--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # TODO (jrosser) Remove all of these xinetd cleanup tasks in the Z release - name: Clean up legacy xinetd config file: path: "/etc/xinetd.d/mysqlchk" state: absent register: legacy_xinetd - name: Remove legacy galera service check from /etc/services lineinfile: dest: /etc/services state: absent regexp: '^mysqlchk' line: 'mysqlchk 9200/tcp # MySQL check' backup: yes register: legacy_services - name: Restart xinetd service service: name: xinetd state: restarted when: (legacy_xinetd is changed or legacy_services is changed) - name: Run the systemd service role import_role: name: systemd_service vars: systemd_tempd_prefix: openstack systemd_services: - service_name: "{{ galera_mariadb_service_name }}" systemd_overrides_only: True systemd_overrides: "{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}" - service_name: "mariadbcheck@" service_type: "oneshot" execstarts: "-/usr/local/bin/clustercheck" enabled: False load: False standard_output: "socket" sockets: - socket_name: "mariadbcheck" after_targets: - "network.target" enabled: "{{ galera_monitoring_check_enabled }}" state: "restarted" options: ListenStream: "{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}" IPAddressDeny: any IPAddressAllow: "{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}" Accept: "yes" tags: - galera-service # NOTE(cloudnull): The secure task is not needed on Debian based systems # as all of these tasks will be run on Package install # and running them again will cause a conflict within # debian based deployments. - name: Create galera initial secure tool template: src: "galera_secure_node.j2" dest: "/usr/local/bin/galera_secure_node" mode: "0750" when: - ansible_facts['pkg_mgr'] != "apt" - not galera_upgrade - name: Run galera secure command: "/usr/local/bin/galera_secure_node" args: creates: "{{ galera_data_dir }}/osa_default_secured" warn: no when: - ansible_facts['pkg_mgr'] != "apt" - not galera_upgrade tags: - skip_ansible_lint - name: Create the local directories file: path: "{{ item.path }}" state: "directory" owner: "{{ item.owner|default('root') }}" group: "{{ item.group|default('root') }}" mode: "{{ item.mode|default('0755') }}" recurse: "{{ item.recurse|default('false') }}" with_items: - { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" } - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" } - { path: "/etc/mysql/conf.d" } - name: Create and install SSL certificates include_role: name: pki tasks_from: "{{ galera_pki_create_ca | ternary('main.yml', 'main_certs.yml') }}" vars: pki_setup_host: "{{ galera_ssl_server }}" pki_dir: "{{ galera_pki_dir }}" pki_create_ca: "{{ galera_pki_create_ca }}" pki_regen_ca: "{{ galera_pki_regen_ca }}" pki_authorities: "{{ galera_pki_authorities }}" pki_install_ca: "{{ galera_pki_install_ca }}" pki_create_certificates: "{{ galera_user_ssl_cert is not defined and galera_user_ssl_key is not defined }}" pki_regen_cert: "{{ galera_pki_regen_cert }}" pki_certificates: "{{ galera_pki_certificates }}" pki_install_certificates: "{{ galera_pki_install_certificates }}" when: - galera_use_ssl | bool # NOTE: (hwoarang) mariadb packages may drop some default configuration files # in {{ galera_etc_include_dir }} so make sure they are gone if necessary in # case they cause some conflicts with the ones we provide. - name: Remove existing mariadb configuration files file: state: absent path: "{{ galera_etc_include_dir }}/{{ item }}" with_items: "{{ mariadb_delete_etc_conf_files | default([]) }}" - name: Drop mariadb config(s) openstack.config_template.config_template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" group: "root" mode: "{{ item.mode | default('0644') }}" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" ignore_none_type: False when: item.condition | default(True) with_items: - src: my.cnf.j2 dest: "{{ galera_etc_conf_file }}" config_overrides: "{{ galera_my_cnf_overrides }}" config_type: "ini" - src: cluster.cnf.j2 dest: "{{ galera_etc_include_dir }}/cluster.cnf" config_overrides: "{{ galera_cluster_cnf_overrides }}" config_type: "ini" - src: debian.cnf.j2 dest: /etc/mysql/debian.cnf config_overrides: "{{ galera_debian_cnf_overrides }}" config_type: "ini" condition: "{{ (ansible_facts['os_family'] | lower == 'debian') }}" - src: "client.my.cnf.j2" dest: "/root/.my.cnf" config_overrides: "{{ galera_client_my_cnf_overrides }}" config_type: "ini" mode: "0600" condition: "{{ (galera_root_user == 'root') }}" notify: - Restart all mysql - name: Apply service defaults template: src: "mysql_defaults.j2" dest: "/etc/default/mariadb" mode: "0644" notify: - Restart all mysql - name: Link mysql and mariadb config files file: src: "/etc/default/mariadb" dest: "/etc/default/mysql" state: "link" force: "yes" - name: remove default mysql_safe_syslog file: path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf" state: absent - name: Create new cluster tool template: src: "galera_new_cluster.j2" dest: "/usr/local/bin/galera_new_cluster" mode: "0750" - name: Create clustercheck script template: src: "clustercheck.j2" dest: "/usr/local/bin/clustercheck" mode: "0755"