ansible-role-apache
synced 2025-01-09 19:30:18 +01:00
Merge pull request #3 from jsmartin/riak
Merge riak deployment playbooks.
This commit is contained in:
commit
e0b0a9f306
33 changed files with 899 additions and 0 deletions
82
riak/README.md
Normal file
82
riak/README.md
Normal file
|
@ -0,0 +1,82 @@
|
|||
#### Introduction
|
||||
|
||||
These example playbooks should help you get an idea of how to use the riak ansible module. These playbooks were tested on Ubuntu Precise (12.04) and CentOS 6.4, both on x86_64.
|
||||
|
||||
These playbooks do not currently support selinux.
|
||||
|
||||
#### About Riak
|
||||
|
||||
Riak is distributed key-value store that is architected for:
|
||||
|
||||
* **Availability**: Riak replicates and retrieves data intelligently so it is available for read and write operations, even in failure conditions
|
||||
* **Fault-Tolerance**: You can lose access to many nodes due to network partition or hardware failure without losing data
|
||||
* **Operational Simplicity**: Add new machines to your Riak cluster easily without incurring a larger operational burden – the same ops tasks apply to small clusters as large clusters
|
||||
* **Scalability**: Riak automatically distributes data around the cluster and yields a near-linear performance increase as you add capacity.
|
||||
|
||||
For more information, please visit [http://docs.basho.com/riak/latest/](http://docs.basho.com/riak/latest/)
|
||||
|
||||
#### Requirements
|
||||
|
||||
This playbook requires ansible 1.2.
|
||||
|
||||
#### Hosts File Naming Conventions
|
||||
|
||||
In the hosts file, we use a host variable **node_type** to ease the cluster joining process. The following values of **node_type** can be used.
|
||||
|
||||
* **primary** - all nodes attempt to join this node.
|
||||
* **last** - this node plans and commits changes to the cluster, in this example, the joining of the nodes.
|
||||
* **middle** - all nodes in between **primary** and **last**
|
||||
|
||||
### group_vars ###
|
||||
|
||||
All sorts of configuration settings can be tuned in group_vars/all. Here's a breakdown.
|
||||
|
||||
* **firewall**: **True** - whether you'd like to enabled iptables for the configuration
|
||||
* riak:
|
||||
* **version**: *1.3.1* - the version of the package you want to install. For Debian/Ubuntu distributions it needs to contain the distro. For example: *1.3.1~precise1*
|
||||
* **iface**: *eth1* - the interface Riak will be listening on
|
||||
* **handoff_port**: *8099* - the port used for handoffs
|
||||
* **http_port**: *8098* - the port used for Riak's rest interface.
|
||||
* **pb_port**: *8087* - the port used for Riak's protocol buffers interface.
|
||||
* **mountpoint**: */var/lib/riak* - the mount point where the riak data partition lives.
|
||||
* **partition**: */dev/mapper/VolGroup-lv_riak* - the partition where riak is mounted
|
||||
* **physical_disk**: *sda* - the physical disk that is associated with the partition riak is mounted
|
||||
* **scheduler**: *noop* - the I/O scheduler you want to use
|
||||
* **backend**: *bitcask* - the Riak backend you want to use
|
||||
* **ring_size**: *64* - the number of vnodes in the distributed ring
|
||||
* **log_rotate**: *4* - how often log rotated should occur.
|
||||
|
||||
There is no concept of node roles in Riak proper, it is master-less.
|
||||
|
||||
You can build an entire cluster by first modifying the hosts file to fit your
|
||||
network.
|
||||
|
||||
#### Using the Playbooks
|
||||
|
||||
Here are the playbooks that you can use with the ansible-playbook commands:
|
||||
|
||||
* **site.yml** - creates a complete riak cluster, it calls setup_riak.yml and form_cluster.yml
|
||||
* **setup_riak.yml** - installs riak onto nodes
|
||||
* **form_cluster.yml** - forms a riak cluster
|
||||
* **rolling_restart.yml** - demonstrates the ability to perform a rolling
|
||||
configuration change. Similar principals could apply to performing
|
||||
rolling upgrades of Riak itself.
|
||||
|
||||
|
||||
#### Using Vagrant
|
||||
|
||||
Install vagrant!
|
||||
|
||||
First choose an OS in your Vagrantfile.
|
||||
|
||||
run:
|
||||
|
||||
vagrant up
|
||||
|
||||
launch the playbook, when prompted for password, enter "vagrant"
|
||||
|
||||
ansible-playbook -v -u vagrant site.yml -i hosts -k
|
||||
|
||||
ssh to your nodes
|
||||
|
||||
vagrant ssh riak-1.local
|
33
riak/Vagrantfile
vendored
Normal file
33
riak/Vagrantfile
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
require 'fileutils'
|
||||
|
||||
Vagrant::Config.run do |config|
|
||||
|
||||
# choices for virtual machines:
|
||||
#config.vm.box = 'ubuntu-1204'
|
||||
#config.vm.box_url = 'http://files.vagrantup.com/precise64.box'
|
||||
config.vm.box = 'centos-6.4'
|
||||
#config.vm.box_url = 'http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box'
|
||||
|
||||
# specify all Riak VMs:
|
||||
nodes = 3
|
||||
baseip = 5
|
||||
(1..nodes).each do |n|
|
||||
ip = "10.42.0.#{baseip + n.to_i}"
|
||||
name = "riak-#{n}.local"
|
||||
config.vm.define name do |cfg|
|
||||
cfg.vm.host_name = name
|
||||
cfg.vm.network :hostonly, ip
|
||||
|
||||
# give all nodes a little bit more memory:
|
||||
cfg.vm.customize ["modifyvm", :id, "--memory", 1024, '--cpus', '1']
|
||||
|
||||
#get those gems installed
|
||||
#cfg.vm.provision :shell, :path => "shellprovision/bootstrap.sh"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
end
|
29
riak/form_cluster.yml
Normal file
29
riak/form_cluster.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
- hosts: riak_cluster
|
||||
sudo: True
|
||||
tasks:
|
||||
- name: Create a group based on riak node type.
|
||||
group_by: key={{ node_type }}
|
||||
- name: collect riak facts
|
||||
riak: command=ping
|
||||
register: riak_outputs
|
||||
|
||||
- hosts: middle:last
|
||||
vars:
|
||||
primary_node: "{{ hostvars[groups['primary'][0]]['riak_outputs']['node_name'] }}"
|
||||
sudo: True
|
||||
tasks:
|
||||
- name: join riak cluster
|
||||
riak: command=join target_node={{ primary_node }}
|
||||
|
||||
- hosts: last
|
||||
sudo: True
|
||||
tasks:
|
||||
- name: plan cluster changes
|
||||
riak: command=plan
|
||||
notify:
|
||||
- commit cluster changes
|
||||
- wait for handoffs
|
||||
- wait for ring
|
||||
|
||||
handlers:
|
||||
- include: roles/riak/common/handlers/main.yml
|
15
riak/group_vars/all
Normal file
15
riak/group_vars/all
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
firewall: True
|
||||
riak:
|
||||
version: 1.3.1
|
||||
iface: eth1
|
||||
handoff_port: 8099
|
||||
http_port: 8098
|
||||
pb_port: 8087
|
||||
mountpoint: /
|
||||
partition: /dev/mapper/VolGroup-lv_root
|
||||
physical_disk: sda
|
||||
scheduler: noop
|
||||
backend: bitcask
|
||||
ring_size: 64
|
||||
log_rotate: 4
|
4
riak/hosts
Normal file
4
riak/hosts
Normal file
|
@ -0,0 +1,4 @@
|
|||
[riak_cluster]
|
||||
10.42.0.6 node_type=primary
|
||||
10.42.0.7 node_type=middle
|
||||
10.42.0.8 node_type=last
|
100
riak/library/ufw
Normal file
100
riak/library/ufw
Normal file
|
@ -0,0 +1,100 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# (c) 2013, James Martin <jmartin@basho.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: uffw
|
||||
short_description: This module handles some basic ubuntu ufw operations
|
||||
description:
|
||||
- This module handles some basic ubuntu ufw operations
|
||||
|
||||
version_added: "1.2"
|
||||
options:
|
||||
allow:
|
||||
description:
|
||||
- The application you want to allow. Must have a ufw app definiation already defined.
|
||||
required: false
|
||||
default: OpenSSH
|
||||
aliases: []
|
||||
enable:
|
||||
description:
|
||||
- Enable the firewall
|
||||
required: false
|
||||
default: False
|
||||
aliases: []
|
||||
'''
|
||||
|
||||
|
||||
|
||||
def main():
|
||||
|
||||
ansible_facts = {}
|
||||
arg_spec = dict(
|
||||
allow=dict( default='OpenSSH'),
|
||||
enable=dict(default=False, type='bool')
|
||||
)
|
||||
|
||||
result = {}
|
||||
|
||||
module = AnsibleModule(argument_spec=arg_spec)
|
||||
enable = module.params.get('enable')
|
||||
app = module.params.get('allow')
|
||||
|
||||
#we always need ssh for ansible
|
||||
|
||||
rc, out, err = module.run_command("ufw allow OpenSSH")
|
||||
if rc == 1:
|
||||
module.fail_json(msg=out + err)
|
||||
|
||||
rc, out, err = module.run_command("ufw allow %s" % app)
|
||||
if rc == 1:
|
||||
module.fail_json(msg=out + err)
|
||||
if out.find('Skipping') != -1:
|
||||
result['changed'] = False
|
||||
else:
|
||||
result['changed'] = True
|
||||
|
||||
result['output'] = out
|
||||
|
||||
|
||||
|
||||
rc, out, err = module.run_command("ufw status|grep Status|cut -f2 -d ' '")
|
||||
out=out.strip()
|
||||
result['status'] = out
|
||||
|
||||
if rc == 1:
|
||||
module.fail_json(msg=out + err)
|
||||
|
||||
if out == 'inactive' and enable == True:
|
||||
rc, out, err = module.run_command("ufw -f enable")
|
||||
result['changed'] = True
|
||||
|
||||
if out == 'active' and enable == False:
|
||||
rc, out, err = module.run_command("ufw disable")
|
||||
result['changed'] = True
|
||||
|
||||
result['status'] = out
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
# this is magic, see lib/ansible/module_common.py
|
||||
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
||||
|
||||
main()
|
|
@ -0,0 +1,4 @@
|
|||
riak soft nofile 65336
|
||||
riak hard nofile 65336
|
||||
root soft nofile 65336
|
||||
root hard nofile 65336
|
9
riak/roles/bootstrap/common/files/etc_sysctl.d_riak.conf
Normal file
9
riak/roles/bootstrap/common/files/etc_sysctl.d_riak.conf
Normal file
|
@ -0,0 +1,9 @@
|
|||
vm.swappiness = 0
|
||||
net.ipv4.tcp_max_syn_backlog = 40000
|
||||
net.core.somaxconn=4000
|
||||
net.ipv4.tcp_timestamps = 0
|
||||
net.ipv4.tcp_sack = 1
|
||||
net.ipv4.tcp_window_scaling = 1
|
||||
net.ipv4.tcp_fin_timeout = 15
|
||||
net.ipv4.tcp_keepalive_intvl = 30
|
||||
net.ipv4.tcp_tw_reuse = 1
|
6
riak/roles/bootstrap/common/handlers/main.yml
Normal file
6
riak/roles/bootstrap/common/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: update sysctl
|
||||
command: sysctl -e -p /etc/sysctl.d/riak.conf
|
||||
|
||||
- name: source rclocal
|
||||
command: /bin/bash /etc/rc.local
|
19
riak/roles/bootstrap/common/tasks/main.yml
Normal file
19
riak/roles/bootstrap/common/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: Create groups based on distribution
|
||||
group_by: key={{ ansible_distribution }}
|
||||
|
||||
- name: update pam configuration
|
||||
copy: src=etc_security_limits.d_riak.conf dest=/etc/security/limits.d/riak.conf owner=root group=root mode=0644
|
||||
|
||||
- name: mount the riak volume with optmized settings
|
||||
mount: name={{ riak.mountpoint }} src={{ riak.partition }} opts="noatime,barrier=0,errors=remount-ro" fstype=ext4 state=mounted
|
||||
|
||||
- name: confgure rc.local
|
||||
template: src=etc_rc.local.j2 dest=/etc/rc.local owner=root group=root mode=0755
|
||||
notify: source rclocal
|
||||
|
||||
- name: create sysctl.d
|
||||
file: dest=/etc/sysctl.d state=directory
|
||||
- name: configure sysctl
|
||||
copy: src=etc_sysctl.d_riak.conf dest=/etc/sysctl.d/riak.conf owner=root group=root mode=0644
|
||||
notify: update sysctl
|
17
riak/roles/bootstrap/common/templates/etc_rc.local.j2
Normal file
17
riak/roles/bootstrap/common/templates/etc_rc.local.j2
Normal file
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# rc.local
|
||||
#
|
||||
# This script is executed at the end of each multiuser runlevel.
|
||||
# Make sure that the script will "exit 0" on success or any other
|
||||
# value on error.
|
||||
#
|
||||
# In order to enable or disable this script just change the execution
|
||||
# bits.
|
||||
#
|
||||
# By default this script does nothing.
|
||||
|
||||
echo {{ riak.scheduler }} > /sys/block/{{ riak.physical_disk }}/queue/scheduler
|
||||
echo 1024 > /sys/block/{{ riak.physical_disk }}/queue/nr_requests
|
||||
|
||||
exit 0
|
21
riak/roles/bootstrap/common/templates/iptables.j2
Normal file
21
riak/roles/bootstrap/common/templates/iptables.j2
Normal file
|
@ -0,0 +1,21 @@
|
|||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
|
||||
#allow access to epmd
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4369 -j ACCEPT
|
||||
#riak handoff port
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.handoff_port }} -j ACCEPT
|
||||
#allow access to Riak's http port
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.http_port }} -j ACCEPT
|
||||
#allow access to Riak's protocol buffer port
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.pb_port }} -j ACCEPT
|
||||
#allows access to distributed Erlang ports
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6000:7999 -j ACCEPT
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||
COMMIT
|
3
riak/roles/bootstrap/redhat/handlers/main.yml
Normal file
3
riak/roles/bootstrap/redhat/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart iptables
|
||||
service: name=iptables state=restarted
|
6
riak/roles/bootstrap/redhat/tasks/main.yml
Normal file
6
riak/roles/bootstrap/redhat/tasks/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: fetch yum repository
|
||||
get_url: url=http://yum.basho.com/gpg/basho-release-6-1.noarch.rpm dest=/tmp
|
||||
|
||||
- name: configure the basho repository
|
||||
yum: name=/tmp/basho-release-6-1.noarch.rpm
|
|
@ -0,0 +1 @@
|
|||
ulimit -n 65536
|
3
riak/roles/bootstrap/ubuntu/handlers/main.yml
Normal file
3
riak/roles/bootstrap/ubuntu/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restore iptables
|
||||
shell: iptables-restore < /etc/iptables.rules
|
15
riak/roles/bootstrap/ubuntu/tasks/main.yml
Normal file
15
riak/roles/bootstrap/ubuntu/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
- name: update pam configuration
|
||||
lineinfile: line="session required pam_limits.so" dest={{ item }} regexp="session required pam_limits.so" insertafter="^# end of pam-auth-update config"
|
||||
with_items:
|
||||
- /etc/pam.d/common-session
|
||||
- /etc/pam.d/common-session-noninteractive
|
||||
|
||||
- name: get the basho apt key
|
||||
apt_key: url=http://apt.basho.com/gpg/basho.apt.key state=present
|
||||
|
||||
- name: configure the basho repository
|
||||
template: src=etc_apt_sources.list.d_basho.list.j2 dest=/etc/apt/sources.list.d/basho.list
|
||||
|
||||
- name: update cache
|
||||
apt: update_cache=yes
|
|
@ -0,0 +1 @@
|
|||
deb http://apt.basho.com {{ ansible_distribution_release }} main
|
|
@ -0,0 +1,4 @@
|
|||
riak soft nofile 65336
|
||||
riak hard nofile 65336
|
||||
root soft nofile 65336
|
||||
root hard nofile 65336
|
18
riak/roles/riak/common/handlers/main.yml
Normal file
18
riak/roles/riak/common/handlers/main.yml
Normal file
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: restart riak
|
||||
service: name=riak state=restarted
|
||||
|
||||
- name: wait for http
|
||||
wait_for: port={{ riak.http_port }}
|
||||
|
||||
- name: wait for kv
|
||||
riak: wait_for_service=kv
|
||||
|
||||
- name: commit cluster changes
|
||||
riak: command=commit
|
||||
|
||||
- name: wait for handoffs
|
||||
riak: wait_for_handoffs=600
|
||||
|
||||
- name: wait for ring
|
||||
riak: wait_for_ring=600
|
25
riak/roles/riak/common/tasks/main.yml
Normal file
25
riak/roles/riak/common/tasks/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: configure app.config
|
||||
template: src=etc_riak_app.config.j2 dest=/etc/riak/app.config
|
||||
tags: configfiles
|
||||
notify:
|
||||
- restart riak
|
||||
- wait for http
|
||||
- wait for kv
|
||||
|
||||
- name: configure vm.args
|
||||
template: src=etc_riak_vm.args.j2 dest=/etc/riak/vm.args
|
||||
tags: configfiles
|
||||
notify:
|
||||
- restart riak
|
||||
- wait for http
|
||||
- wait for kv
|
||||
|
||||
- name: start riak
|
||||
service: name=riak state=started
|
||||
|
||||
- name: wait for port to become active
|
||||
wait_for: port={{ riak.http_port }}
|
||||
|
||||
- name: wait for riak_kv service to start
|
||||
riak: wait_for_service=kv
|
360
riak/roles/riak/common/templates/etc_riak_app.config.j2
Normal file
360
riak/roles/riak/common/templates/etc_riak_app.config.j2
Normal file
|
@ -0,0 +1,360 @@
|
|||
{% if ansible_os_family == 'Debian' %}
|
||||
{% set libdir = '/usr/lib' %}
|
||||
{% elif ansibe_os_family == 'RedHat' %}
|
||||
{% set libdir = '/usr/lib64' %}
|
||||
{% else %}
|
||||
{% set libdir = '/usr/lib64' %}
|
||||
{% endif %}
|
||||
|
||||
%% -*- mode: erlang;erlang-indent-level: 4;indent-tabs-mode: nil -*-
|
||||
%% ex: ft=erlang ts=4 sw=4 et
|
||||
[
|
||||
{ kernel, [
|
||||
{inet_dist_listen_min, 6000},
|
||||
{inet_dist_listen_max, 7999}
|
||||
]},
|
||||
|
||||
%% Riak Client APIs config
|
||||
{riak_api, [
|
||||
%% pb_backlog is the maximum length to which the queue of pending
|
||||
%% connections may grow. If set, it must be an integer >= 0.
|
||||
%% By default the value is 5. If you anticipate a huge number of
|
||||
%% connections being initialised *simultaneously*, set this number
|
||||
%% higher.
|
||||
%% {pb_backlog, 64},
|
||||
|
||||
%% pb_ip is the IP address that the Riak Protocol Buffers interface
|
||||
%% will bind to. If this is undefined, the interface will not run.
|
||||
{pb_ip, "0.0.0.0" },
|
||||
|
||||
%% pb_port is the TCP port that the Riak Protocol Buffers interface
|
||||
%% will bind to
|
||||
{pb_port, {{ riak.pb_port }} }
|
||||
]},
|
||||
|
||||
%% Riak Core config
|
||||
{riak_core, [
|
||||
%% Default location of ringstate
|
||||
{ring_state_dir, "/var/lib/riak/ring"},
|
||||
|
||||
%% Default ring creation size. Make sure it is a power of 2,
|
||||
%% e.g. 16, 32, 64, 128, 256, 512 etc
|
||||
{ring_creation_size, {{ riak.ring_size }} },
|
||||
|
||||
%% http is a list of IP addresses and TCP ports that the Riak
|
||||
%% HTTP interface will bind.
|
||||
{http, [ {"0.0.0.0", {{ riak.http_port }} } ]},
|
||||
|
||||
%% https is a list of IP addresses and TCP ports that the Riak
|
||||
%% HTTPS interface will bind.
|
||||
%{https, [{ "127.0.0.1", 8098 }]},
|
||||
|
||||
%% Default cert and key locations for https can be overridden
|
||||
%% with the ssl config variable, for example:
|
||||
%{ssl, [
|
||||
% {certfile, "/etc/riak/cert.pem"},
|
||||
% {keyfile, "/etc/riak/key.pem"}
|
||||
% ]},
|
||||
|
||||
%% riak_handoff_port is the TCP port that Riak uses for
|
||||
%% intra-cluster data handoff.
|
||||
{handoff_port, 8099 },
|
||||
|
||||
%% To encrypt riak_core intra-cluster data handoff traffic,
|
||||
%% uncomment the following line and edit its path to an
|
||||
%% appropriate certfile and keyfile. (This example uses a
|
||||
%% single file with both items concatenated together.)
|
||||
%{handoff_ssl_options, [{certfile, "/tmp/erlserver.pem"}]},
|
||||
|
||||
%% DTrace support
|
||||
%% Do not enable 'dtrace_support' unless your Erlang/OTP
|
||||
%% runtime is compiled to support DTrace. DTrace is
|
||||
%% available in R15B01 (supported by the Erlang/OTP
|
||||
%% official source package) and in R14B04 via a custom
|
||||
%% source repository & branch.
|
||||
{dtrace_support, false},
|
||||
|
||||
%% Health Checks
|
||||
%% If disabled, health checks registered by an application will
|
||||
%% be ignored. NOTE: this option cannot be changed at runtime.
|
||||
%% To re-enable, the setting must be changed and the node restarted.
|
||||
{enable_health_checks, true},
|
||||
|
||||
|
||||
%% Platform-specific installation paths (substituted by rebar)
|
||||
{platform_bin_dir, "/usr/sbin"},
|
||||
{platform_data_dir, "/var/lib/riak"},
|
||||
{platform_etc_dir, "/etc/riak"},
|
||||
{platform_lib_dir, "{{ libdir }}/riak/lib"},
|
||||
{platform_log_dir, "/var/log/riak"}
|
||||
]},
|
||||
|
||||
%% Riak KV config
|
||||
{riak_kv, [
|
||||
%% Storage_backend specifies the Erlang module defining the storage
|
||||
%% mechanism that will be used on this node.
|
||||
|
||||
{% if riakcs %}
|
||||
|
||||
|
||||
{add_paths, ["{{ libdir }}/riak-cs/lib/riak_cs-{{ riakcs.version }}/ebin"]},
|
||||
{storage_backend, riak_cs_kv_multi_backend},
|
||||
{multi_backend_prefix_list, [{<<"0b:">>, be_blocks}]},
|
||||
{multi_backend_default, be_default},
|
||||
{multi_backend, [
|
||||
{be_default, riak_kv_eleveldb_backend, [
|
||||
{max_open_files, 50},
|
||||
{data_root, "/var/lib/riak/leveldb"}
|
||||
]},
|
||||
{be_blocks, riak_kv_bitcask_backend, [
|
||||
{data_root, "/var/lib/riak/bitcask"}
|
||||
]}
|
||||
]},
|
||||
{% else %}
|
||||
{storage_backend, riak_kv_{{ riak.backend }}_backend},
|
||||
{% endif %}
|
||||
|
||||
|
||||
%% raw_name is the first part of all URLS used by the Riak raw HTTP
|
||||
%% interface. See riak_web.erl and raw_http_resource.erl for
|
||||
%% details.
|
||||
%{raw_name, "riak"},
|
||||
|
||||
%% Enable active anti-entropy subsystem + optional debug messages:
|
||||
%% {anti_entropy, {on|off, []}},
|
||||
%% {anti_entropy, {on|off, [debug]}},
|
||||
{anti_entropy, {on, []}},
|
||||
|
||||
%% Restrict how fast AAE can build hash trees. Building the tree
|
||||
%% for a given partition requires a full scan over that partition's
|
||||
%% data. Once built, trees stay built until they are expired.
|
||||
%% Config is of the form:
|
||||
%% {num-builds, per-timespan-in-milliseconds}
|
||||
%% Default is 1 build per hour.
|
||||
{anti_entropy_build_limit, {1, 3600000}},
|
||||
|
||||
%% Determine how often hash trees are expired after being built.
|
||||
%% Periodically expiring a hash tree ensures the on-disk hash tree
|
||||
%% data stays consistent with the actual k/v backend data. It also
|
||||
%% helps Riak identify silent disk failures and bit rot. However,
|
||||
%% expiration is not needed for normal AAE operation and should be
|
||||
%% infrequent for performance reasons. The time is specified in
|
||||
%% milliseconds. The default is 1 week.
|
||||
{anti_entropy_expire, 604800000},
|
||||
|
||||
%% Limit how many AAE exchanges/builds can happen concurrently.
|
||||
{anti_entropy_concurrency, 2},
|
||||
|
||||
%% The tick determines how often the AAE manager looks for work
|
||||
%% to do (building/expiring trees, triggering exchanges, etc).
|
||||
%% The default is every 15 seconds. Lowering this value will
|
||||
%% speedup the rate that all replicas are synced across the cluster.
|
||||
%% Increasing the value is not recommended.
|
||||
{anti_entropy_tick, 15000},
|
||||
|
||||
%% The directory where AAE hash trees are stored.
|
||||
{anti_entropy_data_dir, "/var/lib/riak/anti_entropy"},
|
||||
|
||||
%% The LevelDB options used by AAE to generate the LevelDB-backed
|
||||
%% on-disk hashtrees.
|
||||
{anti_entropy_leveldb_opts, [{write_buffer_size, 4194304},
|
||||
{max_open_files, 20}]},
|
||||
|
||||
%% mapred_name is URL used to submit map/reduce requests to Riak.
|
||||
{mapred_name, "mapred"},
|
||||
|
||||
%% mapred_2i_pipe indicates whether secondary-index
|
||||
%% MapReduce inputs are queued in parallel via their own
|
||||
%% pipe ('true'), or serially via a helper process
|
||||
%% ('false' or undefined). Set to 'false' or leave
|
||||
%% undefined during a rolling upgrade from 1.0.
|
||||
{mapred_2i_pipe, true},
|
||||
|
||||
%% Each of the following entries control how many Javascript
|
||||
%% virtual machines are available for executing map, reduce,
|
||||
%% pre- and post-commit hook functions.
|
||||
{map_js_vm_count, 8 },
|
||||
{reduce_js_vm_count, 6 },
|
||||
{hook_js_vm_count, 2 },
|
||||
|
||||
%% js_max_vm_mem is the maximum amount of memory, in megabytes,
|
||||
%% allocated to the Javascript VMs. If unset, the default is
|
||||
%% 8MB.
|
||||
{js_max_vm_mem, 8},
|
||||
|
||||
%% js_thread_stack is the maximum amount of thread stack, in megabyes,
|
||||
%% allocate to the Javascript VMs. If unset, the default is 16MB.
|
||||
%% NOTE: This is not the same as the C thread stack.
|
||||
{js_thread_stack, 16},
|
||||
|
||||
%% js_source_dir should point to a directory containing Javascript
|
||||
%% source files which will be loaded by Riak when it initializes
|
||||
%% Javascript VMs.
|
||||
%{js_source_dir, "/tmp/js_source"},
|
||||
|
||||
%% http_url_encoding determines how Riak treats URL encoded
|
||||
%% buckets, keys, and links over the REST API. When set to 'on'
|
||||
%% Riak always decodes encoded values sent as URLs and Headers.
|
||||
%% Otherwise, Riak defaults to compatibility mode where links
|
||||
%% are decoded, but buckets and keys are not. The compatibility
|
||||
%% mode will be removed in a future release.
|
||||
{http_url_encoding, on},
|
||||
|
||||
%% Switch to vnode-based vclocks rather than client ids. This
|
||||
%% significantly reduces the number of vclock entries.
|
||||
%% Only set true if *all* nodes in the cluster are upgraded to 1.0
|
||||
{vnode_vclocks, true},
|
||||
|
||||
%% This option toggles compatibility of keylisting with 1.0
|
||||
%% and earlier versions. Once a rolling upgrade to a version
|
||||
%% > 1.0 is completed for a cluster, this should be set to
|
||||
%% true for better control of memory usage during key listing
|
||||
%% operations
|
||||
{listkeys_backpressure, true},
|
||||
|
||||
%% This option configures the riak_kv health check that monitors
|
||||
%% message queue lengths of riak_kv vnodes. The value is a 2-tuple,
|
||||
%% {EnableThreshold, DisableThreshold}. If a riak_kv_vnode's message
|
||||
%% queue length reaches DisableThreshold the riak_kv service is disabled
|
||||
%% on this node. The service will not be re-enabled until the message queue
|
||||
%% length drops below EnableThreshold.
|
||||
{vnode_mailbox_limit, {1, 5000}}
|
||||
]},
|
||||
|
||||
%% Riak Search Config
|
||||
{riak_search, [
|
||||
%% To enable Search functionality set this 'true'.
|
||||
{enabled, false}
|
||||
]},
|
||||
|
||||
%% Merge Index Config
|
||||
{merge_index, [
|
||||
%% The root dir to store search merge_index data
|
||||
{data_root, "/var/lib/riak/merge_index"},
|
||||
|
||||
%% Size, in bytes, of the in-memory buffer. When this
|
||||
%% threshold has been reached the data is transformed
|
||||
%% into a segment file which resides on disk.
|
||||
{buffer_rollover_size, 1048576},
|
||||
|
||||
%% Overtime the segment files need to be compacted.
|
||||
%% This is the maximum number of segments that will be
|
||||
%% compacted at once. A lower value will lead to
|
||||
%% quicker but more frequent compactions.
|
||||
{max_compact_segments, 20}
|
||||
]},
|
||||
|
||||
%% Bitcask Config
|
||||
{bitcask, [
|
||||
%% Configure how Bitcask writes data to disk.
|
||||
%% erlang: Erlang's built-in file API
|
||||
%% nif: Direct calls to the POSIX C API
|
||||
%%
|
||||
%% The NIF mode provides higher throughput for certain
|
||||
%% workloads, but has the potential to negatively impact
|
||||
%% the Erlang VM, leading to higher worst-case latencies
|
||||
%% and possible throughput collapse.
|
||||
{io_mode, erlang},
|
||||
|
||||
{data_root, "/var/lib/riak/bitcask"}
|
||||
]},
|
||||
|
||||
%% eLevelDB Config
|
||||
{eleveldb, [
|
||||
{data_root, "/var/lib/riak/leveldb"}
|
||||
]},
|
||||
|
||||
%% Lager Config
|
||||
{lager, [
|
||||
%% What handlers to install with what arguments
|
||||
%% The defaults for the logfiles are to rotate the files when
|
||||
%% they reach 10Mb or at midnight, whichever comes first, and keep
|
||||
%% the last 5 rotations. See the lager README for a description of
|
||||
%% the time rotation format:
|
||||
%% https://github.com/basho/lager/blob/master/README.org
|
||||
%%
|
||||
%% If you wish to disable rotation, you can either set the size to 0
|
||||
%% and the rotation time to "", or instead specify a 2-tuple that only
|
||||
%% consists of {Logfile, Level}.
|
||||
%%
|
||||
%% If you wish to have riak log messages to syslog, you can use a handler
|
||||
%% like this:
|
||||
%% {lager_syslog_backend, ["riak", daemon, info]},
|
||||
%%
|
||||
{handlers, [
|
||||
{lager_file_backend, [
|
||||
{"/var/log/riak/error.log", error, 10485760, "$D0", {{ riak.log_rotate }} },
|
||||
{"/var/log/riak/console.log", info, 10485760, "$D0", {{ riak.log_rotate }} }
|
||||
]}
|
||||
] },
|
||||
|
||||
%% Whether to write a crash log, and where.
|
||||
%% Commented/omitted/undefined means no crash logger.
|
||||
{crash_log, "/var/log/riak/crash.log"},
|
||||
|
||||
%% Maximum size in bytes of events in the crash log - defaults to 65536
|
||||
{crash_log_msg_size, 65536},
|
||||
|
||||
%% Maximum size of the crash log in bytes, before its rotated, set
|
||||
%% to 0 to disable rotation - default is 0
|
||||
{crash_log_size, 10485760},
|
||||
|
||||
%% What time to rotate the crash log - default is no time
|
||||
%% rotation. See the lager README for a description of this format:
|
||||
%% https://github.com/basho/lager/blob/master/README.org
|
||||
{crash_log_date, "$D0"},
|
||||
|
||||
%% Number of rotated crash logs to keep, 0 means keep only the
|
||||
%% current one - default is 0
|
||||
{crash_log_count, 5},
|
||||
|
||||
%% Whether to redirect error_logger messages into lager - defaults to true
|
||||
{error_logger_redirect, true}
|
||||
]},
|
||||
|
||||
%% riak_sysmon config
|
||||
{riak_sysmon, [
|
||||
%% To disable forwarding events of a particular type, use a
|
||||
%% limit of 0.
|
||||
{process_limit, 30},
|
||||
{port_limit, 2},
|
||||
|
||||
%% Finding reasonable limits for a given workload is a matter
|
||||
%% of experimentation.
|
||||
%% NOTE: Enabling the 'gc_ms_limit' monitor (by setting non-zero)
|
||||
%% can cause performance problems on multi-CPU systems.
|
||||
{gc_ms_limit, 0},
|
||||
{heap_word_limit, 40111000},
|
||||
|
||||
%% Configure the following items to 'false' to disable logging
|
||||
%% of that event type.
|
||||
{busy_port, true},
|
||||
{busy_dist_port, true}
|
||||
]},
|
||||
|
||||
%% SASL config
|
||||
{sasl, [
|
||||
{sasl_error_logger, false}
|
||||
]},
|
||||
|
||||
%% riak_control config
|
||||
{riak_control, [
|
||||
%% Set to false to disable the admin panel.
|
||||
{enabled, false},
|
||||
|
||||
%% Authentication style used for access to the admin
|
||||
%% panel. Valid styles are 'userlist' <TODO>.
|
||||
{auth, userlist},
|
||||
|
||||
%% If auth is set to 'userlist' then this is the
|
||||
%% list of usernames and passwords for access to the
|
||||
%% admin panel.
|
||||
{userlist, [{"user", "pass"}
|
||||
]},
|
||||
|
||||
%% The admin panel is broken up into multiple
|
||||
%% components, each of which is enabled or disabled
|
||||
%% by one of these settings.
|
||||
{admin, true}
|
||||
]}
|
||||
].
|
51
riak/roles/riak/common/templates/etc_riak_vm.args.j2
Normal file
51
riak/roles/riak/common/templates/etc_riak_vm.args.j2
Normal file
|
@ -0,0 +1,51 @@
|
|||
## Name of the riak node
|
||||
-name riak@{{ ip_addr }}
|
||||
|
||||
## Cookie for distributed erlang. All nodes in the same cluster
|
||||
## should use the same cookie or they will not be able to communicate.
|
||||
-setcookie riak
|
||||
|
||||
## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
|
||||
## (Disabled by default..use with caution!)
|
||||
##-heart
|
||||
|
||||
## Enable kernel poll and a few async threads
|
||||
+K true
|
||||
+A 64
|
||||
|
||||
## Treat error_logger warnings as warnings
|
||||
+W w
|
||||
|
||||
|
||||
{% if ansible_processor_cores == 'NA' or ansible_processor_cores == 1 %}
|
||||
-smp enable
|
||||
{% endif %}
|
||||
|
||||
## Increase number of concurrent ports/sockets
|
||||
-env ERL_MAX_PORTS 4096
|
||||
|
||||
## Tweak GC to run more often
|
||||
-env ERL_FULLSWEEP_AFTER 0
|
||||
|
||||
## Set the location of crash dumps
|
||||
-env ERL_CRASH_DUMP /var/log/riak/erl_crash.dump
|
||||
|
||||
## Raise the ETS table limit
|
||||
-env ERL_MAX_ETS_TABLES 8192
|
||||
|
||||
+swt very_low
|
||||
+P 256000
|
||||
+zdbbl 65536
|
||||
-kernel net_ticktime 10
|
||||
|
||||
## Begin SSL distribution items, DO NOT DELETE OR EDIT THIS COMMENT
|
||||
|
||||
## To enable SSL encryption of the Erlang intra-cluster communication,
|
||||
## un-comment the three lines below and make certain that the paths
|
||||
## point to correct PEM data files. See docs TODO for details.
|
||||
|
||||
## -proto_dist inet_ssl
|
||||
## -ssl_dist_opt client_certfile "/etc/riak/erlclient.pem"
|
||||
## -ssl_dist_opt server_certfile "/etc/riak/erlserver.pem"
|
||||
|
||||
## End SSL distribution items, DO NOT DELETE OR EDIT THIS COMMENT
|
1
riak/roles/riak/common/vars/main.yml
Normal file
1
riak/roles/riak/common/vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
ip_addr: "{{ hostvars[inventory_hostname]['ansible_' + riak.iface]['ipv4']['address'] }}"
|
4
riak/roles/riak/redhat/handlers/main.yml
Normal file
4
riak/roles/riak/redhat/handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
- name: lokkit
|
||||
command: lokkit --custom-rules /etc/sysconfig/iptables.riak --update
|
9
riak/roles/riak/redhat/tasks/main.yml
Normal file
9
riak/roles/riak/redhat/tasks/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: install riak
|
||||
yum: name=riak-{{ riak.version }} state=present
|
||||
|
||||
- name: configure iptables
|
||||
template: src=iptables.j2 dest=/etc/sysconfig/iptables.riak owner=root group=root
|
||||
notify:
|
||||
- lokkit
|
||||
when: firewall is defined
|
5
riak/roles/riak/redhat/templates/iptables.j2
Normal file
5
riak/roles/riak/redhat/templates/iptables.j2
Normal file
|
@ -0,0 +1,5 @@
|
|||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4369 -j ACCEPT
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.handoff_port }} -j ACCEPT
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.http_port }} -j ACCEPT
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ riak.pb_port }} -j ACCEPT
|
||||
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6000:7999 -j ACCEPT
|
1
riak/roles/riak/ubuntu/files/etc_default_riak_ulimit
Normal file
1
riak/roles/riak/ubuntu/files/etc_default_riak_ulimit
Normal file
|
@ -0,0 +1 @@
|
|||
ulimit -n 65536
|
14
riak/roles/riak/ubuntu/tasks/main.yml
Normal file
14
riak/roles/riak/ubuntu/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: install riak
|
||||
apt: pkg=riak={{ riak.version }}
|
||||
|
||||
- name: set the riak ulimit
|
||||
copy: src=etc_default_riak_ulimit dest=/etc/default/riak
|
||||
|
||||
- name: configure iptables
|
||||
template: src=iptables.j2 dest=/etc/ufw/applications.d/riak owner=root group=root mode=0644
|
||||
when: firewall is defined
|
||||
|
||||
- name: update fw
|
||||
ufw: enable=yes allow=riak
|
||||
when: firewall is defined
|
4
riak/roles/riak/ubuntu/templates/iptables.j2
Normal file
4
riak/roles/riak/ubuntu/templates/iptables.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
[riak]
|
||||
title=Riak NOSQL Database
|
||||
description=Riak is a NOSQL database
|
||||
ports=4369,{{ riak.handoff_port }},{{ riak.http_port }},{{ riak.pb_port }},6000:7999/tcp
|
9
riak/rolling_restart.yml
Normal file
9
riak/rolling_restart.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- hosts: riak_cluster
|
||||
serial: 1
|
||||
sudo: True
|
||||
pre_tasks:
|
||||
- name: make sure there are no transfers happening
|
||||
riak: wait_for_handoffs=600
|
||||
roles:
|
||||
- riak/common
|
23
riak/setup_riak.yml
Normal file
23
riak/setup_riak.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
---
|
||||
- hosts: riak_cluster
|
||||
sudo: True
|
||||
roles:
|
||||
- bootstrap/common
|
||||
|
||||
- hosts: Ubuntu
|
||||
gather_facts: no
|
||||
sudo: True
|
||||
roles:
|
||||
- bootstrap/ubuntu
|
||||
- riak/ubuntu
|
||||
- riak/common
|
||||
|
||||
- hosts: CentOS:RedHat
|
||||
gather_facts: no
|
||||
sudo: True
|
||||
roles:
|
||||
- bootstrap/redhat
|
||||
- riak/redhat
|
||||
- riak/common
|
||||
|
||||
|
3
riak/site.yml
Normal file
3
riak/site.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- include: setup_riak.yml
|
||||
- include: form_cluster.yml
|
Loading…
Reference in a new issue