neoloc/incus_deploy (#241)
feat: deploy incus - manage sysctl based on incus recommendations - manage limits based on incus recommendations - manage zpools and zfs datasets - add incus hiera settings feat: manage repo for zfs - dont use zfs module to manage repo, use profiles:😋:global::repos Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/241
This commit is contained in:
parent
978013f325
commit
95bc2716cf
@ -1,4 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
hiera_include:
|
||||||
|
- incus
|
||||||
|
- zfs
|
||||||
|
|
||||||
profiles::pki::vault::alt_names:
|
profiles::pki::vault::alt_names:
|
||||||
- incus.service.consul
|
- incus.service.consul
|
||||||
- incus.query.consul
|
- incus.query.consul
|
||||||
@ -31,3 +35,80 @@ profiles::consul::client::node_rules:
|
|||||||
- resource: service
|
- resource: service
|
||||||
segment: incus
|
segment: incus
|
||||||
disposition: write
|
disposition: write
|
||||||
|
|
||||||
|
# additional repos
|
||||||
|
profiles::yum::global::repos:
|
||||||
|
baseos:
|
||||||
|
name: zfs-kmod
|
||||||
|
descr: zfs-kmod repository
|
||||||
|
target: /etc/yum.repos.d/zfs-kmod.repo
|
||||||
|
baseurl: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os
|
||||||
|
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
|
||||||
|
mirrorlist: absent
|
||||||
|
|
||||||
|
|
||||||
|
# zfs settings
|
||||||
|
zfs::manage_repo: false
|
||||||
|
zfs::zfs_arc_min: ~
|
||||||
|
zfs::zfs_arc_max: 4294967296 # 4GB
|
||||||
|
zfs::zpools:
|
||||||
|
fastpool:
|
||||||
|
ensure: present
|
||||||
|
disk: /dev/nvme1n1
|
||||||
|
ashift: 12
|
||||||
|
zfs::datasets:
|
||||||
|
fastpool:
|
||||||
|
canmount: 'off'
|
||||||
|
acltype: posix
|
||||||
|
atime: 'off'
|
||||||
|
relatime: 'off'
|
||||||
|
compression: 'zstd'
|
||||||
|
xattr: 'sa'
|
||||||
|
fastpool/data:
|
||||||
|
canmount: 'on'
|
||||||
|
mountpoint: '/data'
|
||||||
|
|
||||||
|
# manage incus
|
||||||
|
incus::cluster::members_lookup: true
|
||||||
|
incus::cluster::members_role: roles::infra::incus::node
|
||||||
|
incus::cluster::master: prodnxsr0009
|
||||||
|
|
||||||
|
# add sysadmin to incus-admin group
|
||||||
|
profiles::accounts::sysadmin::extra_groups:
|
||||||
|
- incus-admin
|
||||||
|
|
||||||
|
# sysctl recommendations
|
||||||
|
sysctl::base::values:
|
||||||
|
fs.aio-max-nr:
|
||||||
|
value: '524288'
|
||||||
|
fs.inotify.max_queued_events:
|
||||||
|
value: '1048576'
|
||||||
|
fs.inotify.max_user_instances:
|
||||||
|
value: '1048576'
|
||||||
|
fs.inotify.max_user_watches:
|
||||||
|
value: '1048576'
|
||||||
|
kernel.dmesg_restrict:
|
||||||
|
value: '1'
|
||||||
|
kernel.keys.maxbytes:
|
||||||
|
value: '2000000'
|
||||||
|
kernel.keys.maxkeys:
|
||||||
|
value: '2000'
|
||||||
|
net.core.bpf_jit_limit:
|
||||||
|
value: '1000000000'
|
||||||
|
net.ipv4.neigh.default.gc_thresh3:
|
||||||
|
value: '8192'
|
||||||
|
net.ipv6.neigh.default.gc_thresh3:
|
||||||
|
value: '8192'
|
||||||
|
vm.max_map_count:
|
||||||
|
value: '262144'
|
||||||
|
|
||||||
|
# limits.d recommendations
|
||||||
|
limits::entries:
|
||||||
|
'*/nofile':
|
||||||
|
both: 1048576
|
||||||
|
'root/nofile':
|
||||||
|
both: 1048576
|
||||||
|
'*/memlock':
|
||||||
|
both: unlimited
|
||||||
|
'root/memlock':
|
||||||
|
both: unlimited
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user