openstack/openstack-ansible-galera_server
Code Issues Proposed changes
4b3df86bab
openstack-ansible-galera_se.../templates/my.cnf.j2
Mohammed Naser 859cbbba6c Fix SSL support 
The problems at the moment with setting up SSL support with
Galera are:

- The keys are not used when creating users in the mysql_user
  Ansible module
- The private key must be converted to PKCS-1 in order to work
  properly with Galera.
- The MySQL client configuration is missing the settings that
  include the SSL certificates.
- Hard-coding the cipher causes problems for older clients,
  so we instead enable SSL and let the client and server
  negociate the ideal cipher.

This patch cleans up all of those issues, removes verbose
logging from the SSL job because we have ARA to gather all
the information we need and adds jobs for all the deployment
platforms that we support.

Change-Id: I27218c4086a50d238082895092fb8aa5e7fad807
2018-06-07 09:58:44 -04:00

106 lines
3.1 KiB
Django/Jinja
Raw Blame History

{%- set all_calculated_max_connections = [] %}
{%- for galera_node in galera_cluster_members %}
{%- set vcpus = hostvars[galera_node]['ansible_processor_vcpus'] %}
{%- if all_calculated_max_connections.append([[vcpus|default(2), 2] | max, galera_wsrep_slave_threads_max] | min * 100) %}
{%- endif %}
{%- endfor %}
{%- set calculated_max_connections = all_calculated_max_connections|sort %}
# {{ ansible_managed }}
[client]
port = 3306
socket = "{{ galera_var_run_socket }}"
[mysqld_safe]
socket = "{{ galera_var_run_socket }}"
nice = 0
log_error = /var/log/mysql_logs/galera_server_error.log
[mysql]
default-character-set = utf8
[mysqld]
user = mysql
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
datadir = /var/lib/mysql
bind-address = ::
{% if galera_server_id is defined %}
server-id = {{ galera_server_id }}
{% endif %}
{% if galera_use_ssl | bool %}
ssl
ssl-ca = {{ galera_ssl_ca_cert }}
ssl-cert = {{ galera_ssl_cert }}
ssl-key = {{ galera_ssl_key }}
{% endif %}
# LOGGING #
log-queries-not-using-indexes = {{ galera_unindexed_query_logging }}
slow-query-log = {{ galera_slow_query_logging }}
slow-query-log-file = /var/log/mysql_logs/mysql-slow.log
log_error = /var/log/mysql_logs/galera_server_error.log
log-bin = /var/lib/mysql/mariadb-bin
log-bin-index = /var/lib/mysql/mariadb-bin.index
expire-logs-days = 7
log_slave_updates = 1
log_bin_trust_function_creators = 1
# SAFETY #
max-allowed-packet = 16M
max-connect-errors = 1000000
# NOTE: If galera_max_connections is not configured by user, the number of max
# connections is defined by ( host_vcpus * 100 ) with a capping value of 1600.
# This value is the lowest integer based on the ansible facts gathered from
# every galera node.
# Computing the connections value using the lowest denominator maintains
# cluster integrity by not attempting to over commit to a less capable machine.
# These are the computed max_connections based on the cluster data
# {{ calculated_max_connections }}
max_connections = {{ galera_max_connections | default(calculated_max_connections[0]) }}
wait_timeout = {{ galera_wait_timeout }}
# CACHES AND LIMITS #
tmp-table-size = {{ galera_max_heap_table_size }}
max-heap-table-size = {{ galera_tmp_table_size }}
query-cache-type = 0
query-cache-size = 0M
thread-cache-size = 50
open-files-limit = {{ galera_file_limits }}
table-definition-cache = 4096
table-open-cache = 10240
# INNODB #
innodb-flush-method = O_DIRECT
innodb-log-file-size = {{ galera_innodb_log_file_size }}
innodb-flush-log-at-trx-commit = 1
innodb-file-per-table = 1
innodb-buffer-pool-size = {{ galera_innodb_buffer_pool_size }}
# Depending on number of cores and disk sub
innodb-read-io-threads = 4
innodb-write-io-threads = 4
innodb-doublewrite = 1
innodb-log-buffer-size = {{ galera_innodb_log_buffer_size }}
innodb-buffer-pool-instances = 8
innodb-log-files-in-group = 2
innodb-thread-concurrency = 64
# avoid statistics update when doing e.g show tables
innodb_stats_on_metadata = 0
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
!includedir {{ galera_etc_include_dir }}/
View Git Blame Copy Permalink