OpenStack-Ansible Galera server

OpenStack-Ansible Galera server

Ansible role to install and configure a Galera cluster powered by MariaDB

To clone or view the source code for this repository, visit the role repository for galera_server.

Default variables

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
galera_server_package_state: "latest"

galera_cluster_members: "{{ groups['galera_all'] }}"
galera_server_bootstrap_node: "{{ galera_cluster_members[0] }}"
galera_ignore_cluster_state: false
galera_upgrade: false

galera_wsrep_node_name: "{{ inventory_hostname }}"
galera_cluster_name: openstack_galera_cluster

# This variable will prevent the galera_cluster_name from changing unintentionally on a running cluster.
# To intentionally change the galera_cluster_name set this variable to True
galera_force_change_cluster_name: False

# The galera server-id should be set on all cluster nodes to ensure
#  that replication is handled correctly and the error
#  "Warning: You should set server-id to a non-0 value if master_host is
#   set; we will force server id to 2, but this MySQL server will not act
#   as a slave." is no longer present.
# galera_server_id: 0

# These are here to stub out the internal ROLE API.
#  if these are used they should be set within the
#  distro specific variable files found in vars/
galera_debconf_items: []
galera_server_percona_distro_packages: []
galera_mariadb_server_package: "{{ _galera_mariadb_server_package }}"

# The major version used to select the repo URL path
galera_major_version: 10.1
galera_minor_version: 30

# Set the URL for the MariaDB repository
galera_repo_host: "downloads.mariadb.com"
galera_repo_url: "{{ _galera_repo_url }}"

# Set the repo information for the MariaDB repository
galera_repo: "{{ _galera_repo }}"

# Set the gpg keys needed to be imported
galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}"

# Set the URL for the Percona Xtrabackup repository
galera_percona_xtrabackup_repo_url: "{{ _galera_percona_xtrabackup_repo_url | default('') }}"

# Set the rpo information for the Percona Xtrabackup repository
galera_percona_xtrabackup_repo: "{{ _galera_percona_xtrabackup_repo | default({}) }}"

# Enable the use of the upstream percona repo
use_percona_upstream: "{{ _use_percona_upstream }}"

galera_existing_cluster: true
galera_running_and_bootstrapped: false

galera_monitoring_user: monitoring
galera_monitoring_user_password: ""

# WARNING: Set this to open xinetd rules for galera monitoring.
# This is REQUIRED to run a working openstack-ansible deployment.
# If it's undefined the galera cluster state can't be reported,
# and haproxy would fail to do proper load balancing on the cluster.
# Because this opens connections to the cluster status, this
# should be restricted, which we do in the integrated build.
# Please override accordingly to your use case.
# This can be replaced with other hostnames, cidr, ips, and ips + wildcards.
#
#galera_monitoring_allowed_source: "0.0.0.0/0"

galera_root_user: root

# WARNING: This option is deprecated and will be removed in v12.0
galera_gcache_size: 1024M

galera_max_heap_table_size: 32M
galera_tmp_table_size: 32M

galera_file_limits: 65535
galera_wait_timeout: 3600
# Increase this value if large SST transfers cause mysql startup to fail due
# to timeout
galera_startup_timeout: 1800

## innodb options
galera_innodb_buffer_pool_size: 4096M
galera_innodb_log_file_size: 1024M
galera_innodb_log_buffer_size: 128M

## wsrep configuration
galera_wsrep_address: "{{ ansible_host }}"
galera_wsrep_cluster_address: >-
  {% set _var = [] -%}
  {% for cluster_host in galera_cluster_members -%}
  {% set _addr = hostvars[cluster_host]['galera_wsrep_address']
                 | default(hostvars[cluster_host]['ansible_host']) -%}
  {% if _var.append(_addr) %}{% endif -%}
  {% endfor -%}
  {# If only 1 cluster member is present output an empty string so the
     single-node member will re-bootstrap correctly upon restart #}
  {{ _var | join(',') if galera_cluster_members | length > 1 else '' }}
galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}"
## Cap the maximum number of threads / workers when a user value is unspecified.
galera_wsrep_slave_threads_max: 16
galera_wsrep_slave_threads: "{{ [[ansible_processor_vcpus|default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}"
galera_wsrep_retry_autocommit: 3
galera_wsrep_debug: 0
galera_wsrep_sst_method: xtrabackup-v2
galera_wsrep_provider_options:
  - { option: "gcache.size", value: "{{ galera_gcache_size }}" }
galera_wsrep_sst_auth_user: "root"
galera_wsrep_sst_auth_password: "{{ galera_root_password  }}"

# xtrabackup parallel/compression/sync threads
galera_xtrabackup_threads: 4

galera_pip_packages:
  - MySQL-python
  - pycrypto

galera_pip_package_state: "latest"

# Galera slow/unindexed query logging
galera_slow_query_logging: 0
galera_unindexed_query_logging: 0

## Tunable overrides
galera_my_cnf_overrides: {}
galera_cluster_cnf_overrides: {}
galera_debian_cnf_overrides: {}

# Set the max connections value for galera. Set this value to override the
# computed value which is (100 x vCPUs) with a cap of 1600. If computed, the
# lowest value throughout the cluster will be used which is something to note
# if deploying galera on different hardware.
# galera_max_connections: 500

# Settings for percona and qpress
# The [percona|qpress]_arch_[url|sha256] hashes can be found in the distro vars files.
galera_package_arch: "{{ hostvars[inventory_hostname]['ansible_architecture'] }}"

# Validate SSL certificates when downloading the galera deb above
# May be set to "no" when proxy server is intercepting the certificates.
percona_package_download_validate_certs: yes
percona_package_url: "{{ percona_arch_url.get( galera_package_arch | lower ) }}"
percona_package_fallback_url: "{{ percona_arch_fallback_url.get( galera_package_arch | lower ) }}"
percona_package_sha256: "{{ percona_arch_sha256.get( galera_package_arch | lower ) }}"
percona_package_path: "/opt/{{ percona_package_url | basename }}"

qpress_package_download_validate_certs: yes
qpress_package_url: "{{ qpress_arch_url.get( galera_package_arch | lower ) }}"
qpress_package_fallback_url: "{{ qpress_arch_fallback_url.get( galera_package_arch | lower ) }}"
qpress_package_sha256: "{{ qpress_arch_sha256.get( galera_package_arch | lower ) }}"
qpress_package_path: "/opt/{{ qpress_package_url | basename }}"

# This is only applied if the ansible_pkg_mgr is 'apt'
galera_server_distro_package_pins:
  - package: '*'
    release: MariaDB
    priority: 1001
  # Blacklist 10.1.27 release due to https://jira.mariadb.org/browse/MDEV-13908
  # which causes MariaDB to segfault with galera enabled.
  - package: mariadb-server
    version: 10.1.27+maria-1~xenial
    priority: -1
  # TODO(evrardjp): Remove pin when clustering issue is figured out
  # Clustering issue
  - package: mariadb-server
    version: 10.1.31+maria-1~xenial
    priority: -1

# Galera Server SSL functionality.

galera_use_ssl: false
galera_ssl_cert: /etc/mysql/ssl/galera.pem
galera_ssl_key: /etc/mysql/ssl/galera.key
galera_ssl_ca_cert: /etc/mysql/ssl/galera-ca.pem
# These options should be specified in user_variables if necessary, otherwise self-signed certs are used.
galera_user_ssl_cert: /etc/openstack_deploy/self_signed_certs/galera.pem
galera_user_ssl_key: /etc/openstack_deploy/self_signed_certs/galera.key
galera_user_ssl_ca_cert: /etc/openstack_deploy/self_signed_certs/galera-ca.pem
# Set galera_ssl_self_signed_regen to true if you want to generate a new
# SSL certificate for Galera when this playbook runs.  You can also change
# the subject of the self-signed certificate here if you prefer.
galera_ssl_self_signed_regen: false
galera_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ galera_ssl_address }}"
galera_ssl_ca_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT"
# This option is used for creating the CA and overriding the Galera address on the clients side.
# Should be set to either public VIP of VIP FQDN, depending on what is currently used in the env.
galera_ssl_address: "{{ ansible_host }}"

# MariaDB 10.1+ ships with 'PrivateDevices=True' in the systemd unit file. This
# provides some additional security, but it causes problems with creating
# mount namespaces on CentOS 7 with systemd 219. While the security
# enhancements are helpful on bare metal hosts with multiple services running,
# they are not as helpful when MariaDB is running in a container with its own
# isolated namespaces.
#
# Related bugs:
#   https://bugs.launchpad.net/openstack-ansible/+bug/1697531
#   https://github.com/lxc/lxc/issues/1623
#   https://github.com/systemd/systemd/issues/6121
#
# Setting the following variable to 'yes' will disable the PrivateDevices
# setting in the systemd unit file for MariaDB on CentOS 7 hosts.
galera_disable_privatedevices: no

# Allow the playbook to orchestrate service restart handlers
galera_external_restart_handlers: no

Required variables

To use this role, define the following variables:

galera_root_password: secrete

Example playbook

- name: Install Galera server
  hosts: galera_all
  user: root
  roles:
    - { role: "galera_server" }
  vars:
    galera_root_password: secrete
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.