Skip to content

Latest commit

 

History

History
275 lines (210 loc) · 11.6 KB

README.md

File metadata and controls

275 lines (210 loc) · 11.6 KB

ansible-linux-ha-cluster

Ansible deployment of Linux HA (High Availability) cluster, PoC of AP-ALB. One non-Kubernetes, non-Pacemaker, non-DRBD, without-cloud-lock-ln way to do it even on cheapest VPSs you could find. This is a Proof of Concept of the reusable Ansible role AP Application Load Balancer and feature a clusterized mode and cross-platform cluster and also implements some extra, well maintained, Ansible Roles made by 3rd party. Check the ASCIInema demo.

About using this playbooks in production: At very minimum, you will need to customize the inventory (on this version, the hosts.yml). But in special for who is new to Ansible and want reusability, consider the fititnt/ansible-linux-ha-cluster with the following in mind:

  • This is a playbooks colletion great quickstart on how to glue some selected reusable Ansible Roles on your own private projects.
  • While the ansible-linux-ha-cluster may demonstrate cross-platform clusters working together, using this on production may require some extra work than you would have if choose less underlining operational systems.
  • Some playbooks, like the infra-wireguard.yml are intentionally separated both to be used alone and also to allow replacement. If you already have a VPN (via your cloud provider) you may want to comment/remove this playbook. Enterprise users without one VPN may want some more classic VPN solution, like IPSec.

ASCIInema demo

asciicast

TODO: fix AP-ALB 0.8.7-beta still requiring manual changes on CentOS 7 (fititnt, 2019-12-31 02:21).

Note: on this play, the external role githubixx.ansible_role_wireguard used on the cross-platform demo failed on Centos 8 (but weeks ago worked fine out of the box)

When reading the source codes or watching the ASCIInema demos, the sufix of hosts give a hint. So rocha_basalto_freebsd12 means FreeBSD version 12, ap_foxtrot_debian10 means Debian 10, etc. For the role versions, check requirements.yml file.


Table of Contents


Usage

Assuming you already have the Requisites meet, this is how you use:

How to download this ansible-linux-ha-cluster to your machine

git clone https://github.com/fititnt/ansible-linux-ha-cluster.git .

# This will download https://github.com/fititnt/https://github.com/fititnt/ap-application-load-balancer
# on roles/ap-application-load-balancer
ansible-galaxy install -r requirements.yml --roles-path roles/

TIP: on requirements.yml have extra information.

How to customize and use

# Edit to your hosts files. The default values where used on Etica.AI test servers
# You can also create a new one and change `-i hosts`
vim hosts.yml

# This will run the playbooks
ansible-playbook -i hosts.yml main-infra.yml
ansible-playbook -i hosts.yml main-apps.yml

Ad Hoc ALB

ansible-playbook -i hosts.yml roles/ap-application-load-balancer/ad-hoc-alb/show-configurations-syntax-validation.yml

# Tip: you may need replace 'roles/ap-application-load-balancer/' with something like '~/.ansible/roles/ap-application-load-balancer/'
#      these ad-hoc-alb scripts are stored with the role

ansible-linux-ha-cluster explained

File organization

  • hosts.yml: Almost all the logic (in Ansible term, the inventory) is on this single filethe
  • main-infra.yml call the tasks related to infrastructure deployment in the ideal order.
  • main-apps.yml exist because AP-ALB is designed to be an Application Load Balancer, so after deployment, is more likely that you would change the applications than the infrastructure.

Responsibilities of the Ansible Roles

Requisites

Ansible

Follow the https://docs.ansible.com: Installation Guide

Windows users can use Windows WSL (then could choose Ubuntu 18.04 LTS). Check this Windows Frequently Asked Questions

Tip: if is your first time with Ansible, this computer is likely to be own computer and NOT the server where you want to install ALB. One way to explain Ansible would be it converts YAML variables + tasks on commands to execute (more often) on remote hosts that can be accessed over SSH.

Python on target hosts

You can skip this section if you did not get error like "The module failed to execute correctly, you probably need to set the interpreter"

The only requisite (beyond be able to SSH into a target host) that Ansible requires is some version of Python. This is fine with most Linux distributions, except in special CentOS 8 that decided not enforce one default python version so was up to the user choose one.

## For CentOS 8
# Python 3, command to run if you are logged on each target host
sudo dnf install python3 -y

# Python 3, if can SSH into each host, but run an Ad-Hoc command that will
# install Python for you
ansible all -m raw -a "sudo dnf install python3 -y" -i apd.etica.ai,ape.etica.ai,apf.etica.ai,apg.etica.ai

Number of nodes

Rule of thumb: 3 (three) nodes. Have a odd number (1, 3, 5, max 7) is important for your HA cluster decide alone what to do without humam intervention and without risk of brain-split.

Note that obviously is possible to have more than 3 nodes (or even number of nodes) and this rule is for services that act like master (with power of decision), not just as followers.

But can I use only 2 nodes?

2 nodes, without any human intervention (or cheating using using a 3rd machine to decide who is right) is likely to have lower nines of availability than simply have one server and don't turn off.

It does not means that a cluster would not work with only 2 nodes. But without one odd number, if the connection between the nodes stop, or one node crash hard without say goodbye (like when you would do a soft reboot) the other node could enter in read-only mode.

Hardware of the cluster nodes

This is the bare minimum on each node considering alreading considering the space of operational system:

  • 1 vCPU
    • Consul is already using concervative heath checks to reduce CPU usage, so it could run fine on Amazon T Nano instances
    • Wireguard is CPU friendly
      • Even using 256-bit ChaCha20 still at least as fast as IPsec (ChaPoly)
  • 192 MB RAM
    • But then please add some SWAP.
      • Don't worry, this is not kubernetes that complain about Swap.
  • 8 GB disk space
    • Maybe 5 GB if you try harder

The internet between the nodes

Direct access. The ideal scenario, each node can access the other node directly. If this is not the case, you could look at "mesh networking" implementations.

Lower ping is better than huge speeds. Another ideal scenario is each cluster have it's nodes not too far away (idealy same datacenter, but some HA components could work fine with different datacenters on same continent but with lower ping). If ping is higher, you may have to ajust some settings, or accept that some tasks could be slow.

Did I need an dedicated IPv4? Does this work on NATed IPv4?

No. Not tested, but you could just use IPv6.

For who think this comment is strange, the cheapests VPSs from places like https://www.serverhunter.com/ are paid by year and does not have IPv4.

Operatinal System of the cluster nodes

The ansible-linux-ha-cluster was tested on several linux distributions and versions. For the role AP-ALB, some OSs may not implement all the features. Other roles made by 3rd party are not enabled when they did not support one OS.

  • Operational System (full AP-ALB features):
    • Debian Family
      • Debian 10
      • Ubuntu Server LTS 18.04
    • RedHat Family
      • CentOS 8, CentOS 7
      • RHEL 8, RHEL 7
  • Tested(require extra steps, like compiling OpenResty, to implement all AP-ALB features)
    • Arch Linux: lastest
    • BSD Family: FreeBSD 12
    • SUSE Family: OpenSUSE 15

When reading the source codes or watching the ASCIInema demos, the sufix of hosts give a hint. So rocha_basalto_freebsd12 means FreeBSD version 12, ap_foxtrot_debian10 means Debian 10, etc. For the role versions, check requirements.yml file.

License

Public Domain

To the extent possible under law, Etica.AI has waived all copyright and related or neighboring rights to this work to Public Domain.