verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

maxscale: refs #8822 - refactor some minnor things #86

Open
xavi wants to merge 5 commits from 8822_MaxScale_final_migrate into main
pull from: 8822_MaxScale_final_migrate
merge into: verdnatura:main
Conversation 0 Commits 5 Files Changed 4 +123 -20
4 changed files with 123 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/maxscale/defaults/main.yaml
View File

@ -9,7 +9,7 @@ certificates:
- { content: '{{ maxscale_config.db_ca_pem }}', dest: '/etc/ssl/private/db-ca.pem', owner: 'root', group: 'maxscale', mode: 'u=rw,g=r,o=' } - { content: '{{ maxscale_config.db_ca_pem }}', dest: '/etc/ssl/private/db-ca.pem', owner: 'root', group: 'maxscale', mode: 'u=rw,g=r,o=' }
- { content: '{{ maxscale_config.db_key }}', dest: '/etc/ssl/private/db-key.pem', owner: 'root', group: 'maxscale', mode: 'u=rw,g=r,o=' } - { content: '{{ maxscale_config.db_key }}', dest: '/etc/ssl/private/db-key.pem', owner: 'root', group: 'maxscale', mode: 'u=rw,g=r,o=' }
maxscale_templates: maxscale_templates:
- { src: 'maxscale.cnf.j2', dest: '/etc/maxscale.cnf' } - { src: "{{ maxscale_template_file }}", dest: '/etc/maxscale.cnf' }
- { src: 'keepalived.conf.j2', dest: '/etc/keepalived/keepalived.conf' } - { src: 'keepalived.conf.j2', dest: '/etc/keepalived/keepalived.conf' }
- { src: 'override.conf.j2', dest: '/etc/systemd/system/maxscale.service.d/override.conf' } - { src: 'override.conf.j2', dest: '/etc/systemd/system/maxscale.service.d/override.conf' }
- { src: '.secrets', dest: '/var/lib/maxscale/.secrets', owner: 'maxscale', group: 'maxscale', mode: 'u=r,g=,o=' } - { src: '.secrets', dest: '/var/lib/maxscale/.secrets', owner: 'maxscale', group: 'maxscale', mode: 'u=r,g=,o=' }

40
roles/maxscale/tasks/maxscale.yml
View File

@ -1,3 +1,7 @@
- name: Set installation method for MaxScale
set_fact:
maxscale_use_deb: "{{ db.maxscale == '23.08.5' }}"
maxscale_use_repo: "{{ db.maxscale != '23.08.5' }}"
- name: Ensure required packages for MaxScale are installed - name: Ensure required packages for MaxScale are installed
apt: apt:
name: keepalived name: keepalived
@ -16,6 +20,24 @@
cmd: "/bin/bash /tmp/mariadb_repo_setup --mariadb-server-version={{ db.version | default('10.11.10') }} --mariadb-maxscale-version={{ db.maxscale | default('23.08.9') }}" cmd: "/bin/bash /tmp/mariadb_repo_setup --mariadb-server-version={{ db.version | default('10.11.10') }} --mariadb-maxscale-version={{ db.maxscale | default('23.08.9') }}"
creates: "/etc/apt/sources.list.d/mariadb.list" creates: "/etc/apt/sources.list.d/mariadb.list"
when: mariadb_repo_script.changed when: mariadb_repo_script.changed
- name: Install maxscale via apt
apt:
name: maxscale
state: present
install_recommends: no
update_cache: true
when: maxscale_use_repo
- name: Download MaxScale 23.08.5 .deb package
get_url:
url: "https://dlm.mariadb.com/3773315/MaxScale/23.08.5/packages/debian/bookworm/x86_64/maxscale-23.08.5-1.debian.bookworm.x86_64.deb"
dest: "/tmp/maxscale-23.08.5.deb"
mode: '0644'
when: maxscale_use_deb
register: maxscale_manual_deb_tmp
- name: Install MaxScale .deb packages manually
apt:
deb: "/tmp/maxscale-23.08.5.deb"
when: maxscale_manual_deb_tmp.changed
- name: Ensure systemd override directory exists - name: Ensure systemd override directory exists
file: file:
path: /etc/systemd/system/maxscale.service.d path: /etc/systemd/system/maxscale.service.d
@ -23,12 +45,6 @@
owner: root owner: root
group: root group: root
mode: 'u=rwx,g=rx,o=rx' mode: 'u=rwx,g=rx,o=rx'
- name: Install maxscale
apt:
name: maxscale
state: present
install_recommends: no
update_cache: true
- name: Ensure /etc/ssl/private has correct permissions and ownership - name: Ensure /etc/ssl/private has correct permissions and ownership
file: file:
path: /etc/ssl/private path: /etc/ssl/private
@ -36,8 +52,12 @@
owner: root owner: root
group: maxscale group: maxscale
mode: "u=rwx,g=rx,o=" mode: "u=rwx,g=rx,o="
- name: Select MaxScale template according to host
set_fact:
maxscale_template_file: >-
{{ 'test-maxscale.cnf.j2' if inventory_hostname.startswith('test') else 'maxscale.cnf.j2' }}
- name: Deploy templated configuration files - name: Deploy templated configuration files
ansible.builtin.template: template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ item.owner | default('root') }}" owner: "{{ item.owner | default('root') }}"
@ -59,9 +79,3 @@
loop: "{{ certificates }}" loop: "{{ certificates }}"
notify: notify:
- restart-maxscale - restart-maxscale

11
roles/maxscale/templates/keepalived.conf.j2
View File

@ -16,23 +16,22 @@ vrrp_script check_maxscale {
vrrp_instance {{ vip.name }} { vrrp_instance {{ vip.name }} {
interface {{ k.interface }} interface {{ k.interface }}
state BACKUP state BACKUP
priority {{ k.priorities.master if vip.host == inventory_hostname_short else k.priorities.backup }} priority {{ k.priorities.master if vip.host == inventory_hostname else k.priorities.backup }}
virtual_router_id {{ vip.vrid }} virtual_router_id {{ vip.vrid }}
advert_int 1 advert_int 1
accept accept
unicast_src_ip {{ ansible_host }} unicast_src_ip {{ ansible_default_ipv4.address }}
unicast_peer { unicast_peer {
{% for peer in k.peers if peer.host != inventory_hostname %} {% for peer in k.peers %}
{% if peer.host != inventory_hostname %}
{{ peer.ip }} {{ peer.ip }}
{% endif %}
{% endfor %} {% endfor %}
} }
virtual_ipaddress { virtual_ipaddress {
{{ vip.vip }} {{ vip.vip }}
} }
track_script { track_script {
check_maxscale check_maxscale
} }

90
roles/maxscale/templates/test-maxscale.cnf.j2 Normal file
View File

@ -0,0 +1,90 @@
# MaxScale documentation:
# https://mariadb.com/kb/en/mariadb-maxscale-2208/
# https://mariadb.com/kb/en/mariadb-maxscale-2208-mariadb-maxscale-configuration-guide/
[maxscale]
threads=auto
admin_host=0.0.0.0
admin_port=443
admin_ssl_cert={{ maxscale_config.admin_cert_path }}
admin_ssl_key={{ maxscale_config.admin_key_path }}
syslog=false
log_warning=false
logdir=/var/log/maxscale/
query_classifier_cache_size=250M
config_sync_cluster={{ maxscale_config.config_sync_cluster }}
config_sync_user={{ maxscale_config.config_sync_user }}
config_sync_password={{ lookup(passbolt, 'maxscale_config.config_sync_password', folder_parent_id=passbolt_folder).password }}
{% for server in maxscale_config.db_servers %}
[{{ server.name }}]
type=server
address={{ server.address }}
port=3307
protocol=MariaDBBackend
{% endfor %}
[MariaDB-Test-Monitor]
type=monitor
module=mariadbmon
servers={{ maxscale_config.db_servers | map(attribute='name') | join(',') }}
user={{ maxscale_config.monitor_user }}
password={{ lookup(passbolt, 'maxscale_config.monitor_password', folder_parent_id=passbolt_folder).password }}
monitor_interval=2s
replication_user={{ maxscale_config.repl_user }}
replication_password={{ lookup(passbolt, 'maxscale_config.repl_password', folder_parent_id=passbolt_folder).password }}
switchover_timeout=1m
cooperative_monitoring_locks=majority_of_running
[Read-Write-Service]
type=service
router=readwritesplit
servers=test-db1
user={{ maxscale_config.rw_user }}
password={{ lookup(passbolt, 'maxscale_config.rw_password', folder_parent_id=passbolt_folder).password }}
master_accept_reads=true
strict_multi_stmt=true
strict_sp_calls=true
slave_connections=0
max_slave_connections=0
use_sql_variables_in=master
[Read-Only-Service]
type=service
router=readconnroute
servers=test-db1
user={{ maxscale_config.ro_user }}
password={{ lookup(passbolt, 'maxscale_config.ro_password', folder_parent_id=passbolt_folder).password }}
router_options=slave
[Read-Write-Listener-SSL]
type=listener
service=Read-Write-Service
protocol=MariaDBClient
port=3306
ssl=true
ssl_cert={{ maxscale_config.db_cert_path }}
ssl_key={{ maxscale_config.db_key_path }}
ssl_ca_cert={{ maxscale_config.db_ca_path }}
[Read-Only-Listener-SSL]
type=listener
service=Read-Only-Service
protocol=MariaDBClient
port=3308
ssl=true
ssl_cert={{ maxscale_config.db_cert_path }}
ssl_key={{ maxscale_config.db_key_path }}
ssl_ca_cert={{ maxscale_config.db_ca_path }}
[Read-Write-Listener]
type=listener
service=Read-Write-Service
protocol=MariaDBClient
port=3307
[Read-Only-Listener]
type=listener
service=Read-Only-Service
protocol=MariaDBClient
port=3309