/home/zuul/src/opendev.org/openstack/openstack-ansible-galera_server/tasks/galera_post_install.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Create mariadb systemd service config dir
  file:
    path: "/etc/systemd/system/{{ galera_mariadb_service_name }}.service.d"
    state: "directory"
    group: "root"
    owner: "root"
    mode: "0755"

- name: Apply systemd options
  template:
    src: "{{ item.src }}"
    dest: "/etc/systemd/system/{{ galera_mariadb_service_name }}.service.d/{{ item.dest }}"
    mode: "0644"
  with_items:
    - { src: "systemd.environment.conf.j2", dest: "environment.conf" }
    - { src: "systemd.limits.conf.j2", dest: "limits.conf" }
    - { src: "systemd.restart.conf.j2", dest: "restart.conf" }
    - { src: "systemd.slice.conf.j2", dest: "slice.conf" }
    - { src: "systemd.timeout.conf.j2", dest: "timeout.conf" }
    - { src: "systemd.without-privatedevices.conf.j2", dest: "without-privatedevices.conf" }
  notify:
    - Manage LB
    - Reload the systemd daemon
    - Restart all mysql

- name: Reload systemd service files
  systemd:
    daemon_reload: yes

# NOTE(cloudnull): The secure task is not needed on Debian based systems
#                  as all of these tasks will be run on Package install
#                  and running them again will cause a conflict within
#                  debian based deployments.
# NOTE(prometheanfire): Ditto Gentoo ^
- name: Create galera initial secure tool
  template:
    src: "galera_secure_node.j2"
    dest: "/usr/local/bin/galera_secure_node"
    mode: "0750"
  when:
    - ansible_pkg_mgr != "apt"
    - ansible_pkg_mgr != "portage"
    - not galera_upgrade

- name: Run galera secure
  command: "/usr/local/bin/galera_secure_node"
  args:
    creates: "/var/lib/mysql/osa_default_secured"
    warn: no
  when:
    - ansible_pkg_mgr != "apt"
    - ansible_pkg_mgr != "portage"
    - not galera_upgrade
  tags:
    - skip_ansible_lint

- name: Create the local directories
  file:
    path: "{{ item.path }}"
    state: "directory"
    owner: "{{ item.owner|default('root') }}"
    group: "{{ item.group|default('root') }}"
    mode: "{{ item.mode|default('0755') }}"
    recurse: "{{ item.recurse|default('false') }}"
  with_items:
    - { path: "/var/lib/mysql", owner: "mysql", mode: "02755" }
    - { path: "/etc/mysql/conf.d" }

- include_tasks: galera_ssl.yml
  when:
    - galera_use_ssl | bool

# NOTE: (hwoarang) mariadb packages may drop some default configuration files
# in {{ galera_etc_include_dir }} so make sure they are gone if necessary in
# case they cause some conflicts with the ones we provide.
- name: Remove existing mariadb configuration files
  file:
    state: absent
    path: "{{ galera_etc_include_dir }}/{{ item }}"
  with_items: "{{ mariadb_delete_etc_conf_files | default([]) }}"

- name: Drop mariadb config(s)
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "root"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
    ignore_none_type: False
  with_items:
    - src: my.cnf.j2
      dest: "{{ galera_etc_conf_file }}"
      config_overrides: "{{ galera_my_cnf_overrides }}"
      config_type: "ini"
    - src: cluster.cnf.j2
      dest: "{{ galera_etc_include_dir }}/cluster.cnf"
      config_overrides: "{{ galera_cluster_cnf_overrides }}"
      config_type: "ini"
    - src: debian.cnf.j2
      dest: /etc/mysql/debian.cnf
      config_overrides: "{{ galera_debian_cnf_overrides }}"
      config_type: "ini"
  notify:
    - Manage LB
    - Restart all mysql

# Safe to run multiple times, config has it's own checks
- name: initialize database (gentoo)
  command: "emerge --config dev-db/mariadb"
  failed_when: false
  when:
    - ansible_pkg_mgr == 'portage'

- name: Apply service defaults
  template:
    src: "mysql_defaults.j2"
    dest: "/etc/default/mariadb"
    mode: "0644"
  when:
    - ansible_pkg_mgr != 'portage'
  notify:
    - Manage LB
    - Restart all mysql
    - Reload the systemd daemon

- name: Link mysql and mariadb config files
  file:
    src: "/etc/default/mariadb"
    dest: "/etc/default/mysql"
    state: "link"
    force: "yes"
  when:
    - ansible_pkg_mgr != 'portage'

- name: remove default mysql_safe_syslog
  file:
    path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf"
    state: absent

- name: Create new cluster tool
  template:
    src: "galera_new_cluster.j2"
    dest: "/usr/local/bin/galera_new_cluster"
    mode: "0750"

# TODO: (nicolasbock) This task can be removed in T but is necessary
# for S and earlier because deployments prior to this change will not
# have the xinetd service enabled because the handler task runs only
# for new deployments.
# NOTE(cloudnull): If `galera_monitoring_check_enabled` is set false
#                  the xinetd service will be disabled and stopped.
#                  using the handler.
- name: Enable xinetd service
  service:
    name: xinetd
    enabled: "{{ galera_monitoring_check_enabled | bool }}"
  notify:
    - Restart xinetd

- name: Cluster check block
  block:
    - name: Create clustercheck script
      template:
        src: "clustercheck.j2"
        dest: "/usr/local/bin/clustercheck"
        mode: "0755"

    - name: Create mysqlchk config
      template:
        src: "mysqlchk.j2"
        dest: "/etc/xinetd.d/mysqlchk"
        mode: "0644"
      notify:
        - Restart xinetd

    - name: Add galera service check to services
      lineinfile:
        dest: /etc/services
        state: present
        regexp: '^mysqlchk'
        line: 'mysqlchk    9200/tcp    # MySQL check'
        backup: yes
  when:
    - galera_monitoring_check_enabled | bool