From 5c6b60bf7fce5d95379a138659013d4ed7fc6e09 Mon Sep 17 00:00:00 2001
From: Tim Flink <tflink@fedoraproject.org>
Date: Sat, 31 Jan 2015 01:35:47 +0000
Subject: [PATCH] adding mariadb_server role and needed bits for putting
 mariadb on db-qa01.qa

---
 handlers/restart_services.yml                 |   3 +
 .../host_vars/db-qa01.qa.fedoraproject.org    |   2 +
 playbooks/groups/mariadb-server.yml           |  52 ++++++
 .../files/my.cnf.db-qa01.qa.fedoraproject.org | 156 ++++++++++++++++++
 roles/mariadb_server/files/my.cnf.default     | 152 +++++++++++++++++
 roles/mariadb_server/tasks/main.yml           |  32 ++++
 roles/mariadb_server/templates/dotmy.cnf.j2   |   3 +
 7 files changed, 400 insertions(+)
 create mode 100644 playbooks/groups/mariadb-server.yml
 create mode 100644 roles/mariadb_server/files/my.cnf.db-qa01.qa.fedoraproject.org
 create mode 100644 roles/mariadb_server/files/my.cnf.default
 create mode 100644 roles/mariadb_server/tasks/main.yml
 create mode 100644 roles/mariadb_server/templates/dotmy.cnf.j2

diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 5398d47f0c..a6b1b6d31d 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -150,3 +150,6 @@
 
 - name: restart keepalived
   service: name=keepalived state=restarted
+
+- name: restart mariadb
+  service: name=mariadb state=restarted
diff --git a/inventory/host_vars/db-qa01.qa.fedoraproject.org b/inventory/host_vars/db-qa01.qa.fedoraproject.org
index 27ce48dcab..3e1c2b81fe 100644
--- a/inventory/host_vars/db-qa01.qa.fedoraproject.org
+++ b/inventory/host_vars/db-qa01.qa.fedoraproject.org
@@ -26,6 +26,8 @@ dbs_to_backup:
 - resultsdb_stg
 - resultsdb_dev
 
+mariadb_root_password: "{{ dbqa01_mysql_root_password }}"
+
 # These are normally group variables, but in this case db servers are often different
 lvm_size: 300000
 mem_size: 8192
diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml
new file mode 100644
index 0000000000..a313a4bff5
--- /dev/null
+++ b/playbooks/groups/mariadb-server.yml
@@ -0,0 +1,52 @@
+# create a new mariadb database server system
+# NOTE: should be used with --limit most of the time
+# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
+
+- name: make mariadb-server instance
+  hosts: db-qa01.qa.fedoraproject.org
+  user: root
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - include: "{{ tasks }}/virt_instance_create.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+# Once the instance exists, configure it. 
+
+- name: configure mariadb server system
+  hosts: db-qa01.qa.fedoraproject.org
+  user: root
+  gather_facts: True
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - { role: denyhosts, when: ansible_distribution_major_version != '7' }
+  - fas_client
+  - nagios_client
+  - hosts
+  - mariadb_server
+  - collectd/base
+  - sudo
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+
+# TODO: add iscsi task
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/mariadb_server/files/my.cnf.db-qa01.qa.fedoraproject.org b/roles/mariadb_server/files/my.cnf.db-qa01.qa.fedoraproject.org
new file mode 100644
index 0000000000..fd9d75a333
--- /dev/null
+++ b/roles/mariadb_server/files/my.cnf.db-qa01.qa.fedoraproject.org
@@ -0,0 +1,156 @@
+# Example MariaDB config file for medium systems.
+#
+# This is for a system with little memory (32M - 64M) where MariaDB plays
+# an important part, or systems up to 128M where MariaDB is used together with
+# other programs (such as a web server)
+#
+# MariaDB programs look for option files in a set of
+# locations which depend on the deployment platform.
+# You can copy this option file to one of those
+# locations. For information about these locations, do:
+# 'my_print_defaults --help' and see what is printed under
+# Default options are read from the following files in the given order:
+# More information at: http://dev.mysql.com/doc/mysql/en/option-files.html
+#
+# In this file, you can use all long options that a program supports.
+# If you want to know which options a program supports, run the program
+# with the "--help" option.
+
+# The following options will be passed to all MariaDB clients
+[client]
+#password	= your_password
+port		= 3306
+socket		= /var/lib/mysql/mysql.sock
+
+# Here follows entries for some specific programs
+
+# The MariaDB server
+[mysqld]
+port		= 3306
+socket		= /var/lib/mysql/mysql.sock
+skip-external-locking
+key_buffer_size = 16M
+max_allowed_packet = 1M
+table_open_cache = 64
+sort_buffer_size = 512K
+net_buffer_length = 8K
+read_buffer_size = 256K
+read_rnd_buffer_size = 512K
+myisam_sort_buffer_size = 8M
+
+# setting STRICT_ALL_TABLES for phabricator
+sql_mode=STRICT_ALL_TABLES
+
+# Point the following paths to different dedicated disks
+#tmpdir		= /tmp/
+
+# Don't listen on a TCP/IP port at all. This can be a security enhancement,
+# if all processes that need to connect to mysqld run on the same host.
+# All interaction with mysqld must be made via Unix sockets or named pipes.
+# Note that using this option without enabling named pipes on Windows
+# (via the "enable-named-pipe" option) will render mysqld useless!
+# 
+#skip-networking
+
+# Replication Master Server (default)
+# binary logging is required for replication
+log-bin=mysql-bin
+
+# binary logging format - mixed recommended
+binlog_format=mixed
+
+# required unique id between 1 and 2^32 - 1
+# defaults to 1 if master-host is not set
+# but will not function as a master if omitted
+server-id	= 1
+
+# Replication Slave (comment out master section to use this)
+#
+# To configure this host as a replication slave, you can choose between
+# two methods :
+#
+# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
+#    the syntax is:
+#
+#    CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
+#    MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
+#
+#    where you replace <host>, <user>, <password> by quoted strings and
+#    <port> by the master's port number (3306 by default).
+#
+#    Example:
+#
+#    CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
+#    MASTER_USER='joe', MASTER_PASSWORD='secret';
+#
+# OR
+#
+# 2) Set the variables below. However, in case you choose this method, then
+#    start replication for the first time (even unsuccessfully, for example
+#    if you mistyped the password in master-password and the slave fails to
+#    connect), the slave will create a master.info file, and any later
+#    change in this file to the variables' values below will be ignored and
+#    overridden by the content of the master.info file, unless you shutdown
+#    the slave server, delete master.info and restart the slaver server.
+#    For that reason, you may want to leave the lines below untouched
+#    (commented) and instead use CHANGE MASTER TO (see above)
+#
+# required unique id between 2 and 2^32 - 1
+# (and different from the master)
+# defaults to 2 if master-host is set
+# but will not function as a slave if omitted
+#server-id       = 2
+#
+# The replication master for this slave - required
+#master-host     =   <hostname>
+#
+# The username the slave will use for authentication when connecting
+# to the master - required
+#master-user     =   <username>
+#
+# The password the slave will authenticate with when connecting to
+# the master - required
+#master-password =   <password>
+#
+# The port the master is listening on.
+# optional - defaults to 3306
+#master-port     =  <port>
+#
+# binary logging - not required for slaves, but recommended
+#log-bin=mysql-bin
+
+# Uncomment the following if you are using InnoDB tables
+innodb_data_home_dir = /var/lib/mysql
+innodb_data_file_path = ibdata1:10M:autoextend
+innodb_log_group_home_dir = /var/lib/mysql
+# You can set .._buffer_pool_size up to 50 - 80 %
+# of RAM but beware of setting memory usage too high
+innodb_buffer_pool_size = 1600M
+innodb_additional_mem_pool_size = 200M
+# Set .._log_file_size to 25 % of buffer pool size
+innodb_log_file_size = 400M
+innodb_log_buffer_size = 800M
+innodb_flush_log_at_trx_commit = 1
+innodb_lock_wait_timeout = 50
+
+# added as per reccommended by phab setup
+ft_stopword_file=/usr/share/phabricator/resources/sql/stopwords.txt
+ft_min_word_len=3
+
+[mysqldump]
+quick
+max_allowed_packet = 16M
+
+[mysql]
+no-auto-rehash
+# Remove the next comment character if you are not familiar with SQL
+#safe-updates
+
+[myisamchk]
+key_buffer_size = 20M
+sort_buffer_size = 20M
+read_buffer = 2M
+write_buffer = 2M
+
+[mysqlhotcopy]
+interactive-timeout
diff --git a/roles/mariadb_server/files/my.cnf.default b/roles/mariadb_server/files/my.cnf.default
new file mode 100644
index 0000000000..4633d7ad8a
--- /dev/null
+++ b/roles/mariadb_server/files/my.cnf.default
@@ -0,0 +1,152 @@
+# Example MariaDB config file for medium systems.
+#
+# This is for a system with little memory (32M - 64M) where MariaDB plays
+# an important part, or systems up to 128M where MariaDB is used together with
+# other programs (such as a web server)
+#
+# MariaDB programs look for option files in a set of
+# locations which depend on the deployment platform.
+# You can copy this option file to one of those
+# locations. For information about these locations, do:
+# 'my_print_defaults --help' and see what is printed under
+# Default options are read from the following files in the given order:
+# More information at: http://dev.mysql.com/doc/mysql/en/option-files.html
+#
+# In this file, you can use all long options that a program supports.
+# If you want to know which options a program supports, run the program
+# with the "--help" option.
+
+# The following options will be passed to all MariaDB clients
+[client]
+#password	= your_password
+port		= 3306
+socket		= /var/lib/mysql/mysql.sock
+
+# Here follows entries for some specific programs
+
+# The MariaDB server
+[mysqld]
+port		= 3306
+socket		= /var/lib/mysql/mysql.sock
+skip-external-locking
+key_buffer_size = 16M
+max_allowed_packet = 1M
+table_open_cache = 64
+sort_buffer_size = 512K
+net_buffer_length = 8K
+read_buffer_size = 256K
+read_rnd_buffer_size = 512K
+myisam_sort_buffer_size = 8M
+
+# setting STRICT_ALL_TABLES for phabricator
+sql_mode=STRICT_ALL_TABLES
+
+# Point the following paths to different dedicated disks
+#tmpdir		= /tmp/
+
+# Don't listen on a TCP/IP port at all. This can be a security enhancement,
+# if all processes that need to connect to mysqld run on the same host.
+# All interaction with mysqld must be made via Unix sockets or named pipes.
+# Note that using this option without enabling named pipes on Windows
+# (via the "enable-named-pipe" option) will render mysqld useless!
+# 
+#skip-networking
+
+# Replication Master Server (default)
+# binary logging is required for replication
+log-bin=mysql-bin
+
+# binary logging format - mixed recommended
+binlog_format=mixed
+
+# required unique id between 1 and 2^32 - 1
+# defaults to 1 if master-host is not set
+# but will not function as a master if omitted
+server-id	= 1
+
+# Replication Slave (comment out master section to use this)
+#
+# To configure this host as a replication slave, you can choose between
+# two methods :
+#
+# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
+#    the syntax is:
+#
+#    CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
+#    MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
+#
+#    where you replace <host>, <user>, <password> by quoted strings and
+#    <port> by the master's port number (3306 by default).
+#
+#    Example:
+#
+#    CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
+#    MASTER_USER='joe', MASTER_PASSWORD='secret';
+#
+# OR
+#
+# 2) Set the variables below. However, in case you choose this method, then
+#    start replication for the first time (even unsuccessfully, for example
+#    if you mistyped the password in master-password and the slave fails to
+#    connect), the slave will create a master.info file, and any later
+#    change in this file to the variables' values below will be ignored and
+#    overridden by the content of the master.info file, unless you shutdown
+#    the slave server, delete master.info and restart the slaver server.
+#    For that reason, you may want to leave the lines below untouched
+#    (commented) and instead use CHANGE MASTER TO (see above)
+#
+# required unique id between 2 and 2^32 - 1
+# (and different from the master)
+# defaults to 2 if master-host is set
+# but will not function as a slave if omitted
+#server-id       = 2
+#
+# The replication master for this slave - required
+#master-host     =   <hostname>
+#
+# The username the slave will use for authentication when connecting
+# to the master - required
+#master-user     =   <username>
+#
+# The password the slave will authenticate with when connecting to
+# the master - required
+#master-password =   <password>
+#
+# The port the master is listening on.
+# optional - defaults to 3306
+#master-port     =  <port>
+#
+# binary logging - not required for slaves, but recommended
+#log-bin=mysql-bin
+
+# Uncomment the following if you are using InnoDB tables
+#innodb_data_home_dir = /var/lib/mysql
+#innodb_data_file_path = ibdata1:10M:autoextend
+#innodb_log_group_home_dir = /var/lib/mysql
+# You can set .._buffer_pool_size up to 50 - 80 %
+# of RAM but beware of setting memory usage too high
+#innodb_buffer_pool_size = 16M
+#innodb_additional_mem_pool_size = 2M
+# Set .._log_file_size to 25 % of buffer pool size
+#innodb_log_file_size = 5M
+#innodb_log_buffer_size = 8M
+#innodb_flush_log_at_trx_commit = 1
+#innodb_lock_wait_timeout = 50
+
+[mysqldump]
+quick
+max_allowed_packet = 16M
+
+[mysql]
+no-auto-rehash
+# Remove the next comment character if you are not familiar with SQL
+#safe-updates
+
+[myisamchk]
+key_buffer_size = 20M
+sort_buffer_size = 20M
+read_buffer = 2M
+write_buffer = 2M
+
+[mysqlhotcopy]
+interactive-timeout
diff --git a/roles/mariadb_server/tasks/main.yml b/roles/mariadb_server/tasks/main.yml
new file mode 100644
index 0000000000..17fad8d463
--- /dev/null
+++ b/roles/mariadb_server/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+
+- name: ensure packages required for mariadb are installed
+  action: yum name={{ item }} state=latest
+  with_items:
+    - mariadb-server
+    - MySQL-python
+
+- name: copy my.cnf
+  copy: src={{ item }} dest=/etc/my.cnf owner=root group=root mode=0644
+  with_first_found:
+    - "{{ mariadb_config }}"
+    - my.cnf.{{ ansible_fqdn }}
+    - my.cnf.{{ host_group }}
+    - my.cnf.{{ dist_tag }}
+    - my.cnf.{{ ansible_distribution }}
+    - my.cnf.{{ ansible_distribution_version }}
+    - my.cnf.default
+  notify:
+    - restart mariadb
+
+- name: enable and start mariadb database
+  service: name=mariadb enabled=yes state=started
+
+- name: set mariaddb root user password
+  no_log: True
+  mysql_user: name=root password={{ mariadb_root_password }}
+
+- name: create .my.cnf file for future logins
+  template: src=dotmy.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0700
+
+
diff --git a/roles/mariadb_server/templates/dotmy.cnf.j2 b/roles/mariadb_server/templates/dotmy.cnf.j2
new file mode 100644
index 0000000000..0a8e76cd47
--- /dev/null
+++ b/roles/mariadb_server/templates/dotmy.cnf.j2
@@ -0,0 +1,3 @@
+[client]
+user=root
+password={{ mariadb_root_password }}