default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Containerized service MySQL using composable services.
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerMysqlImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo.mysql.firewall_rules:
'104 mysql galera-bundle':
- 4567
- 4568
- 9200
+ -
+ if:
+ - internal_tls_enabled
+ -
+ tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
+ get_param: InternalTLSCAFile
+ - {}
+ logging_source: {get_attr: [MysqlPuppetBase, role_data, logging_source]}
+ logging_groups: {get_attr: [MysqlPuppetBase, role_data, logging_groups]}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path: /etc/pki/tls/certs/mysql.crt
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/mysql.key
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
docker_config:
step_1:
mysql_data_ownership:
start_order: 0
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
mysql_bootstrap:
start_order: 1
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
+ user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- - '-ec'
+ - '-ecx'
-
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- - 'kolla_start'
+ - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
+ - 'sudo -u mysql -E kolla_start'
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_image_tag:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
+ params:
+ MYSQL_IMAGE: {get_param: DockerMysqlImage}
+ MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
+ image: {get_param: DockerMysqlImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
mysql_init_bundle:
start_order: 1
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
file:
path: /var/lib/mysql
state: directory
+ metadata_settings:
+ get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: galera
+ state: master
+ check_mode: true
+ ignore_errors: true
+ register: galera_res
- name: Disable the galera cluster resource
tags: step2
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Delete the stopped galera cluster resource.
tags: step2
pacemaker_resource:
resource: galera
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
+ - name: Remove clustercheck service from xinetd
+ tags: step2
+ file: state=absent path=/etc/xinetd.d/galera-monitor
+ - name: Restart xinetd service after clustercheck removal
+ tags: step2
+ service: name=xinetd state=restarted