
=============
MySQL Formula
=============

MySQL is the world's second most widely used open-source relational database
management system (RDBMS).


Sample Metadata
===============


Standalone setups
-----------------

Standalone MySQL server

.. code-block:: yaml

    mysql:
      server:
        enabled: true
        version: '5.5'
        admin:
          user: root
          password: pass
        bind:
          address: '127.0.0.1'
          port: 3306
        database:
          name:
            encoding: 'utf8'
            users:
            - name: 'username'
              password: 'password'
              host: 'localhost'
              rights: 'all privileges'
              target: '*.*'


MySQL replication master with SSL

.. code-block:: yaml

    mysql:
      server:
        enabled: true
        version: 5.5
        replication:
          role: master
        ssl:
          enabled: true
          authority: Org_CA
          certificate: name_of_service
        admin:
          user: root
          password: pass
        bind:
          address: '127.0.0.1'
          port: 3306

MySQL replication slave with SSL

.. code-block:: yaml

    mysql:
      server:
        enabled: true
        version: '5.7'
        replication:
          role: slave
          master: master.salt.id
        ssl:
          enabled: true
          authority: Org_CA
          certificate: name_of_service
          client_certificate: name_of_client_cert
          ca_file: /etc/mysql/ca.crt
          cert_file: /etc/mysql/server.crt
          key_file: /etc/mysql/server.key
          client_cert_file: /etc/mysql/client-cert.pem
          client_key_file: /etc/mysql/client-key.pem
          tls_version: TLSv1.1,TLSv1.2
          ciphers:
            DHE-RSA-AES128-SHA:
              enabled: True
            DHE-RSA-AES256-SHA:
              name: DHE-RSA-AES256-SHA
              enabled: True
            EDH-RSA-DES-CBC3-SHA:
              name: EDH-RSA-DES-CBC3-SHA
              enabled: True
            AES128-SHA:AES256-SHA:
              enabled: True
            DES-CBC3-SHA:
              enabled: True
          cert: |
            -----BEGIN CERTIFICATE-----
            MIIB6TCCAZOgAwIBAgIJAIfmjJydRX+GMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
            BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
            UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTM1MzhaFw0yNzA4
            MjgxMTM1MzhaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
            FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
            CSqGSIb3DQEBAQUAA0sAMEgCQQDhW6xXGA2iKd5ngRwqoU0A0pD71/moFm48q0UP
            Tg8vUsIO3WBIEKVLzpln9sU9gplCTx1ScsFBiRi2E3Wv+PnFAgMBAAGjUDBOMB0G
            A1UdDgQWBBSJ42eEq3O0faBj+NBXWV5O2Vr1PTAfBgNVHSMEGDAWgBSJ42eEq3O0
            faBj+NBXWV5O2Vr1PTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EA3fbu
            x0W+XORSyFcChwFyhd+ka0R/FB4IL2udPXWX96x+0inuYi2Pta++3fMGmf30GF7Y
            1Iv89B+NrhLHCfkEbg==
            -----END CERTIFICATE-----
          key: |
            -----BEGIN PRIVATE KEY-----
            MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA4VusVxgNoineZ4Ec
            KqFNANKQ+9f5qBZuPKtFD04PL1LCDt1gSBClS86ZZ/bFPYKZQk8dUnLBQYkYthN1
            r/j5xQIDAQABAkB4ip+Zin0oY3raJF5bkyHsMbVpcHHS7gSTIQ10jU1kAsBAVA2p
            wIvZte5fIuaA6pEQ/ogZ5oTdCSz+bgtR50ShAiEA+DjNRJeUvaXNYyNBqKyPI1oT
            na2QqV43z74txQ8FOykCIQDoa3YqPO4b70hglJOJMIYyMQAkAzdichKTWbBaIJf5
            PQIhANTqLDCU8RIHoXhTKqPbeGAziLXsxjRxS+BXWf05GByZAiB5whpEZGklL0TO
            e+eSnl4fGzaEpz6zjykWEo1lmd+jzQIgL740kEr8J+Q1ppNDJBtbZnc7yp+P/DKL
            wo20+sNoyFU=
            -----END PRIVATE KEY-----
          client_cert: |
            -----BEGIN CERTIFICATE-----
            MIIB6TCCAZOgAwIBAgIJAMOZDw2vHe+UMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
            BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
            UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTU0MzVaFw0yNzA4
            MjgxMTU0MzVaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
            FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
            CSqGSIb3DQEBAQUAA0sAMEgCQQD68iXHw1rQDWXFmdEPuv/8OCiUS1R6FoHqL357
            VvqHA5339j8XKxtPnV2SY8DoMxEy1j7SYAyxD5xsZDVx14RpAgMBAAGjUDBOMB0G
            A1UdDgQWBBTJ25400u3yEyiHykdeja+TGEMVKjAfBgNVHSMEGDAWgBTJ25400u3y
            EyiHykdeja+TGEMVKjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAaiMK
            a4m6eSuk5emcw7igaV3UtydA6tduMvjL3zNcbI58on5YV7xgBTPXqDjq4QvAw06P
            /PWEXbl2jaCHaX06wA==
            -----END CERTIFICATE-----
          client_key: |
            -----BEGIN PRIVATE KEY-----
            MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA+vIlx8Na0A1lxZnR
            D7r//DgolEtUehaB6i9+e1b6hwOd9/Y/FysbT51dkmPA6DMRMtY+0mAMsQ+cbGQ1
            cdeEaQIDAQABAkEApuTYn4ybHvdqEgsEcVPK37Fxu36GBlRlvpwroFfuck9yYod+
            CZMPdFWD0/H29Tj1g5p/NKHGAcM3jtqf7daOCQIhAP4DCQguBpJChtQ9/LzGasJe
            LN5bg/ChpFmN6iVnwEDbAiEA/Oj4ELceNaDVsVG8sVI3IrG/8xgXhYnNex/e5LPR
            oQsCIEXE7akqgzGPRltrv0zWryI+HdLhjib9LxhOC59ElSD7AiEAz98EFWkNMXLy
            cP4Ho485thB2/m1s19t9wpddcojB4iUCIBJ1hIyrfWFAh8ktK9mNolMPR50+4eZk
            nTe8UvFB7ZIB
            -----END PRIVATE KEY-----
          cacert: |
            -----BEGIN CERTIFICATE-----
            MIIB6TCCAZOgAwIBAgIJAOqENcDHki1ZMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
            BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
            UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTU3MjBaFw0yNzA4
            MjgxMTU3MjBaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
            FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
            CSqGSIb3DQEBAQUAA0sAMEgCQQDR16IIDivaiFCgxe43WuZDNPnn+Efb5E8/oTMY
            fVR8DS9u+arKL0WRW3unDPErpZAoESa2GV+QIRfmJBtS7MWJAgMBAAGjUDBOMB0G
            A1UdDgQWBBT3yZnbvcTfd4qUxSSaNMMmToCuETAfBgNVHSMEGDAWgBT3yZnbvcTf
            d4qUxSSaNMMmToCuETAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EArDqA
            Y5Dnrw3xbFDoAYGVrvSwdabt5IbTA5xpAWYOqomkIMhJf8UptGZ6SkYoPKFLz+bL
            1yBBSG809x2L+BRFEA==
            -----END CERTIFICATE-----
        admin:
          user: root
          password: pass
        bind:
          address: '127.0.0.1'
          port: 3306

Tuned up MySQL server

.. code-block:: yaml

    mysql:
      server:
        enabled: true
        version: '5.5'
        admin:
          user: root
          password: pass
        bind:
          address: '127.0.0.1'
          port: 3306
        key_buffer: 250M
        max_allowed_packet: 32M
        max_connections: 1000
        thread_stack: 512K
        thread_cache_size: 64
        query_cache_limit: 16M
        query_cache_size: 96M
        force_encoding: utf8
        sql_mode: "ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
        database:
          name:
            encoding: 'utf8'
            users:
            - name: 'username'
              password: 'password'
              host: 'localhost'
              rights: 'all privileges'


MySQL Galera cluster
--------------------

MySQL Galera cluster is configured for ring connection between 3 nodes. Each
node should have just one member.

Galera initial server (master)

.. code-block:: yaml

    mysql:
      cluster:
        enabled: true
        name: openstack
        role:master
        bind:
          address: 192.168.0.1
        members:
        - host: 192.168.0.1
          port: 4567
        user:
          name: wsrep_sst
          password: password
     server:
        enabled: true
        version: 5.5
        admin:
          user: root
          password: pass
        bind:
          address: 192.168.0.1
        database:
          name:
            encoding: 'utf8'
            users:
            - name: 'username'
              password: 'password'
              host: 'localhost'
              rights: 'all privileges'

MySQL client
------------

Database with initial data (Restore DB)

.. code-block:: yaml

    mysql:
      client:
        server:
          database:
            admin:
              host: localhost
              port: 3306
              user: ${_param:mysql_admin_user}
              password: ${_param:mysql_admin_password}
              encoding: utf8
            database:
              neutron_upgrade:
                encoding: utf8
                users:
                - name: neutron
                  password: ${_param:mysql_neutron_password}
                  host: '%'
                  rights: all
                - name: neutron
                  password: ${_param:mysql_neutron_password}
                  host: ${_param:single_address}
                  rights: all
                initial_data:
                  engine: backupninja
                  source: ${_param:backupninja_backup_host}
                  host: ${linux:network:fqdn}
                  database: neutron

.. note:: This client role needs to be put directly on dbs node.
          The provided setup restores db named neutron_upgrade with data from db called neutron.


Database management on remote MySQL server

.. code-block:: yaml

    mysql:
      client:
        enabled: true
        server:
          server01:
            admin:
              host: database.host
              port: 3306
              user: root
              password: password
              encoding: utf8
            database:
              database01:
                encoding: utf8
                users:
                - name: username
                  password: 'password'
                  host: 'localhost'
                  rights: 'all privileges'


User management on remote MySQL server

.. code-block:: yaml

    mysql:
      client:
        enabled: true
        server:
          server01:
            admin:
              host: database.host
              port: 3306
              user: root
              password: password
              encoding: utf8
            users:
            - name: user01
              host: "*"
              password: 'sdgdsgdsgd'
            - name: user02
              host: "localhost"


Sample Usage
============

MySQL Galera check sripts

.. code-block:: bash

    mysql> SHOW STATUS LIKE 'wsrep%';

    mysql> SHOW STATUS LIKE 'wsrep_cluster_size' ;"

Galera monitoring command, performed from extra server

.. code-block:: bash

    garbd -a gcomm://ipaddrofone:4567 -g my_wsrep_cluster -l /tmp/1.out -d

1. salt-call state.sls mysql
2. Comment everything starting wsrep* (wsrep_provider, wsrep_cluster, wsrep_sst)
3. service mysql start
4. run on each node mysql_secure_install and filling root password.

.. code-block:: bash

    Enter current password for root (enter for none):
    OK, successfully used password, moving on...

    Setting the root password ensures that nobody can log into the MySQL
    root user without the proper authorisation.

    Set root password? [Y/n] y
    New password:
    Re-enter new password:
    Password updated successfully!
    Reloading privilege tables..
     ... Success!

    By default, a MySQL installation has an anonymous user, allowing anyone
    to log into MySQL without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.

    Remove anonymous users? [Y/n] y
     ... Success!

    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.

    Disallow root login remotely? [Y/n] n
     ... skipping.

    By default, MySQL comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.

    Remove test database and access to it? [Y/n] y
     - Dropping test database...
     ... Success!
     - Removing privileges on test database...
     ... Success!

    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.

    Reload privilege tables now? [Y/n] y
     ... Success!

    Cleaning up...

5. service mysql stop
6. uncomment all wsrep* lines except first server, where leave only in my.cnf wsrep_cluster_address='gcomm://';
7. start first node
8. Start third node which is connected to first one
9. Start second node which is connected to third one
10. After starting cluster, it must be change cluster address at first starting node without restart database and change config my.cnf.

.. code-block:: bash

    mysql> SET GLOBAL wsrep_cluster_address='gcomm://10.0.0.2';

More Information
================

* http://dev.mysql.com/doc/
* http://www.slideshare.net/osscube/mysql-performance-tuning-top-10-tips

* http://sourceforge.net/projects/automysqlbackup/
* https://labs.riseup.net/code/projects/backupninja/wiki
* http://wiki.zmanda.com/index.php/Mysql-zrm