openstack
/
openstack-ansible-galera_server
Code Issues Proposed changes
openstack-ansible-galera_se.../tasks/galera_install_yum.yml

168 lines
6.1 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Update the local file system CRUD
file:
src: "{{ item.src|default(omit) }}"
path: "{{ item.path }}"
state: "{{ item.state }}"
force: "{{ item.force|default(omit) }}"
with_items:
- { path: "/etc/mysql", state: "directory" }
- { path: "/etc/mysql/conf.d", state: "directory" }
- { src: "/usr/lib64/galera", path: "/usr/lib/galera", state: "link", force: true }
- { src: "/etc/mysql/conf.d", path: "/etc/my.cnf.d", state: "link", force: true }
- { src: "/etc/mysql/my.cnf", path: "/etc/my.cnf", state: "link", force: true }
- name: Add galera gpg-keys
rpm_key:
state: present
key: "{{ item.keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys|success
failed_when: false
retries: 5
delay: 2
with_items: "{{ galera_gpg_keys }}"
tags:
- galera-gpg-keys
- name: Add galera gpg-keys using fallback keyserver
rpm_key:
state: present
key: "{{ item.fallback_keyserver }}/{{ item.key_name }}"
register: add_keys
until: add_keys|success
retries: 5
delay: 2
with_items: "{{ galera_gpg_keys }}"
when: add_keys|failed and (item.fallback_keyserver is defined)
tags:
- galera-gpg-keys
- name: Add galera repo
yum_repository:
name: "{{ galera_repo.name }}"
description: "{{ galera_repo.description }}"
baseurl: "{{ galera_repo.baseurl }}"
gpgkey: "{{ galera_repo.gpgkey }}"
gpgcheck: yes
enabled: yes
register: add_repos
until: add_repos | success
retries: 5
delay: 2
tags:
- galera-repos
# When changing the repo URL, the metadata does
# not reliably update, resulting in the right
# URL being used, but the wrong package list.
# This is why we force the metadata to be
# cleaned out whenever the repo config changes.
- name: Force the expiry of the repo metadata
command: "yum clean metadata"
when: add_repos | changed
tags:
- galera-repos
- skip_ansible_lint
- name: Install percona repo
yum:
pkg: "{{ galera_percona_xtrabackup_repo.repo }}"
state: "{{ galera_percona_xtrabackup_repo.state }}"
register: install_packages
until: install_packages|success
retries: 5
delay: 2
when: use_percona_upstream | bool
tags:
- galera-pre-yum-packages
- name: Install galera_server role remote packages (yum)
yum:
name: "{{ item }}"
state: "{{ galera_server_package_state }}"
with_items:
- "{{ galera_packages_list | selectattr('enabled') | sum(attribute='packages', start=[]) }}"
- name: Enable mysql to start at boot
service:
name: "mysql"
enabled: "yes"
tags:
- galera_server-config
- galera-enable
# This glue to make the upgrade works. when testing the galera_server role we install version 10.0
# of mariadb and so the path doesn't exist, let's clean it up when we do upgrade testing the way
# we do for other roles.
# TODO: cleanup when we change upgrade test.
- name: Check if we are on systemd service
stat:
path: "/etc/systemd/system/mariadb.service.d/"
register: systemd_mysql_service
# See comments above 'galera_disable_privatedevices' in defaults/main.yml for
# links to relevant bugs and discussion.
- name: Remove PrivateDevices systemd options when in container
template:
src: without-privatedevices.conf.j2
dest: "/etc/systemd/system/mariadb.service.d/without-privatedevices.conf"
when:
- ansible_pkg_mgr == 'yum'
- systemd_mysql_service.stat.exists
notify:
- Reload the systemd daemon
- Restart mysql
tags:
- galera-config
# TODO: remove name argument when we upgrade to ansible 2.4
- name: Reload the systemd daemon
systemd:
daemon_reload: yes
name: mysql
when:
- systemd_mysql_service.stat.exists
# NOTE(cloudnull): This is an idempotent shell task is it will only run once
# provided the "/etc/mysql/rhel_configured" exists. This tasks automates the
# MySQL secure setup which is done automatically in Ubuntu deployments.
- name: "Update root user, connections, and grant options"
shell: |
service mysql start || true
# Reset the root password, at this time there is no password set
mysqladmin --no-defaults --port=3306 --socket=/var/run/mysqld/mysqld.sock --host=127.0.0.1 --user=root password "{{ galera_root_password }}"
# Setup the root user for MySQL
mysql -u root -h localhost -e "UPDATE mysql.user SET Password=PASSWORD('$rootpass') WHERE User='root';"
mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE user='';"
mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('%', 'localhost', '127.0.0.1', '::1');"
mysql -u root -h localhost -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'localhost' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'127.0.0.1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'::1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'%' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;"
mysql -u root -h localhost -e "FLUSH PRIVILEGES;"
# Create a marker file to ensure this script is not run again
touch /etc/mysql/rhel_configured
service mysql stop
args:
creates: /etc/mysql/rhel_configured
tags:
- galera_server-config
- galera-rhel-config
- skip_ansible_lint
View Git Blame Copy Permalink