From 1b07f1b26ef5fb375f91e420bc84f45999b196ce Mon Sep 17 00:00:00 2001 From: gjmzj Date: Tue, 6 Apr 2021 20:03:42 +0800 Subject: [PATCH] rewrite chrony installation --- docs/guide/chrony.md | 68 ++---------------- ezdown | 2 +- roles/chrony/tasks/main.yml | 75 ++++++++------------ roles/chrony/tasks/offline.yml | 70 ------------------ roles/chrony/templates/chronyd.service.j2 | 20 ++++++ roles/chrony/templates/client-centos.conf.j2 | 44 ------------ roles/chrony/templates/client-ubuntu.conf.j2 | 52 -------------- roles/chrony/templates/client.conf.j2 | 32 +++++++++ roles/chrony/templates/server-centos.conf.j2 | 51 ------------- roles/chrony/templates/server-ubuntu.conf.j2 | 55 -------------- roles/chrony/templates/server.conf.j2 | 39 ++++++++++ roles/clean/tasks/clean_chrony.yml | 17 +++-- roles/kube-master/tasks/main.yml | 1 - 13 files changed, 138 insertions(+), 388 deletions(-) delete mode 100644 roles/chrony/tasks/offline.yml create mode 100644 roles/chrony/templates/chronyd.service.j2 delete mode 100644 roles/chrony/templates/client-centos.conf.j2 delete mode 100644 roles/chrony/templates/client-ubuntu.conf.j2 create mode 100644 roles/chrony/templates/client.conf.j2 delete mode 100644 roles/chrony/templates/server-centos.conf.j2 delete mode 100644 roles/chrony/templates/server-ubuntu.conf.j2 create mode 100644 roles/chrony/templates/server.conf.j2 diff --git a/docs/guide/chrony.md b/docs/guide/chrony.md index a9fd14a..77d5d35 100644 --- a/docs/guide/chrony.md +++ b/docs/guide/chrony.md @@ -8,9 +8,9 @@ 项目中选定一个节点(`groups.chrony[0]`)作为集群内部其他节点的时间同步源,而这个节点本身从公网源同步;当然如果整个集群都无法访问公网,那么请手动校准这个节点的时间后,仍旧可以作为内部集群的时间源服务器。 -- 配置 chrony server,详见roles/chrony/templates/server-*.conf.j2 +- 配置 chrony server,详见roles/chrony/templates/server.conf.j2 -- 配置 chrony client,详见roles/chrony/templates/client-*.conf.j2 +- 配置 chrony client,详见roles/chrony/templates/client.conf.j2 ## `kubeasz` 集成安装 @@ -18,68 +18,10 @@ - [可选] 修改 clusters/${cluster_name}/config.yml 中的相关配置 -执行命令安装 `ezctl setup ${cluster_name} 01` -## 验证配置 +## 验证安装 -- 在 chrony server 检查时间源信息,默认配置为`ntp1.aliyun.com`的地址: - -``` -$ chronyc sources -v -210 Number of sources = 5 - - .-- Source mode '^' = server, '=' = peer, '#' = local clock. - / .- Source state '*' = current synced, '+' = combined , '-' = not combined, -| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. -|| .- xxxx [ yyyy ] +/- zzzz -|| Reachability register (octal) -. | xxxx = adjusted offset, -|| Log2(Polling interval) --. | | yyyy = measured offset, -|| \ | | zzzz = estimated error. -|| | | \ -MS Name/IP address Stratum Poll Reach LastRx Last sample -=============================================================================== -^* 120.25.115.20 2 9 377 55 +147us[ +250us] +/- 15ms -^- 85.199.214.100 1 10 377 182 -25ms[ -24ms] +/- 128ms -^- makaki.miuku.net 2 10 367 307 +61ms[ +61ms] +/- 127ms -^- static-5-103-139-163.ip.f 1 9 167 572 +532us[ +336us] +/- 117ms -^- 119.28.183.184 2 7 377 33 -130us[ -130us] +/- 47ms -``` - -- 在 chrony server 检查时间源同步状态 - -``` -chronyc sourcestats -v -210 Number of sources = 5 - .- Number of sample points in measurement set. - / .- Number of residual runs with same sign. - | / .- Length of measurement set (time). - | | / .- Est. clock freq error (ppm). - | | | / .- Est. error in freq. - | | | | / .- Est. offset. - | | | | | | On the -. - | | | | | | samples. \ - | | | | | | | -Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev -============================================================================== -120.25.115.20 15 11 44m +0.011 0.909 +4097ns 758us -85.199.214.100 22 13 49m -3.588 5.097 -23ms 5709us -makaki.miuku.net 22 14 46m +2.455 6.225 +64ms 4945us -static-5-103-139-163.ip.f 20 13 42m -2.472 10.168 +3615us 6732us -119.28.183.184 16 9 19m +10.378 25.190 +3469us 6803us -``` - -- 在 chrony client 检查,可以看到时间源只有一个(groups.chrony[0] 节点地址) - -``` -$ chronyc sources -210 Number of sources = 1 -MS Name/IP address Stratum Poll Reach LastRx Last sample -=============================================================================== -^* 192.168.1.1 3 6 377 15 +4085ns[ -25us] +/- 15ms -$ chronyc sourcestats -210 Number of sources = 1 -Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev -============================================================================== -192.168.1.1 5 4 323 -0.252 0.819 -3031ns 15us -``` +- 检查chronyd服务状态 `systemctl status chronyd` +- 检查chronyd时间同步日志 `/var/log/chrony` ## 验证时间同步状态完成 diff --git a/ezdown b/ezdown index 16b23ef..36f6c42 100755 --- a/ezdown +++ b/ezdown @@ -16,7 +16,7 @@ set -o errexit DOCKER_VER=20.10.5 KUBEASZ_VER=3.0.1 K8S_BIN_VER=v1.20.5 -EXT_BIN_VER=0.9.0 +EXT_BIN_VER=0.9.2 SYS_PKG_VER=0.3.3 HARBOR_VER=v2.1.3 REGISTRY_MIRROR=CN diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml index 10c616b..a5a0961 100644 --- a/roles/chrony/tasks/main.yml +++ b/roles/chrony/tasks/main.yml @@ -1,9 +1,9 @@ -- name: apt更新缓存刷新 - apt: update_cache=yes cache_valid_time=72000 - ignore_errors: true - when: - - 'ansible_distribution in ["Ubuntu","Debian"]' - - 'INSTALL_SOURCE != "offline"' +- name: prepare some dirs + file: name={{ item }} state=directory + with_items: + - "/etc/chrony" + - "/var/lib/chrony" + - "/var/log/chrony" - name: apt 卸载 ntp shell: 'apt remove -y ntp' @@ -17,46 +17,33 @@ warn: false ignore_errors: true -- name: 安装 chrony - package: name=chrony state=present - when: 'INSTALL_SOURCE != "offline"' +- name: 下载二进制文件chronyd + copy: src={{ base_dir }}/bin/chronyd dest=/usr/sbin/chronyd mode=0755 -# 离线安装 chrony -- import_tasks: offline.yml - when: 'INSTALL_SOURCE == "offline"' +- name: 创建chronyd的systemd unit文件 + template: src=chronyd.service.j2 dest=/etc/systemd/system/chronyd.service -- block: - - name: 配置 chrony server - template: src=server-centos.conf.j2 dest=/etc/chrony.conf - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - - - name: 配置 chrony server - template: src=server-ubuntu.conf.j2 dest=/etc/chrony/chrony.conf - when: 'ansible_distribution in ["Ubuntu","Debian"]' - - - name: 启动 chrony server - service: name=chronyd state=restarted enabled=yes - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - - - name: 启动 chrony server - service: name=chrony state=restarted enabled=yes - when: 'ansible_distribution in ["Ubuntu","Debian"]' +- name: 配置 chrony server + template: src=server.conf.j2 dest=/etc/chrony/chrony.conf when: 'inventory_hostname == groups.chrony[0]' -- block: - - name: 配置 chrony client - template: src=client-centos.conf.j2 dest=/etc/chrony.conf - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - - - name: 配置 chrony client - template: src=client-ubuntu.conf.j2 dest=/etc/chrony/chrony.conf - when: 'ansible_distribution in ["Ubuntu","Debian"]' - - - name: 启动 chrony client - service: name=chronyd state=restarted enabled=yes - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - - - name: 启动 chrony client - service: name=chrony state=restarted enabled=yes - when: 'ansible_distribution in ["Ubuntu","Debian"]' +- name: 配置 chrony client + template: src=client.conf.j2 dest=/etc/chrony/chrony.conf when: 'inventory_hostname != groups.chrony[0]' + +- name: 开机启用chronyd服务 + shell: systemctl enable chronyd + ignore_errors: true + +- name: 开启chronyd服务 + shell: systemctl daemon-reload && systemctl restart chronyd + ignore_errors: true + tags: restart_chronyd + +- name: 以轮询的方式等待chronyd服务启动 + shell: "systemctl status chronyd.service|grep Active" + register: svc_status + until: '"running" in svc_status.stdout' + retries: 3 + delay: 3 + tags: restart_chronyd diff --git a/roles/chrony/tasks/offline.yml b/roles/chrony/tasks/offline.yml deleted file mode 100644 index 213854d..0000000 --- a/roles/chrony/tasks/offline.yml +++ /dev/null @@ -1,70 +0,0 @@ -# 离线安装 chrony -- name: 准备离线安装包目录 - file: name=/opt/kube/packages/chrony state=directory - -# ubuntu 1604 -- block: - - name: 分发 chrony_xenial 离线包 - copy: - src: "{{ base_dir }}/down/packages/chrony_xenial.tar.gz" - dest: "/opt/kube/packages/chrony/chrony_xenial.tar.gz" - - - name: 安装 chrony_xenial 离线包 - shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_xenial.tar.gz && \ - dpkg -i *.deb > /tmp/install_chrony.log 2>&1' - when: ansible_distribution_release == "xenial" - ignore_errors: true - -# ubuntu 1804 -- block: - - name: 分发 chrony_bionic 离线包 - copy: - src: "{{ base_dir }}/down/packages/chrony_bionic.tar.gz" - dest: "/opt/kube/packages/chrony/chrony_bionic.tar.gz" - - - name: 安装 chrony_bionic 离线包 - shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_bionic.tar.gz && \ - dpkg -i *.deb > /tmp/install_chrony.log 2>&1' - when: ansible_distribution_release == "bionic" - ignore_errors: true - -# centos7 -- block: - - name: 分发 chrony_centos7 离线包 - copy: - src: "{{ base_dir }}/down/packages/chrony_centos7.tar.gz" - dest: "/opt/kube/packages/chrony/chrony_centos7.tar.gz" - - - name: 安装 chrony_centos7 离线包 - shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_centos7.tar.gz && \ - rpm -Uvh --force --nodeps *.rpm > /tmp/install_chrony.log 2>&1' - when: - - 'ansible_distribution_major_version == "7"' - - 'ansible_distribution == "CentOS"' - ignore_errors: true - -# debian9 -- block: - - name: 分发 chrony_stretch 离线包 - copy: - src: "{{ base_dir }}/down/packages/chrony_stretch.tar.gz" - dest: "/opt/kube/packages/chrony/chrony_stretch.tar.gz" - - - name: 安装 chrony_stretch 离线包 - shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_stretch.tar.gz && \ - dpkg -i *.deb > /tmp/install_chrony.log 2>&1' - when: ansible_distribution_release == "stretch" - ignore_errors: true - -# debian10 -- block: - - name: 分发 chrony_buster 离线包 - copy: - src: "{{ base_dir }}/down/packages/chrony_buster.tar.gz" - dest: "/opt/kube/packages/chrony/chrony_buster.tar.gz" - - - name: 安装 chrony_buster 离线包 - shell: 'cd /opt/kube/packages/chrony && tar zxf chrony_buster.tar.gz && \ - dpkg -i *.deb > /tmp/install_chrony.log 2>&1' - when: ansible_distribution_release == "buster" - ignore_errors: true diff --git a/roles/chrony/templates/chronyd.service.j2 b/roles/chrony/templates/chronyd.service.j2 new file mode 100644 index 0000000..ea8b34f --- /dev/null +++ b/roles/chrony/templates/chronyd.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description=chrony, an NTP client/server +Documentation=https://chrony.tuxfamily.org/documentation.html +Conflicts=systemd-timesyncd.service openntpd.service ntpd.service ntp.service ntpsec.service +After=network.target +ConditionCapability=CAP_SYS_TIME + +[Service] +# sysctl net.netfilter.nf_conntrack_count +Type=forking +PIDFile=/var/run/chrony/chronyd.pid +ExecStart=/usr/sbin/chronyd -f /etc/chrony/chrony.conf +ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK +ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full + +[Install] +WantedBy=multi-user.target diff --git a/roles/chrony/templates/client-centos.conf.j2 b/roles/chrony/templates/client-centos.conf.j2 deleted file mode 100644 index e545dc3..0000000 --- a/roles/chrony/templates/client-centos.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ -# Use public servers from the pool.ntp.org project. -server {{ groups['chrony'][0] }} iburst - -# Ignor source level -stratumweight 0 - -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Allow the system clock to be stepped in the first three updates -# if its offset is larger than 1 second. -makestep 1.0 3 - -# Enable kernel synchronization of the real-time clock (RTC). -rtcsync - -# Enable hardware timestamping on all interfaces that support it. -#hwtimestamp * - -# Increase the minimum number of selectable sources required to adjust -# the system clock. -#minsources 2 - -# Allow NTP client access from local network. -allow {{ local_network }} - -# -bindcmdaddress 127.0.0.1 -bindcmdaddress ::1 - -# Serve time even if not synchronized to a time source. -#local stratum 10 - -# Specify file containing keys for NTP authentication. -keyfile /etc/chrony.keys - -# Specify directory for log files. -logdir /var/log/chrony - -# Select which information is logged. -#log measurements statistics tracking - -# -logchange 1 diff --git a/roles/chrony/templates/client-ubuntu.conf.j2 b/roles/chrony/templates/client-ubuntu.conf.j2 deleted file mode 100644 index 730586c..0000000 --- a/roles/chrony/templates/client-ubuntu.conf.j2 +++ /dev/null @@ -1,52 +0,0 @@ -# Use public servers from the pool.ntp.org project. -pool {{ groups['chrony'][0] }} iburst - -# Look here for the admin password needed for chronyc. The initial -# password is generated by a random process at install time. You may -# change it if you wish. -keyfile /etc/chrony/chrony.keys - -# I moved the driftfile to /var/lib/chrony to comply with the Debian -# filesystem standard. -driftfile /var/lib/chrony/chrony.drift - -# Comment this line out to turn off logging. -#log tracking measurements statistics -logdir /var/log/chrony - -# Stop bad estimates upsetting machine clock. -maxupdateskew 100.0 - -# Dump measurements when daemon exits. -#dumponexit - -# Specify directory for dumping measurements. -dumpdir /var/lib/chrony - -# This directive lets 'chronyd' to serve time even if unsynchronised to any -# NTP server. -#local stratum 10 - -# This directive designates subnets (or nodes) from which NTP clients are allowed -# to access to 'chronyd'. -allow {{ local_network }} - -# This directive forces `chronyd' to send a message to syslog if it -# makes a system clock adjustment larger than a threshold value in seconds. -logchange 1 - -# This directive defines an email address to which mail should be sent -# if chronyd applies a correction exceeding a particular threshold to the -# system clock. - -# mailonchange root@localhost 0.5 - -# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the -# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. - -hwclockfile /etc/adjtime - -# This directive enables kernel synchronisation (every 11 minutes) of the -# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. - -rtcsync diff --git a/roles/chrony/templates/client.conf.j2 b/roles/chrony/templates/client.conf.j2 new file mode 100644 index 0000000..57d4b51 --- /dev/null +++ b/roles/chrony/templates/client.conf.j2 @@ -0,0 +1,32 @@ +# Use local server +server {{ groups['chrony'][0] }} iburst + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Specify directory for dumping measurements. +dumpdir /var/lib/chrony + +# This directive designates subnets (or nodes) from which NTP clients are allowed +# to access to 'chronyd'. +allow {{ local_network }} + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# Ignor source level +stratumweight 0 + +# Comment this line out to turn off logging. +#log tracking measurements statistics +logdir /var/log/chrony +log statistics measurements tracking +noclientlog diff --git a/roles/chrony/templates/server-centos.conf.j2 b/roles/chrony/templates/server-centos.conf.j2 deleted file mode 100644 index 43ade4f..0000000 --- a/roles/chrony/templates/server-centos.conf.j2 +++ /dev/null @@ -1,51 +0,0 @@ -# Use public servers from the pool.ntp.org project. -{% for HOST in ntp_servers %} -server {{ HOST }} iburst -{% endfor %} -server 0.centos.pool.ntp.org iburst -server 1.centos.pool.ntp.org iburst -server 2.centos.pool.ntp.org iburst -server 3.centos.pool.ntp.org iburst - -# Ignor source level -stratumweight 0 - -# Record the rate at which the system clock gains/losses time. -driftfile /var/lib/chrony/drift - -# Allow the system clock to be stepped in the first three updates -# if its offset is larger than 1 second. -makestep 1.0 3 - -# Enable kernel synchronization of the real-time clock (RTC). -rtcsync - -# Enable hardware timestamping on all interfaces that support it. -#hwtimestamp * - -# Increase the minimum number of selectable sources required to adjust -# the system clock. -#minsources 2 - -# Allow NTP client access from local network. -allow {{ local_network }} - -# -bindcmdaddress 127.0.0.1 -bindcmdaddress ::1 - -# Serve time even if not synchronized to a time source. -local stratum 10 - -# Specify file containing keys for NTP authentication. -keyfile /etc/chrony.keys - -# Specify directory for log files. -logdir /var/log/chrony - -# Select which information is logged. -#log measurements statistics tracking - -# -noclientlog -logchange 1 diff --git a/roles/chrony/templates/server-ubuntu.conf.j2 b/roles/chrony/templates/server-ubuntu.conf.j2 deleted file mode 100644 index d075fc3..0000000 --- a/roles/chrony/templates/server-ubuntu.conf.j2 +++ /dev/null @@ -1,55 +0,0 @@ -# Use public servers from the pool.ntp.org project. -{% for HOST in ntp_servers %} -server {{ HOST }} iburst -{% endfor %} -pool 2.debian.pool.ntp.org iburst - -# Look here for the admin password needed for chronyc. The initial -# password is generated by a random process at install time. You may -# change it if you wish. -keyfile /etc/chrony/chrony.keys - -# I moved the driftfile to /var/lib/chrony to comply with the Debian -# filesystem standard. -driftfile /var/lib/chrony/chrony.drift - -# Comment this line out to turn off logging. -#log tracking measurements statistics -logdir /var/log/chrony - -# Stop bad estimates upsetting machine clock. -maxupdateskew 100.0 - -# Dump measurements when daemon exits. -#dumponexit - -# Specify directory for dumping measurements. -dumpdir /var/lib/chrony - -# This directive lets 'chronyd' to serve time even if unsynchronised to any -# NTP server. -local stratum 10 - -# This directive designates subnets (or nodes) from which NTP clients are allowed -# to access to 'chronyd'. -allow {{ local_network }} - -# This directive forces `chronyd' to send a message to syslog if it -# makes a system clock adjustment larger than a threshold value in seconds. -logchange 1 - -# This directive defines an email address to which mail should be sent -# if chronyd applies a correction exceeding a particular threshold to the -# system clock. - -# mailonchange root@localhost 0.5 - -# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the -# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive. - -hwclockfile /etc/adjtime - -# This directive enables kernel synchronisation (every 11 minutes) of the -# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. - -rtcsync diff --git a/roles/chrony/templates/server.conf.j2 b/roles/chrony/templates/server.conf.j2 new file mode 100644 index 0000000..50e3869 --- /dev/null +++ b/roles/chrony/templates/server.conf.j2 @@ -0,0 +1,39 @@ +# Use public servers from the pool.ntp.org project. +{% for HOST in ntp_servers %} +server {{ HOST }} iburst +{% endfor %} +pool pool.ntp.org iburst +pool 2.debian.pool.ntp.org iburst + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Allow the system clock to be stepped in the first three updates +# if its offset is larger than 1 second. +makestep 1.0 3 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Specify directory for dumping measurements. +dumpdir /var/lib/chrony + +# This directive lets 'chronyd' to serve time even if unsynchronised to any NTP server. +local stratum 10 + +# This directive designates subnets (or nodes) from which NTP clients are allowed +# to access to 'chronyd'. +allow {{ local_network }} + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# Ignor source level +stratumweight 0 + +# Comment this line out to turn off logging. +#log tracking measurements statistics +logdir /var/log/chrony +log statistics measurements tracking +noclientlog diff --git a/roles/clean/tasks/clean_chrony.yml b/roles/clean/tasks/clean_chrony.yml index bf9d662..1561dec 100644 --- a/roles/clean/tasks/clean_chrony.yml +++ b/roles/clean/tasks/clean_chrony.yml @@ -1,11 +1,14 @@ - block: - - name: stop and disable chrony in Ubuntu - service: name=chrony state=stopped enabled=no - ignore_errors: true - when: 'ansible_distribution in ["Ubuntu","Debian"]' - - - name: stop and disable chronyd in CentOS/RedHat + - name: stop and disable chronyd service: name=chronyd state=stopped enabled=no ignore_errors: true - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' + + - name: remove files and dirs + file: name={{ item }} state=absent + with_items: + - "/etc/chrony" + - "/var/lib/chrony" + - "/var/log/chrony" + - "/var/run/chrony" + - "/etc/systemd/system/chronyd.service" when: "groups['chrony']|length > 0" diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml index 6522cbf..f7e1e0f 100644 --- a/roles/kube-master/tasks/main.yml +++ b/roles/kube-master/tasks/main.yml @@ -62,7 +62,6 @@ - "/root/.kube/config" - "/etc/kubernetes/kube-controller-manager.kubeconfig" - "/etc/kubernetes/kube-scheduler.kubeconfig" - tags: upgrade_k8s, restart_master - name: 创建 kube-scheduler 配置文件 template: src=kube-scheduler-config.yaml.j2 dest=/etc/kubernetes/kube-scheduler-config.yaml