openstack/openstack-ansible-galera_server
Code Issues Proposed changes
openstack-ansible-galera_se.../tasks/galera_server_setup.yml
Dmitriy Rabotyagov f3364da086 Do not verify certificate for local connects 
We don't issue certififcate for localhost, and mysqlclient acts as
a localhost connection while connecting thorugh socket as well.
While issuing cert for localhost may lead to unpredictable results
we just avoid verifying certificate when connecting locally.

Change-Id: I556ae69c33ab9cc984d7c01868403be49faa0dbc
2021-12-08 15:32:33 +02:00

69 lines
2.3 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Run MySQL Upgrade
command: /usr/bin/mariadb-upgrade --version-check
register: galera_mysql_upgrade
changed_when:
- not galera_mysql_upgrade.stdout is search("already upgraded")
until: galera_mysql_upgrade is success
when: ansible_facts['os_family'] | lower == 'redhat'
retries: 3
delay: 10
# NOTE(noonedeadpunk): debian-start runs mariadb-upgrade with systemd unit so we
# need to wait for it to finish to avoid race conditions
- name: Wait for MySQL Upgrade to finish
wait_for:
path: /var/lib/mysql/mysql_upgrade_info
search_regex: "^{{ galera_major_version }}.{{ galera_minor_version }}"
# NOTE(noonedeadpunk): We don't need to verify hostname when connectig to socket
- name: Create galera users
community.mysql.mysql_user:
name: "{{ item.name }}"
host: "{{ item.host }}"
password: "{{ item.password }}"
priv: "{{ item.priv }}"
state: "{{ item.state }}"
login_unix_socket: "{{ galera_unix_socket }}"
check_hostname: false
with_items:
- name: "{{ galera_root_user }}"
host: "%"
password: "{{ galera_root_password }}"
priv: "*.*:ALL,GRANT"
state: present
- name: "{{ galera_root_user }}"
host: "localhost"
password: "{{ galera_root_password }}"
priv: "*.*:ALL,GRANT"
state: present
- name: "{{ galera_monitoring_user }}"
host: '%'
password: "{{ galera_monitoring_user_password }}"
priv: "*.*:USAGE"
state: present
- name: "{{ galera_monitoring_user }}"
host: 'localhost'
password: "{{ galera_monitoring_user_password }}"
priv: "*.*:USAGE"
state: present
register: galera_users
until: galera_users is success
retries: 3
delay: 10
no_log: True
View Git Blame Copy Permalink