From a5835fd6112933f3f17825de8091f7eb312175e9 Mon Sep 17 00:00:00 2001
From: Christian Rohmann <christian.rohmann@inovex.de>
Date: Fri, 26 Aug 2022 16:58:41 +0200
Subject: [PATCH] Add support to configure proxy-protocol-networks

MariaDB/Galera can read information about the actual client
connecting via a load balancer from the proxy protocol.
In order to define which sources are trusted the parameter
`proxy-protocol-networks` is used.

See https://mariadb.com/kb/en/proxy-protocol-support

Change-Id: I4ea360fbea5a911ba03a5eca3af00eb91b7bd124
---
 defaults/main.yml   | 1 +
 templates/my.cnf.j2 | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 997437b1..09d68846 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -26,6 +26,7 @@ galera_force_bootstrap: false
 galera_wsrep_node_name: "{{ inventory_hostname }}"
 galera_cluster_name: openstack_galera_cluster
 galera_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
+galera_server_proxy_protocol_networks: ""
 
 # The galera server-id should be set on all cluster nodes to ensure
 #  that replication is handled correctly and the error
diff --git a/templates/my.cnf.j2 b/templates/my.cnf.j2
index aa02ace4..c58a038c 100644
--- a/templates/my.cnf.j2
+++ b/templates/my.cnf.j2
@@ -32,6 +32,10 @@ tmpdir = {{ galera_tmp_dir }}
 ignore_db_dirs = {{ galera_ignore_db_dirs | join(',') }}
 
 bind-address = {{ galera_server_bind_address }}
+{% if galera_server_proxy_protocol_networks %}
+proxy-protocol-networks = {{ galera_server_proxy_protocol_networks }}
+{% endif %}
+
 {% if galera_server_id is defined %}
 server-id = {{ galera_server_id }}
 {% endif %}