Combine galera client role into galera_server

Depends-On: https://review.opendev.org/725902
Depends-On: https://review.opendev.org/728434
Change-Id: I02dc06d61006bb71a417a1470343e9c9c77d7935

defaults/main.yml

@@ -15,7 +15,7 @@
 
 # Set the package install state for distribution packages
 # Options are 'present' and 'latest'
-galera_server_package_state: "latest"
+galera_package_state: "latest"
 
 galera_cluster_members: "{{ groups['galera_all'] }}"
 galera_server_bootstrap_node: "{{ galera_cluster_members[0] }}"
@@ -76,6 +76,9 @@ galera_monitoring_user_password: ""
 #
 #galera_monitoring_allowed_source: "0.0.0.0/0"
 
+# Enable or disable the installation of galera server
+galera_install_server: false
+
 # Enable or disable the galera monitoring check capability
 galera_monitoring_check_enabled: true
 
@@ -145,7 +148,7 @@ galera_debian_cnf_overrides: {}
 # galera_max_connections: 500
 
 # This is only applied if the ansible_pkg_mgr is 'apt'
-galera_server_distro_package_pins:
+galera_distro_package_pins:
   - package: '*'
     release: MariaDB
     priority: 1001
@@ -156,6 +159,7 @@ galera_use_ssl: false
 galera_ssl_cert: /etc/ssl/certs/galera.pem
 galera_ssl_key: /etc/mysql/ssl/galera.key
 galera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem
+
 ## These options should be specified in user_variables if necessary, otherwise self-signed certs are used.
 # galera_user_ssl_cert: /etc/openstack_deploy/self_signed_certs/galera.pem
 # galera_user_ssl_key: /etc/openstack_deploy/self_signed_certs/galera.key
@@ -167,6 +171,7 @@ galera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem
 galera_ssl_self_signed_regen: false
 galera_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ galera_address }}"
 galera_ssl_ca_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT"
+
 # This option is used for creating the CA and overriding the Galera address on the clients side.
 # Should be set to either public VIP of VIP FQDN, depending on what is currently used in the env.
 galera_address: "{{ ansible_host }}"
@@ -185,16 +190,14 @@ galera_address: "{{ ansible_host }}"
 # Setting the following variable to 'yes' will disable the PrivateDevices
 galera_disable_privatedevices: "{{ _galera_disable_privatedevices }}"
 
-## Set default mirror for openSUSE repositories
-# NOTE(hwoarang): Ensure that the full path to the 'opensuse' directory is used.
-#galera_server_opensuse_mirror_obs_url: "http://widehat.opensuse.org"
+#install and configure the galera client as well as the server
+galera_install_client: false
+galera_client_package_install: "{{ galera_install_client }}"
+galera_client_package_state: "latest"
+galera_client_drop_config_file: "true"
+galera_client_my_cnf_overrides: {}
 
-# Where the extra package download is executed from.
-# Options are ['deployment-host', 'target-host']
-galera_server_extra_package_downloader: "deployment-host"
-
-# The location where the extra packages are downloaded to
-galera_server_extra_package_path: "/opt/cache/files"
-
-# Toggle whether certificate validation should be enabled/disabled
-galera_server_extra_package_validate_certs: yes
+# This server is used when pulling an ssl cert onto a given host when a user
+# defined key is not present. By default this will try and pull from the
+# "galera_server" group and fall back to localhost.
+galera_ssl_server: "{{ (galera_cluster_members | default(['localhost']))[0] }}"

examples/playbook.yml

@@ -3,6 +3,9 @@
   hosts: galera_all
   user: root
   roles:
-    - { role: "galera_server" }
+    - galera_server
+      vars:
+        galera_install_server: true
+        galera_install_client: true
   vars:
     galera_root_password: secrete

handlers/main.yml

@@ -55,6 +55,7 @@
   changed_when: true
   listen: Bootstrap cluster
   when:
+    - galera_install_server | bool
     - not galera_cluster_ready | bool
 
 - name: Start new cluster
@@ -67,6 +68,7 @@
     ansible_host: "{{ hostvars[galera_server_bootstrap_node]['ansible_host'] }}"
   run_once: true
   when:
+    - galera_install_server | bool
     - not galera_cluster_ready | bool
   listen: Bootstrap cluster
 
@@ -84,6 +86,7 @@
   vars:
     ansible_host: "{{ hostvars[item]['ansible_host'] }}"
   when:
+    - galera_install_server | bool
     - hostvars[item]['galera_cluster_ready'] is defined
     - hostvars[item]['galera_deployed'] | default(false) | bool
   with_items:

meta/main.yml

@@ -41,10 +41,7 @@ galaxy_info:
     - openstack
 dependencies:
   - role: apt_package_pinning
-    apt_pinned_packages: "{{ galera_server_distro_package_pins }}"
+    apt_pinned_packages: "{{ galera_distro_package_pins }}"
     apt_package_pinning_file_name: "galera_pin.pref"
     when:
       - ansible_pkg_mgr == 'apt'
-  - role: galera_client
-    galera_client_drop_config_file: true
-    galera_client_package_install: false

releasenotes/notes/combine-client-d6b135b9957d55ee.yaml

@@ -0,0 +1,17 @@
+---
+features:
+  - |
+    The galera_server role now includes the functionality from the
+    galera_client role, and can optionally install the client and server
+    components. This is controlled using two booleans, galera_install_server
+    and galera_install_client, both of which default to false.
+upgrade:
+  - |
+    The galera_server role now includes the functionality from the
+    galera_client role, and as a result a number of the variables from
+    the galera_client defaults are now available to override in the
+    galera_server role defaults. In addition, a number of default variables
+    have been generalised, removing the specific `_client_` or `_server_`
+    parts of the names. Users of this role should check that any overrides
+    they are using have the correct variables names for the new combined
+    role.

tasks/galera_client_main.yml

@@ -0,0 +1,28 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Prepare the package list
+  set_fact:
+    galera_packages_list: "{{ galera_client_distro_packages }}"
+
+- include_tasks: "galera_install_{{ ansible_pkg_mgr }}.yml"
+  when:
+    - galera_client_package_install | bool
+
+- include_tasks: galera_client_post_install.yml
+
+- include_tasks: galera_client_ssl.yml
+  when:
+    - galera_use_ssl | bool

tasks/galera_client_post_install.yml

@@ -0,0 +1,27 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Drop local .my.cnf file
+  config_template:
+    src: "client.my.cnf.j2"
+    dest: "/root/.my.cnf"
+    owner: "root"
+    group: "root"
+    mode: "0600"
+    config_overrides: "{{ galera_client_my_cnf_overrides }}"
+    config_type: "ini"
+  when: galera_client_drop_config_file | bool
+  tags:
+    - galera-client-user-config

tasks/galera_client_ssl.yml

@@ -0,0 +1,53 @@
+---
+# Copyright 2017, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Get Galera ssl CA cert contents
+  slurp:
+    src: "{{ galera_ssl_ca_cert }}"
+  register: galera_ca
+  failed_when: false
+  delegate_to: "{{ galera_ssl_server }}"
+  when:
+    - galera_user_ssl_ca_cert is not defined
+
+- name: Check for Galera ssl CA cert get failure
+  debug:
+    msg: >
+      The cert retrieval task failed or no CA cert was found. Check the file
+      "{{ galera_ssl_ca_cert }}" on server "{{ galera_ssl_server }}" before
+      trying again.
+  when:
+    - galera_ca.content is not defined
+
+- name: Distribute Galera ssl CA cert (SERVER)
+  copy:
+    content: "{{ galera_ca.content | b64decode }}"
+    dest: "{{ galera_ssl_ca_cert }}"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when:
+    - galera_user_ssl_ca_cert is not defined
+    - galera_ca.content is defined
+
+- name: Distribute Galera ssl CA cert (USER)
+  copy:
+    src: "{{ galera_user_ssl_ca_cert }}"
+    dest: "{{ galera_ssl_ca_cert }}"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when:
+    - galera_user_ssl_ca_cert is defined

tasks/galera_install_apt.yml

@@ -15,7 +15,7 @@
 
 - name: Remove conflicting distro packages
   package:
-    name: "{{ galera_server_mariadb_distro_packages_remove | default([]) }}"
+    name: "{{ galera_mariadb_distro_packages_remove | default([]) }}"
     state: absent
 
 - name: If a keyfile is provided, copy the gpg keyfile to the key location
@@ -78,10 +78,10 @@
   retries: 5
   delay: 2
 
-- name: Install galera_server role remote packages (apt)
+- name: Install galera role remote packages (apt)
   apt:
     name: "{{ galera_packages_list }}"
-    state: "{{ galera_server_package_state }}"
+    state: "{{ galera_package_state }}"
     update_cache: yes
     cache_valid_time: "{{ cache_timeout }}"
   register: install_remote_apt_packages

tasks/galera_install_portage.yml

@@ -13,10 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Install galera_server role packages
+- name: Install galera role packages
   package:
     name: "{{ galera_packages_list }}"
-    state: "{{ galera_server_package_state }}"
+    state: "{{ galera_package_state }}"
     newuse: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
     changed_use: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
     noreplace: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"

tasks/galera_install_yum.yml

@@ -22,7 +22,7 @@
 - name: Remove conflicting packages
   shell: |
     exit_code=0
-    for pkg in {{ galera_server_mariadb_distro_packages_remove | join(' ') }}; do
+    for pkg in {{ galera_mariadb_distro_packages_remove | join(' ') }}; do
       if rpm --query --quiet ${pkg}; then
         rpm -ev --nodeps ${pkg}
         exit_code=2
@@ -130,10 +130,10 @@
   tags:
     - skip_ansible_lint
 
-- name: Install galera_server role remote packages
+- name: Install galera role remote packages
   package:
     name: "{{ galera_packages_list }}"
-    state: "{{ galera_server_package_state }}"
+    state: "{{ galera_package_state }}"
   register: install_remote_packages
   until: install_remote_packages is success
   retries: 5

tasks/galera_install_zypper.yml

@@ -15,7 +15,7 @@
 
 - name: Remove conflicting distro packages
   package:
-    name: "{{ galera_server_mariadb_distro_packages_remove }}"
+    name: "{{ galera_mariadb_distro_packages_remove }}"
     state: absent
 
 # In SUSE/CentOS systems, /etc/my.cnf.d may already exist on the
@@ -87,7 +87,7 @@
 - name: Install galera_server role remote packages (zypper)
   zypper:
     name: "{{ galera_packages_list }}"
-    state: "{{ galera_server_package_state }}"
+    state: "{{ galera_package_state }}"
   register: install_remote_packages
   until: install_remote_packages is success
   retries: 5

tasks/galera_server_main.yml

@@ -0,0 +1,92 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Fail when the host is not in galera_cluster_members
+  fail:
+    msg: "The host {{ inventory_hostname }} must be in galera_cluster_members."
+  when: inventory_hostname not in galera_cluster_members
+  tags:
+    - always
+
+- name: Fail if the galera root password is not provided
+  fail:
+    msg: |
+      Please set the galera_root_password variable prior to applying the
+      galera role.
+  when: (galera_root_password is undefined) or (galera_root_password is none)
+  tags:
+    - always
+
+- name: initialize local facts
+  ini_file:
+    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
+    section: "galera"
+    option: initialized
+    value: true
+
+- name: Refresh local facts
+  setup:
+    filter: ansible_local
+    gather_subset: "!all"
+  tags:
+    - always
+
+- name: Set the galera existing cluster fact
+  set_fact:
+    galera_deployed: "{{ ansible_local['openstack_ansible']['galera']['deployed'] | default(false) | bool }}"
+  tags:
+    - always
+
+- name: Cluster state notice
+  debug:
+    msg: >
+      The cluster state will be ignored. While the state checks are skipped,
+      the galera restart handlers will be triggered to ensure everything is
+      functional at the end of the playbook execution.
+  changed_when: true
+  when:
+    - (galera_ignore_cluster_state | bool) or (galera_force_bootstrap | bool)
+  notify:
+    - Manage LB
+    - Restart all mysql
+  tags:
+    - always
+
+- include_tasks: galera_server_cluster_state.yml
+  when:
+    - galera_deployed | bool
+    - not galera_ignore_cluster_state | bool
+  tags:
+    - always
+
+- include_tasks: galera_server_upgrade.yml
+  when: galera_deployed | bool
+  tags:
+    - galera_server-upgrade
+
+- include_tasks: galera_server_install.yml
+  tags:
+    - galera_server-install
+
+- include_tasks: galera_server_post_install.yml
+  tags:
+    - galera_server-config
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- include_tasks: galera_server_setup.yml
+  tags:
+    - galera_server-config

tasks/galera_server_post_install.yml

@@ -81,7 +81,7 @@
     - { path: "/var/lib/mysql", owner: "mysql", mode: "02755" }
     - { path: "/etc/mysql/conf.d" }
 
-- include_tasks: galera_ssl.yml
+- include_tasks: galera_server_ssl.yml
   when:
     - galera_use_ssl | bool
 

tasks/galera_server_ssl.yml

@@ -21,7 +21,7 @@
     group: "mysql"
     mode: "0755"
 
-- include_tasks: galera_ssl_self_signed.yml
+- include_tasks: galera_server_ssl_self_signed.yml
   when:
     - not galera_user_ssl_cert is defined
     - not galera_user_ssl_key is defined

tasks/galera_server_upgrade.yml

@@ -37,7 +37,7 @@
   tags:
     - galera_server-upgrade
 
-- include_tasks: galera_upgrade_pre.yml
+- include_tasks: galera_server_upgrade_pre.yml
   when:
     - galera_upgrade | bool
   tags:

tasks/main.yml

@@ -13,22 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Fail when the host is not in galera_cluster_members
-  fail:
-    msg: "The host {{ inventory_hostname }} must be in galera_cluster_members."
-  when: inventory_hostname not in galera_cluster_members
-  tags:
-    - always
-
-- name: Fail if the galera root password is not provided
-  fail:
-    msg: |
-      Please set the galera_root_password variable prior to applying the
-      galera role.
-  when: (galera_root_password is undefined) or (galera_root_password is none)
-  tags:
-    - always
-
 - name: Gather variables for each operating system
   include_vars: "{{ item }}"
   with_first_found:
@@ -40,64 +24,10 @@
   tags:
     - always
 
-- name: initialize local facts
-  ini_file:
-    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
-    section: "galera"
-    option: initialized
-    value: "True"
-
-- name: Refresh local facts
-  setup:
-    filter: ansible_local
-    gather_subset: "!all"
-  tags:
-    - always
-
-- name: Set the galera existing cluster fact
-  set_fact:
-    galera_deployed: "{{ ansible_local['openstack_ansible']['galera']['deployed'] | default(false) | bool }}"
-  tags:
-    - always
-
-- name: Cluster state notice
-  debug:
-    msg: >
-      The cluster state will be ignored. While the state checks are skipped,
-      the galera restart handlers will be triggered to ensure everything is
-      functional at the end of the playbook execution.
-  changed_when: true
+- include_tasks: galera_client_main.yml
   when:
-    - (galera_ignore_cluster_state | bool) or (galera_force_bootstrap | bool)
-  notify:
-    - Manage LB
-    - Restart all mysql
-  tags:
-    - always
+    - galera_install_client | bool
 
-- include_tasks: galera_cluster_state.yml
+- include_tasks: galera_server_main.yml
   when:
-    - galera_deployed | bool
-    - not galera_ignore_cluster_state | bool
-  tags:
-    - always
-
-- include_tasks: galera_upgrade.yml
-  when: galera_deployed | bool
-  tags:
-    - galera_server-upgrade
-
-- include_tasks: galera_install.yml
-  tags:
-    - galera_server-install
-
-- include_tasks: galera_post_install.yml
-  tags:
-    - galera_server-config
-
-- name: Flush handlers
-  meta: flush_handlers
-
-- include_tasks: galera_setup.yml
-  tags:
-    - galera_server-config
+    - galera_install_server | bool

templates/client.my.cnf.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[client]
+host={% if inventory_hostname in galera_cluster_members %}
+localhost
+{% else %}
+{{ galera_address }}
+{% endif %}
+user={{ galera_root_user }}
+password={{ galera_root_password }}

tests/ansible-role-requirements.yml

@@ -19,11 +19,3 @@
   src: https://opendev.org/openstack/openstack-ansible-lxc_container_create
   scm: git
   version: master
-- name: galera_client
-  src: https://opendev.org/openstack/openstack-ansible-galera_client
-  scm: git
-  version: master
-- name: previous_galera_server
-  src: https://opendev.org/openstack/openstack-ansible-galera_server
-  scm: git
-  version: stable/pike

tests/galera_server-overrides.yml

@@ -13,6 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+galera_install_server: true
+galera_install_client: true
+
 # Testing my.cnf overrides
 galera_my_cnf_overrides:
   sst:

vars/debian.yml

@@ -83,3 +83,6 @@ _galera_repo:
   filename: "MariaDB"
 
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
+
+galera_client_distro_packages:
+  - "mariadb-client-{{ galera_major_version }}"

vars/redhat.yml

@@ -50,7 +50,7 @@ galera_server_mariadb_distro_packages:
   - socat
 
 # Conflicting packages with those from the MariaDB repository
-galera_server_mariadb_distro_packages_remove:
+galera_mariadb_distro_packages_remove:
   - mariadb-common
   - mariadb-config
   - mariadb-server
@@ -60,10 +60,13 @@ galera_server_upgrade_packages_remove:
   - MariaDB-Galera-server
   - MariaDB-server
 
-_galera_repo_url: "http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_client_major_version }}.{{ galera_client_minor_version }}/yum/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-amd64/"
+_galera_repo_url: "http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/yum/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-amd64/"
 _galera_repo:
   name: MariaDB
   description: "MariaDB Repo"
   baseurl: "{{ galera_repo_url }}"
 
 galera_wsrep_provider: "/usr/lib/galera/libgalera_smm.so"
+
+galera_client_distro_packages:
+  - MariaDB-client

vars/suse.yml

@@ -48,7 +48,7 @@ galera_server_mariadb_distro_packages:
   - socat
 
 # Conflicting packages with those from the MariaDB repository
-galera_server_mariadb_distro_packages_remove:
+galera_mariadb_distro_packages_remove:
   - libmariadb-devel
   - mariadb
   - mariadb-client
@@ -72,3 +72,6 @@ mariadb_delete_etc_conf_files:
   - default_plugins.cnf
   - galera.cnf
   - error_log.cnf
+
+galera_client_distro_packages:
+  - MariaDB-client