Soragerole pre collections (#37)

* separate storage init phase from ydbd_storage role

* labels in service files

* unified agent installation role

* complex setup examples: LDAP, unified agent

* log rotation config added

* enable log rotation when UA is installed

* file permissions setup

* proper permissions for config backup

* set the current directory of ydbd to audit target path

* relative audit file output directory in config samples

* wait scripts should run without arguments too

* umask for files generated by ydbd

* removed obsolete libidn and cluster name support

* make congestion settings optional

* updated the example config for new settings

* syntax fix

* automatic startup for ydbd

* README.md updated

Author: zinal

README.md

@@ -36,21 +36,24 @@ The meaning and format of the variables used are specified in the table below.
 | --------- | ------- |
 | `ansible_python_interpreter` | The correct path to the Python interpreter on the YDB cluster hosts. |
 | `ydb_dir` | Path of the YDB software installation directory to be created on the hosts. |
-| `libidn_archive` | Enable the installation of custom-built libidn for RHEL, AlmaLinux or Rocky Linux. |
 | `ydb_archive` |  YDB server binary package in .tar.gz format |
+| `ydb_version` | YDB version label used to define the installation directory path for the particular version of YDB binary package. Typically depends oin the `ydb_archive` value |
 | `ydb_unpack_options` | Extra flags to be passed to `tar` for unpacking the YDB server binaries, typically should contain the value `--strip-component=1` |
 | `ydb_tls_dir` | Path to the local directory with the TLS certificates and keys, as generated by the [sample script](https://github.com/ydb-platform/ydb/tree/main/ydb/deploy/tls_cert_gen), or following the filename convention used by the sample script |
 | `ydb_config` | The name of the cluster configuration file within the `files` subdirectory (**without** the `actor_system_config` snippet!) |
 | `ydb_domain` | The name of the root domain hosting the databases, value `Root` is used in the YDB documentation |
+| `ydb_dbname` | Database name which is used for database creation, database nodes deployment and database nodes rolling restart |
 | `ydb_disks` | Disk layout of storage nodes, defined as `ydbd_static` in the hosts file. Defined as list of structures having the following fields:<br/> `name` - physical device name (like `/dev/sdb` or `/dev/vdb`);<br/> `label` - the desired YDB data partition label, as used in the cluster configuration file (like `ydb_disk_1`) |
-| `ydb_dynnodes` | Set of dynamic nodes to be ran on each host listed as `ydbd_dynamic` in the hosts file. Defined as list of structures having the following fields:<br/> `dbname` - name of the YDB database handled by the corresponding dynamic node;<br/> `instance` - dynamic node service instance name, allowing to distinguish between multiple dynamic nodes for the same database running in the same host;<br/> `offset` - integer number `0-N`, used as the offset for the standard network port numbers (`0` means using the standard ports). |
-| `ydb_brokers` | List of host names running the YDB static nodes, exactly 3 (three) host names must be specified |
+| `ydb_dynnodes` | Set of dynamic nodes to be ran on each host listed as `ydbd_dynamic` in the hosts file. Defined as list of structures having the following fields:<br/> `dbname` - name of the YDB database handled by the corresponding dynamic node;<br/> `instance` - dynamic node service instance name, allowing to distinguish between multiple dynamic nodes for the same database running in the same host;<br/> `offset` - integer number `0-N`, used as the offset for the standard network port numbers (`0` means using the standard ports);<br/> `affinity` - CPU core mask or range to be used for the service instance, optional. |
+| `ydb_affinity_static` | CPU core mask or range to be used by the storage nodes services, optional |
+| `ydb_brokers` | List of host names running the YDB static nodes, normally three host names must be specified |
 | `ydb_cores_static` | Number of cores to be used by thread pools of the static nodes |
 | `ydb_cores_dynamic` | Number of cores to be used by thread pools of the dynamic nodes |
-| `ydb_dbname` | Database name, for database creation, dynamic nodes deployment and dynamic nodes rolling restart |
 | `ydb_pool_kind` | YDB default storage pool kind, as specified in the static nodes configuration file in the `storage_pool_types.kind` field |
 | `ydb_default_groups` | Initial number of storage groups in the newly created database |
 | `dynnode_restart_sleep_seconds` | Number of seconds to sleep after startup of each dynamic node during the rolling restart. |
+| `ydb_congestion_setting` | TCP congestion control setting, recommended value is `htcp`. Optional |
+| `ydb_congestion_module` | TCP congestion control kernel loadable module name, recommended value is `tcp_htcp`. Optional |
 
 ## Installing the YDB cluster using the Ansible playbooks
 

binaries-all.yaml

@@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+  - role: ydbd

binaries-dynamic.yaml

@@ -1,3 +1,4 @@
 - hosts: ydbd_dynamic
   roles:
   - role: ydbd
+  - role: ydbd_dynamic

binaries-static.yaml

@@ -1,3 +1,4 @@
 - hosts: ydbd_static
   roles:
   - role: ydbd
+  - role: ydbd_static

files/config-3nodes-extra.yaml

@@ -0,0 +1,191 @@
+storage_config_generation: 0
+static_erasure: mirror-3-dc
+host_configs: # the list of available host configurations in the cluster.
+- drive:
+  - path: /dev/disk/by-partlabel/ydb_disk_1
+    type: SSD
+  - path: /dev/disk/by-partlabel/ydb_disk_2
+    type: SSD
+  - path: /dev/disk/by-partlabel/ydb_disk_3
+    type: SSD
+  host_config_id: 1
+hosts:
+- host: zeit-1
+  host_config_id: 1
+  walle_location:
+    body: 1
+    data_center: 'zone-a'
+    rack: '1'
+- host: zeit-2
+  host_config_id: 1
+  walle_location:
+    body: 2
+    data_center: 'zone-b'
+    rack: '2'
+- host: zeit-3
+  host_config_id: 1
+  walle_location:
+    body: 3
+    data_center: 'zone-c'
+    rack: '3'
+domains_config:
+  # There can be only one root domain in a cluster. Domain name prefixes all scheme objects names, e.g. full name of a table table1 in database db1.
+  # in a cluster with domains_config.domain.name parameter set to Root would be equal to /Root/db1/table1
+  domain:
+  - name: Domain0
+    domain_id: 1
+    storage_pool_types:
+    - kind: ssd
+      pool_config:
+        box_id: 1
+        # fault tolerance mode name - none, block-4-2, or mirror-3-dc..
+        # See docs for more details https://ydb.tech/en/docs/deploy/configuration/config#domains-blob
+        erasure_species: mirror-3-dc
+        kind: ssd
+        geometry:
+          realm_level_begin: 10
+          realm_level_end: 20
+          domain_level_begin: 10
+          domain_level_end: 256
+        pdisk_filter:
+        - property:
+          - type: SSD  # device type to match host_configs.drive.type
+        vdisk_kind: Default
+  state_storage:
+  - ring:
+      node: [1, 2, 3]
+      nto_select: 3
+    ssid: 1
+  security_config:
+    enforce_user_token_requirement: true
+    monitoring_allowed_sids:
+    - "root"
+    - "ydb-admin1@ldap"
+    - "CN=ydb-admins,OU=demo1,DC=ydb,DC=demo@ldap"
+    administration_allowed_sids:
+    - "root"
+    - "ydb-admin1@ldap"
+    - "CN=ydb-admins,OU=demo1,DC=ydb,DC=demo@ldap"
+    viewer_allowed_sids:
+    - "root"
+    - "ydb-admin1@ldap"
+    - "CN=ydb-admins,OU=demo1,DC=ydb,DC=demo@ldap"
+
+blob_storage_config:         # configuration of static blobstorage group.
+                             # YDB uses this group to store system tablets' data, like SchemeShard
+  service_set:
+    groups:
+    - erasure_species: mirror-3-dc # fault tolerance mode name for the static group
+      rings:          # in mirror-3-dc must have exactly 3 rings or availability zones
+      - fail_domains:  # first record: fail domains of the static group describe where each vdisk of the static group should be located.
+        - vdisk_locations:
+          - node_id: zeit-1
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: zeit-1
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_2
+        - vdisk_locations:
+          - node_id: zeit-1
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_3
+      - fail_domains: # second ring: fail domains of the static group describe where each vdisk of the static group should be located.
+        - vdisk_locations:
+          - node_id: zeit-2
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: zeit-2
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_2
+        - vdisk_locations:
+          - node_id: zeit-2
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_3
+      - fail_domains: # third ring: fail domains of the static group describe where each vdisk of the static group should be located.
+        - vdisk_locations:
+          - node_id: zeit-3
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_1
+        - vdisk_locations:
+          - node_id: zeit-3
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_2
+        - vdisk_locations:
+          - node_id: zeit-3
+            pdisk_category: SSD
+            path: /dev/disk/by-partlabel/ydb_disk_3
+
+channel_profile_config:
+  profile:
+  - channel:
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1   # 0=ROT, 1=SSD, 2=NVME
+      storage_pool_kind: ssd
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1
+      storage_pool_kind: ssd
+    - erasure_species: mirror-3-dc
+      pdisk_category: 1
+      storage_pool_kind: ssd
+    profile_id: 0
+
+interconnect_config:
+  start_tcp: true
+  encryption_mode: OPTIONAL
+  path_to_certificate_file: "/opt/ydb/certs/node.crt"
+  path_to_private_key_file: "/opt/ydb/certs/node.key"
+  path_to_ca_file: "/opt/ydb/certs/ca.crt"
+
+grpc_config:
+    cert: "/opt/ydb/certs/node.crt"
+    key: "/opt/ydb/certs/node.key"
+    ca: "/opt/ydb/certs/ca.crt"
+    services_enabled:
+    - legacy
+
+auth_config:
+  use_builtin_auth: true
+  ldap_authentication:
+    host: "dc2016.ydb.demo"
+    port: 389
+    base_dn: "OU=demo1,DC=ydb,DC=demo"
+    bind_dn: "[email protected]"
+    bind_password: "P@$$w0rd+"
+    search_filter: "sAMAccountName=$username"
+    use_tls:
+      enable: true
+      ca_cert_file: "/etc/ssl/certs/ca-certificates.crt"
+      cert_require: DEMAND
+  ldap_authentication_domain: "ldap"
+  refresh_time: "10m"
+
+table_service_config:
+  sql_version: 1
+
+bootstrap_config:
+  shared_cache_config: {memory_limit: '4294967296'}
+
+feature_flags:
+  enable_grpc_audit: false
+  enable_get_node_labels: true
+  enable_views: true
+
+log_config:
+  default_level: 4
+  uaclient_config:
+    uri: 'localhost:16400'
+    log_name: main
+
+audit_config:
+  unified_agent_backend:
+    format: JSON
+    log_name: audit
+
+# Actor system config is appended to the configuration file by Ansible task.
+# Provided here in the commented form for reference
+#actor_system_config:
+#  use_auto_config: true
+#  node_type: STORAGE # STORAGE or COMPUTE
+#  cpu_count: 6

files/config-3nodes.example

@@ -147,7 +147,7 @@ bootstrap_config:
 audit_config:
   file_backend:
     format: JSON
-    file_path: "/opt/ydb/audit/ydb-audit.log"
+    file_path: "ydb-audit.log"
 # Actor system config is appended to the configuration file by Ansible task.
 # Provided here in the commented form for reference
 #actor_system_config:

files/config-9nodes.yaml.example

@@ -168,7 +168,7 @@ bootstrap_config:
 audit_config:
   file_backend:
     format: JSON
-    file_path: "/opt/ydb/audit/ydb-audit.log"
+    file_path: "ydb-audit.log"
 # Actor system config is appended to the configuration file by Ansible task.
 # Provided here in the commented form for reference
 #actor_system_config:

files/example-dynamic-config.yaml

@@ -0,0 +1,16 @@
+metadata:
+  kind: MainConfig
+  cluster: ""
+  version: 6
+config:
+  yaml_config_enabled: true
+  log_config:
+    default_level: 4
+allowed_labels:
+  node_id:
+    type: string
+  host:
+    type: string
+  tenant:
+    type: string
+selector_config: []

files/modules-ydbd.conf

@@ -2,27 +2,20 @@
 
 ansible_python_interpreter: /usr/bin/python3
 
-# libidn compiled code.
-# Required for RHEL 8, RHEL 9 and similar (AlmaLinux, etc)
-# libidn_archive: libidn.tar.gz
-
 # YDB cluster domain (aka cluster identifier), Root in the documentation
 ydb_domain: Domain0
 
-# YDB cluster name
-ydb_cluster: cluster1
-
 # YDB software installation directory
 ydb_dir: /opt/ydb
 
 # Source directory with TLS keys and certificares
 ydb_tls_dir: ./tls/CA/certs/2023-03-09_16-49-39
 
 # YDB server software archive
-ydb_archive: yasubd-24.1.18.1-linux-amd64.tar.gz
+ydb_archive: yasubd-24.1.18.2-linux-amd64.tar.gz
 
 # YDB server software release
-ydb_version: 24.1.18.1
+ydb_version: 24.1.18.2
 
 # Extra options passed to tar for unpack, typically "--strip-component=1"
 ydb_unpack_options: "--strip-component=1"
@@ -48,7 +41,8 @@ ydb_cores_dynamic: 14
 ydb_disks:
     - name: /dev/vdb
       label: ydb_disk_1
-# Configuration settings for dynamic YDB cluster nodes
+    - name: /dev/vdc
+      label: ydb_disk_2
 
 # The list of exactly three node brokers (static nodes)
 ydb_brokers:
@@ -73,4 +67,14 @@ ydb_dynnodes:
 ydb_affinity_static: '0-31'
 
 # Extra sleep time to allow dynamic nodes to settle up
-dynnode_restart_sleep_seconds: 30
+dynnode_restart_sleep_seconds: 10
+
+# Source path to Unified Agent binary
+unified_agent_binary: ../unified_agent
+# Unified Agent installation root
+unified_agent_home: /opt/ydb/unified_agent
+
+# Optional network congestion control setting, htcp recommended
+ydb_congestion_setting: htcp
+# Optional module to load the congestion control algorithm
+ydb_congestion_module: tcp_htcp