jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/workspace/templates/taskservs/networking/etcd.k
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

177 lines
5.6 KiB
Plaintext
Raw Permalink Blame History

# ETCD Cluster Template
# Extracted from wuji infrastructure patterns (real production config)
# Provides ETCD configuration with SSL and clustering settings
import taskservs.networking.etcd.kcl.etcd as etcd
import workspace_templates.lib.compose as comp
# Base ETCD configuration schema from wuji production
schema ETCDBase {
# Version configuration (production-tested from wuji)
version: str = "3.5.14"
# SSL configuration (production settings from wuji)
ssl_mode: str = "openssl" # cfssl or openssl
ssl_sign: str = "ECC" # ECC or RSA
ca_sign: str = "ECC" # ECC or RSA
sign_sha: int = 384 # 256 or 384
ssl_curve: str = "secp384r1" # For ECC
# Cluster configuration
cluster_name: str # Must be provided
hostname: str = "{{hostname}}"
token: str = "etcd-server"
# Certificate configuration
c: str = "ES" # Country
cn: str = "librecloud.online" # Common name
sign_pass: str = "cloudMeFree" # Certificate signing password
# Network configuration
cli_ip: str = "{{network_private_ip}}"
peer_ip: str = "{{network_private_ip}}"
cli_port: int = 2379
peer_port: int = 2380
# Cluster members
cluster_list: str = "" # Comma-separated list of cluster members
# Paths and directories
data_dir: str = "/var/lib/etcd"
conf_path: str = "/etc/etcd/config.yaml"
certs_path: str = "/etc/ssl/etcd"
prov_path: str = "etcdcerts"
# Logging configuration
log_level: str = "warn"
log_out: str = "stderr"
# Listen and advertise configurations (templated)
listen_peers: str = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
listen_clients: str = "{{servers}}:{{network_private_ip}}:{{cli_port}}"
adv_listen_peers: str = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
adv_listen_clients: str = "{{servers}}:{{network_private_ip}}:{{cli_port}}"
initial_peers: str = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
# Domain and DNS configuration
domain_name: str = "{{defaults}}"
use_dns: bool = True
discovery_srv: str = ""
# Additional configuration
custom_config: {str: any} = {}
}
# Template function to create ETCD configuration
def create_etcd_base [
cluster_name: str,
domain: str = "librecloud.online",
cluster_members: [str] = [],
overrides: {str: any} = {}
] -> any {
let base_config = ETCDBase {
cluster_name: $cluster_name
cn: $domain
cluster_list: ($cluster_members | str join ",")
}
# Apply overrides
let final_config = comp.deep_merge $base_config $overrides
# Create core ETCD configuration
etcd.ETCD {
version: $final_config.version
ssl_mode: $final_config.ssl_mode
ssl_sign: $final_config.ssl_sign
ca_sign: $final_config.ca_sign
sign_sha: $final_config.sign_sha
ssl_curve: $final_config.ssl_curve
cluster_name: $final_config.cluster_name
hostname: $final_config.hostname
c: $final_config.c
cn: $final_config.cn
cli_ip: $final_config.cli_ip
peer_ip: $final_config.peer_ip
cli_port: $final_config.cli_port
peer_port: $final_config.peer_port
cluster_list: $final_config.cluster_list
token: $final_config.token
sign_pass: $final_config.sign_pass
data_dir: $final_config.data_dir
conf_path: $final_config.conf_path
log_level: $final_config.log_level
log_out: $final_config.log_out
certs_path: $final_config.certs_path
prov_path: $final_config.prov_path
listen_peers: $final_config.listen_peers
listen_clients: $final_config.listen_clients
adv_listen_peers: $final_config.adv_listen_peers
adv_listen_clients: $final_config.adv_listen_clients
initial_peers: $final_config.initial_peers
domain_name: $final_config.domain_name
use_dns: $final_config.use_dns
discovery_srv: $final_config.discovery_srv
} | comp.deep_merge $final_config.custom_config
}
# SSL configuration presets
ssl_configs = {
# High security (ECC 384-bit)
high_security: {
ssl_sign: "ECC"
ca_sign: "ECC"
sign_sha: 384
ssl_curve: "secp384r1"
}
# Standard security (ECC 256-bit)
standard: {
ssl_sign: "ECC"
ca_sign: "ECC"
sign_sha: 256
ssl_curve: "secp256r1"
}
# RSA compatibility
rsa: {
ssl_sign: "RSA"
ca_sign: "RSA"
sign_sha: 256
ssl_curve: ""
}
}
# Export the template schema
_etcd_taskserv = etcd.ETCD {
version = "3.5.14"
ssl_mode = "openssl"
ssl_sign = "ECC"
ca_sign = "ECC"
sign_sha = 384
ssl_curve = "secp384r1"
cluster_name = "etcd-cluster"
hostname = "{{hostname}}"
token = "etcd-server"
c = "ES"
cn = "librecloud.online"
sign_pass = "cloudMeFree"
cli_ip = "{{network_private_ip}}"
peer_ip = "{{network_private_ip}}"
cli_port = 2379
peer_port = 2380
cluster_list = ""
data_dir = "/var/lib/etcd"
conf_path = "/etc/etcd/config.yaml"
certs_path = "/etc/ssl/etcd"
prov_path = "etcdcerts"
log_level = "warn"
log_out = "stderr"
listen_peers = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
listen_clients = "{{servers}}:{{network_private_ip}}:{{cli_port}}"
adv_listen_peers = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
adv_listen_clients = "{{servers}}:{{network_private_ip}}:{{cli_port}}"
initial_peers = "{{servers}}:{{network_private_ip}}:{{peer_port}}"
domain_name = "{{defaults}}"
use_dns = True
discovery_srv = ""
}
_etcd_taskserv
Reference in New Issue View Git Blame Copy Permalink