cody/wrestlingdev-ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Setting up galera cluster, also have new strategy for internal ips

Browse Source
This commit is contained in:
Jacob Cody Wimer
2016-02-02 15:02:08 -05:00
parent 8a55e9f946
commit d0840d63ce
7 changed files with 147 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
group_vars/all
View File

@@ -2,6 +2,5 @@
# Variables listed here are applicable to all host groups
repository: https://github.com/jcwimer/wrestlingApp.git
replication_password: something
read_write_password: something
mysql_root_password: something
root_mysql_password: something
heroku_jcw_password: something

4
hosts
View File

@@ -12,8 +12,4 @@ db2 db3-hostname server_id=3
[proxy]
haproxy-hostname
[db-internal]
[web-internal]
[proxy-internal]

3
roles/common/tasks/main.yml
View File

@@ -22,6 +22,9 @@
- name: Install tmux
apt: name=tmux state=prsent
- name: Install rsync
apt: name=rsync state=present
- name: Install zip
apt: name=zip state=present

10
roles/db/tasks/install.yml
View File

@@ -21,14 +21,8 @@
- name: Install python module
apt: name=python-mysqldb state=installed
- name: Create replication account
mysql_user: name=repl host="%" password={{ replication_password }} priv=*.*:"REPLICATION SLAVE" state=present
- name: Create readwrite user
mysql_user: name=rwuser host="%" password={{ read_write_password }} priv=*.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP state=present
- name: Modify configuration file to listen on all interfaces
lineinfile: dest=/etc/mysql/my.cnf regexp="^bind-address" line="bind-address=0.0.0.0"
- name: Replace config file
template: src=my.cnf.j2 dest=/etc/mysql/my.cnf
- name: Stop mysql service
service: name=mysql state=stop

22
roles/db/tasks/startcluster.yml
View File

@@ -6,22 +6,10 @@
action: shell /etc/init.d/mysql start --wsrep-cluster-address="gcomm://"
only_if: ${is_mysql_running.rc} > 0
- name: Create wrestlingtourney database
action: shell mysql -e "CREATE DATABASE wrestlingtourney;"
- name: set mysql root password
action: shell mysql -e "UPDATE mysql.user SET password=PASSWORD('$root_mysql_password') where user='root';"
only_if: ${is_mysql_running.rc} > 0
action: shell mysql -e "UPDATE mysql.user SET password=PASSWORD('$root_mysql_password') where user='root'; FLUSH PRIVILEGES;"
only_if: $(is_mysql_running.rc} > 0
- name: create state snapshot transfer user from anywhere
action: shell mysql -e "CREATE USER '$state_snapshot_transfer_user'@'%' IDENTIFIED BY '$state_snapshot_transfer_password';"
only_if: ${is_mysql_running.rc} > 0
- name: create state snapshot transfer user from localhost
action: shell mysql -e "CREATE USER '$state_snapshot_transfer_user'@'localhost' IDENTIFIED BY '$state_snapshot_transfer_password';"
only_if: ${is_mysql_running.rc} > 0
- name: set privileges for state snapshot transfer user
action: shell mysql -e "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '$state_snapshot_transfer_user'@'%';"
only_if: ${is_mysql_running.rc} > 0
- name: set privileges for state snapshot transfer user and flush privileges
action: shell mysql -e "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '$state_snapshot_transfer_user'@'localhost'; FLUSH PRIVILEGES;"
only_if: ${is_mysql_running.rc} > 0

131
roles/db/templates/my.cnf.j2 Normal file
View File

@@ -0,0 +1,131 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
# Galera settings
wsrep_cluster_name=wrestlingdev
wsrep_cluster_address=gcomm://{% for host in groups['db'] %}{{ hostvars[host]['ansible_eth1']['ipv4']['address'] }},{% endfor %}
wsrep_sst_method=rsync
wsrep_node_address={{ ansible_eth1["ipv4"]["address"] }}
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#

8
roles/proxy/templates/haproxy.cfg.j2
View File

@@ -21,8 +21,8 @@ listen mysql-cluster
mode tcp
option mysql-check user haproxy_check
balance roundrobin
{% for db_server in db-internal %}
server {{ db_server }} {{ db_server }}:3306 check
{% for db_server in db %}
server {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[db_server]['ansible_eth1']['ipv4']['address'] }}:3306 check
{% endfor %}
frontend www-http
@@ -39,6 +39,6 @@ backend wrestlingdev
redirect scheme https if !{ ssl_fc }
balance roundrobin
cookie SERVERID insert indirect nocache
{% for web_server in web-internal %}
server {{ web_server }} {{ web_server }}:443 check cookie {{ web_server }} ssl verify none
{% for web_server in web %}
server {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }} {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }}:443 check cookie {{ hostvars[web_server]['ansible_eth1']['ipv4']['address'] }} ssl verify none
{% endfor %}