From d0840d63ce53344ae29899842004acf9280685c4 Mon Sep 17 00:00:00 2001
From: Jacob Cody Wimer <jacob.wimer@gmail.com>
Date: Tue, 2 Feb 2016 15:02:08 -0500
Subject: [PATCH] Setting up galera cluster, also have new strategy for
 internal ips

---
 group_vars/all                       |   5 +-
 hosts                                |   4 -
 roles/common/tasks/main.yml          |   3 +
 roles/db/tasks/install.yml           |  10 +-
 roles/db/tasks/startcluster.yml      |  22 +----
 roles/db/templates/my.cnf.j2         | 131 +++++++++++++++++++++++++++
 roles/proxy/templates/haproxy.cfg.j2 |   8 +-
 7 files changed, 147 insertions(+), 36 deletions(-)
 create mode 100644 roles/db/templates/my.cnf.j2

diff --git a/group_vars/all b/group_vars/all
index d0345af..d53976a 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -2,6 +2,5 @@
 # Variables listed here are applicable to all host groups
 
 repository: https://github.com/jcwimer/wrestlingApp.git
-replication_password: something
-read_write_password: something
-mysql_root_password: something
+root_mysql_password: something
+heroku_jcw_password: something
diff --git a/hosts b/hosts
index 59ca656..8cc6001 100644
--- a/hosts
+++ b/hosts
@@ -12,8 +12,4 @@ db2 db3-hostname server_id=3
 [proxy]
 haproxy-hostname
 
-[db-internal]
-
-[web-internal]
-
 [proxy-internal]
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 36ef4a3..22a1cec 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -22,6 +22,9 @@
 - name: Install tmux
   apt: name=tmux state=prsent
 
+- name: Install rsync
+  apt: name=rsync state=present
+
 - name: Install zip
   apt: name=zip state=present
 
diff --git a/roles/db/tasks/install.yml b/roles/db/tasks/install.yml
index c420b50..8a0f3c8 100644
--- a/roles/db/tasks/install.yml
+++ b/roles/db/tasks/install.yml
@@ -21,14 +21,8 @@
 - name: Install python module
   apt: name=python-mysqldb state=installed
 
-- name: Create replication account
-  mysql_user: name=repl host="%" password={{ replication_password }} priv=*.*:"REPLICATION SLAVE" state=present
-
-- name: Create readwrite user
-  mysql_user: name=rwuser host="%" password={{ read_write_password }} priv=*.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP state=present
-
-- name: Modify configuration file to listen on all interfaces
-  lineinfile: dest=/etc/mysql/my.cnf regexp="^bind-address" line="bind-address=0.0.0.0"
+- name: Replace config file
+  template: src=my.cnf.j2 dest=/etc/mysql/my.cnf
 
 - name: Stop mysql service
   service: name=mysql state=stop
diff --git a/roles/db/tasks/startcluster.yml b/roles/db/tasks/startcluster.yml
index f5bd279..f2cadf6 100644
--- a/roles/db/tasks/startcluster.yml
+++ b/roles/db/tasks/startcluster.yml
@@ -6,22 +6,10 @@
   action: shell /etc/init.d/mysql start --wsrep-cluster-address="gcomm://"
   only_if: ${is_mysql_running.rc} > 0
 
+- name: Create wrestlingtourney database
+  action: shell mysql -e "CREATE DATABASE wrestlingtourney;"
+
 - name:  set mysql root password
-  action: shell mysql -e "UPDATE mysql.user SET password=PASSWORD('$root_mysql_password') where user='root';" 
-  only_if: ${is_mysql_running.rc} > 0
+  action: shell mysql -e "UPDATE mysql.user SET password=PASSWORD('$root_mysql_password') where user='root'; FLUSH PRIVILEGES;" 
+  only_if: $(is_mysql_running.rc} > 0
 
-- name: create state snapshot transfer user from anywhere
-  action: shell mysql -e "CREATE USER '$state_snapshot_transfer_user'@'%' IDENTIFIED BY '$state_snapshot_transfer_password';"
-  only_if: ${is_mysql_running.rc} > 0
-
-- name: create state snapshot transfer user from localhost
-  action: shell mysql -e "CREATE USER '$state_snapshot_transfer_user'@'localhost' IDENTIFIED BY '$state_snapshot_transfer_password';"
-  only_if: ${is_mysql_running.rc} > 0
-
-- name: set privileges for state snapshot transfer user
-  action: shell mysql -e "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '$state_snapshot_transfer_user'@'%';"
-  only_if: ${is_mysql_running.rc} > 0
-
-- name: set privileges for state snapshot transfer user and flush privileges
-  action: shell mysql -e "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '$state_snapshot_transfer_user'@'localhost'; FLUSH PRIVILEGES;"
-  only_if: ${is_mysql_running.rc} > 0
diff --git a/roles/db/templates/my.cnf.j2 b/roles/db/templates/my.cnf.j2
new file mode 100644
index 0000000..91b7dc8
--- /dev/null
+++ b/roles/db/templates/my.cnf.j2
@@ -0,0 +1,131 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = /var/lib/mysql
+tmpdir          = /tmp
+lc-messages-dir = /usr/share/mysql
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 0.0.0.0
+#
+# * Fine Tuning
+#
+key_buffer              = 16M
+max_allowed_packet      = 16M
+thread_stack            = 192K
+thread_cache_size       = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover         = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file        = /var/log/mysql/mysql.log
+#general_log             = 1
+#
+# Error log - should be very few entries.
+#
+log_error = /var/log/mysql/error.log
+#
+# Here you can see queries with especially long duration
+#log_slow_queries       = /var/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                        = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+# Galera settings
+wsrep_cluster_name=wrestlingdev
+wsrep_cluster_address=gcomm://{% for host in groups['db'] %}{{ hostvars[host]['ansible_eth1']['ipv4']['address'] }},{% endfor %}
+wsrep_sst_method=rsync
+wsrep_node_address={{ ansible_eth1["ipv4"]["address"] }}
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+
diff --git a/roles/proxy/templates/haproxy.cfg.j2 b/roles/proxy/templates/haproxy.cfg.j2
index 13cc99e..e46c9c8 100644
--- a/roles/proxy/templates/haproxy.cfg.j2
+++ b/roles/proxy/templates/haproxy.cfg.j2
@@ -21,8 +21,8 @@ listen mysql-cluster
     mode tcp
     option mysql-check user haproxy_check
     balance roundrobin
-    {% for db_server in db-internal %}
-    server {{ db_server }} {{ db_server }}:3306 check
+    {% for db_server in db %}
+    server {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }}:3306 check
     {% endfor %}
 
 frontend www-http
@@ -39,6 +39,6 @@ backend wrestlingdev
    redirect scheme https if !{ ssl_fc }
    balance roundrobin
    cookie SERVERID insert indirect nocache
-   {% for web_server in web-internal %}
-   server {{ web_server }} {{ web_server }}:443 check cookie {{ web_server }} ssl verify none
+   {% for web_server in web %}
+   server {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }}:443 check cookie {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }} ssl verify none
    {% endfor %}