Puppet Class: profile::openstack::base::galera::node

Defined in:
modules/profile/manifests/openstack/base/galera/node.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • server_id (Integer) (defaults to: lookup('profile::openstack::base::galera::server_id'))
  • enabled (Boolean) (defaults to: lookup('profile::openstack::base::galera::enabled'))
  • listen_port (Stdlib::Port) (defaults to: lookup('profile::openstack::base::galera::listen_port'))
  • prometheus_db_pass (String) (defaults to: lookup('profile::openstack::base::galera::prometheus_db_pass'))
  • openstack_control_nodes (Array[OpenStack::ControlNode]) (defaults to: lookup('profile::openstack::base::openstack_control_nodes'))
  • haproxy_nodes (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::haproxy_nodes'))


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'modules/profile/manifests/openstack/base/galera/node.pp', line 2

class profile::openstack::base::galera::node(
    Integer                       $server_id               = lookup('profile::openstack::base::galera::server_id'),
    Boolean                       $enabled                 = lookup('profile::openstack::base::galera::enabled'),
    Stdlib::Port                  $listen_port             = lookup('profile::openstack::base::galera::listen_port'),
    String                        $prometheus_db_pass      = lookup('profile::openstack::base::galera::prometheus_db_pass'),
    Array[OpenStack::ControlNode] $openstack_control_nodes = lookup('profile::openstack::base::openstack_control_nodes'),
    Array[Stdlib::Fqdn]           $haproxy_nodes           = lookup('profile::openstack::base::haproxy_nodes'),
) {
    $cloudcontrols = $openstack_control_nodes.map |$node| { $node['cloud_private_fqdn'] }
    $this_control_node = $openstack_control_nodes.filter | $entry | {
        $entry['host_fqdn'] == $facts['networking']['fqdn']
    }[0]
    $wsrep_node_name = $this_control_node['cloud_private_fqdn']

    $socket = '/var/run/mysqld/mysqld.sock'
    $datadir = '/srv/sqldata'
    class {'::galera':
        cluster_nodes   => $cloudcontrols,
        server_id       => $server_id,
        enabled         => $enabled,
        port            => $listen_port,
        datadir         => $datadir,
        socket          => $socket,
        wsrep_node_name => $wsrep_node_name,
    }

    # mariadb listen port for debugging/connections/etc
    # 4567, replication
    # 4568, incremental state transfer
    # 4444, state snapshot transfer
    firewall::service { 'galera-cluster-tcp':
        proto  => 'tcp',
        port   => [$listen_port, 4567, 4568, 4444],
        srange => $cloudcontrols,
    }
    firewall::service { 'galera-cluster-udp':
        proto  => 'udp',
        port   => 4567,
        srange => $cloudcontrols,
    }

    # 9990 for the nodecheck service
    firewall::service { 'galera-backend':
        proto  => 'tcp',
        port   => [$listen_port, 9990],
        srange => $haproxy_nodes,
    }

    prometheus::mysqld_exporter { 'default':
        client_password => $prometheus_db_pass,
        client_socket   => $socket,
    } -> service { 'prometheus-mysqld-exporter':
        ensure => 'running',
    }

    openstack::db::project_grants { 'prometheus':
        privs        => 'REPLICATION CLIENT, PROCESS',
        access_hosts => $cloudcontrols + $haproxy_nodes,
        db_name      => '*',
        db_user      => 'prometheus',
        db_pass      => $prometheus_db_pass,
        project_name => 'prometheus',
        require      => Package['prometheus-mysqld-exporter'],
    }

    openstack::db::project_grants { 'prometheus_performance':
        privs        => 'SELECT',
        access_hosts => $cloudcontrols + $haproxy_nodes,
        db_name      => 'performance_schema',
        db_user      => 'prometheus',
        db_pass      => $prometheus_db_pass,
        project_name => 'prometheus',
        require      => Package['prometheus-mysqld-exporter'],
    }

    # nodechecker service -- should be able to run as prometheus user
    # This is a flask app that replies
    # with a 200 or error so we get a real healthcheck for haproxy
    file { '/var/log/nodecheck':
        ensure  => absent,
        recurse => true,
        force   => true,
        purge   => true,
    }
    logrotate::conf { 'nodecheck':
        ensure => absent,
    }
    file { '/usr/local/sbin/galera-nodecheck.py':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/profile/openstack/base/galera/galera-nodecheck.py',
    }

    systemd::service {'galera_nodecheck':
        ensure  => 'present',
        content => systemd_template('wmcs/galera/galera-nodecheck'),
    }
}