c9da7d6975
Keystone role was never migrated to usage of haproxy-endpoints role and included task was used instead the whole time. With that to reduce complexity and to have unified approach, all mention of the role and handler are removed from the code. Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
196 lines
6.4 KiB
YAML
196 lines
6.4 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# TODO (jrosser) Remove all of these xinetd cleanup tasks in the Z release
|
|
- name: Clean up legacy xinetd config
|
|
file:
|
|
path: "/etc/xinetd.d/mysqlchk"
|
|
state: absent
|
|
register: legacy_xinetd
|
|
|
|
- name: Remove legacy galera service check from /etc/services
|
|
lineinfile:
|
|
dest: /etc/services
|
|
state: absent
|
|
regexp: '^mysqlchk'
|
|
line: 'mysqlchk 9200/tcp # MySQL check'
|
|
backup: yes
|
|
register: legacy_services
|
|
|
|
- name: Restart xinetd service
|
|
service:
|
|
name: xinetd
|
|
state: restarted
|
|
when: (legacy_xinetd is changed or legacy_services is changed)
|
|
|
|
- name: Run the systemd service role
|
|
import_role:
|
|
name: systemd_service
|
|
vars:
|
|
systemd_tempd_prefix: openstack
|
|
systemd_services:
|
|
- service_name: "{{ galera_mariadb_service_name }}"
|
|
systemd_overrides_only: True
|
|
systemd_overrides: "{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}"
|
|
- service_name: "mariadbcheck@"
|
|
service_type: "oneshot"
|
|
execstarts: "-/usr/local/bin/clustercheck"
|
|
enabled: False
|
|
load: False
|
|
standard_output: "socket"
|
|
sockets:
|
|
- socket_name: "mariadbcheck"
|
|
after_targets:
|
|
- "network.target"
|
|
enabled: "{{ galera_monitoring_check_enabled }}"
|
|
state: "restarted"
|
|
options:
|
|
ListenStream: "{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}"
|
|
IPAddressDeny: any
|
|
IPAddressAllow: "{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}"
|
|
Accept: "yes"
|
|
tags:
|
|
- galera-service
|
|
|
|
# NOTE(cloudnull): The secure task is not needed on Debian based systems
|
|
# as all of these tasks will be run on Package install
|
|
# and running them again will cause a conflict within
|
|
# debian based deployments.
|
|
- name: Create galera initial secure tool
|
|
template:
|
|
src: "galera_secure_node.j2"
|
|
dest: "/usr/local/bin/galera_secure_node"
|
|
mode: "0750"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] != "apt"
|
|
- not galera_upgrade
|
|
|
|
- name: Run galera secure
|
|
command: "/usr/local/bin/galera_secure_node"
|
|
args:
|
|
creates: "{{ galera_data_dir }}/osa_default_secured"
|
|
warn: no
|
|
when:
|
|
- ansible_facts['pkg_mgr'] != "apt"
|
|
- not galera_upgrade
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Create the local directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: "directory"
|
|
owner: "{{ item.owner|default('root') }}"
|
|
group: "{{ item.group|default('root') }}"
|
|
mode: "{{ item.mode|default('0755') }}"
|
|
recurse: "{{ item.recurse|default('false') }}"
|
|
with_items:
|
|
- { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" }
|
|
- { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" }
|
|
- { path: "/etc/mysql/conf.d" }
|
|
|
|
- name: Create and install SSL certificates
|
|
include_role:
|
|
name: pki
|
|
tasks_from: "{{ galera_pki_create_ca | ternary('main.yml', 'main_certs.yml') }}"
|
|
vars:
|
|
pki_setup_host: "{{ galera_ssl_server }}"
|
|
pki_dir: "{{ galera_pki_dir }}"
|
|
pki_create_ca: "{{ galera_pki_create_ca }}"
|
|
pki_regen_ca: "{{ galera_pki_regen_ca }}"
|
|
pki_authorities: "{{ galera_pki_authorities }}"
|
|
pki_install_ca: "{{ galera_pki_install_ca }}"
|
|
pki_create_certificates: "{{ galera_user_ssl_cert is not defined and galera_user_ssl_key is not defined }}"
|
|
pki_regen_cert: "{{ galera_pki_regen_cert }}"
|
|
pki_certificates: "{{ galera_pki_certificates }}"
|
|
pki_install_certificates: "{{ galera_pki_install_certificates }}"
|
|
when:
|
|
- galera_use_ssl | bool
|
|
|
|
# NOTE: (hwoarang) mariadb packages may drop some default configuration files
|
|
# in {{ galera_etc_include_dir }} so make sure they are gone if necessary in
|
|
# case they cause some conflicts with the ones we provide.
|
|
- name: Remove existing mariadb configuration files
|
|
file:
|
|
state: absent
|
|
path: "{{ galera_etc_include_dir }}/{{ item }}"
|
|
with_items: "{{ mariadb_delete_etc_conf_files | default([]) }}"
|
|
|
|
- name: Drop mariadb config(s)
|
|
openstack.config_template.config_template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "{{ item.mode | default('0644') }}"
|
|
config_overrides: "{{ item.config_overrides }}"
|
|
config_type: "{{ item.config_type }}"
|
|
ignore_none_type: False
|
|
when: item.condition | default(True)
|
|
with_items:
|
|
- src: my.cnf.j2
|
|
dest: "{{ galera_etc_conf_file }}"
|
|
config_overrides: "{{ galera_my_cnf_overrides }}"
|
|
config_type: "ini"
|
|
- src: cluster.cnf.j2
|
|
dest: "{{ galera_etc_include_dir }}/cluster.cnf"
|
|
config_overrides: "{{ galera_cluster_cnf_overrides }}"
|
|
config_type: "ini"
|
|
- src: debian.cnf.j2
|
|
dest: /etc/mysql/debian.cnf
|
|
config_overrides: "{{ galera_debian_cnf_overrides }}"
|
|
config_type: "ini"
|
|
condition: "{{ (ansible_facts['os_family'] | lower == 'debian') }}"
|
|
- src: "client.my.cnf.j2"
|
|
dest: "/root/.my.cnf"
|
|
config_overrides: "{{ galera_client_my_cnf_overrides }}"
|
|
config_type: "ini"
|
|
mode: "0600"
|
|
condition: "{{ (galera_root_user == 'root') }}"
|
|
notify:
|
|
- Restart all mysql
|
|
|
|
- name: Apply service defaults
|
|
template:
|
|
src: "mysql_defaults.j2"
|
|
dest: "/etc/default/mariadb"
|
|
mode: "0644"
|
|
notify:
|
|
- Restart all mysql
|
|
|
|
- name: Link mysql and mariadb config files
|
|
file:
|
|
src: "/etc/default/mariadb"
|
|
dest: "/etc/default/mysql"
|
|
state: "link"
|
|
force: "yes"
|
|
|
|
- name: remove default mysql_safe_syslog
|
|
file:
|
|
path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf"
|
|
state: absent
|
|
|
|
- name: Create new cluster tool
|
|
template:
|
|
src: "galera_new_cluster.j2"
|
|
dest: "/usr/local/bin/galera_new_cluster"
|
|
mode: "0750"
|
|
|
|
- name: Create clustercheck script
|
|
template:
|
|
src: "clustercheck.j2"
|
|
dest: "/usr/local/bin/clustercheck"
|
|
mode: "0755"
|