Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / mysql / 1dad2d13b78031b2bd7f33904b172a509a7e02c5 / . / README.rst
blob: 2e08c581cc62bd91bea5a3a59cfe780c76c6fe7c [file] [log] [blame]
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]1
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]2=============
3MySQL Formula
4=============
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]5
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]6MySQL is the world's second most widely used open-source relational database
7management system (RDBMS).
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]8
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]9
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]10Sample Metadata
11===============
12
13
14Standalone setups
15-----------------
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]16
17Standalone MySQL server
18
19.. code-block:: yaml
20
21 mysql:
22 server:
23 enabled: true
24 version: '5.5'
25 admin:
26 user: root
27 password: pass
28 bind:
29 address: '127.0.0.1'
30 port: 3306
31 database:
32 name:
33 encoding: 'utf8'
34 users:
35 - name: 'username'
36 password: 'password'
37 host: 'localhost'
38 rights: 'all privileges'
Dzmitry Stremkouski588a0212018-10-04 10:15:22 +0200[diff] [blame]39 target: '*.*'
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]40
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]41
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]42MySQL replication master with SSL
43
44.. code-block:: yaml
45
46 mysql:
47 server:
48 enabled: true
49 version: 5.5
50 replication:
51 role: master
52 ssl:
53 enabled: true
54 authority: Org_CA
55 certificate: name_of_service
56 admin:
57 user: root
58 password: pass
59 bind:
60 address: '127.0.0.1'
61 port: 3306
62
63MySQL replication slave with SSL
64
65.. code-block:: yaml
66
67 mysql:
68 server:
69 enabled: true
Dzmitry Stremkouskif6e53f22018-10-22 15:54:47 +0200[diff] [blame]70 version: '5.7'
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]71 replication:
72 role: slave
73 master: master.salt.id
74 ssl:
75 enabled: true
76 authority: Org_CA
77 certificate: name_of_service
78 client_certificate: name_of_client_cert
Dzmitry Stremkouskif6e53f22018-10-22 15:54:47 +0200[diff] [blame]79 ca_file: /etc/mysql/ca.crt
80 cert_file: /etc/mysql/server.crt
81 key_file: /etc/mysql/server.key
82 client_cert_file: /etc/mysql/client-cert.pem
83 client_key_file: /etc/mysql/client-key.pem
84 tls_version: TLSv1.1,TLSv1.2
85 ciphers:
86 DHE-RSA-AES128-SHA:
87 enabled: True
88 DHE-RSA-AES256-SHA:
89 name: DHE-RSA-AES256-SHA
90 enabled: True
91 EDH-RSA-DES-CBC3-SHA:
92 name: EDH-RSA-DES-CBC3-SHA
93 enabled: True
94 AES128-SHA:AES256-SHA:
95 enabled: True
96 DES-CBC3-SHA:
97 enabled: True
98 cert: |
99 -----BEGIN CERTIFICATE-----
100 MIIB6TCCAZOgAwIBAgIJAIfmjJydRX+GMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
101 BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
102 UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTM1MzhaFw0yNzA4
103 MjgxMTM1MzhaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
104 FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
105 CSqGSIb3DQEBAQUAA0sAMEgCQQDhW6xXGA2iKd5ngRwqoU0A0pD71/moFm48q0UP
106 Tg8vUsIO3WBIEKVLzpln9sU9gplCTx1ScsFBiRi2E3Wv+PnFAgMBAAGjUDBOMB0G
107 A1UdDgQWBBSJ42eEq3O0faBj+NBXWV5O2Vr1PTAfBgNVHSMEGDAWgBSJ42eEq3O0
108 faBj+NBXWV5O2Vr1PTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EA3fbu
109 x0W+XORSyFcChwFyhd+ka0R/FB4IL2udPXWX96x+0inuYi2Pta++3fMGmf30GF7Y
110 1Iv89B+NrhLHCfkEbg==
111 -----END CERTIFICATE-----
112 key: |
113 -----BEGIN PRIVATE KEY-----
114 MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA4VusVxgNoineZ4Ec
115 KqFNANKQ+9f5qBZuPKtFD04PL1LCDt1gSBClS86ZZ/bFPYKZQk8dUnLBQYkYthN1
116 r/j5xQIDAQABAkB4ip+Zin0oY3raJF5bkyHsMbVpcHHS7gSTIQ10jU1kAsBAVA2p
117 wIvZte5fIuaA6pEQ/ogZ5oTdCSz+bgtR50ShAiEA+DjNRJeUvaXNYyNBqKyPI1oT
118 na2QqV43z74txQ8FOykCIQDoa3YqPO4b70hglJOJMIYyMQAkAzdichKTWbBaIJf5
119 PQIhANTqLDCU8RIHoXhTKqPbeGAziLXsxjRxS+BXWf05GByZAiB5whpEZGklL0TO
120 e+eSnl4fGzaEpz6zjykWEo1lmd+jzQIgL740kEr8J+Q1ppNDJBtbZnc7yp+P/DKL
121 wo20+sNoyFU=
122 -----END PRIVATE KEY-----
123 client_cert: |
124 -----BEGIN CERTIFICATE-----
125 MIIB6TCCAZOgAwIBAgIJAMOZDw2vHe+UMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
126 BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
127 UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTU0MzVaFw0yNzA4
128 MjgxMTU0MzVaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
129 FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
130 CSqGSIb3DQEBAQUAA0sAMEgCQQD68iXHw1rQDWXFmdEPuv/8OCiUS1R6FoHqL357
131 VvqHA5339j8XKxtPnV2SY8DoMxEy1j7SYAyxD5xsZDVx14RpAgMBAAGjUDBOMB0G
132 A1UdDgQWBBTJ25400u3yEyiHykdeja+TGEMVKjAfBgNVHSMEGDAWgBTJ25400u3y
133 EyiHykdeja+TGEMVKjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAaiMK
134 a4m6eSuk5emcw7igaV3UtydA6tduMvjL3zNcbI58on5YV7xgBTPXqDjq4QvAw06P
135 /PWEXbl2jaCHaX06wA==
136 -----END CERTIFICATE-----
137 client_key: |
138 -----BEGIN PRIVATE KEY-----
139 MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA+vIlx8Na0A1lxZnR
140 D7r//DgolEtUehaB6i9+e1b6hwOd9/Y/FysbT51dkmPA6DMRMtY+0mAMsQ+cbGQ1
141 cdeEaQIDAQABAkEApuTYn4ybHvdqEgsEcVPK37Fxu36GBlRlvpwroFfuck9yYod+
142 CZMPdFWD0/H29Tj1g5p/NKHGAcM3jtqf7daOCQIhAP4DCQguBpJChtQ9/LzGasJe
143 LN5bg/ChpFmN6iVnwEDbAiEA/Oj4ELceNaDVsVG8sVI3IrG/8xgXhYnNex/e5LPR
144 oQsCIEXE7akqgzGPRltrv0zWryI+HdLhjib9LxhOC59ElSD7AiEAz98EFWkNMXLy
145 cP4Ho485thB2/m1s19t9wpddcojB4iUCIBJ1hIyrfWFAh8ktK9mNolMPR50+4eZk
146 nTe8UvFB7ZIB
147 -----END PRIVATE KEY-----
148 cacert: |
149 -----BEGIN CERTIFICATE-----
150 MIIB6TCCAZOgAwIBAgIJAOqENcDHki1ZMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV
151 BAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkwFwYDVQQHDBBLYXJkYXNvdmEg
152 UmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MzAxMTU3MjBaFw0yNzA4
153 MjgxMTU3MjBaMFAxCzAJBgNVBAYTAkNaMRMwEQYDVQQIDApTb21lLVN0YXRlMRkw
154 FwYDVQQHDBBLYXJkYXNvdmEgUmVjaWNlMREwDwYDVQQKDAhNaXJhbnRpczBcMA0G
155 CSqGSIb3DQEBAQUAA0sAMEgCQQDR16IIDivaiFCgxe43WuZDNPnn+Efb5E8/oTMY
156 fVR8DS9u+arKL0WRW3unDPErpZAoESa2GV+QIRfmJBtS7MWJAgMBAAGjUDBOMB0G
157 A1UdDgQWBBT3yZnbvcTfd4qUxSSaNMMmToCuETAfBgNVHSMEGDAWgBT3yZnbvcTf
158 d4qUxSSaNMMmToCuETAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EArDqA
159 Y5Dnrw3xbFDoAYGVrvSwdabt5IbTA5xpAWYOqomkIMhJf8UptGZ6SkYoPKFLz+bL
160 1yBBSG809x2L+BRFEA==
161 -----END CERTIFICATE-----
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]162 admin:
163 user: root
164 password: pass
165 bind:
166 address: '127.0.0.1'
167 port: 3306
168
169Tuned up MySQL server
170
171.. code-block:: yaml
172
173 mysql:
174 server:
175 enabled: true
176 version: '5.5'
177 admin:
178 user: root
179 password: pass
180 bind:
181 address: '127.0.0.1'
182 port: 3306
183 key_buffer: 250M
184 max_allowed_packet: 32M
185 max_connections: 1000
186 thread_stack: 512K
187 thread_cache_size: 64
188 query_cache_limit: 16M
189 query_cache_size: 96M
190 force_encoding: utf8
Jakub Pavlikda755f22016-09-02 12:06:53 +0200[diff] [blame]191 sql_mode: "ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]192 database:
193 name:
194 encoding: 'utf8'
195 users:
196 - name: 'username'
197 password: 'password'
198 host: 'localhost'
199 rights: 'all privileges'
200
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]201
202MySQL Galera cluster
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]203--------------------
204
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]205MySQL Galera cluster is configured for ring connection between 3 nodes. Each
206node should have just one member.
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]207
208Galera initial server (master)
209
210.. code-block:: yaml
211
212 mysql:
213 cluster:
214 enabled: true
215 name: openstack
216 role:master
217 bind:
218 address: 192.168.0.1
219 members:
220 - host: 192.168.0.1
221 port: 4567
222 user:
223 name: wsrep_sst
224 password: password
225 server:
226 enabled: true
227 version: 5.5
228 admin:
229 user: root
230 password: pass
231 bind:
232 address: 192.168.0.1
233 database:
234 name:
235 encoding: 'utf8'
236 users:
237 - name: 'username'
238 password: 'password'
239 host: 'localhost'
240 rights: 'all privileges'
241
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]242MySQL client
243------------
Ales Komarek04991c02016-10-05 10:02:59 +0200[diff] [blame]244
Jiri Broulik36754472017-04-27 22:15:29 +0200[diff] [blame]245Database with initial data (Restore DB)
246
247.. code-block:: yaml
248
249 mysql:
250 client:
251 server:
252 database:
253 admin:
254 host: localhost
255 port: 3306
256 user: ${_param:mysql_admin_user}
257 password: ${_param:mysql_admin_password}
258 encoding: utf8
259 database:
260 neutron_upgrade:
261 encoding: utf8
262 users:
263 - name: neutron
264 password: ${_param:mysql_neutron_password}
265 host: '%'
266 rights: all
267 - name: neutron
268 password: ${_param:mysql_neutron_password}
269 host: ${_param:single_address}
270 rights: all
271 initial_data:
272 engine: backupninja
273 source: ${_param:backupninja_backup_host}
274 host: ${linux:network:fqdn}
275 database: neutron
276
Pavel Cizinskya7305b02018-12-12 12:02:40 +0100[diff] [blame]277.. note:: This client role needs to be put directly on dbs node.
Jiri Broulik36754472017-04-27 22:15:29 +0200[diff] [blame]278 The provided setup restores db named neutron_upgrade with data from db called neutron.
279
280
Ales Komarek04991c02016-10-05 10:02:59 +0200[diff] [blame]281Database management on remote MySQL server
282
283.. code-block:: yaml
284
285 mysql:
286 client:
287 enabled: true
288 server:
289 server01:
290 admin:
291 host: database.host
292 port: 3306
293 user: root
294 password: password
295 encoding: utf8
296 database:
297 database01:
298 encoding: utf8
299 users:
300 - name: username
301 password: 'password'
302 host: 'localhost'
303 rights: 'all privileges'
304
Jiri Broulik36754472017-04-27 22:15:29 +0200[diff] [blame]305
Ales Komarek04991c02016-10-05 10:02:59 +0200[diff] [blame]306User management on remote MySQL server
307
308.. code-block:: yaml
309
310 mysql:
311 client:
312 enabled: true
313 server:
314 server01:
315 admin:
316 host: database.host
317 port: 3306
318 user: root
319 password: password
320 encoding: utf8
321 users:
322 - name: user01
323 host: "*"
324 password: 'sdgdsgdsgd'
325 - name: user02
326 host: "localhost"
327
328
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]329Sample Usage
330============
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]331
332MySQL Galera check sripts
333
334.. code-block:: bash
Pavel Cizinskya7305b02018-12-12 12:02:40 +0100[diff] [blame]335
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]336 mysql> SHOW STATUS LIKE 'wsrep%';
337
338 mysql> SHOW STATUS LIKE 'wsrep_cluster_size' ;"
339
340Galera monitoring command, performed from extra server
341
342.. code-block:: bash
343
344 garbd -a gcomm://ipaddrofone:4567 -g my_wsrep_cluster -l /tmp/1.out -d
345
3461. salt-call state.sls mysql
3472. Comment everything starting wsrep* (wsrep_provider, wsrep_cluster, wsrep_sst)
3483. service mysql start
3494. run on each node mysql_secure_install and filling root password.
350
351.. code-block:: bash
352
Pavel Cizinskya7305b02018-12-12 12:02:40 +0100[diff] [blame]353 Enter current password for root (enter for none):
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]354 OK, successfully used password, moving on...
355
356 Setting the root password ensures that nobody can log into the MySQL
357 root user without the proper authorisation.
358
359 Set root password? [Y/n] y
Pavel Cizinskya7305b02018-12-12 12:02:40 +0100[diff] [blame]360 New password:
361 Re-enter new password:
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]362 Password updated successfully!
363 Reloading privilege tables..
364 ... Success!
365
366 By default, a MySQL installation has an anonymous user, allowing anyone
367 to log into MySQL without having to have a user account created for
368 them. This is intended only for testing, and to make the installation
369 go a bit smoother. You should remove them before moving into a
370 production environment.
371
372 Remove anonymous users? [Y/n] y
373 ... Success!
374
375 Normally, root should only be allowed to connect from 'localhost'. This
376 ensures that someone cannot guess at the root password from the network.
377
378 Disallow root login remotely? [Y/n] n
379 ... skipping.
380
381 By default, MySQL comes with a database named 'test' that anyone can
382 access. This is also intended only for testing, and should be removed
383 before moving into a production environment.
384
385 Remove test database and access to it? [Y/n] y
386 - Dropping test database...
387 ... Success!
388 - Removing privileges on test database...
389 ... Success!
390
391 Reloading the privilege tables will ensure that all changes made so far
392 will take effect immediately.
393
394 Reload privilege tables now? [Y/n] y
395 ... Success!
396
397 Cleaning up...
398
3995. service mysql stop
Pavel Cizinskya7305b02018-12-12 12:02:40 +0100[diff] [blame]4006. uncomment all wsrep* lines except first server, where leave only in my.cnf wsrep_cluster_address='gcomm://';
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]4017. start first node
4028. Start third node which is connected to first one
4039. Start second node which is connected to third one
40410. After starting cluster, it must be change cluster address at first starting node without restart database and change config my.cnf.
405
406.. code-block:: bash
407
408 mysql> SET GLOBAL wsrep_cluster_address='gcomm://10.0.0.2';
409
Ales Komarek2813a682017-04-12 10:07:23 +0200[diff] [blame]410More Information
411================
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]412
413* http://dev.mysql.com/doc/
414* http://www.slideshare.net/osscube/mysql-performance-tuning-top-10-tips
415
Filip Pytloun5b3c12e2015-10-06 16:28:32 +0200[diff] [blame]416* http://sourceforge.net/projects/automysqlbackup/
417* https://labs.riseup.net/code/projects/backupninja/wiki
418* http://wiki.zmanda.com/index.php/Mysql-zrm