-
Notifications
You must be signed in to change notification settings - Fork 27
/
galera_server_post_install.yml
210 lines (194 loc) · 6.77 KB
/
galera_server_post_install.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO(noonedeadpunk): Remove task and called handler after X release
- name: Remove old systemd overrides
file:
path: "/etc/systemd/system/{{ galera_mariadb_service_name }}.service.d/{{ item }}"
state: absent
with_items:
- environment.conf
- limits.conf
- restart.conf
- slice.conf
- timeout.conf
- without-privatedevices.conf
when: galera_upgrade | bool
notify: Reload the systemd daemon
# TODO (jrosser) Remove all of these xinetd cleanup tasks in the Z release
- name: Clean up legacy xinetd config
file:
path: "/etc/xinetd.d/mysqlchk"
state: absent
register: legacy_xinetd
- name: Remove legacy galera service check from /etc/services
lineinfile:
dest: /etc/services
state: absent
regexp: '^mysqlchk'
line: 'mysqlchk 9200/tcp # MySQL check'
backup: yes
register: legacy_services
- name: Restart xinetd service
service:
name: xinetd
state: restarted
when: (legacy_xinetd is changed or legacy_services is changed)
- name: Run the systemd service role
import_role:
name: systemd_service
vars:
systemd_tempd_prefix: openstack
systemd_services:
- service_name: "{{ galera_mariadb_service_name }}"
systemd_overrides_only: True
systemd_overrides: "{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}"
- service_name: "mariadbcheck@"
service_type: "oneshot"
execstarts: "-/usr/local/bin/clustercheck"
enabled: False
load: False
standard_output: "socket"
sockets:
- socket_name: "mariadbcheck"
enabled: "{{ galera_monitoring_check_enabled }}"
state: "restarted"
options:
ListenStream: "{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}"
IPAddressDeny: any
IPAddressAllow: "{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}"
Accept: "yes"
tags:
- galera-service
# NOTE(cloudnull): The secure task is not needed on Debian based systems
# as all of these tasks will be run on Package install
# and running them again will cause a conflict within
# debian based deployments.
- name: Create galera initial secure tool
template:
src: "galera_secure_node.j2"
dest: "/usr/local/bin/galera_secure_node"
mode: "0750"
when:
- ansible_facts['pkg_mgr'] != "apt"
- not galera_upgrade
- name: Run galera secure
command: "/usr/local/bin/galera_secure_node"
args:
creates: "/var/lib/mysql/osa_default_secured"
warn: no
when:
- ansible_facts['pkg_mgr'] != "apt"
- not galera_upgrade
tags:
- skip_ansible_lint
- name: Create the local directories
file:
path: "{{ item.path }}"
state: "directory"
owner: "{{ item.owner|default('root') }}"
group: "{{ item.group|default('root') }}"
mode: "{{ item.mode|default('0755') }}"
recurse: "{{ item.recurse|default('false') }}"
with_items:
- { path: "/var/lib/mysql", owner: "mysql", mode: "02755" }
- { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" }
- { path: "/etc/mysql/conf.d" }
- name: Create and install SSL certificates
include_role:
name: pki
tasks_from: "{{ galera_pki_create_ca | ternary('main.yml', 'main_certs.yml') }}"
vars:
pki_setup_host: "{{ galera_ssl_server }}"
pki_dir: "{{ galera_pki_dir }}"
pki_create_ca: "{{ galera_pki_create_ca }}"
pki_regen_ca: "{{ galera_pki_regen_ca }}"
pki_authorities: "{{ galera_pki_authorities }}"
pki_install_ca: "{{ galera_pki_install_ca }}"
pki_create_certificates: "{{ galera_user_ssl_cert is not defined and galera_user_ssl_key is not defined }}"
pki_regen_cert: "{{ galera_pki_regen_cert }}"
pki_certificates: "{{ galera_pki_certificates }}"
pki_install_certificates: "{{ galera_pki_install_certificates }}"
when:
- galera_use_ssl | bool
# NOTE: (hwoarang) mariadb packages may drop some default configuration files
# in {{ galera_etc_include_dir }} so make sure they are gone if necessary in
# case they cause some conflicts with the ones we provide.
- name: Remove existing mariadb configuration files
file:
state: absent
path: "{{ galera_etc_include_dir }}/{{ item }}"
with_items: "{{ mariadb_delete_etc_conf_files | default([]) }}"
- name: Drop mariadb config(s)
openstack.config_template.config_template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "{{ item.mode | default('0644') }}"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
ignore_none_type: False
when: item.condition | default(True)
with_items:
- src: my.cnf.j2
dest: "{{ galera_etc_conf_file }}"
config_overrides: "{{ galera_my_cnf_overrides }}"
config_type: "ini"
- src: cluster.cnf.j2
dest: "{{ galera_etc_include_dir }}/cluster.cnf"
config_overrides: "{{ galera_cluster_cnf_overrides }}"
config_type: "ini"
- src: debian.cnf.j2
dest: /etc/mysql/debian.cnf
config_overrides: "{{ galera_debian_cnf_overrides }}"
config_type: "ini"
condition: "{{ (ansible_facts['os_family'] | lower == 'debian') }}"
- src: "client.my.cnf.j2"
dest: "/root/.my.cnf"
config_overrides: "{{ galera_client_my_cnf_overrides }}"
config_type: "ini"
mode: "0600"
condition: "{{ (galera_root_user == 'root') }}"
notify:
- Manage LB
- Restart all mysql
- name: Apply service defaults
template:
src: "mysql_defaults.j2"
dest: "/etc/default/mariadb"
mode: "0644"
notify:
- Manage LB
- Restart all mysql
- name: Link mysql and mariadb config files
file:
src: "/etc/default/mariadb"
dest: "/etc/default/mysql"
state: "link"
force: "yes"
- name: remove default mysql_safe_syslog
file:
path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf"
state: absent
- name: Create new cluster tool
template:
src: "galera_new_cluster.j2"
dest: "/usr/local/bin/galera_new_cluster"
mode: "0750"
- name: Create clustercheck script
template:
src: "clustercheck.j2"
dest: "/usr/local/bin/clustercheck"
mode: "0755"