system variables moved to system.yml variable file.

vitabaks · vitabaks · commit 909e3389cff3 · 2020-01-15T13:47:45.000+03:00
/vars/system.yml
diff --git a/README.md b/README.md
@@ -159,7 +159,7 @@ proxy_env:
 ---
 
 ## Variables
-See the vars/[main.yml](./vars/main.yml) and ([Debian.yml](./vars/Debian.yml) or [RedHat.yml](./vars/RedHat.yml)) files for more details.
+See the vars/[main.yml](./vars/main.yml), [system.yml](./vars/system.yml) and ([Debian.yml](./vars/Debian.yml) or [RedHat.yml](./vars/RedHat.yml)) files for more details.
 
 
 ## Scaling: add a new node to an existing postgres cluster
diff --git a/add_pgnode.yml b/add_pgnode.yml
@@ -8,6 +8,7 @@
   gather_facts: true
   vars_files:
     - vars/main.yml
+    - vars/system.yml
     - "vars/{{ ansible_os_family }}.yml"
   vars:
     existing_pgcluster: true
diff --git a/deploy_pgcluster.yml b/deploy_pgcluster.yml
@@ -8,6 +8,7 @@
   gather_facts: true
   vars_files:
     - vars/main.yml
+    - vars/system.yml
     - "vars/{{ ansible_os_family }}.yml"
 
 
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,5 +1,5 @@
 ---
-# Proxy variables (for offline installation)
+# Proxy variables (optional) for download packages using a proxy server
 proxy_env: {}
 #  http_proxy: http://10.128.64.9:3128
 #  https_proxy: http://10.128.64.9:3128
@@ -197,103 +197,3 @@ pgbouncer_users:
 #  - { username: "", password: "" }
 
 
-# System variables
-ntp_enabled: 'false' # specify 'true' if you want to install and configure the ntp service
-ntp_servers: []
-#  - "10.128.64.44"
-#  - "10.128.64.45"
-
-timezone: []
-#timezone: "Europe/Moscow"
-
-# Generate locale 
-## (except RHEL>=8,use glibc-langpack)
-locales:
-  - { language_country: "en_US", encoding: "UTF-8" }
-  - { language_country: "ru_RU", encoding: "UTF-8" } # optional
-#  - { language_country: "", encoding: "" }
-
-
-# Kernel parameters
- # these parameters for example! Specify kernel options for your system
-sysctl_conf:
-  - { name: "vm.swappiness",                  value: "1"         }
-  - { name: "vm.min_free_kbytes",             value: "102400"    }
-  - { name: "vm.dirty_expire_centisecs",      value: "1000"      }
-  - { name: "vm.dirty_background_bytes",      value: "67108864"  }
-  - { name: "vm.dirty_bytes",                 value: "536870912" }
-#  - { name: "vm.nr_hugepages",                value: "9510"      } # example "9510"=18GB
-  - { name: "vm.zone_reclaim_mode",           value: "0"         }
-  - { name: "kernel.numa_balancing",          value: "0"         }
-  - { name: "kernel.sched_migration_cost_ns", value: "5000000"   }
-  - { name: "kernel.sched_autogroup_enabled", value: "0"         }
-  - { name: "net.ipv4.ip_nonlocal_bind",      value: "1"         }
-  - { name: "net.ipv4.ip_forward",            value: "1"         }
-  - { name: "net.ipv4.ip_local_port_range",   value: "1024 65535" }
-  - { name: "net.netfilter.nf_conntrack_max", value: "1048576"    }
-#  - { name: "",            value: "" }
-#  - { name: "",            value: "" }
-
-
-# Transparent Huge Pages
-disable_thp: 'true' # or 'false'
-
-
-# Max open file limit
-set_limits: 'true' # or 'false'
-limits_user: "postgres"
-soft_nofile: 65536
-hard_nofile: 200000
-
-
-# I/O Scheduler (optional)
-set_scheduler: 'false' # or 'true'
-scheduler:
-  - { sched: "deadline" , nr_requests: "1024", device: "sda" }
-#  - { sched: "noop" , nr_requests: "1024", device: "sdb" }
-#  - { sched: "" , nr_requests: "1024", device: "" }
-
-# Non-multiqueue I/O schedulers:
-  # cfq         - for desktop systems and slow SATA drives
-  # deadline    - for SAS drives (recommended for databases)
-  # noop        - for SSD drives
-# Multiqueue I/O schedulers (blk-mq):
-## (Recommend the use of blk-mq in environments that support it. For Fast SSD Storage and Linux kernel 4.12+)
-  # mq-deadline - (recommended for databases)
-  # none        - (ideal for fast random I/O devices such as NVMe)
-  # bfq         - (avoid for databases)
-  # kyber
-
-
-# SSH Keys (optional)
-enable_ssh_key_based_authentication: 'false' # or 'true' for configure SSH Key-Based Authentication
-ssh_key_user: "postgres"
-ssh_key_state: "present"
-ssh_known_hosts: "{{ groups['postgres_cluster'] }}"
-
-
-# Firewall (ansible-role-firewall)
- # https://github.com/geerlingguy/ansible-role-firewall
-firewall_enabled_at_boot: true
-
-firewall_allowed_tcp_ports:
-  - "{{ ansible_ssh_port }}"
-  - "{{ postgresql_port }}"
-  - "{{ pgbouncer_listen_port }}"
-  - "2379" # ETCD port
-  - "2380" # ETCD port
-  - "8008" # Patroni REST API port
-  - "5000" # HAProxy (read/write) master
-  - "5001" # HAProxy (read only) all replicas
-  - "5002" # HAProxy (read only) synchronous replica only
-  - "5003" # HAProxy (read only) asynchronous replicas only
-  - "7000" # HAProxy stats
-
-firewall_additional_rules:
-  - "iptables -p vrrp -A INPUT -j ACCEPT"  # Keepalived (vrrp)
-  - "iptables -p vrrp -A OUTPUT -j ACCEPT" # Keepalived (vrrp)
-
- # disable firewalld (installed by default on RHEL/CentOS) or ufw (installed by default on Ubuntu)
-firewall_disable_firewalld: true
-firewall_disable_ufw: true
-
diff --git a/vars/system.yml b/vars/system.yml
@@ -0,0 +1,103 @@
+---
+# System variables
+
+ntp_enabled: 'false' # specify 'true' if you want to install and configure the ntp service
+ntp_servers: []
+#  - "10.128.64.44"
+#  - "10.128.64.45"
+
+timezone: []
+#timezone: "Europe/Moscow"
+
+# Generate locale 
+## (except RHEL>=8,use glibc-langpack)
+locales:
+  - { language_country: "en_US", encoding: "UTF-8" }
+  - { language_country: "ru_RU", encoding: "UTF-8" } # optional
+#  - { language_country: "", encoding: "" }
+
+
+# Kernel parameters
+ # these parameters for example! Specify kernel options for your system
+sysctl_conf:
+  - { name: "vm.swappiness",                  value: "1"         }
+  - { name: "vm.min_free_kbytes",             value: "102400"    }
+  - { name: "vm.dirty_expire_centisecs",      value: "1000"      }
+  - { name: "vm.dirty_background_bytes",      value: "67108864"  }
+  - { name: "vm.dirty_bytes",                 value: "536870912" }
+#  - { name: "vm.nr_hugepages",                value: "9510"      } # example "9510"=18GB
+  - { name: "vm.zone_reclaim_mode",           value: "0"         }
+  - { name: "kernel.numa_balancing",          value: "0"         }
+  - { name: "kernel.sched_migration_cost_ns", value: "5000000"   }
+  - { name: "kernel.sched_autogroup_enabled", value: "0"         }
+  - { name: "net.ipv4.ip_nonlocal_bind",      value: "1"         }
+  - { name: "net.ipv4.ip_forward",            value: "1"         }
+  - { name: "net.ipv4.ip_local_port_range",   value: "1024 65535" }
+  - { name: "net.netfilter.nf_conntrack_max", value: "1048576"    }
+#  - { name: "",            value: "" }
+#  - { name: "",            value: "" }
+
+
+# Transparent Huge Pages
+disable_thp: 'true' # or 'false'
+
+
+# Max open file limit
+set_limits: 'true' # or 'false'
+limits_user: "postgres"
+soft_nofile: 65536
+hard_nofile: 200000
+
+
+# I/O Scheduler (optional)
+set_scheduler: 'false' # or 'true'
+scheduler:
+  - { sched: "deadline" , nr_requests: "1024", device: "sda" }
+#  - { sched: "noop" , nr_requests: "1024", device: "sdb" }
+#  - { sched: "" , nr_requests: "1024", device: "" }
+
+# Non-multiqueue I/O schedulers:
+  # cfq         - for desktop systems and slow SATA drives
+  # deadline    - for SAS drives (recommended for databases)
+  # noop        - for SSD drives
+# Multiqueue I/O schedulers (blk-mq):
+## (Recommend the use of blk-mq in environments that support it. For Fast SSD Storage and Linux kernel 4.12+)
+  # mq-deadline - (recommended for databases)
+  # none        - (ideal for fast random I/O devices such as NVMe)
+  # bfq         - (avoid for databases)
+  # kyber
+
+
+# SSH Keys (optional)
+enable_ssh_key_based_authentication: 'false' # or 'true' for configure SSH Key-Based Authentication
+ssh_key_user: "postgres"
+ssh_key_state: "present"
+ssh_known_hosts: "{{ groups['postgres_cluster'] }}"
+
+
+# Firewall (ansible-role-firewall)
+ # https://github.com/geerlingguy/ansible-role-firewall
+firewall_enabled_at_boot: true
+
+firewall_allowed_tcp_ports:
+  - "{{ ansible_ssh_port }}"
+  - "{{ postgresql_port }}"
+  - "{{ pgbouncer_listen_port }}"
+  - "2379" # ETCD port
+  - "2380" # ETCD port
+  - "8008" # Patroni REST API port
+  - "5000" # HAProxy (read/write) master
+  - "5001" # HAProxy (read only) all replicas
+  - "5002" # HAProxy (read only) synchronous replica only
+  - "5003" # HAProxy (read only) asynchronous replicas only
+  - "7000" # HAProxy stats
+
+firewall_additional_rules:
+  - "iptables -p vrrp -A INPUT -j ACCEPT"  # Keepalived (vrrp)
+  - "iptables -p vrrp -A OUTPUT -j ACCEPT" # Keepalived (vrrp)
+
+ # disable firewalld (installed by default on RHEL/CentOS) or ufw (installed by default on Ubuntu)
+firewall_disable_firewalld: true
+firewall_disable_ufw: true
+
+
