Merge pull request 'Make it possible to setup mysql replication' (#102) from mysql_replication into unstable

CHANGELOG.md

@@ -11,6 +11,9 @@ The **patch** part changes incrementally at each release.
 ## [Unreleased]
 
 ### Added
+* mysql: activate binary logs by specifying log_bin path
+* mysql: specify a custom server_id
+* mysql: option to define as read only
 
 ### Changed
 
@@ -51,8 +54,6 @@ The **patch** part changes incrementally at each release.
 * minifirewall: add a variable to force the check scripts update
 * mongodb: mongodb: compatibility with Debian 10
 * mysql-oracle: backport tasks from mysql role
-* mysql: activate binary logs by specifying log_bin path
-* mysql: specify a custom server_id
 * networkd-to-ifconfig: add variables for configuration by variables
 * packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
 * php: variable to install the mysqlnd module instead of the default mysql module

mysql/README.md

@@ -15,11 +15,13 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
 * `munin.yml` : Munin plugins ;
 * `log2mail.yml` : log2mail patterns ;
 * `utils.yml` : useful tools.
+* `replication.yml`: install and configure prerequisites for mysql replication, do not forget to set `mysql_bind_address`, `mysql_server_id` and `mysql_log_bin`
 
 ## Available variables
 
 * `mysql_variant` : install Oracle's MySQL or MariaDB (default: `oracle`) [Debian 8 only];
 * `mysql_replace_root_with_mysqladmin`: switch from `root` to `mysqladmin` user or not ;
+* `mysql_replication`: setup all prerequisites for replication.
 * `mysql_thread_cache_size`: number of threads for the cache ;
 * `mysql_innodb_buffer_pool_size`: amount of RAM dedicated to InnoDB ;
 * `mysql_bind_address` : (default: `Null`, default evolinux config is then used) ;
@@ -30,8 +32,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
 * `mysql_max_heap_table_size`: (default: `Null`, default evolinux config is then used) ;
 * `mysql_query_cache_limit`: (default: `Null`, default evolinux config is then used) ;
 * `mysql_query_cache_size`: (default: `Null`, default evolinux config is then used) ;
-* `mysql_log_bin`: (default: `Null`, activates binlogs if used) ;
-* `mysql_server_id`: (default: `Null`, MySQL version default is then used) ;
+* `mysql_server_id`: (default: `Null`, only used with `mysql_replication`, default mysql server id will be used otherwise) ;
 * `mysql_custom_datadir`: custom datadir.
 * `mysql_custom_tmpdir`: custom tmpdir.
 * `general_alert_email`: email address to send various alert messages (default: `root@localhost`).
@@ -41,5 +42,9 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
 * `mysql_force_new_nrpe_password` : change the password for NRPE even if it exists already (default: `False`).
 * `mysql_install_libclient`: install mysql client libraries (default: `False`).
 * `mysql_restart_if_needed` : should the restart handler be executed (default: `True`)
+* `mysql_log_bin`: (default: `Null`, activates binlogs if used with `mysql_replication`) ;
+* `mysql_repl_password`: Password hash for replication user, only creates a user if set.
+## Notes
+Changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet).
 
-NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet).
+When using replication, note that the connections from the client server on the haproxy 8306 and mysql 3306 ports need to be open and the sql servers need to communicate on port 3306.

mysql/defaults/main.yml

@@ -21,7 +21,6 @@ mysql_innodb_buffer_pool_size: '{{ (ansible_memtotal_mb * 0.3) | int }}M'
 # If these variables are changed to non-Null values,
 # they will be added in the zzz-evolinux-custom.cnf file.
 # Otherwise, the value from de the z-evolinux-defaults.cnf file will preveil.
-mysql_bind_address: Null
 mysql_max_connections: Null
 mysql_max_connect_errors: Null
 mysql_table_cache: Null
@@ -29,8 +28,9 @@ mysql_tmp_table_size: Null
 mysql_max_heap_table_size: Null
 mysql_query_cache_limit: Null
 mysql_query_cache_size: Null
-mysql_log_bin: Null
-mysql_server_id: Null
+mysql_max_allowed_packet: Null
+mysql_force_custom_config: 'no'
+mysql_innodb_log_file_size: Null
 
 mysql_cron_optimize: True
 mysql_cron_optimize_frequency: weekly
@@ -44,3 +44,12 @@ mysql_evolinux_defaults_file: z-evolinux-defaults.cnf
 mysql_evolinux_custom_file: zzz-evolinux-custom.cnf
 
 mysql_restart_if_needed: True
+
+# replication variables:
+mysql_replication: false
+mysql_log_bin: null
+mysql_binlog_format: mixed
+mysql_server_id: null
+mysql_bind_address: null
+mysql_repl_password: ''
+mysql_read_only: 0

mysql/files/xinetd/mysqlchk

@@ -0,0 +1,13 @@
+# Ansible managed
+service mysqlchk
+{
+        socket_type     = stream
+        port            = 8306
+        protocol        = tcp
+        wait            = no
+        type            = UNLISTED
+        user            = root
+        server          = /usr/share/scripts/mysqlchk.sh
+        log_on_failure  += USERID
+        disable         = no
+}

mysql/files/xinetd/mysqlchk.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Ansible managed
+#
+# http://sysbible.org/x/2008/12/04/having-haproxy-check-mysql-status-through-a-xinetd-script/
+#
+# This script checks if a mysql server is healthy running on localhost. It will
+# return:
+#
+# "HTTP/1.x 200 OK\r" (if mysql is running smoothly)
+#
+# - OR -
+#
+# "HTTP/1.x 500 Internal Server Error\r" (else)
+#
+# The purpose of this script is make haproxy capable of monitoring mysql properly
+#
+# Author: Unai Rodriguez
+#
+# It is recommended that a low-privileged-mysql user is created to be used by
+# this script. Something like this:
+#
+# mysql> GRANT SELECT on mysql.* TO 'mysqlchkusr'@'localhost' \
+#     -> IDENTIFIED BY '257retfg2uysg218' WITH GRANT OPTION;
+# mysql> flush privileges;
+
+TMP_FILE="/tmp/mysqlchk.out"
+ERR_FILE="/tmp/mysqlchk.err"
+
+#
+# We perform a simple query that should return a few results :-p
+#
+/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf  -e "show databases;" > $TMP_FILE 2> $ERR_FILE
+
+#
+# Check the output. If it is not empty then everything is fine and we return
+# something. Else, we just do not return anything.
+#
+
+if [ "$(/bin/cat $TMP_FILE)" != "" ]; then
+        # mysql is fine, return http 200
+        /bin/echo -e "HTTP/1.1 200 OK\r\n"
+        /bin/echo -e "Content-Type: Content-Type: text/plain\r\n"
+        /bin/echo -e "\r\n"
+        /bin/echo -e "MySQL is running.\r\n"
+        /bin/echo -e "\r\n"
+else
+        # mysql is fine, return http 503
+        /bin/echo -e "HTTP/1.1 503 Service Unavailable\r\n"
+        /bin/echo -e "Content-Type: Content-Type: text/plain\r\n"
+        /bin/echo -e "\r\n"
+        /bin/echo -e "MySQL is *down*.\r\n"
+        /bin/echo -e "\r\n"
+fi

mysql/handlers/main.yml

@@ -4,11 +4,6 @@
     name: munin-node
     state: restarted
 
-- name: restart nagios-nrpe-server
-  service:
-    name: nagios-nrpe-server
-    state: restarted
-
 - name: restart mysql
   service:
     name: mysql
@@ -23,3 +18,8 @@
   systemd:
     name: mysql
     daemon_reload: yes
+
+- name: 'restart xinetd'
+  service:
+    name: 'xinetd'
+    state: 'restart'

mysql/tasks/config_jessie.yml

@@ -21,6 +21,6 @@
     owner: root
     group: root
     mode: "0644"
-    force: no
+    force: "{{ mysql_force_custom_config }}"
   tags:
     - mysql

mysql/tasks/config_stretch.yml

@@ -21,7 +21,7 @@
     owner: root
     group: root
     mode: "0644"
-    force: no
+    force: "{{ mysql_force_custom_config }}"
   tags:
     - mysql
 

mysql/tasks/main.yml

@@ -22,6 +22,9 @@
 - include: config_jessie.yml
   when: ansible_distribution_release == "jessie"
 
+- include: replication.yml
+  when: mysql_replication
+
 - include: datadir.yml
 
 - include: logdir.yml

mysql/tasks/replication.yml

@@ -0,0 +1,41 @@
+---
+
+- name: 'Copy MySQL configuration for replication'
+  template:
+    src: 'replication.cnf.j2'
+    dest: "{{ mysql_config_directory }}/zzzz-replication.cnf"
+    mode: "0644"
+  notify: 'restart mysql'
+
+- name: 'Create repl user'
+  mysql_user:
+    name: 'repl'
+    host: '%'
+    encrypted: true
+    password: "{{ mysql_repl_password }}"
+    priv: '*.*:REPLICATION SLAVE,REPLICATION CLIENT'
+    update_password: 'on_create'
+    state: 'present'
+  register: create_repl_user
+  when: mysql_repl_password | length > 0
+
+- name: 'Install xinetd'
+  apt:
+    name: 'xinetd'
+
+- name: 'Add xinetd configuration for MySQL HAProxy check'
+  copy:
+    src: 'xinetd/mysqlchk'
+    dest: '/etc/xinetd.d/'
+    mode: '0644'
+  notify: 'restart xinetd'
+
+# /!\ Warning, this is a temporary hack
+- include_role:
+    name: remount-usr
+
+- name: 'Copy mysqlchk script'
+  copy:
+    src: 'xinetd/mysqlchk.sh'
+    dest: '/usr/share/scripts/'
+    mode: '0755'

mysql/templates/evolinux-custom.cnf.j2

@@ -29,9 +29,13 @@ query_cache_limit = {{ mysql_query_cache_limit }}
 {% if mysql_query_cache_limit %}
 query_cache_size = {{ mysql_query_cache_size }}
 {% endif %}
-{% if mysql_log_bin %}
-log_bin = {{ mysql_log_bin }}
+{% if mysql_max_allowed_packet %}
+max_allowed_packet = {{ mysql_max_allowed_packet }}
 {% endif %}
-{% if mysql_server_id %}
-server_id = {{ mysql_server_id }}
+{% if mysql_lower_case_table_names %}
+lower_case_table_names = {{ mysql_lower_case_table_names }}
 {% endif %}
+{% if mysql_innodb_log_file_size %}
+innodb_log_file_size = {{ mysql_innodb_log_file_size }}
+{% endif %}
+read_only = {{ mysql_read_only }}

mysql/templates/replication.cnf.j2

@@ -0,0 +1,8 @@
+# {{ansible_managed}}
+
+[mysqld]
+{% if mysql_log_bin %}
+log_bin = {{ mysql_log_bin }}
+{% endif %}
+server_id = {{ mysql_server_id }}
+binlog_format = {{ mysql_binlog_format }}