diff --git a/README.md b/README.md index 7d0991d..f4bf2d9 100644 --- a/README.md +++ b/README.md @@ -105,8 +105,7 @@ ansible-builder build --tag awx-ee:vn1 ## Common playbooks -* **facts.yml**: Collect and display facts from a host -* **ping.yml**: Check that a host is alive and reachable +* **debug.yml**: Debugging tasks: facts, vars, ping... * **awx.yml**: Create and configure AWX user * **debian.yml**: Setup base Debian server diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml index 0e9e56c..714551e 100644 --- a/playbooks/ceph.yml +++ b/playbooks/ceph.yml @@ -5,3 +5,4 @@ name: debian - import_role: name: ceph + tags: service diff --git a/playbooks/db.yml b/playbooks/db.yml index 2f83f93..a95a96b 100644 --- a/playbooks/db.yml +++ b/playbooks/db.yml @@ -5,3 +5,4 @@ name: debian - import_role: name: db + tags: service diff --git a/playbooks/debug.yml b/playbooks/debug.yml index 9efe37e..0757e5a 100644 --- a/playbooks/debug.yml +++ b/playbooks/debug.yml @@ -14,7 +14,7 @@ var: vars - name: Print variable value - tags: var + tags: [facts, vars, var] when: var_name is defined debug: msg: "{{ var_name }}: {{ lookup('vars', var_name, default='undefined') }}" diff --git a/playbooks/kube.yml b/playbooks/kube.yml index 8628eb1..907afc1 100644 --- a/playbooks/kube.yml +++ b/playbooks/kube.yml @@ -5,3 +5,4 @@ name: debian - import_role: name: kube + tags: service diff --git a/playbooks/pve.yml b/playbooks/pve.yml index a351148..f26239a 100644 --- a/playbooks/pve.yml +++ b/playbooks/pve.yml @@ -5,3 +5,4 @@ name: debian - import_role: name: pve + tags: service diff --git a/roles/db/defaults/main.yaml b/roles/db/defaults/main.yaml index d648087..b26beb7 100644 --- a/roles/db/defaults/main.yaml +++ b/roles/db/defaults/main.yaml @@ -2,6 +2,7 @@ mariadb_base_packages: - mariadb-server - mariadb-backup - pmm2-client + - pigz mariadb_requeriments: - curl - apt-transport-https @@ -19,24 +20,23 @@ required_directories: - { path: /root/mariabackup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' } - { path: /mnt/mysqldata/mysql, owner: mysql, group: mysql, mode: 'u=rwx,g=rx,o=rx' } - { path: /etc/systemd/system/mariadb.service.d, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' } -required_files_and_mariabackup_files_and_root_scripts: - - { src: "mariadb_override.conf", dest: "/etc/systemd/system/mariadb.service.d/override.conf", mode: "u=rw,g=r,o=r" } - - { src: "mysql-flush.sh", dest: "/etc/qemu/fsfreeze-hook.d/mysql-flush.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/mariabackup/bacula-before.sh", dest: "/root/mariabackup/bacula-before.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/mariabackup/config.sh", dest: "/root/mariabackup/config.sh", mode: "u=rwx,g=rx,o=x" } - - { src: "files/mariabackup/inc-backup.sh", dest: "/root/mariabackup/inc-backup.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/mariabackup/restore-backup.sh", dest: "/root/mariabackup/restore-backup.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/check-memory.sh", dest: "/root/scripts/check-memory.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/export-privs.sh", dest: "/root/scripts/export-privs.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/mysqltuner.pl", dest: "/root/scripts/mysqltuner.pl", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/promote-master.sh", dest: "/root/scripts/promote-master.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/promote-slave.sh", dest: "/root/scripts/promote-slave.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/scripts/README.md", dest: "/root/scripts/README.md", mode: "u=rw,g=r,o=r" } - - { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" } - - { src: "files/marianrpe/95-mariadb.cfg", dest: "/etc/nagios/nrpe.d/95-mariadb.cfg", mode: "u=rw,g=r,o=r" } -mariabackup_test_dev_files: - - { src: "mariabackuptest/apply.sql", dest: "/root/mariabackup/", mode: "u=rw,g=r,o=r" } - - { src: "mariabackuptest/bacula-after.sh", dest: "/root/mariabackup/", mode: "u=rwx,g=rx,o=rx" } +required_mariabackup_files_and_scripts: + - { src: mysql-flush.sh, dest: /etc/qemu/fsfreeze-hook.d/mysql-flush.sh, mode: u=rwx,g=rx,o=rx } + - { src: mariabackup/bacula-before.sh, dest: /root/mariabackup/bacula-before.sh, mode: u=rwx,g=rx,o=rx } + - { src: mariabackup/config.sh, dest: /root/mariabackup/config.sh, mode: u=rwx,g=rx,o=x } + - { src: mariabackup/inc-backup.sh, dest: /root/mariabackup/inc-backup.sh, mode: u=rwx,g=rx,o=rx } + - { src: mariabackup/restore-backup.sh, dest: /root/mariabackup/restore-backup.sh, mode: u=rwx,g=rx,o=rx } + - { src: scripts/check-memory.sh, dest: /root/scripts/check-memory.sh, mode: u=rwx,g=rx,o=rx } + - { src: scripts/export-privs.sh, dest: /root/scripts/export-privs.sh, mode: u=rwx,g=rx,o=rx } + - { src: scripts/mysqltuner.pl, dest: /root/scripts/mysqltuner.pl, mode: u=rwx,g=rx,o=rx } + - { src: scripts/promote-master.sh, dest: /root/scripts/promote-master.sh, mode: u=rwx,g=rx,o=rx } + - { src: scripts/promote-slave.sh, dest: /root/scripts/promote-slave.sh, mode: u=rwx,g=rx,o=rx } + - { src: scripts/README.md, dest: /root/scripts/README.md, mode: u=rw,g=r,o=r } + - { src: scripts/scheduler-log.sh, dest: /root/scripts/scheduler-log.sh, mode: u=rwx,g=rx,o=rx } downloads: - - { url: "https://r.mariadb.com/downloads/mariadb_repo_setup", dest: "/tmp/mariadb_repo_setup", mode: "u=rwx,g=rx,o=rx" } - - { url: "https://repo.percona.com/apt/percona-release_latest.generic_all.deb", dest: "/tmp/percona-release_latest.generic_all.deb", mode: "u=rw,g=r,o=r" } + - url: https://r.mariadb.com/downloads/mariadb_repo_setup + dest: /tmp/mariadb_repo_setup + mode: u=rwx,g=rx,o=rx + - url: https://repo.percona.com/apt/percona-release_latest.generic_all.deb + dest: /tmp/percona-release_latest.generic_all.deb + mode: u=rw,g=r,o=r diff --git a/roles/db/files/mariaconfigfiles/z90-vn.cnf b/roles/db/files/conf/z90-vn.cnf similarity index 100% rename from roles/db/files/mariaconfigfiles/z90-vn.cnf rename to roles/db/files/conf/z90-vn.cnf diff --git a/roles/db/files/mariaconfigfiles/z92-testing_dev.cnf b/roles/db/files/conf/z92-test.cnf similarity index 100% rename from roles/db/files/mariaconfigfiles/z92-testing_dev.cnf rename to roles/db/files/conf/z92-test.cnf diff --git a/roles/db/files/mariaconfigfiles/z95-production.cnf b/roles/db/files/conf/z95-production.cnf similarity index 100% rename from roles/db/files/mariaconfigfiles/z95-production.cnf rename to roles/db/files/conf/z95-production.cnf diff --git a/roles/db/files/mariabackupdev/apply.sql b/roles/db/files/mariabackup/apply.dev.sql similarity index 100% rename from roles/db/files/mariabackupdev/apply.sql rename to roles/db/files/mariabackup/apply.dev.sql diff --git a/roles/db/files/mariabackuptest/apply.sql b/roles/db/files/mariabackup/apply.test.sql similarity index 100% rename from roles/db/files/mariabackuptest/apply.sql rename to roles/db/files/mariabackup/apply.test.sql diff --git a/roles/db/files/mariabackupdev/bacula-after.sh b/roles/db/files/mariabackup/bacula-after.sh similarity index 100% rename from roles/db/files/mariabackupdev/bacula-after.sh rename to roles/db/files/mariabackup/bacula-after.sh diff --git a/roles/db/files/mariabackup/bacula-before.sh b/roles/db/files/mariabackup/bacula-before.sh index f1628fd..f4723a3 100644 --- a/roles/db/files/mariabackup/bacula-before.sh +++ b/roles/db/files/mariabackup/bacula-before.sh @@ -19,12 +19,13 @@ mariabackup \ --backup \ --extra-lsndir="$backupDir/$backupName" \ --history="$todayDir" \ + --stream=xbstream \ + --parallel=4 \ 2>> "$logFile" \ - | gzip \ + | pigz -p 12 \ > "$backupFile" if [ $? != "0" ]; then echo "An error ocurred during backup, please take a look at log file: $logFile" exit 1 fi - diff --git a/roles/db/files/mariabackup/restore-backup.sh b/roles/db/files/mariabackup/restore-backup.sh index 0e70424..73d06e2 100644 --- a/roles/db/files/mariabackup/restore-backup.sh +++ b/roles/db/files/mariabackup/restore-backup.sh @@ -27,8 +27,8 @@ mkdir -p "$restoreDir" echo "$(formatted_date)" echo "Decompresing backup." -gzip --decompress --stdout "$backupFile" \ - | mbstream -x --directory="$restoreDir" +pigz --decompress --processes 4 --stdout "$backupFile" \ + | mbstream --extract --parallel=4 --directory="$restoreDir" echo "Preparing backup." mariabackup \ diff --git a/roles/db/files/mariabackuptest/bacula-after.sh b/roles/db/files/mariabackuptest/bacula-after.sh deleted file mode 100755 index 53e37bb..0000000 --- a/roles/db/files/mariabackuptest/bacula-after.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -e - -myDir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -. "$myDir/config.sh" -. "$myDir/apply.config.sh" - -todayDir=$(date +%Y-%m-%d) -pattern="$baculaDir/mnt/local-backup/${todayDir}_??-??_full.gz" -files=($pattern) -backupFile="${files[0]}" - -"$myDir/restore-backup.sh" "$backupFile" -rm -r "$baculaDir" - -if [[ "${#dbClusterSiblings[@]}" -gt "0" ]]; then - for node in "${dbClusterSiblings[@]}"; do - ssh root@$node service mysql stop - ssh root@$node "if pgrep mariadbd; then pkill -9 mariadbd; fi" - done - - galera_new_cluster -else - service mariadb start -fi - -echo "Applying custom script." -mysql -e "UPDATE util.config SET environment = '$dbEnvironment', lastDump = NOW()" -mysql < "$myDir/apply.sql" - -echo "Upgrading tables." -mysql_upgrade - -echo "Applying repository changes." -curl --silent --request POST --location --user "$jenkinsAuth" "$jenkinsUrl/build?delay=0sec" - -echo "Waiting for Jenkins job to end." -jobResult=null -while [ "$jobResult" = "null" ]; do - sleep 10 - jobResult=$(curl --silent --location --user "$jenkinsAuth" "$jenkinsUrl/lastBuild/api/json" | jq --raw-output ".result") -done -echo "Job result: $jobResult" - -echo "Promoting to master." -"/root/scripts/promote-master.sh" - -for node in "${dbClusterSiblings[@]}"; do - ssh root@$node service mysql start -done - diff --git a/roles/db/files/marianrpe/95-mariadb.cfg b/roles/db/files/nrpe/95-mariadb.cfg similarity index 100% rename from roles/db/files/marianrpe/95-mariadb.cfg rename to roles/db/files/nrpe/95-mariadb.cfg diff --git a/roles/db/handlers/main.yml b/roles/db/handlers/main.yml index 0ed2a4d..320b475 100644 --- a/roles/db/handlers/main.yml +++ b/roles/db/handlers/main.yml @@ -5,3 +5,7 @@ systemd: name: mariadb state: restarted +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/db/tasks/main.yml b/roles/db/tasks/main.yml index dbdb57d..77d9ec3 100644 --- a/roles/db/tasks/main.yml +++ b/roles/db/tasks/main.yml @@ -1,2 +1,5 @@ - import_tasks: mariadb.yml - tags: service +- when: db.branch == 'master' + import_tasks: production.yml +- when: db.branch in ['dev', 'test'] + import_tasks: test.yml diff --git a/roles/db/tasks/mariadb.yml b/roles/db/tasks/mariadb.yml index 6569dac..2f67be8 100644 --- a/roles/db/tasks/mariadb.yml +++ b/roles/db/tasks/mariadb.yml @@ -1,6 +1,3 @@ -# Review /root/scripts/check-memory.sh --> It's not optimal to do what this program does -# Also review the cron task /root/scripts/scheduler-log.sh - - name: Ensure Install requirements for MariaDB repository setup script apt: name: "{{ mariadb_requeriments }}" @@ -43,7 +40,7 @@ tmpfs /mnt/mysqltmp tmpfs rw,size={{ mysqltmpsize }} 0 0 register: fstab -- name: Set MariaDB Cron to /etc/cron.d +- name: Configure MariaDB memory check CRON template: src: check-memory.cron dest: /etc/cron.d/vn-check-memory @@ -79,115 +76,58 @@ mode: "{{ item.mode }}" loop: "{{ required_directories }}" -- when: db.branch == 'master' - block: +- name: Copy required MariaBackup files and scripts + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: root + mode: "{{ item.mode }}" + loop: "{{ required_mariabackup_files_and_scripts }}" - - name: Ensure required directories exist in Production - file: - path: "{{ item.path }}" - state: directory - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: "{{ required_directories_master }}" - - - name: Set MariaDB custom configuration Production - copy: - src: "{{ item }}" - dest: /etc/mysql/mariadb.conf.d/ - owner: root - group: root - mode: u=rw,g=r,o=r - with_items: - - "mariaconfigfiles/z90-vn.cnf" - - "mariaconfigfiles/z95-production.cnf" - notify: restart-mariadb - - - name: Reminder to check mount points - debug: - msg: | - Remember to check the following mount points: - - /var/lib/mysql - - /mnt/mysqlbin - - /mnt/local-backup - Make sure they are correctly configured and accessible. +- name: Set MariaDB common configuration + copy: + src: conf/z90-vn.cnf + dest: /etc/mysql/mariadb.conf.d/ + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-mariadb -- when: db.branch == 'test' - - block: - - name: Set MariaBackup custom template configuration TestDB - template: - src: test-db_dev/apply.config.sh - dest: /root/mariabackup/ - owner: root - group: root - mode: u=rw,g=,o= - - - name: Reminder to check mount points environment TestDB - debug: - msg: | - Remember to check the following mount points: - - /mnt/mysqltmp - Make sure they are correctly configured and accessible. - -- when: db.branch == 'dev' - - block: - - name: Set MariaBackup custom template configuration DevDB - template: - src: test-db_dev/apply.config.sh - dest: /root/mariabackup/ - owner: root - group: root - mode: u=rw,g=,o= - - - name: Reminder to check mount points environment DevDB - debug: - msg: | - Remember to check the following mount points: - - /mnt/mysqltmp - Make sure they are correctly configured and accessible. - -- when: db.branch == 'dev' or db.branch == 'test' - - block: - - name: Set MariaDB custom configuration TestDB or DevDB - copy: - src: "{{ item }}" - dest: /etc/mysql/mariadb.conf.d/ - owner: root - group: root - mode: u=rw,g=r,o=r - with_items: - - "files/mariaconfigfiles/z90-vn.cnf" - - "files/mariaconfigfiles/z92-testing_dev.cnf" - notify: restart-mariadb - - - name: Set Mariabackup files for TestDB or DevDB - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - loop: "{{ mariabackup_test_dev_files }}" - -- name: Set Custom Configuration local template all Environment +- name: Set MariaDB local configuration template template: - src: z99-local.cnf + src: conf/z99-local.cnf dest: /etc/mysql/mariadb.conf.d/ owner: root group: root mode: u=rw,g=r,o=r -- name: Set MariaBackup custom template configuration all Environment +- name: Set MariaBackup connection configuration template: - src: "my.cnf" + src: mariabackup/my.cnf dest: /root/mariabackup/ owner: root group: root mode: u=rw,g=,o= +- name: Override MariaDB systemd service configuration + copy: + src: mariadb_override.conf + dest: /etc/systemd/system/mariadb.service.d/override.conf + owner: root + group: root + mode: u=rw,g=r,o=r + notify: reload-systemd + +- name: Set MariaDB NRPE configuration + copy: + src: nrpe/95-mariadb.cfg + dest: /etc/nagios/nrpe.d/ + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe + - name: Check if /var/lib/mysql/ exists stat: path: /var/lib/mysql/ @@ -210,16 +150,6 @@ path: /var/lib/mysql/ state: absent -- name: Ensure required custom and Mariabackup files are copied to their destinations and root scripts - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - loop: "{{ required_files_and_mariabackup_files_and_root_scripts }}" - notify: reload-systemd - - name: Mount all filesystems from /etc/fstab command: mount -a - when: fstab.changed \ No newline at end of file + when: fstab.changed diff --git a/roles/db/tasks/production.yml b/roles/db/tasks/production.yml new file mode 100644 index 0000000..fe08adc --- /dev/null +++ b/roles/db/tasks/production.yml @@ -0,0 +1,26 @@ +- name: Ensure production required directories exist + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: "{{ required_directories_master }}" + +- name: Set production MariaDB custom configuration + copy: + src: conf/z95-production.cnf + dest: /etc/mysql/mariadb.conf.d/ + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-mariadb + +- name: Reminder to check production mount points + debug: + msg: | + Remember to check the following mount points: + - /var/lib/mysql + - /mnt/mysqlbin + - /mnt/local-backup + Make sure they are correctly configured and accessible. diff --git a/roles/db/tasks/test.yml b/roles/db/tasks/test.yml new file mode 100644 index 0000000..13c53ef --- /dev/null +++ b/roles/db/tasks/test.yml @@ -0,0 +1,39 @@ +- name: Set test Mariabackup files + copy: + src: mariabackup/bacula-after.sh + dest: /root/mariabackup/ + owner: root + group: root + mode: u=rwx,g=rx,o=rx + +- name: Set test MariaBackup apply config configuration + template: + src: mariabackup/apply.config.sh + dest: /root/mariabackup/ + owner: root + group: root + mode: u=rw,g=,o= + +- name: Set test MariaBackup apply SQL script + copy: + src: mariabackup/apply.{{db.branch}}.sql + dest: /root/mariabackup/apply.sql + owner: root + group: root + mode: u=rw,g=,o= + +- name: Set test MariaDB custom configuration + copy: + src: conf/z92-test.cnf + dest: /etc/mysql/mariadb.conf.d/ + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-mariadb + +- name: Reminder to check test mount points environment + debug: + msg: | + Remember to check the following mount points: + - /mnt/mysqltmp + Make sure they are correctly configured and accessible. diff --git a/roles/db/templates/z99-local.cnf b/roles/db/templates/conf/z99-local.cnf similarity index 100% rename from roles/db/templates/z99-local.cnf rename to roles/db/templates/conf/z99-local.cnf diff --git a/roles/db/templates/test-db_dev/apply.config.sh b/roles/db/templates/mariabackup/apply.config.sh similarity index 99% rename from roles/db/templates/test-db_dev/apply.config.sh rename to roles/db/templates/mariabackup/apply.config.sh index d42f5f7..f4e6c1c 100755 --- a/roles/db/templates/test-db_dev/apply.config.sh +++ b/roles/db/templates/mariabackup/apply.config.sh @@ -17,4 +17,3 @@ jenkinsAuth=jenkins:{{ lookup(passbolt, 'jenkinsAuth', folder_parent_id=passbolt # Jenkins job URL jenkinsUrl=https://jenkins.verdnatura.es/job/Scheduler/job/db-apply-changes-{{ db.branch }} - diff --git a/roles/db/templates/my.cnf b/roles/db/templates/mariabackup/my.cnf similarity index 83% rename from roles/db/templates/my.cnf rename to roles/db/templates/mariabackup/my.cnf index b1b4ac9..7037bef 100644 --- a/roles/db/templates/my.cnf +++ b/roles/db/templates/mariabackup/my.cnf @@ -3,5 +3,5 @@ host = localhost user = mariabackup password = {{ lookup(passbolt, 'mariabackup', folder_parent_id=passbolt_folder).password }} use-memory = 1G -parallel = 2 -stream = mbstream +parallel = 4 +stream = xbstream diff --git a/roles/pve/handlers/main.yml b/roles/pve/handlers/main.yml index 1cbeed2..0399734 100644 --- a/roles/pve/handlers/main.yml +++ b/roles/pve/handlers/main.yml @@ -2,4 +2,3 @@ service: name: nagios-nrpe-server state: restarted - diff --git a/run-playbook.sh b/run-playbook.sh index 23f5d6a..acfde3e 100755 --- a/run-playbook.sh +++ b/run-playbook.sh @@ -1,5 +1,7 @@ #!/bin/bash +MY_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PY_VENV_DIR="$MY_DIR/venv" EXTRA_ARGS=() if [ -f .passbolt.yml ]; then @@ -9,5 +11,11 @@ if [ -f .vault-pass ]; then EXTRA_ARGS+=("--vault-password-file" ".vault-pass") fi -#export PYTHONPATH=./venv/lib/python3.12/site-packages/ +if [[ -z "$VIRTUAL_ENV" && -d "$PY_VENV_DIR" ]]; then + WARNING="\e[33m" + RESET="\e[0m" + echo -e "Warning: ${WARNING}Python virtual environment not activated! Some tasks might fail.${RESET}" + #export PYTHONPATH=./venv/lib/python3.12/site-packages/ +fi + ansible-playbook ${EXTRA_ARGS[@]} $@