4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# File 'modules/profile/manifests/proxysql.pp', line 4
class profile::proxysql {
include passwords::misc::scripts
$admin_user = 'root'
$admin_password = $::passwords::misc::scripts::mysql_root_pass
$admin_socket = '/run/proxysql/proxysql_admin.sock'
$mysql_socket = '/run/proxysql/proxysql.sock'
$mysql_port = 3311
class { 'proxysql':
admin_user => $admin_user,
admin_password => $admin_password,
admin_socket => $admin_socket,
mysql_socket => $mysql_socket,
mysql_port => $mysql_port,
}
# Let's not open the proxy port for now, only allow localhost connections
#ferm::service { 'proxysql_mysql':
# proto => 'tcp',
# port => $mysql_port,
# notrack => true,
#}
# Let's add proxysql user to the mysql group so it can access mysql's
# tls client certs
exec { 'proxysql membership to mysql':
unless => '/usr/bin/getent group mysql | /usr/bin/cut -d: -f4 | /bin/grep -q proxysql',
command => '/usr/sbin/usermod -a -G mysql proxysql',
require => Class['proxysql'],
}
# lets simplify connections from root
file { '/root/.my.cnf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0400',
content => template('profile/proxysql/root.my.cnf.erb'),
}
# With systemd there should be only 1 process running
nrpe::monitor_service { 'proxysql':
description => 'proxysql processes',
nrpe_command => '/usr/lib/nagios/plugins/check_procs -c 1:1 -C proxysql',
critical => false,
contact_group => 'admins', # show on icinga/irc only
notes_url => 'https://wikitech.wikimedia.org/wiki/Proxysql',
}
}
|