jungle/m/bay/configuration.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ../common/xeon.nix
    ../module/monitoring.nix
  ];

  # Select the this using the ID to avoid mismatches
  boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";

  boot.kernel.sysctl = {
    "kernel.yama.ptrace_scope" = lib.mkForce "1";
  };

  environment.systemPackages = with pkgs; [
    ceph
  ];

  networking = {
    hostName = "bay";
    interfaces.eno1.ipv4.addresses = [ {
      address = "10.0.40.40";
      prefixLength = 24;
    } ];
    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.40";
      prefixLength = 24;
    } ];
    firewall = {
      extraCommands = ''
        # Accept all incoming TCP traffic from lake2
        iptables -A nixos-fw -p tcp -s lake2 -j nixos-fw-accept
        # Accept monitoring requests from hut
        iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept
        # Accept all Ceph traffic from the local network
        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
      '';
    };
  };

  services.ceph = {
    enable = true;
    global = {
      fsid = "9c8d06e0-485f-4aaf-b16b-06d6daf1232b";
      monHost = "10.0.40.40";
      monInitialMembers = "bay";
      clusterNetwork = "10.0.40.40/24"; # Use Ethernet only
    };
    extraConfig = {
      # Only log to stderr so it appears in the journal
      "log_file" = "/dev/null";
      "mon_cluster_log_file" = "/dev/null";
      "log_to_stderr" = "true";
      "err_to_stderr" = "true";
      "log_to_file" = "false";
    };
    mds = {
      enable = true;
      daemons = [ "mds0" "mds1" ];
      extraConfig = {
        "host" = "bay";
      };
    };
    mgr = {
      enable = true;
      daemons = [ "bay" ];
    };
    mon = {
      enable = true;
      daemons = [ "bay" ];
    };
    osd = {
      enable = true;
      # One daemon per NVME disk
      daemons = [ "0" "1" "2" "3" ];
      extraConfig = {
        "osd crush chooseleaf type" = "0";
        "osd journal size" = "10000";
        "osd pool default min size" = "2";
        "osd pool default pg num" = "200";
        "osd pool default pgp num" = "200";
        "osd pool default size" = "3";
      };
    };
  };

  # Missing service for volumes, see:
  # https://www.reddit.com/r/ceph/comments/14otjyo/comment/jrd69vt/
  systemd.services.ceph-volume = {
    enable = true;
    description = "Ceph Volume activation";
    unitConfig = {
      Type = "oneshot";
      After = "local-fs.target";
      Wants = "local-fs.target";
    };
    path = [ pkgs.ceph pkgs.util-linux pkgs.lvm2 pkgs.cryptsetup ];
    serviceConfig = {
      KillMode = "none";
      Environment = "CEPH_VOLUME_TIMEOUT=10000";
      ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT ${pkgs.ceph}/bin/ceph-volume lvm activate --all --no-systemd'";
      TimeoutSec = "0";
    };
    wantedBy = [ "multi-user.target" ];
  };
}
Add ceph config in bay 2023-08-22 15:57:25 +02:00			`{ config, pkgs, lib, ... }:`
Add bay node 2023-07-28 19:49:48 +02:00
			`{`
			`imports = [`
Split xeon specific configuration from base To accomodate the raccoon knights workstation, some of the configuration pulled by m/common/main.nix has to be removed. To solve it, the xeon specific parts are placed into m/common/xeon.nix and only the common configuration is at m/common/base.nix. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-06-03 09:20:11 +02:00			`../common/xeon.nix`
			`../module/monitoring.nix`
Add bay node 2023-07-28 19:49:48 +02:00			`];`

			`# Select the this using the ID to avoid mismatches`
			`boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";`

Allow ptrace to any process of the same user Allows users to attach GDB to their own processes, without requiring running the program with GDB from the start. It is only available in compute nodes, the storage nodes continue with the restricted settings. Reviewed-by: Aleix Boné <abonerib@bsc.es> 2024-07-17 13:10:59 +02:00			`boot.kernel.sysctl = {`
			`"kernel.yama.ptrace_scope" = lib.mkForce "1";`
			`};`

Add ceph config in bay 2023-08-22 15:57:25 +02:00			`environment.systemPackages = with pkgs; [`
			`ceph`
			`];`

Add bay node 2023-07-28 19:49:48 +02:00			`networking = {`
			`hostName = "bay";`
			`interfaces.eno1.ipv4.addresses = [ {`
			`address = "10.0.40.40";`
			`prefixLength = 24;`
			`} ];`
			`interfaces.ibp5s0.ipv4.addresses = [ {`
			`address = "10.0.42.40";`
			`prefixLength = 24;`
			`} ];`
Add firewall rules for Ceph and monitoring The firewall was blocking the monitoring traffic from hut and the Ceph traffic among OSDs. The rules only allow connecting from the specific host that they are supposed to be coming from. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2024-04-24 16:55:06 +02:00			`firewall = {`
			`extraCommands = ''`
			`# Accept all incoming TCP traffic from lake2`
			`iptables -A nixos-fw -p tcp -s lake2 -j nixos-fw-accept`
			`# Accept monitoring requests from hut`
			`iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept`
			`# Accept all Ceph traffic from the local network`
			`iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept`
			`'';`
			`};`
Add bay node 2023-07-28 19:49:48 +02:00			`};`
Add ceph config in bay 2023-08-22 15:57:25 +02:00
			`services.ceph = {`
			`enable = true;`
			`global = {`
			`fsid = "9c8d06e0-485f-4aaf-b16b-06d6daf1232b";`
			`monHost = "10.0.40.40";`
			`monInitialMembers = "bay";`
			`clusterNetwork = "10.0.40.40/24"; # Use Ethernet only`
			`};`
Switch ceph logs to journal 2023-08-28 17:58:08 +02:00			`extraConfig = {`
			`# Only log to stderr so it appears in the journal`
			`"log_file" = "/dev/null";`
			`"mon_cluster_log_file" = "/dev/null";`
			`"log_to_stderr" = "true";`
			`"err_to_stderr" = "true";`
			`"log_to_file" = "false";`
			`};`
Add ceph config in bay 2023-08-22 15:57:25 +02:00			`mds = {`
			`enable = true;`
			`daemons = [ "mds0" "mds1" ];`
			`extraConfig = {`
			`"host" = "bay";`
			`};`
			`};`
			`mgr = {`
			`enable = true;`
			`daemons = [ "bay" ];`
			`};`
			`mon = {`
			`enable = true;`
			`daemons = [ "bay" ];`
			`};`
			`osd = {`
			`enable = true;`
			`# One daemon per NVME disk`
			`daemons = [ "0" "1" "2" "3" ];`
			`extraConfig = {`
			`"osd crush chooseleaf type" = "0";`
			`"osd journal size" = "10000";`
			`"osd pool default min size" = "2";`
			`"osd pool default pg num" = "200";`
			`"osd pool default pgp num" = "200";`
			`"osd pool default size" = "3";`
			`};`
			`};`
			`};`

			`# Missing service for volumes, see:`
			`# https://www.reddit.com/r/ceph/comments/14otjyo/comment/jrd69vt/`
			`systemd.services.ceph-volume = {`
			`enable = true;`
			`description = "Ceph Volume activation";`
			`unitConfig = {`
			`Type = "oneshot";`
			`After = "local-fs.target";`
			`Wants = "local-fs.target";`
			`};`
			`path = [ pkgs.ceph pkgs.util-linux pkgs.lvm2 pkgs.cryptsetup ];`
			`serviceConfig = {`
			`KillMode = "none";`
			`Environment = "CEPH_VOLUME_TIMEOUT=10000";`
			`ExecStart = "/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT ${pkgs.ceph}/bin/ceph-volume lvm activate --all --no-systemd'";`
			`TimeoutSec = "0";`
			`};`
			`wantedBy = [ "multi-user.target" ];`
			`};`
Add bay node 2023-07-28 19:49:48 +02:00			`}`