diff --git a/handlers/main.yml b/handlers/main.yml index 8e4b63c2..8562e4b4 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Check node status - command: > + ansible.builtin.command: > {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' failed_when: false changed_when: false @@ -24,7 +24,7 @@ - cert installed - name: Check if node is in the cluster - command: > + ansible.builtin.command: > {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_incoming_addresses";' failed_when: false changed_when: false @@ -34,21 +34,21 @@ - cert installed - name: Set incoming addresses fact (primary) - set_fact: + ansible.builtin.set_fact: galera_incoming_addresses: "{{ (incoming_addresses.stdout.split()[-1] | default('')).split(',') }}" listen: - Restart all mysql - cert installed - name: Set node status fact - set_fact: + ansible.builtin.set_fact: galera_cluster_ready: "{{ (galera_wsrep_address_port in galera_incoming_addresses) or ((node_status.stdout.split()[-1] | default(false)) in ['2', '4']) }}" listen: - Restart all mysql - cert installed - name: Stop mysql - service: + ansible.builtin.service: name: "{{ galera_mariadb_service_name }}" state: stopped enabled: true @@ -61,7 +61,7 @@ - not galera_cluster_ready | bool or galera_force_bootstrap | bool - name: Start new cluster - command: /usr/local/bin/galera_new_cluster + ansible.builtin.command: /usr/local/bin/galera_new_cluster failed_when: not start_new_cluster.rc in [0, 3] changed_when: start_new_cluster.rc == 3 register: start_new_cluster @@ -75,7 +75,7 @@ - cert installed - name: Restart mysql (All) - service: + ansible.builtin.service: name: "{{ galera_mariadb_service_name }}" state: "{{ (not hostvars[item]['galera_cluster_ready'] | bool or galera_force_bootstrap | bool) | ternary('started', 'restarted') }}" enabled: true @@ -98,7 +98,7 @@ - cert installed - name: Delete encryption keyfile after starting Galera - file: + ansible.builtin.file: path: "/tmp/.keyfile.key" state: absent when: galera_restart is changed diff --git a/tasks/galera_client_main.yml b/tasks/galera_client_main.yml index 77e612fe..835280cf 100644 --- a/tasks/galera_client_main.yml +++ b/tasks/galera_client_main.yml @@ -14,19 +14,18 @@ # limitations under the License. - name: Prepare the package list - set_fact: + ansible.builtin.set_fact: galera_packages_list: "{{ galera_client_distro_packages }}" - name: Including distro-specific installation tasks - include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" + ansible.builtin.include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" when: - galera_client_package_install | bool - name: Including galera_client_post_install - include_tasks: galera_client_post_install.yml - + ansible.builtin.include_tasks: galera_client_post_install.yml - name: Create and install SSL certificates - include_role: + ansible.builtin.include_role: name: pki tasks_from: "main_certs.yml" vars: diff --git a/tasks/galera_devel_main.yml b/tasks/galera_devel_main.yml index ffdca204..fe66092b 100644 --- a/tasks/galera_devel_main.yml +++ b/tasks/galera_devel_main.yml @@ -14,8 +14,8 @@ # limitations under the License. - name: Prepare the package list - set_fact: + ansible.builtin.set_fact: galera_packages_list: "{{ galera_devel_distro_packages }}" - name: Including distro-specific installation tasks - include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" + ansible.builtin.include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" diff --git a/tasks/galera_install_apt.yml b/tasks/galera_install_apt.yml index 735844d4..1f1f7feb 100644 --- a/tasks/galera_install_apt.yml +++ b/tasks/galera_install_apt.yml @@ -21,7 +21,7 @@ fail_msg: "The following repository definitions must be updated to deb822 format {{ _repo_check }}" - name: Remove conflicting distro packages - package: + ansible.builtin.package: name: "{{ galera_mariadb_distro_packages_remove | default([]) }}" state: absent when: galera_install_method == 'external_repo' @@ -31,14 +31,14 @@ vars: galera_apt_repo_cleanup: - MariaDB.list - file: + ansible.builtin.file: path: "/etc/apt/sources.list.d/{{ item }}" state: absent with_items: "{{ galera_apt_repo_cleanup }}" register: apt_repo_removed - name: Ensure python3-debian package is available - apt: + ansible.builtin.apt: name: python3-debian - name: Manage apt repositories @@ -69,12 +69,12 @@ register: deb822_repos - name: Update apt repositories when config is changed - apt: + ansible.builtin.apt: update_cache: true when: (apt_repo_removed is changed) or (deb822_repos is changed) - name: Preseed galera password(s) - debconf: + ansible.builtin.debconf: name: "{{ item.name }}" question: "{{ item.question }}" value: "{{ item.value }}" @@ -83,7 +83,7 @@ no_log: true - name: Install galera role remote packages (apt) - apt: + ansible.builtin.apt: name: "{{ galera_packages_list }}" state: "{{ galera_package_state }}" policy_rc_d: 101 diff --git a/tasks/galera_install_dnf.yml b/tasks/galera_install_dnf.yml index 7d7ecbe9..807ac482 100644 --- a/tasks/galera_install_dnf.yml +++ b/tasks/galera_install_dnf.yml @@ -20,7 +20,7 @@ # dependencies, otherwise for distro package installation types on shared # hosts it removes far too many packages. - name: Remove conflicting packages - shell: | + ansible.builtin.shell: | exit_code=0 for pkg in {{ galera_mariadb_distro_packages_remove | join(' ') }}; do if rpm --query --quiet ${pkg}; then @@ -41,7 +41,7 @@ # that we can replace it with symlinks to the directories expected # to be used by the MariaDB packages instead. - name: Stat /etc/my.cnf.d - stat: + ansible.builtin.stat: path: /etc/my.cnf.d get_attributes: false get_checksum: false @@ -49,7 +49,7 @@ register: mycnfd_stat - name: Destroy my.cnf.d dir if is dir - file: + ansible.builtin.file: path: /etc/my.cnf.d state: absent force: true @@ -61,7 +61,7 @@ # the paths used by the MariaDB packages so ensure that any other # system expectations are still met. - name: Update the local file system CRUD - file: + ansible.builtin.file: src: "{{ item.src | default(omit) }}" path: "{{ item.path }}" state: "{{ item.state }}" @@ -87,7 +87,7 @@ force: true - name: If a keyfile is provided, copy the gpg keyfile to the key location - copy: + ansible.builtin.copy: src: "gpg/{{ item.key | basename }}" dest: "{{ item.key }}" mode: "0644" @@ -96,7 +96,7 @@ - galera_install_method == 'external_repo' - name: Add galera repo - yum_repository: + ansible.builtin.yum_repository: name: "{{ galera_repo.name }}" description: "{{ galera_repo.description }}" baseurl: "{{ galera_repo.baseurl }}" @@ -112,7 +112,7 @@ delay: 2 - name: Install galera role remote packages - package: + ansible.builtin.package: name: "{{ galera_packages_list }}" state: "{{ galera_package_state }}" register: install_remote_packages diff --git a/tasks/galera_server_backups.yml b/tasks/galera_server_backups.yml index 0b26387e..2614ff50 100644 --- a/tasks/galera_server_backups.yml +++ b/tasks/galera_server_backups.yml @@ -1,12 +1,12 @@ --- - name: Ensure group backups exists - group: + ansible.builtin.group: name: "{{ galera_mariadb_backups_group_name }}" state: present gid: "{{ galera_mariadb_backups_group_gid | default(omit) }}" - name: Create mariadb back up directory - file: + ansible.builtin.file: path: "{{ galera_mariadb_backups_path }}" state: "directory" owner: "mysql" @@ -14,19 +14,19 @@ mode: "0750" - name: Template out mariadb backup script - template: + ansible.builtin.template: src: "mariabackup_script.py.j2" dest: "{{ galera_mariadb_backups_path }}/mariabackup_script.py" mode: "0755" - name: Template out mariabackup cnf file - template: + ansible.builtin.template: src: "mariabackup.cnf.j2" dest: "{{ galera_mariadb_backups_cnf_file }}" mode: "0644" - name: Create service and timer for full backups - import_role: + ansible.builtin.import_role: name: systemd_service vars: systemd_service_enabled: true @@ -55,7 +55,7 @@ Unit: "mariabackup-full.service" - name: Create service and timer for incremental backups - import_role: + ansible.builtin.import_role: name: systemd_service vars: systemd_service_enabled: true diff --git a/tasks/galera_server_cluster_state.yml b/tasks/galera_server_cluster_state.yml index e6f41c13..cc6dc4aa 100644 --- a/tasks/galera_server_cluster_state.yml +++ b/tasks/galera_server_cluster_state.yml @@ -14,14 +14,14 @@ # limitations under the License. - name: Check node status - command: > + ansible.builtin.command: > {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' failed_when: false changed_when: false register: _node_status - name: Fail if cluster is out of sync - fail: + ansible.builtin.fail: msg: > The cluster may be broken, the cluster state is not known to be good. Fix the cluster state before re-running the playbooks. To ignore the @@ -32,14 +32,14 @@ or (_node_status.stdout.split()[-1] | default(false)) not in ["2", "4"] - name: Check cluster name - command: > + ansible.builtin.command: > {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW VARIABLES LIKE "wsrep_cluster_name";' failed_when: false changed_when: false register: _cluster_name - name: Fail if galera_cluster_name doesnt match provided value - fail: + ansible.builtin.fail: msg: > The galera_cluster_name variable does not match what is set in mysql. Check your galera_cluster_name setting in your user_*.yml files in diff --git a/tasks/galera_server_encryption.yml b/tasks/galera_server_encryption.yml index b1954a27..b7be7ee0 100644 --- a/tasks/galera_server_encryption.yml +++ b/tasks/galera_server_encryption.yml @@ -32,7 +32,7 @@ - name: Use encryption with the file key management plugin block: - name: Create encryption directory - file: + ansible.builtin.file: path: "/etc/mysql/encryption" state: "directory" owner: "mysql" @@ -40,14 +40,14 @@ mode: "0755" - name: Create a fact for the name of the temporary directory - set_fact: + ansible.builtin.set_fact: galera_db_encryption_tmp_dir: "{{ lookup('env', 'OSA_CONFIG_DIR') | default(osa_config_dir, True) }}/mysql" delegate_to: "localhost" run_once: true when: galera_db_encryption_tmp_dir | length == 0 - name: Create a temporary directory to store the keyfile - file: + ansible.builtin.file: path: "{{ galera_db_encryption_tmp_dir }}" state: directory mode: "0750" @@ -55,21 +55,22 @@ run_once: true - name: Create encryption keys if the user does not specify them and put them on the deploy host # noqa: no-changed-when risky-shell-pipe - shell: "for i in {1..2}; do echo \"$i;$(openssl rand -hex 32)\"; done | tee {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys > /dev/null" + ansible.builtin.shell: >- + for i in {1..2}; do echo \"$i;$(openssl rand -hex 32)\"; done | tee {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys > /dev/null delegate_to: "localhost" run_once: true when: - galera_db_encryption_keys is not defined - name: Create the encryption key file from the user provided galera_db_encryption_keys - shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" # noqa: no-changed-when + ansible.builtin.shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" # noqa: no-changed-when delegate_to: "localhost" run_once: true when: - galera_db_encryption_keys is defined - name: Create an encrypted keyfile using encryption key - command: # noqa: no-changed-when + ansible.builtin.command: # noqa: no-changed-when argv: - openssl - enc @@ -86,7 +87,7 @@ run_once: true - name: Copy encypted keyfile to servers - copy: + ansible.builtin.copy: src: "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc" dest: "/etc/mysql/encryption/keyfile.enc" owner: mysql @@ -96,7 +97,7 @@ notify: Restart all mysql - name: Copy password to file to servers - copy: + ansible.builtin.copy: content: "{{ galera_db_encryption_password }}" dest: "/etc/mysql/encryption/.keyfile.key" owner: mysql diff --git a/tasks/galera_server_install.yml b/tasks/galera_server_install.yml index b9444f5a..a3b7c8bb 100644 --- a/tasks/galera_server_install.yml +++ b/tasks/galera_server_install.yml @@ -14,21 +14,20 @@ # limitations under the License. - name: Prepare the package list - set_fact: + ansible.builtin.set_fact: galera_packages_list: "{{ galera_server_required_distro_packages + galera_server_mariadb_distro_packages }}" - name: Including distro-specific installation tasks - include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" - + ansible.builtin.include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" - name: Including galera_server_encryption - include_tasks: galera_server_encryption.yml + ansible.builtin.include_tasks: galera_server_encryption.yml when: - galera_mariadb_encryption_enabled | bool tags: - galera_server-encryption - name: Record galera has been deployed - ini_file: + community.general.ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: galera option: deployed @@ -36,5 +35,5 @@ mode: "0644" - name: Set the galera existing cluster fact - set_fact: + ansible.builtin.set_fact: galera_deployed: true diff --git a/tasks/galera_server_main.yml b/tasks/galera_server_main.yml index 8f9a70dc..782a06c1 100644 --- a/tasks/galera_server_main.yml +++ b/tasks/galera_server_main.yml @@ -14,14 +14,14 @@ # limitations under the License. - name: Fail when the host is not in galera_cluster_members - fail: + ansible.builtin.fail: msg: "The host {{ inventory_hostname }} must be in galera_cluster_members." when: inventory_hostname not in galera_cluster_members tags: - always - name: Fail if the galera root password is not provided - fail: + ansible.builtin.fail: msg: | Please set the galera_root_password variable prior to applying the galera role. @@ -30,7 +30,7 @@ - always - name: Initialize local facts - ini_file: + community.general.ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: "galera" option: initialized @@ -38,20 +38,20 @@ mode: "0644" - name: Refresh local facts - setup: + ansible.builtin.setup: filter: ansible_local gather_subset: "!all" tags: - always - name: Set the galera existing cluster fact - set_fact: + ansible.builtin.set_fact: galera_deployed: "{{ ansible_local['openstack_ansible']['galera']['deployed'] | default(false) | bool }}" tags: - always - name: Cluster state notice - debug: + ansible.builtin.debug: msg: > The cluster state will be ignored. While the state checks are skipped, the galera restart handlers will be triggered to ensure everything is @@ -65,7 +65,7 @@ - always - name: Including galera_server_cluster_state - include_tasks: galera_server_cluster_state.yml + ansible.builtin.include_tasks: galera_server_cluster_state.yml when: - galera_deployed | bool - not galera_ignore_cluster_state | bool @@ -73,7 +73,7 @@ - always - name: Including galera_server_upgrade - include_tasks: galera_server_upgrade.yml + ansible.builtin.include_tasks: galera_server_upgrade.yml when: galera_deployed | bool args: apply: @@ -83,7 +83,7 @@ - always - name: Including galera_server_install - include_tasks: galera_server_install.yml + ansible.builtin.include_tasks: galera_server_install.yml args: apply: tags: @@ -92,7 +92,7 @@ - always - name: Including galera_server_post_install - include_tasks: galera_server_post_install.yml + ansible.builtin.include_tasks: galera_server_post_install.yml args: apply: tags: @@ -101,10 +101,9 @@ - always - name: Flush handlers - meta: flush_handlers - + ansible.builtin.meta: flush_handlers - name: Including galera_server_setup - include_tasks: galera_server_setup.yml + ansible.builtin.include_tasks: galera_server_setup.yml when: inventory_hostname == galera_server_bootstrap_node args: apply: @@ -114,7 +113,7 @@ - always - name: Including galera_server_backups - include_tasks: galera_server_backups.yml + ansible.builtin.include_tasks: galera_server_backups.yml when: - galera_mariadb_backups_enabled | bool - inventory_hostname in galera_mariadb_backups_nodes diff --git a/tasks/galera_server_post_install.yml b/tasks/galera_server_post_install.yml index ee80cea2..17bd3f41 100644 --- a/tasks/galera_server_post_install.yml +++ b/tasks/galera_server_post_install.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Run the systemd service role - import_role: + ansible.builtin.import_role: name: systemd_service vars: systemd_tempd_prefix: openstack @@ -46,7 +46,7 @@ # and running them again will cause a conflict within # debian based deployments. - name: Create galera initial secure tool - template: + ansible.builtin.template: src: "galera_secure_node.j2" dest: "/usr/local/bin/galera_secure_node" mode: "0750" @@ -66,7 +66,7 @@ - molecule-idempotence-notest - name: Create the local directories - file: + ansible.builtin.file: path: "{{ item.path }}" state: "directory" owner: "{{ item.owner | default('root') }}" @@ -75,13 +75,13 @@ recurse: "{{ item.recurse | default('false') }}" with_items: - { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" } - - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" } # TMP needs to be re-created after clustering, so breaks idempotence test on all[1:] + - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" } # TMP needs to be re-created after clustering, so breaks idempotence test on all[1:] - { path: "/etc/mysql/conf.d" } tags: - molecule-idempotence-notest - name: Create and install SSL certificates - include_role: + ansible.builtin.include_role: name: pki tasks_from: "{{ galera_pki_create_ca | ternary('main.yml', 'main_certs.yml') }}" vars: @@ -102,7 +102,7 @@ # in {{ galera_etc_include_dir }} so make sure they are gone if necessary in # case they cause some conflicts with the ones we provide. - name: Remove existing mariadb configuration files - file: + ansible.builtin.file: state: absent path: "{{ galera_etc_include_dir }}/{{ item }}" with_items: "{{ mariadb_delete_etc_conf_files | default([]) }}" @@ -142,7 +142,7 @@ - Restart all mysql - name: Apply service defaults - template: + ansible.builtin.template: src: "mysql_defaults.j2" dest: "/etc/default/mariadb" mode: "0644" @@ -150,25 +150,25 @@ - Restart all mysql - name: Link mysql and mariadb config files - file: + ansible.builtin.file: src: "/etc/default/mariadb" dest: "/etc/default/mysql" state: "link" force: "yes" - name: Remove default mysql_safe_syslog - file: + ansible.builtin.file: path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf" state: absent - name: Create new cluster tool - template: + ansible.builtin.template: src: "galera_new_cluster.j2" dest: "/usr/local/bin/galera_new_cluster" mode: "0750" - name: Create clustercheck script - template: + ansible.builtin.template: src: "clustercheck.j2" dest: "/usr/local/bin/clustercheck" mode: "0755" diff --git a/tasks/galera_server_setup.yml b/tasks/galera_server_setup.yml index 7e42e427..2a507943 100644 --- a/tasks/galera_server_setup.yml +++ b/tasks/galera_server_setup.yml @@ -16,13 +16,13 @@ - name: Run mysql_upgrade block: - name: Fail if upgrade is needed - command: /usr/bin/mariadb-upgrade --check-if-upgrade-is-needed + ansible.builtin.command: /usr/bin/mariadb-upgrade --check-if-upgrade-is-needed register: galera_upgrade_check failed_when: galera_upgrade_check.rc == 0 changed_when: false rescue: - name: Run MySQL Upgrade - command: /usr/bin/mariadb-upgrade + ansible.builtin.command: /usr/bin/mariadb-upgrade register: galera_mysql_upgrade changed_when: - not galera_mysql_upgrade.stdout is search("already upgraded") diff --git a/tasks/galera_server_upgrade.yml b/tasks/galera_server_upgrade.yml index e7ebe582..496008af 100644 --- a/tasks/galera_server_upgrade.yml +++ b/tasks/galera_server_upgrade.yml @@ -27,7 +27,7 @@ - skip_ansible_lint - name: Check if major version of Galera is installed - fail: + ansible.builtin.fail: msg: > To install a new major version of mariadb-galera-server set '-e galera_upgrade=true'. @@ -38,7 +38,7 @@ - galera_server-upgrade - name: Including galera_server_upgrade_pre - include_tasks: galera_server_upgrade_pre.yml + ansible.builtin.include_tasks: galera_server_upgrade_pre.yml when: - galera_upgrade | bool args: diff --git a/tasks/galera_server_upgrade_pre.yml b/tasks/galera_server_upgrade_pre.yml index 1060fa49..1a9a4cda 100644 --- a/tasks/galera_server_upgrade_pre.yml +++ b/tasks/galera_server_upgrade_pre.yml @@ -18,7 +18,7 @@ # cause the service stop task to fail. To cater for this # we only try to stop the service is it exists. - name: Check whether a mysql service exists yet # noqa command-instead-of-module risky-shell-pipe - shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" + ansible.builtin.shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" args: executable: /bin/bash changed_when: false @@ -26,7 +26,7 @@ register: _mysql_service_exists - name: Stop MariaDB - systemd: + ansible.builtin.systemd: name: "{{ galera_mariadb_service_name }}" state: stopped register: galera_restart_fall_back @@ -37,7 +37,7 @@ - _mysql_service_exists.rc == 0 - name: UN-Install galera-server package - package: + ansible.builtin.package: name: "{{ item }}" state: absent with_items: diff --git a/tasks/main.yml b/tasks/main.yml index c99c2ef1..436859c9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Gather variables for each operating system - include_vars: "{{ lookup('first_found', params) }}" + ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" vars: params: files: @@ -29,7 +29,7 @@ - always - name: Including galera_client_main - include_tasks: galera_client_main.yml + ansible.builtin.include_tasks: galera_client_main.yml when: - galera_install_client | bool - inventory_hostname not in galera_cluster_members or galera_root_user != 'root' @@ -41,7 +41,7 @@ - always - name: Including galera_devel_main - include_tasks: galera_devel_main.yml + ansible.builtin.include_tasks: galera_devel_main.yml when: - galera_install_devel | bool args: @@ -52,7 +52,7 @@ - always - name: Including galera_server_main - include_tasks: galera_server_main.yml + ansible.builtin.include_tasks: galera_server_main.yml when: - galera_install_server | bool args: