859cbbba6c
The problems at the moment with setting up SSL support with Galera are: - The keys are not used when creating users in the mysql_user Ansible module - The private key must be converted to PKCS-1 in order to work properly with Galera. - The MySQL client configuration is missing the settings that include the SSL certificates. - Hard-coding the cipher causes problems for older clients, so we instead enable SSL and let the client and server negociate the ideal cipher. This patch cleans up all of those issues, removes verbose logging from the SSL job because we have ARA to gather all the information we need and adds jobs for all the deployment platforms that we support. Change-Id: I27218c4086a50d238082895092fb8aa5e7fad807
106 lines
3.1 KiB
Django/Jinja
106 lines
3.1 KiB
Django/Jinja
{%- set all_calculated_max_connections = [] %}
|
|
{%- for galera_node in galera_cluster_members %}
|
|
{%- set vcpus = hostvars[galera_node]['ansible_processor_vcpus'] %}
|
|
{%- if all_calculated_max_connections.append([[vcpus|default(2), 2] | max, galera_wsrep_slave_threads_max] | min * 100) %}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{%- set calculated_max_connections = all_calculated_max_connections|sort %}
|
|
|
|
# {{ ansible_managed }}
|
|
|
|
[client]
|
|
port = 3306
|
|
socket = "{{ galera_var_run_socket }}"
|
|
|
|
|
|
[mysqld_safe]
|
|
socket = "{{ galera_var_run_socket }}"
|
|
nice = 0
|
|
log_error = /var/log/mysql_logs/galera_server_error.log
|
|
|
|
|
|
[mysql]
|
|
default-character-set = utf8
|
|
|
|
|
|
[mysqld]
|
|
user = mysql
|
|
collation-server = utf8_general_ci
|
|
init-connect = 'SET NAMES utf8'
|
|
character-set-server = utf8
|
|
datadir = /var/lib/mysql
|
|
bind-address = ::
|
|
{% if galera_server_id is defined %}
|
|
server-id = {{ galera_server_id }}
|
|
{% endif %}
|
|
{% if galera_use_ssl | bool %}
|
|
ssl
|
|
ssl-ca = {{ galera_ssl_ca_cert }}
|
|
ssl-cert = {{ galera_ssl_cert }}
|
|
ssl-key = {{ galera_ssl_key }}
|
|
{% endif %}
|
|
|
|
# LOGGING #
|
|
log-queries-not-using-indexes = {{ galera_unindexed_query_logging }}
|
|
slow-query-log = {{ galera_slow_query_logging }}
|
|
slow-query-log-file = /var/log/mysql_logs/mysql-slow.log
|
|
log_error = /var/log/mysql_logs/galera_server_error.log
|
|
log-bin = /var/lib/mysql/mariadb-bin
|
|
log-bin-index = /var/lib/mysql/mariadb-bin.index
|
|
expire-logs-days = 7
|
|
log_slave_updates = 1
|
|
log_bin_trust_function_creators = 1
|
|
|
|
# SAFETY #
|
|
max-allowed-packet = 16M
|
|
max-connect-errors = 1000000
|
|
|
|
# NOTE: If galera_max_connections is not configured by user, the number of max
|
|
# connections is defined by ( host_vcpus * 100 ) with a capping value of 1600.
|
|
# This value is the lowest integer based on the ansible facts gathered from
|
|
# every galera node.
|
|
# Computing the connections value using the lowest denominator maintains
|
|
# cluster integrity by not attempting to over commit to a less capable machine.
|
|
# These are the computed max_connections based on the cluster data
|
|
# {{ calculated_max_connections }}
|
|
max_connections = {{ galera_max_connections | default(calculated_max_connections[0]) }}
|
|
|
|
wait_timeout = {{ galera_wait_timeout }}
|
|
|
|
# CACHES AND LIMITS #
|
|
tmp-table-size = {{ galera_max_heap_table_size }}
|
|
max-heap-table-size = {{ galera_tmp_table_size }}
|
|
query-cache-type = 0
|
|
query-cache-size = 0M
|
|
thread-cache-size = 50
|
|
open-files-limit = {{ galera_file_limits }}
|
|
table-definition-cache = 4096
|
|
table-open-cache = 10240
|
|
|
|
# INNODB #
|
|
innodb-flush-method = O_DIRECT
|
|
innodb-log-file-size = {{ galera_innodb_log_file_size }}
|
|
innodb-flush-log-at-trx-commit = 1
|
|
innodb-file-per-table = 1
|
|
innodb-buffer-pool-size = {{ galera_innodb_buffer_pool_size }}
|
|
|
|
# Depending on number of cores and disk sub
|
|
innodb-read-io-threads = 4
|
|
innodb-write-io-threads = 4
|
|
innodb-doublewrite = 1
|
|
innodb-log-buffer-size = {{ galera_innodb_log_buffer_size }}
|
|
innodb-buffer-pool-instances = 8
|
|
innodb-log-files-in-group = 2
|
|
innodb-thread-concurrency = 64
|
|
|
|
# avoid statistics update when doing e.g show tables
|
|
innodb_stats_on_metadata = 0
|
|
|
|
[mysqldump]
|
|
quick
|
|
quote-names
|
|
max_allowed_packet = 16M
|
|
|
|
|
|
!includedir {{ galera_etc_include_dir }}/
|