Ansible Galera (OpenStack ready)

This module provides a support for Galera cluster setup.

Two repositories will be added to the packaging system:

MariaDB (MariaDB, Galera)
Percona (xtrabackup)

Supported distributions:

CentOS 7.x
RedHat EL 7.x
Debian 8.x

Supported functionalities:

Firewalld (iptables and firewalld packages are needed on the server)
SELinux
Pacemaker

Pacemaker support provides clustercheck tool and the needed configuration for xinetd.

When Pacemaker support is define, Galera cluster will be stopped and the wsrep_cluster_address option from the MariaDB configuration will be removed to let Pacemaker decides.

Requirements

This module needs at least 3 nodes and Ansible 2.0.

Role Variables

If galera_reset_cluster is set to true, all databases will be erased, be very careful !

CONFIG

### MARIADB
master: ctrl01
mariadb_bind_address: 0.0.0.0
mariadb_port: 3306
mariadb_max_connections: 4096
mariadb_query_cache_size: 0
mariadb_default_storage_engine: InnoDB
mariadb_maintenance_password: I3uL6AqJLHInv85x
mariadb_root_password: 3248ew7dsYUG762
mariadb_hosts_allow: 192.168.%
mariadb_datadir: /var/lib/mysql

### GALERA
galera_node_address: "{{ ansible_eth0.ipv4.address }}"
galera_pacemaker_support: false
galera_clustercheck_user: clustercheck
galera_clustercheck_password: Y3aH1l0ved2CH3CK
galera_reset_cluster: false
galera_selinux: true
galera_firewalld: true
galera_cluster_name: uoi-sql-cluster
galera_sst_method: xtrabackup-v2
galera_sst_user: sst-replication
galera_sst_password: gr34tp4ss0rd
galera_cluster_nodes:
  - ctrl01
  - ctrl02
  - ctrl03
galera_provider_options: 'pc.ignore_quorum=true; gcache.size=1G'
galera_retry_autocommit: 10
galera_slave_threads: 8

VARIABLES

Because the module support RedHat and Debian distributions like, we have to define some values depending of the OS family.

### REDHAT
# file: roles/galera/vars/RedHat.yml
galera_packages:
  - MariaDB-server
  - percona-xtrabackup
  - socat
  - MySQL-python
  - percona-toolkit
  - galera
  - policycoreutils-python
  - checkpolicy
  - xinetd
mariadb_svc_name: mariadb
mariadb_config: my.cnf.d/server.cnf
galera_provider: /usr/lib64/galera/libgalera_smm.so
percona_package: https://www.percona.com/redir/downloads/percona-release/redhat/latest/percona-release-0.1-3.noarch.rpm

### DEBIAN
# file: roles/galera/vars/Debian.yml
galera_packages:
  - mariadb-server
  - xtrabackup
  - socat
  - python-mysqldb
  - percona-toolkit
  - xinetd
mariadb_svc_name: mysql
mariadb_config: mysql/conf.d/galera.cnf
galera_provider: /usr/lib/galera/libgalera_smm.so

## MAIN
# file: roles/galera/vars/main.yml
galera_xinet_port: 9200

# FIREWALL PORTS
fw_mysql: "{{ mariadb_port }}"
fw_mysql_ist: 4568
fw_mysql_sst: 4444
fw_galera: 4567
fw_xinetd: "{{ galera_xinet_port }}"

Dependencies

None.

Example Playbook

master: node1
mariadb_bind_address: 0.0.0.0
mariadb_max_connections: 4096
mariadb_maintenance_password: I3uL6AqJLHInv85x
mariadb_root_password: 3248ew7dsYUG762
mariadb_hosts_allow: 10.0.%

galera_node_address: "{{ ansible_eth0.ipv4.address }}"
galera_pacemaker_support: false
galera_clustercheck_user: clustercheck
galera_clustercheck_password: Y3aH1l0ved2CH3CK
galera_cluster_name: uoi-sql-cluster
galera_sst_password: gr34tp4ss0rd
galera_cluster_nodes:
  - node-1
  - node-2
  - node-3
  - node-4
  - node-5

galera-status

When the deployment is over, please run galera-status command to get a clear status of Galera cluster.

# galera-status

License

Apache

Author Information

This role was created in 2016 by Gaëtan Trellu (goldyfruit).

"Disabling remote access for root" actually does nothing

This task: https://github.com/uoi-io/ansible-galera/blob/master/tasks/secure.yml#L9 actually does nothing.

It's either wrongly named (it does not actually disable anything) or does not what the author intended to write (remove all records for root except those three?)

FYI: the default mysql.user table on a fresh mariadb-server package installation on Ubuntu (xenial) looks this way:

MariaDB [mysql]> select Host,User,Password from user;
+-------------------+------------------+-------------------------------------------+
| Host              | User             | Password                                  |
+-------------------+------------------+-------------------------------------------+
| localhost         | root             | *D7DBCE5AF4004B1307B9E6D1F2DDBA11783B0D16 |
| mmedvecky-mariadb | root             | *D7DBCE5AF4004B1307B9E6D1F2DDBA11783B0D16 |
| 127.0.0.1         | root             | *D7DBCE5AF4004B1307B9E6D1F2DDBA11783B0D16 |
| ::1               | root             | *D7DBCE5AF4004B1307B9E6D1F2DDBA11783B0D16 |
| localhost         | debian-sys-maint | *F31116F9F769AA4B256569F15C7843E81AF1D5C7 |
+-------------------+------------------+-------------------------------------------+

(mmedvecky-mariadb is the name of my test host)

and playing the task on such host results in

TASK [Disabling remote access for root] ****************************************
ok: [db] => (item=localhost)
ok: [db] => (item=127.0.0.1)
ok: [db] => (item=::1)

I am actually looking for a correct way to add root access permitted from my own admin host.

uoi-io / ansible-galera Goto Github PK

ansible-galera's Introduction

Ansible Galera (OpenStack ready)

Requirements

Role Variables

CONFIG

VARIABLES

Dependencies

Example Playbook

galera-status

License

Author Information

ansible-galera's People

Contributors

Stargazers

Watchers

Forkers

ansible-galera's Issues

Recommend Projects

Recommend Topics

Recommend Org