YuruC3/Ansible-Galera-Deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I've tried using Jijna2 templates.

Browse Source
This commit is contained in:
YuruC3 2025-06-16 20:25:32 +02:00
parent 991c2a2913
commit 66a585b124
13 changed files with 23490 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
galera-infra/haproxy/chck_haproxy.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
if systemctl is-active --quiet haproxy; then
exit 0
else
exit 1
fi

85
galera-infra/haproxy/haproxy.conf.j2 Normal file
View File

@ -0,0 +1,85 @@
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
#local2 /var/log/haproxy.log
#
#log 127.0.0.1 local2
log /dev/log local0
chroot /var/lib/haproxy
#pidfile /var/run/haproxy.pid
maxconn 80000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global
retries 1
timeout queue 15s
timeout connect 7s
timeout client 30s
timeout server 30s
timeout check 5s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
# Galera Cluster Frontend configuration
{% if haproxy_frontend_name is not "galera_default_frontend"%}
frontend {{ haproxy_frontend_name }}
{% else %}
frontend galera_default_frontend
{% endif %}
bind *:3306
mode tcp
option tcplog
tcp-request inspect-delay 5s
{% if haproxy_backend_name is not "galera_default_backend"%}
default_backend {{ haproxy_backend_name }}
{% else %}
default_backend galera_default_backend
{% endif %}
#---------------------------------------------------------------------
# active-backup redirection between the various backends
#---------------------------------------------------------------------
# Galera Cluster Backend configuration
{% if haproxy_backend_name is not "galera_default_backend"%}
backend {{ haproxy_backend_name }}
{% else %}
backend galera_default_backend
{% endif %}
mode tcp
option tcpka
option srvtcpka
balance roundrobin
option mysql-check user HaProxyLB
default-server inter 3s rise 2 fall 3
{% for node in groups[galera_cluster_nodes]%}
server node{{ loop.index }} {{ node }}:3306 check weight 1
{% endfor %}

50
galera-infra/haproxy/keepalived.conf.j2 Normal file
View File

@ -0,0 +1,50 @@
global_defs {
enable_script_security
script_user keepaliveddd
}
vrrp_script track_haproxy {
script "/etc/keepalived/chck_haproxy.sh"
interval 2
}
vrrp_instance NGDB--LB {
state MASTER
{% if keepalived_int is not "eth0"%}
interface {{ keepalived_int }}
{% else %}
interface eth0
{% endif %}
{% if keepalived_vrid is not 30%}
virtual_router_id {{ keepalived_vrid }}
{% else %}
virtual_router_id 30
{% endif %}
priority 100
advert_int 1
unicast_src_ip {{ hostvars[inventory_hostname]['ansible_host'] }}
unicast_peer {
{% for host in groups["galera_lb_nodes"] %}
{{ host }}
{% endfor%}
}
authentication {
auth_type PASS
{% if authpass is not "ChangeMe"%}
auth_pass {{ authpass }}
{% else %}
auth_pass 4zaLp1MV
{% endif %}
}
track_script {
track_haproxy
}
virtual_ipaddress {
{{ vip_address }}/{{ vip_address_cidr }} dev {{ vip_address_int }}
}
}

19
galera-infra/haproxy/loadBalancers.vars.yaml Normal file
View File

@ -0,0 +1,19 @@
---
vars1: "1"
vars2: "2"
# HAProxy config
haproxy_backend_name: galera_default_backend
haproxy_frontend_name: galera_default_frontend
# keepalived config
keepalived_int: eth0
keepalived_vrid: 30
vip_address: 2.1.3.7
vip_address_cidr: 27
vip_address_int: eth1
# This can be at most 8 characters
authpass: ChangeMe

29
loadBalancers.yaml → galera-infra/haproxy/loadBalancers.yaml
View File

@ -1,7 +1,7 @@
---
- name: Install LB for galera cluster
hosts: 1.2.3.4
hosts: 1.1.1.1, 2.2.2.2, 3.3.3.3
become: yes
gather_facts: yes
vars_files:
@ -36,18 +36,21 @@
- curl
- keepalived
- haproxy
- sudo
- name: Create keepalivedusr
- name: copy chck_haproxy.sh
- name: set exec perms on chck_haproxy.sh
- name: copy haproxy config
- name: copy keepalived config
- name: restart haproxy
- name: restart keepalived
- name: template to copy from
apt:
state: brainrot
environment:
WAZUH_AGENT_GROUP: "{{ wazuh_agent_groups }}"
WAZUH_MANAGER: "{{ wazuh_manager_ip }}"
WAZUH_AGENT_NAME: "{{ wazuh_agent_name }}"
# bootstarp on first node
# galera_new_cluster

5
galera-infra/inventory.ini Normal file
View File

@ -0,0 +1,5 @@
[galera_cluster_nodes]
[galera_lb_nodes]

19
galera-infra/mariadb/50-client.conf.j2 Normal file
View File

@ -0,0 +1,19 @@
#
# This group is read by the client library
# Use it for options that affect all clients, but not the server
#
[client]
# Example of client certificate usage
#ssl-cert = /etc/mysql/client-cert.pem
#ssl-key = /etc/mysql/client-key.pem
#
# Allow only TLS encrypted connections
#ssl-verify-server-cert = on
# This group is *never* read by mysql client library, though this
# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
# client anyway.
# If you use the same .cnf file for MySQL and MariaDB,
# use it for MariaDB-only client options
[client-mariadb]

124
galera-infra/mariadb/50-server.conf.j2 Normal file
View File

@ -0,0 +1,124 @@
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
#
# * Basic Settings
#
#user = mysql
pid-file = /run/mysqld/mysqld.pid
basedir = /usr
#datadir = /var/lib/mysql
#tmpdir = /tmp
# Broken reverse DNS slows down connections considerably and name resolve is
# safe to skip if there are no "host by domain name" access grants
{% if galera_skip_name_resolve == true_%}
skip-name-resolve
{% else %}
#skip-name-resolve
{% endif %}
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
bind-address = {{ hostvars[inventory_hostname]['ansible_host'] }}
#
# * Fine Tuning
#
#key_buffer_size = 128M
#max_allowed_packet = 1G
#thread_stack = 192K
#thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
#myisam_recover_options = BACKUP
#max_connections = 100
#table_cache = 64
#
# * Logging and Replication
#
# Note: The configured log file or its directory need to be created
# and be writable by the mysql user, e.g.:
# $ sudo mkdir -m 2750 /var/log/mysql
# $ sudo chown mysql /var/log/mysql
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# Recommend only changing this at runtime for short testing periods if needed!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
# When running under systemd, error logging goes via stdout/stderr to journald
# and when running legacy init error logging goes to syslog due to
# /etc/mysql/conf.d/mariadb.conf.d/50-mysqld_safe.cnf
# Enable this if you want to have error logging into a separate file
#log_error = /var/log/mysql/error.log
# Enable the slow query log to see queries with especially long duration
#log_slow_query_file = /var/log/mysql/mariadb-slow.log
#log_slow_query_time = 10
#log_slow_verbosity = query_plan,explain
#log-queries-not-using-indexes
#log_slow_min_examined_row_limit = 1000
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
#max_binlog_size = 100M
#
# * SSL/TLS
#
# For documentation, please read
# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
#ssl-ca = /etc/mysql/cacert.pem
#ssl-cert = /etc/mysql/server-cert.pem
#ssl-key = /etc/mysql/server-key.pem
#require-secure-transport = on
#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# Most important is to give InnoDB 80 % of the system RAM for buffer use:
# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
#innodb_buffer_pool_size = 8G
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.11 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.11]

11
70-galera.conf → galera-infra/mariadb/60-galera.conf.j2
View File

@ -8,8 +8,8 @@
#[mysqld]
# Mandatory settings
wsrep_on = ON
wsrep_cluster_name = "NGDB-GALERA"
wsrep_cluster_address = "gcomm://192.168.44.9,192.168.44.10,192.168.44.11,192.168.44.12,192.168.44.13"
wsrep_cluster_name = "{{ galera_cluster_name }}"
wsrep_cluster_address = "gcomm://{{ groups['galera_cluster_nodes'] | map('extract', hostvars, 'ansible_host') | join(',') }}"
binlog_format = row
default_storage_engine = InnoDB
wsrep_sst_method =rsync
@ -18,11 +18,8 @@ wsrep_provider =/usr/lib/galera/libgalera_smm.so
# Galera Node Configuration
wsrep_node_address="192.168.44.12"
wsrep_node_name="{{ galera_cluster_name }}"
# Allow server to accept connections on all interfaces.
#bind-address = <OPTIONAL_BIND_ADDR>
wsrep_node_address = "{{ hostvars[inventory_hostname]['ansible_host'] }}"
wsrep_node_name="{{ ansible_hostname }}"
# Configure TLS
# Change/uncomment accoridingly

2
galeraDeploy.vars.yaml → galera-infra/mariadb/galeraDeploy.vars.yaml
View File

@ -5,3 +5,5 @@ hosts:
- 1.1.1.1
- 2.2.2.2
- 3.3.3.3
galera_skip_name_resolve: true

18
galeraDeploy.yaml → galera-infra/mariadb/galeraDeploy.yaml
View File

@ -39,19 +39,19 @@
- mariadb-server
- mariadb-client
- galera-4
- sudo
- name: replace 50-client.conf
- name: replace 50-server.conf
- name: template to copy from
apt:
state: brainrot
set_fact:
wazuh_agent_name: "{{ ansible_hostname }}"
environment:
WAZUH_AGENT_GROUP: "{{ wazuh_agent_groups }}"
WAZUH_MANAGER: "{{ wazuh_manager_ip }}"
WAZUH_AGENT_NAME: "{{ wazuh_agent_name }}"
- name: replace 60-galera.conf
- name: bootstrap galera cluster on first node and wait 30 seconds
- name: restart mariadb on every node sequentially
- name: Create HaProxyLB for mysql checks on haproxy
# bootstarp on first node

23148
gather_facts.log Normal file
View File

File diff suppressed because it is too large Load Diff

3
loadBalancers.vars.yaml
View File

@ -1,3 +0,0 @@
---
vars1: "1"
vars2: "2"