Puppet Class: ganeti

Defined in:
modules/ganeti/manifests/init.pp

Overview

SPDX-License-Identifier: Apache-2.0 Class ganeti

Install ganeti

Parameters:

with_drbd: Boolean. Indicates if drbd should be configured. Defaults to true

Actions:

Install ganeti and configure modules/LVM. Does NOT initialize a cluster

Parameters:

  • certname (String)
  • with_drbd (Boolean) (defaults to: true) 


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'modules/ganeti/manifests/init.pp', line 12

class ganeti(
    String $certname,
    Boolean $with_drbd=true,
) {
    ensure_packages('qemu-system-x86')

    # Setup Kernel Same-page Merging to save memory via memory deduplication
    sysfs::parameters { 'ksm':
        values => {
            'kernel/mm/ksm/run'             => '0',
            'kernel/mm/ksm/sleep_millisecs' => '100',
        },
    }

    ensure_packages('ganeti')

    service { 'ganeti':
        ensure => running,
    }

    # We're not using ganeti-instance-debootstrap to create images (we PXE-boot
    # the same images we use for baremetal servers), but /usr/share/ganeti/os/debootstrap
    # is needed as an OS provider for "gnt-instance add"
    ensure_packages(['drbd-utils', 'ovmf', 'ganeti-instance-debootstrap'])

    if $with_drbd {
        kmod::options { 'drbd':
            options => 'minor_count=128 usermode_helper=/bin/true',
        }

        # Enable drbd
        kmod::module { 'drbd':
            ensure => 'present',
        }

        # Disable the systemd service shipped with the drbd package. Ganeti handles
        # DRBD on its own
        service { 'drbd':
            ensure => 'stopped',
            enable => false,
        }
    }

    # Enable vhost_net
    kmod::module { 'vhost_net':
        ensure => 'present',
    }

    # lvm.conf
    # Note: We deviate from the default lvm.conf to change the filter config to
    # not include all block devices. TODO: Do it via augeas
    file { '/etc/lvm/lvm.conf' :
        ensure => present,
        owner  => 'root',
        group  => 'root',
        mode   => '0644',
        source => 'puppet:///modules/ganeti/lvm.conf',
    }

    $ssl_paths = profile::pki::get_cert('discovery', $certname, {
        'owner'           => 'root',
        'group'           => 'gnt-admin',
        'notify_services' => ['ganeti'],
        'outdir'          => '/etc/ganeti/ssl',
    })

    $rapi_ssl_key = $ssl_paths['key']
    $rapi_ssl_cert = $ssl_paths['cert']
    $chain_file_name = $ssl_paths['chained']
    $rapi_ssl_chain = "--ssl-chain ${chain_file_name}"

    # Deploy defaults (for now, configuring RAPI) and the certificates for RAPI.
    # Potential fixme: We don't restart the daemon here since it's not independent
    # and this file configures other aspects of Ganeti. Manually restart ganeti
    # on the target hosts after changes are merged.
    file { '/etc/default/ganeti':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('ganeti/etc_default_ganeti.erb')
    }
}