Matus Jenca 23413d4e0f Add backend TLS between MariaDB and ProxySQL
This commit adds TLS connection between ProxySQL and MariaDB.
Frontend TLS ( between services and ProxySQL) will be
added in another commit.

Parialy Implements: mariadb-ssl-support

Change-Id: I154cbb096469c5515c9d8156c2c1c5dd07b95849
Signed-off-by: Matus Jenca <matus.jenca@dnation.cloud>
2024-10-25 14:38:39 +00:00

72 lines
2.6 KiB
Django/Jinja

{%- set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro in ['debian', 'ubuntu'] else '/usr/lib64/galera/libgalera_smm.so' %}
{% set sst_method = 'mariabackup' %}
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
basedir=/usr
bind-address={{ api_interface_address }}
port={{ mariadb_port }}
{% if database_enable_tls_backend | bool %}
ssl_ca=/etc/mariadb/certs/root.crt
ssl_cert=/etc/mariadb/certs/mariadb-cert.pem
ssl_key=/etc/mariadb/certs/mariadb-key.pem
{% endif %}
log_error=/var/log/kolla/mariadb/mariadb.log
log_bin=mysql-bin
binlog_format=ROW
expire_logs_days=14
default-storage-engine=innodb
innodb_autoinc_lock_mode=2
collation-server = utf8_general_ci
init-connect='SET NAMES utf8'
character-set-server = utf8
datadir=/var/lib/mysql/
wsrep_cluster_address=gcomm://{% if (groups[mariadb_shard_group] | length) > 1 %}{% for host in groups[mariadb_shard_group] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ mariadb_wsrep_port }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
wsrep_provider_options=gmcast.listen_addr=tcp://{{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_ist_port }};{% for option in mariadb_wsrep_extra_provider_options %}{{ option }}{% if not loop.last %};{% endif %}{% endfor %}
wsrep_node_address={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_wsrep_port }}
wsrep_sst_receive_address={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_sst_port }}
wsrep_provider={{ wsrep_driver }}
wsrep_cluster_name="{{ database_cluster_name }}"
wsrep_node_name={{ ansible_facts.hostname }}
wsrep_sst_method={{ sst_method }}
wsrep_sst_auth={{ database_user }}:{{ database_password }}
wsrep_slave_threads=4
wsrep_on = ON
max_connections=10000
key_buffer_size = '64M'
max_heap_table_size = '64M'
tmp_table_size = '64M'
{% set dynamic_pool_size_mb = (hostvars[inventory_hostname].ansible_facts.memtotal_mb * 0.4) | round | int %}
{% if dynamic_pool_size_mb < 8192 %}
innodb_buffer_pool_size = '{{ dynamic_pool_size_mb }}M'
{% else %}
innodb_buffer_pool_size = '8192M'
{% endif %}
[server]
pid-file=/var/lib/mysql/mariadb.pid
[sst]
{% if sst_method == 'mariabackup' and api_address_family == 'ipv6' %}
# NOTE(yoctozepto): for IPv6 we need to tweak sockopt for socat (mariabackup sst backend)
# see: https://mariadb.com/kb/en/library/xtrabackup-v2-sst-method/#performing-ssts-with-ipv6-addresses
# and: https://jira.mariadb.org/browse/MDEV-18797
# this can be removed when MDEV-18797 is resolved
sockopt=",pf=ip6"
{% endif %}