diff options
| author | artem-trof <artem-trof@yandex-team.com> | 2023-01-31 18:13:46 +0300 |
|---|---|---|
| committer | artem-trof <artem-trof@yandex-team.com> | 2023-01-31 18:13:46 +0300 |
| commit | 6ee65af1bbc360d29aff6552fd8b6f82e2e0fd74 (patch) | |
| tree | f4f0a5b61d5b7f7a784dbe62d36ea2df5ca0d861 | |
| parent | 463ec9cb70707115500bab6035be4f22822a0381 (diff) | |
| download | ydb-6ee65af1bbc360d29aff6552fd8b6f82e2e0fd74.tar.gz | |
Update ydb-oss configs & add multi tenancy
ydbops-6678: add ydb oss multi tenancy config & package
ydbops-6678: add multi tenancy package files
ydbops-6678: add multi tenancy package for ydb oss
ydbops-6678: update security rules & rename storage pool
12 files changed, 242 insertions, 9 deletions
diff --git a/ydb/deploy/packages/build.sh b/ydb/deploy/packages/build.sh index c5ba6d2f89d..cf3ca6232c4 100755 --- a/ydb/deploy/packages/build.sh +++ b/ydb/deploy/packages/build.sh @@ -36,6 +36,8 @@ while [[ $1 == --* ]]; do # platform specific depends syntax # var referenced in ydb*.template.yaml configs export YDB_PACKAGE_DEPENDS_LIBC="libc6 (>= 2.30.0)" + export YDB_PACKAGE_DEPENDS_YDB_SERVER="ydb-server (>= $YDB_VERSION_STRING)" + export YDB_PACKAGE_DEPENDS_JQ="jq (>= 1.6)" shift ;; --help) diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.service b/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.service new file mode 100644 index 00000000000..16dcd81c096 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.service @@ -0,0 +1,16 @@ +[Unit] +Description=YDB MultiTenancy starter service +AssertFileNotEmpty=/opt/ydb/cfg/config.yaml +AssertPathIsDirectory=/opt/ydb-tenant +After=network-online.target rc-local.service + +[Service] +Type=oneshot +Environment=YDBD_SERVICE_TENANTS_DIR=/opt/ydb-tenant +ExecStart=/opt/ydb/bin/ydb-server-mt-starter.sh +ExecReload=/bin/true +ExecStop=/bin/true +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.sh b/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.sh new file mode 100755 index 00000000000..8dbc75f4c0b --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-starter.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +tenants=$( + find "$YDBD_SERVICE_TENANTS_DIR" \ + -maxdepth 1 \ + -mindepth 1 \ + -type d \ + -exec basename {} \; +) + +for tenant in $tenants; do + systemctl start "ydb-server-mt-tenant@$tenant" +done diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-post.sh b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-post.sh new file mode 100755 index 00000000000..775b2dc4df2 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-post.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +if [ -x /bin/systemctl ]; then + systemctl kill --signal=SIGHUP rsyslog.service +else + /sbin/reload rsyslog +fi diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-pre.sh b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-pre.sh new file mode 100755 index 00000000000..3f576441f57 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-pre.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +# vars passed as environments + +ydbd_service_pid_path="/run/$YDBD_SERVICE_USER" + +install -o "$YDBD_SERVICE_USER" -d "$ydbd_service_pid_path" +install -o root -d "$YDBD_SERVICE_TENANT_DIR" +install -o syslog -d "$YDBD_SERVICE_TENANT_DIR/logs" +install -o "$YDBD_SERVICE_USER" -d "$YDBD_SERVICE_TENANT_DIR/cache" diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-start.sh b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-start.sh new file mode 100755 index 00000000000..49b2eaf7aa8 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-start.sh @@ -0,0 +1,45 @@ +#!/bin/bash +set -e + +ydbd_service_tenant_config="$YDBD_SERVICE_TENANT_DIR/config.json" +ydbd_service_syslog_tag="ydbd_$YDBD_SERVICE_TENANT" + +if [ ! -f "$ydbd_service_tenant_config" ]; then + logger -p daemon.err -t "$ydbd_service_syslog_tag" "No YDB tenant ($YDBD_SERVICE_TENANT) configuration file at: $ydbd_service_tenant_config" + exit 1 +fi + +read_config_value() { + field=$1 + value=$(jq -r ".$field | select(.!=null)" "$ydbd_service_tenant_config") + + if [ -z "$value" ]; then + logger -p daemon.err -t "$ydbd_service_syslog_tag" "Required field $field not exists in config" + return 2 + fi + + echo "$value" +} + +optional_args="" + +if [ -f "$YDBD_SERVICE_MAIN_DIR/token/ydbd.token" ]; then + optional_args="--auth-token-file $YDBD_SERVICE_MAIN_DIR/token/ydbd.token" +fi + +ydbd_service_grpc_port=$(read_config_value grpc_port) || exit 2 +ydbd_service_ic_port=$(read_config_value ic_port) || exit 2 +ydbd_service_mon_port=$(read_config_value mon_port) || exit 2 +ydbd_service_database=$(read_config_value database) || exit 2 + +exec "$YDBD_SERVICE_MAIN_DIR/bin/ydbd" server \ + --yaml-config "$YDBD_SERVICE_MAIN_DIR/cfg/config.yaml" \ + --log-level 3 \ + --syslog \ + --syslog-service-tag "$ydbd_service_syslog_tag" \ + --tcp \ + --node-broker-port 2135 \ + --grpc-port "$ydbd_service_grpc_port" \ + --ic-port "$ydbd_service_ic_port" \ + --mon-port "$ydbd_service_mon_port" \ + --tenant "$ydbd_service_database" $optional_args diff --git a/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant@.service b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant@.service new file mode 100644 index 00000000000..e100fdfc3e6 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-mt-tenant@.service @@ -0,0 +1,44 @@ +[Unit] +Description=YDB MultiTenancy tenant service (%i) +StartLimitInterval=10 +StartLimitBurst=15 +PartOf=ydb-server-mt-starter.service +AssertFileNotEmpty=/opt/ydb/cfg/config.yaml + +[Service] +Type=simple +User=ydb_tenant +Group=ydb +RuntimeDirectory=ydb_tenant +RuntimeDirectoryPreserve=yes + +LimitNOFILE=131072 +LimitCORE=infinity +LimitMEMLOCK=32212254720 +PermissionsStartOnly=true + +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=ydbd_%i +SyslogFacility=daemon +SyslogLevel=err + +Environment=LD_LIBRARY_PATH=/opt/ydb/lib +Environment=YDBD_SERVICE_MAIN_DIR=/opt/ydb +Environment=YDBD_SERVICE_TENANTS_DIR=/opt/ydb-tenant +Environment=YDBD_SERVICE_TENANT_DIR=/opt/ydb-tenant/%i +Environment=YDBD_SERVICE_USER=ydb_tenant +Environment=YDBD_SERVICE_TENANT=%i + +ExecStartPre=/opt/ydb/bin/ydb-server-mt-tenant-pre.sh +ExecStart=/opt/ydb/bin/ydb-server-mt-tenant-start.sh +ExecStartPost=/opt/ydb/bin/ydb-server-mt-tenant-post.sh + +KillMode=mixed +TimeoutStopSec=300 + +Restart=always +RestartSec=1 + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.postinstall b/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.postinstall new file mode 100755 index 00000000000..5b61f122c63 --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.postinstall @@ -0,0 +1,49 @@ +#!/bin/bash +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in +configure) + + # create ydb user & group + useradd ydb_tenant -g ydb || true + + chown -R ydb_tenant:ydb /opt/ydb-tenant + chown ydb_tenant:ydb /opt/ydb/bin/ydb-server-mt* + + if [ -x /bin/systemctl ] && + [ -f /etc/systemd/system/ydb-server-mt-starter.service ] && + [ -f /etc/systemd/system/ydb-server-mt-tenant@.service ]; then + /bin/systemctl daemon-reload || true + + if ! /bin/systemctl enable ydb-server-mt-starter; then + echo "Cannot enable ydb multi tenancy starter service!" + fi + + if ! /bin/systemctl enable ydb-server-mt-tenant@; then + echo "Cannot enable ydb multi tenancy tenant service!" + fi + fi + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +*) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.template.yaml b/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.template.yaml new file mode 100644 index 00000000000..434aec4f59a --- /dev/null +++ b/ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.template.yaml @@ -0,0 +1,43 @@ +name: ydb-server-multi-tenant +arch: "${DEB_ARCH}" +platform: linux +version: "${YDB_VERSION_STRING}" + +vendor: "YDB Platform" +homepage: https://ydb.tech +license: Apache2.0 +section: database +priority: optional +maintainer: "info@ydb.tech" +description: | + YDB is an open-source Distributed SQL Database that combines + high availability and scalability with strong consistency and ACID transactions. + This package provides multi tenancy systemd services and configuration. + +provides: [] +depends: + - "${YDB_PACKAGE_DEPENDS_YDB_SERVER}" + - "${YDB_PACKAGE_DEPENDS_JQ}" +recommends: [] +suggests: [] + +contents: + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-starter.service + dst: /etc/systemd/system/ydb-server-mt-starter.service + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-tenant@.service + dst: /etc/systemd/system/ydb-server-mt-tenant@.service + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-starter.sh + dst: /opt/ydb/bin/ydb-server-mt-starter.sh + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-pre.sh + dst: /opt/ydb/bin/ydb-server-mt-tenant-pre.sh + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-post.sh + dst: /opt/ydb/bin/ydb-server-mt-tenant-post.sh + - src: ydb/deploy/packages/ydb-server/ydb-server-mt-tenant-start.sh + dst: /opt/ydb/bin/ydb-server-mt-tenant-start.sh + - dst: /opt/ydb-tenant + type: dir + file_info: + mode: 0774 + +scripts: + postinstall: ydb/deploy/packages/ydb-server/ydb-server-multi-tenant.postinstall diff --git a/ydb/deploy/packages/ydb-server/ydb-server-storage-start.sh b/ydb/deploy/packages/ydb-server/ydb-server-storage-start.sh index d5bcd5ef08e..0b68664533b 100755 --- a/ydb/deploy/packages/ydb-server/ydb-server-storage-start.sh +++ b/ydb/deploy/packages/ydb-server/ydb-server-storage-start.sh @@ -1,18 +1,17 @@ -#!/bin/sh +#!/bin/bash set -e -opt="/opt/ydb" optional_args="" -if [ -f "$opt/token/ydbd.token" ]; then - optional_args="--auth-token-file $opt/token/ydbd.token" +if [ -f "$YDBD_SERVICE_MAIN_DIR/token/ydbd.token" ]; then + optional_args="--auth-token-file $YDBD_SERVICE_MAIN_DIR/token/ydbd.token" fi -exec $opt/bin/ydbd server \ +exec "$YDBD_SERVICE_MAIN_DIR/bin/ydbd" server \ + --yaml-config "$YDBD_SERVICE_MAIN_DIR/cfg/config.yaml" \ --log-level 3 \ --syslog \ --tcp \ - --yaml-config $opt/cfg/config.yaml \ --grpc-port 2135 \ --ic-port 19001 \ --mon-port 8765 \ diff --git a/ydb/deploy/packages/ydb-server/ydb-server-storage.service b/ydb/deploy/packages/ydb-server/ydb-server-storage.service index 85a0d50cdad..aef8b85fe2f 100644 --- a/ydb/deploy/packages/ydb-server/ydb-server-storage.service +++ b/ydb/deploy/packages/ydb-server/ydb-server-storage.service @@ -9,10 +9,10 @@ Wants=network-online.target [Service] Type=simple User=ydb + LimitNOFILE=65536 LimitCORE=0 LimitMEMLOCK=3221225472 - PermissionsStartOnly=true CapabilityBoundingSet=CAP_SETFCAP CAP_SYS_RAWIO CAP_SYS_NICE @@ -24,6 +24,7 @@ SyslogLevel=err ExecStartPre=/usr/bin/install -o ydb -d /opt/ydb/cache Environment=LD_LIBRARY_PATH=/opt/ydb/lib +Environment=YDBD_SERVICE_MAIN_DIR=/opt/ydb ExecStart=/opt/ydb/bin/ydb-server-storage-start.sh KillMode=mixed diff --git a/ydb/deploy/packages/ydb-server/ydb-server.postinstall b/ydb/deploy/packages/ydb-server/ydb-server.postinstall index 3af48bb3fff..2e27c4d1071 100755 --- a/ydb/deploy/packages/ydb-server/ydb-server.postinstall +++ b/ydb/deploy/packages/ydb-server/ydb-server.postinstall @@ -18,8 +18,8 @@ case "$1" in configure) # create ydb user & group - groupadd ydb - useradd ydb -g ydb + groupadd ydb || true + useradd ydb -g ydb || true # to make sure that YDB has access to block disks to run usermod -aG disk ydb @@ -28,6 +28,7 @@ configure) chown -R ydb:ydb /opt/ydb mkdir /opt/ydb/cache + chown -R ydb:ydb /opt/ydb/cache if [ -x /bin/systemctl -a -f /etc/systemd/system/ydb-server-storage.service ]; then /bin/systemctl daemon-reload || true |