23413d4e0f
This commit adds TLS connection between ProxySQL and MariaDB. Frontend TLS ( between services and ProxySQL) will be added in another commit. Parialy Implements: mariadb-ssl-support Change-Id: I154cbb096469c5515c9d8156c2c1c5dd07b95849 Signed-off-by: Matus Jenca <matus.jenca@dnation.cloud>
72 lines
2.6 KiB
Django/Jinja
72 lines
2.6 KiB
Django/Jinja
{%- set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro in ['debian', 'ubuntu'] else '/usr/lib64/galera/libgalera_smm.so' %}
|
|
{% set sst_method = 'mariabackup' %}
|
|
|
|
[client]
|
|
default-character-set=utf8
|
|
|
|
[mysql]
|
|
default-character-set=utf8
|
|
|
|
[mysqld]
|
|
basedir=/usr
|
|
bind-address={{ api_interface_address }}
|
|
port={{ mariadb_port }}
|
|
{% if database_enable_tls_backend | bool %}
|
|
ssl_ca=/etc/mariadb/certs/root.crt
|
|
ssl_cert=/etc/mariadb/certs/mariadb-cert.pem
|
|
ssl_key=/etc/mariadb/certs/mariadb-key.pem
|
|
{% endif %}
|
|
log_error=/var/log/kolla/mariadb/mariadb.log
|
|
|
|
log_bin=mysql-bin
|
|
binlog_format=ROW
|
|
expire_logs_days=14
|
|
default-storage-engine=innodb
|
|
innodb_autoinc_lock_mode=2
|
|
|
|
collation-server = utf8_general_ci
|
|
init-connect='SET NAMES utf8'
|
|
character-set-server = utf8
|
|
|
|
datadir=/var/lib/mysql/
|
|
|
|
wsrep_cluster_address=gcomm://{% if (groups[mariadb_shard_group] | length) > 1 %}{% for host in groups[mariadb_shard_group] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ mariadb_wsrep_port }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
|
|
|
|
wsrep_provider_options=gmcast.listen_addr=tcp://{{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_ist_port }};{% for option in mariadb_wsrep_extra_provider_options %}{{ option }}{% if not loop.last %};{% endif %}{% endfor %}
|
|
|
|
wsrep_node_address={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_wsrep_port }}
|
|
|
|
wsrep_sst_receive_address={{ api_interface_address | put_address_in_context('url') }}:{{ mariadb_sst_port }}
|
|
|
|
wsrep_provider={{ wsrep_driver }}
|
|
wsrep_cluster_name="{{ database_cluster_name }}"
|
|
wsrep_node_name={{ ansible_facts.hostname }}
|
|
wsrep_sst_method={{ sst_method }}
|
|
wsrep_sst_auth={{ database_user }}:{{ database_password }}
|
|
wsrep_slave_threads=4
|
|
wsrep_on = ON
|
|
|
|
max_connections=10000
|
|
|
|
key_buffer_size = '64M'
|
|
max_heap_table_size = '64M'
|
|
tmp_table_size = '64M'
|
|
{% set dynamic_pool_size_mb = (hostvars[inventory_hostname].ansible_facts.memtotal_mb * 0.4) | round | int %}
|
|
{% if dynamic_pool_size_mb < 8192 %}
|
|
innodb_buffer_pool_size = '{{ dynamic_pool_size_mb }}M'
|
|
{% else %}
|
|
innodb_buffer_pool_size = '8192M'
|
|
{% endif %}
|
|
|
|
[server]
|
|
pid-file=/var/lib/mysql/mariadb.pid
|
|
|
|
[sst]
|
|
{% if sst_method == 'mariabackup' and api_address_family == 'ipv6' %}
|
|
# NOTE(yoctozepto): for IPv6 we need to tweak sockopt for socat (mariabackup sst backend)
|
|
# see: https://mariadb.com/kb/en/library/xtrabackup-v2-sst-method/#performing-ssts-with-ipv6-addresses
|
|
# and: https://jira.mariadb.org/browse/MDEV-18797
|
|
# this can be removed when MDEV-18797 is resolved
|
|
sockopt=",pf=ip6"
|
|
{% endif %}
|