13 changed files with 258 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
 ### Added

 * varnish: variable for jail configuration
+* maxscale: New role to setup a MariaDB Maxscale server

 ### Changed

--- a/maxscale/README.md
+++ b/maxscale/README.md
@ -0,0 +1,25 @@
+# maxscale
+
+Install MariaDB MaxScale on a server.
+
+## Tasks
+
+Tasks are separated in several files, included in `tasks/main.yml`:
+
+* `packages_stretch.yml`: repository and packages installation
+* `mysql_add_user.yml`: An utility task to add the two users used by MaxScale on a MySQL cluster
+* `config_stretch.yml`: configuration
+
+## Variables
+
+* `maxscale_version`: the version of MariaDB MaxScale to install
+* `maxscale_mysql_user`: the mysql user MaxScale use to get the list of databases/users/tables/… on the MySQL cluster.
+* `maxscale_mysql_password`: the plaintext password MaxScale use to connect on the cluster with `maxscale_mysql_user`.
+* `encrypted_maxscale_mysql_password`: the same variable as above but encrypted by maxpasswd on the MaxScale server (currently the plaintext version is still needed if `mysql_add_user.yml` is used).
+* `maxscale_monitor_user`: the mysql user MaxScale use to check the status of the MySQL servers.
+* `maxscale_monitor_password`: the plaintext password of `maxscale_monitor_user`.
+* `encrypted_maxscale_mysql_password`: the same variable as above but encrypted by maxpasswd on the MaxScale server (currently the plaintext version is still needed if `mysql_add_user.yml` is used).
+* `maxscale_mysql_master`: (optional) the master server ansible will create `maxscale_mysql_user` and `maxscale_monitor_user` on (keeping it `Null` cause `mysql_add_user.yml` to not be included).
+* `maxscale_mysql_servers`: list of the MySQL servers of the cluster MaxScale should monitor and connect to.
+* `maxscale_services`: list of services MaxScale will define and the ports they should listen to.
+
--- a/maxscale/defaults/main.yml
+++ b/maxscale/defaults/main.yml
@ -0,0 +1,48 @@
+---
+
+maxscale_version: 2.4
+
+# The passwords needs to be either unencrypted or encrypted with maxpasswd on
+# the MaxScale server.
+maxscale_mysql_user: maxscale
+maxscale_mysql_password: Null
+encrypted_maxscale_mysql_password: Null
+maxscale_monitor_user: monitor_user
+maxscale_monitor_password: Null
+encrypted_maxscale_monitor_password: Null
+
+# Define this variable if you want ansible to create the two users on the MySQL server
+# through delegation
+maxscale_mysql_master: Null
+
+maxscale_mysql_servers: []
+# Example (port is optional and default to 3306):
+# maxscale_mysql_servers:
+#   - name: db1
+#     address: 192.0.2.102
+#     port: 3306
+
+maxscale_services:
+  - name: "Splitter"
+    router: "readwritesplit"
+    port: 3306
+    options: []
+    filters: []
+# Full example:
+# maxscale_services:
+#   - name: "ExampleServ"
+#     router: "readwritesplit"
+#     port: 3306
+#     filters:
+#       - 'ExampleFilter'
+#     options: []
+
+maxscale_filters: []
+# Example:
+# maxscale_filters:
+#   - name: 'ExampleFilter'
+#     module: 'dbfwfilter'
+#     options:
+#       - name: 'rules'
+#         value: 'examplefilter.txt'
+
--- a/maxscale/handlers/main.yml
+++ b/maxscale/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: 'restart maxscale'
+  service:
+    name: maxscale
+    state: restarted
--- a/maxscale/meta/main.yml
+++ b/maxscale/meta/main.yml
@ -0,0 +1,20 @@
+galaxy_info:
+  author: Evolix
+  description: Install MariaDB Maxscale
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.4
+
+  platforms:
+    - name: Debian
+      version:
+        - stretch
+        - buster
+
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above, if you add dependencies
+  # to this list.
--- a/maxscale/tasks/config_stretch.yml
+++ b/maxscale/tasks/config_stretch.yml
@ -0,0 +1,30 @@
+- name: "Create key for password encryption"
+  command:
+    cmd: "/usr/bin/maxkeys"
+    creates: "/var/lib/maxscale/.secrets"
+  tags: maxscale
+
+- name: "Encrypt mysql password for saving in configuration"
+  command:
+    cmd: "/usr/bin/maxpasswd {{ maxscale_mysql_password|quote }}"
+  register: encrypt_maxscale_mysql_password_result
+  when: encrypted_maxscale_mysql_password is none
+  tags: maxscale
+
+- name: "Encrypt monitor password for saving in configuration"
+  command:
+    cmd: "/usr/bin/maxpasswd {{ maxscale_monitor_password|quote }}"
+  register: encrypt_maxscale_monitor_password_result
+  when: encrypted_maxscale_monitor_password is none
+  tags: maxscale
+
+- name: "Copy the configuration"
+  template:
+    src: "maxscale.cnf.j2"
+    dest: "/etc/maxscale.cnf"
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+  notify: 'restart maxscale'
+  tags: maxscale
+
--- a/maxscale/tasks/main.yml
+++ b/maxscale/tasks/main.yml
@ -0,0 +1,9 @@
+---
+
+- include: packages_stretch.yml
+
+- include: mysql_add_user.yml
+  when: maxscale_mysql_master is string
+
+- include: config_stretch.yml
+
--- a/maxscale/tasks/mysql_add_user.yml
+++ b/maxscale/tasks/mysql_add_user.yml
@ -0,0 +1,22 @@
+- name: "Create maxscale user on MySQL master"
+  mysql_user:
+    name: "{{ maxscale_mysql_user }}"
+    password: "{{ maxscale_mysql_password }}"
+    host: "{{ item }}"
+    priv: 'mysql.user:SELECT/mysql.db:SELECT/mysql.tables_priv:SELECT/mysql.roles_mapping:SELECT/*.*:SHOW DATABASES'
+    state: present
+  delegate_to: "{{ maxscale_mysql_master }}"
+  loop: "{{ ansible_facts['all_ipv4_addresses'] }}"
+  tags: maxscale
+
+- name: "Create monitor user on MySQL master"
+  mysql_user:
+    name: "{{ maxscale_monitor_user }}"
+    password: "{{ maxscale_monitor_password }}"
+    host: "{{ item }}"
+    priv: '*.*:REPLICATION CLIENT'
+    state: present
+  delegate_to: "{{ maxscale_mysql_master }}"
+  loop: "{{ ansible_facts['all_ipv4_addresses'] }}"
+  tags: maxscale
+
--- a/maxscale/tasks/packages_stretch.yml
+++ b/maxscale/tasks/packages_stretch.yml
@ -0,0 +1,25 @@
+- name: "Install MariaDB keys"
+  apt_key:
+    keyserver: keyserver.ubuntu.com
+    id: "{{ item }}"
+  loop:
+    - "0x13cfde6dd9ee9784f41af0f670e4618a8167ee24"
+    - "0x4c470fffefc4d3dc59778655ce1a3dd5e3c94f49"
+    - "0x199369e5404bd5fc7d2fe43bcbcb082a1bb943db"
+    - "0x177f4010fe56ca3336300305f1656f24c74cd1d8"
+    - "0x7b963f525ad3ae6259058d30135659e928c12247"
+  tags: maxscale
+
+- name: "Add MariaDB MaxScale repository"
+  apt_repository:
+    repo: "deb https://downloads.mariadb.com/MaxScale/{{ maxscale_version }}/debian {{ ansible_distribution_release }} main"
+    state: present
+    filename: mariadb-maxscale
+  tags: maxscale
+
+- name: "Install MariaDB MaxScale"
+  apt:
+    name: maxscale
+    state: present
+  tags: maxscale
+
--- a/maxscale/templates/maxscale.cnf.j2
+++ b/maxscale/templates/maxscale.cnf.j2
@ -0,0 +1,60 @@
+[maxscale]
+threads = auto
+
+{% for server in maxscale_mysql_servers %}
+[{{ server['name'] }}]
+type = server
+address = {{ server['address'] }}
+port = {{ server['port']|default(3306) }}
+protocol = MariaDBBackend
+
+{% endfor %}
+[MariaDB-Monitor]
+type = monitor
+module = mariadbmon
+servers = {% for server in maxscale_mysql_servers %}{{ server['name'] }}{% if not loop.last %}, {% endif %}{% endfor %}
+
+user = {{ maxscale_monitor_user }}
+{% if encrypted_maxscale_monitor_password is none %}
+password = {{ encrypt_maxscale_monitor_password_result['stdout'] }}
+{% else %}
+password = {{ encrypted_maxscale_monitor_password }}
+{% endif %}
+monitor_interval = 2000
+
+{% for service in maxscale_services %}
+[{{ service['name'] }}-Service]
+type = service
+router = {{ service['router'] }}
+cluster = MariaDB-Monitor
+user = {{ maxscale_mysql_user }}
+{% if encrypted_maxscale_mysql_password is none %}
+password = {{ encrypt_maxscale_mysql_password_result['stdout'] }}
+{% else %}
+password = {{ encrypted_maxscale_mysql_password }}
+{% endif %}
+{% if service['filters'] is defined and service['filters'] %}
+filters = {% for _filter in service['filters'] %}{{ _filter }}{% if not loop.last %} | {% endif %}{% endfor %}
+{% endif %}
+{% if service['options'] is defined %}
+{% for option in service['options'] %}
+{{ option['name'] }} = {{ option['value'] }}
+{% endfor %}
+{% endif %}
+
+[{{ service['name'] }}-Listener]
+type = listener
+service = {{ service['name'] }}-Service
+protocol = MariaDBClient
+port = {{ service['port'] }}
+{% endfor %}
+
+{% for _filter in maxscale_filters %}
+[{{ _filter['name'] }}]
+type = filter
+module = {{ _filter['module'] }}
+{% for option in _filter['options'] %}
+{{ option['name'] }} = {{ option['value'] }}
+{% endfor %}
+{% endfor %}
+
--- a/maxscale/tests/inventory
+++ b/maxscale/tests/inventory
@ -0,0 +1,2 @@
+localhost
+
--- a/maxscale/tests/test.yml
+++ b/maxscale/tests/test.yml
@ -0,0 +1,9 @@
+---
+- hosts: test-kitchen
+  vars:
+    maxscale_mysql_password: maxscale-pwd
+    maxscale_monitor_password: mypwd
+    maxscale_mysql_servers:
+      - 127.0.0.1 # Need at least one server
+  roles:
+    - maxscale
--- a/maxscale/vars/main.yml
+++ b/maxscale/vars/main.yml
@ -0,0 +1,2 @@
+---
+# vars file for maxscale