{"id":572,"sha1":"f5ed1dd257eb588b117b40077ba453a29cc1919d","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\ngalera_package_state: \"latest\"\n\ngalera_cluster_members: \"{{ groups['galera_all'] }}\"\ngalera_server_bootstrap_node: \"{{ galera_cluster_members[0] }}\"\ngalera_ignore_cluster_state: false\ngalera_upgrade: false\ngalera_force_bootstrap: false\n\ngalera_wsrep_node_name: \"{{ inventory_hostname }}\"\ngalera_cluster_name: openstack_galera_cluster\ngalera_server_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\ngalera_server_proxy_protocol_networks: \"\"\n\n# The galera server-id should be set on all cluster nodes to ensure\n# that replication is handled correctly and the error\n# \"Warning: You should set server-id to a non-0 value if master_host is\n# set; we will force server id to 2, but this MySQL server will not act\n# as a slave.\" is no longer present.\n# galera_server_id: 0\n\n# These are here to stub out the internal ROLE API.\n# if these are used they should be set within the\n# distro specific variable files found in vars/\ngalera_debconf_items: []\ngalera_mariadb_service_name: mariadb\ngalera_mariadb_client_binary: mariadb\ngalera_mariadb_server_package: \"{{ (galera_install_method == 'external_repo') | ternary(_galera_mariadb_external_repo_package, 'mariadb-server') }}\"\n\n# The major version used to select the repo URL path\ngalera_major_version: 11.8\ngalera_minor_version: 3\n\n# Set the URL for the MariaDB repository\ngalera_repo_host: \"archive.mariadb.org\"\ngalera_repo_url: \"{{ _galera_repo_url }}\"\n\n# Set the repo information for the MariaDB repository\ngalera_repo: \"{{ _galera_repo }}\"\n\n# Mappings from Ansible reported architecture to distro release architecture\ngalera_architecture_mapping: \"{{ _galera_architecture_mapping }}\"\n\n# Set the gpg keys needed to be imported\n# This should be a list of dicts, with each dict\n# giving a set of arguments to the applicable\n# package module. The following is an example for\n# systems using the apt package manager.\n# galera_gpg_keys:\n# - id: '0xF1656F24C74CD1D8'\n# keyserver: 'hkp://keyserver.ubuntu.com:80'\n# validate_certs: no\ngalera_gpg_keys: \"{{ _galera_gpg_keys | default([]) }}\"\n\ngalera_monitoring_user: monitoring\ngalera_monitoring_user_password: \"\"\ngalera_monitoring_port: 3307\ngalera_monitoring_max_connections: 10\n\n# WARNING: Set this to open IP rules for galera monitoring.\n# This is REQUIRED to run a working openstack-ansible deployment.\n# If it's undefined the galera cluster state can't be reported,\n# and haproxy would fail to do proper load balancing on the cluster.\n# Because this opens connections to the cluster status, this\n# should be restricted, which we do in the integrated build.\n# Please override accordingly to your use case.\n# This can be replaced with other hostnames, cidr, ips, and ips + wildcards.\n# See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html\n#\n# galera_monitoring_allowed_source: \"0.0.0.0/0\"\n\n# Additional users to add or remove\ngalera_additional_users: []\n# - name: \"my_username\"\n# host: '%'\n# password: \"my_password\"\n# priv: \"*.*:USAGE\"\n# state: present\n\n# Choose 'distro' or 'external_repo'\ngalera_install_method: external_repo\n\n# Enable or disable the installation of galera development packages\ngalera_install_devel: false\n\n# Enable or disable the installation of galera server\ngalera_install_server: false\n\n# Enable or disable the galera monitoring check capability\ngalera_monitoring_check_enabled: true\n\n# Set the monitoring port used with the galera monitoring check.\ngalera_monitoring_check_port: 9200\n\ngalera_root_user: admin\n\n# WARNING: This option is deprecated and will be removed in v12.0\ngalera_gcache_size: 1024M\n\ngalera_data_dir: /var/lib/mysql\ngalera_max_heap_table_size: 32M\ngalera_tmp_table_size: 32M\ngalera_tmp_dir: /var/lib/mysql/#tmp\ngalera_ignore_db_dirs:\n - \"'#tmp'\"\n - \"lost+found\"\n\ngalera_file_limits: 164679\ngalera_wait_timeout: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n# Increase this value if large SST transfers cause mysql startup to fail due\n# to timeout\ngalera_startup_timeout: 1800\n\n## charset options\ngalera_default_charset: utf8mb3\ngalera_default_collation: general_ci\n# NOTE: Default collation set will be updated with defined above defaults\ngalera_default_collation_set:\n utf8mb3: utf8mb3_uca1400_ai_ci\n utf8mb4: utf8mb4_uca1400_ai_ci\n ucs2: ucs2_uca1400_ai_ci\n utf16: utf16_uca1400_ai_ci\n utf32: utf32_uca1400_ai_ci\n\n## innodb options\ngalera_innodb_buffer_pool_size: 4096M\ngalera_innodb_log_file_size: 1024M\ngalera_innodb_log_buffer_size: 128M\n\n## wsrep configuration\ngalera_wsrep_address: \"{{ management_address | default(ansible_host) }}\"\ngalera_wsrep_address_port: \"{{ galera_wsrep_address }}:3306\"\ngalera_wsrep_cluster_port: 4567\ngalera_wsrep_cluster_address: >-\n {% set _var = [] -%}\n {% for cluster_host in galera_cluster_members -%}\n {% set _addr = hostvars[cluster_host]['galera_wsrep_address']\n | default(hostvars[cluster_host]['ansible_host']) -%}\n {% if _var.append(_addr) %}{% endif -%}\n {% endfor -%}\n {# If only 1 cluster member is present output an empty string so the\n single-node member will re-bootstrap correctly upon restart #}\n {{ _var | join(',') if galera_cluster_members | length > 1 else '' }}\n\ngalera_wsrep_node_incoming_address: \"{{ galera_wsrep_address }}\"\n## Cap the maximum number of threads / workers when a user value is unspecified.\ngalera_wsrep_slave_threads_max: 16\ngalera_wsrep_slave_threads: \"{{ [[ansible_facts['processor_vcpus'] | default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}\"\ngalera_wsrep_retry_autocommit: 3\ngalera_wsrep_debug: NONE\ngalera_wsrep_sst_method: mariabackup\ngalera_wsrep_provider_options:\n - { option: \"gcache.size\", value: \"{{ galera_gcache_size }}\" }\n - { option: \"gmcast.listen_addr\", value: \"tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port }}\" }\ngalera_wsrep_sst_auth_user: \"{{ galera_root_user }}\"\ngalera_wsrep_sst_auth_password: \"{{ galera_root_password }}\"\n\n# mariabackup parallel/sync threads\ngalera_mariabackup_threads: 4\n\n# Galera slow/unindexed query logging\ngalera_slow_query_logging: 0\ngalera_slow_query_log_file: \"/var/log/mysql/mariadb-slow.log\"\ngalera_unindexed_query_logging: 0\n\n## Tunable overrides\ngalera_my_cnf_overrides: {}\ngalera_cluster_cnf_overrides: {}\ngalera_debian_cnf_overrides: {}\ngalera_encryption_overrides: {}\ngalera_init_overrides: {}\n\n# Set the max connections value for galera. Set this value to override the\n# computed value which is (100 x vCPUs) with a cap of 1600. If computed, the\n# lowest value throughout the cluster will be used which is something to note\n# if deploying galera on different hardware.\n# galera_max_connections: 500\n\n# This is only applied if the ansible_facts['pkg_mgr'] is 'apt'\ngalera_distro_package_pins:\n - package: \"*\"\n release: MariaDB\n priority: 999\n - package: \"mariadb-*\"\n version: \"1:{{ galera_major_version }}.{{ galera_minor_version }}*\"\n priority: 1001\n\n# Galera Server SSL functionality.\n\n# Storage location for SSL certificate authority\ngalera_pki_dir: \"{{ openstack_pki_dir | default('/etc/pki/galera-ca') }}\"\n\n# Create a certificate authority if one does not already exist\ngalera_pki_create_ca: \"{{ openstack_pki_authorities is not defined | bool }}\"\ngalera_pki_regen_ca: \"\"\n\ngalera_pki_authorities:\n - name: \"MariaDBRoot\"\n country: \"GB\"\n state_or_province_name: \"England\"\n organization_name: \"Example Corporation\"\n organizational_unit_name: \"IT Security\"\n cn: \"MariaDB Root CA\"\n provider: selfsigned\n basic_constraints: \"CA:TRUE\"\n key_usage:\n - digitalSignature\n - cRLSign\n - keyCertSign\n not_after: \"+3650d\"\n - name: \"MariaDBIntermediate\"\n country: \"GB\"\n state_or_province_name: \"England\"\n organization_name: \"Example Corporation\"\n organizational_unit_name: \"IT Security\"\n cn: \"MariaDB Intermediate CA\"\n provider: ownca\n basic_constraints: \"CA:TRUE,pathlen:0\"\n key_usage:\n - digitalSignature\n - cRLSign\n - keyCertSign\n not_after: \"+3650d\"\n signed_by: \"MariaDBRoot\"\n\n# Installation details for certificate authorities\ngalera_pki_install_ca:\n - name: \"MariaDBRoot\"\n condition: \"{{ galera_pki_create_ca }}\"\n\n# Galera server certificate\ngalera_pki_keys_path: \"{{ galera_pki_dir ~ '/certs/private/' }}\"\ngalera_pki_certs_path: \"{{ galera_pki_dir ~ '/certs/certs/' }}\"\ngalera_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('MariaDBIntermediate') }}\"\ngalera_pki_intermediate_cert_path: >-\n {{\n galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt'\n }}\ngalera_pki_regen_cert: \"\"\ngalera_pki_certificates:\n - name: \"galera_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: >-\n {{\n 'DNS:' ~ ansible_facts['hostname'] ~ ',' ~ (\n (galera_address | ansible.utils.ipaddr) is string) | ternary('IP', 'DNS') ~ ':' ~ galera_address ~\n ',IP:' ~ management_address\n }}\n signed_by: \"{{ galera_pki_intermediate_cert_name }}\"\n\ngalera_use_ssl: false\ngalera_ssl_verify: true\ngalera_ssl_cert: /etc/ssl/certs/galera.pem\ngalera_ssl_key: /etc/mysql/ssl/galera.key\ngalera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem\ngalera_require_secure_transport: false\ngalera_tls_version: \"TLSv1.2,TLSv1.3\"\n\n## These options should be specified in user_variables if necessary, otherwise self-signed certs are used.\n# galera_user_ssl_cert: /etc/openstack_deploy/self_signed_certs/galera.pem\n# galera_user_ssl_key: /etc/openstack_deploy/self_signed_certs/galera.key\n# galera_user_ssl_ca_cert: /etc/openstack_deploy/self_signed_certs/galera-ca.pem\n\n# This option is used for creating the CA and overriding the Galera address on the clients side.\n# Should be set to either internal VIP or VIP FQDN, depending on what is currently used in the env.\ngalera_address: \"{{ ansible_host }}\"\n\n# Installation details for SSL certificates\ngalera_pki_install_certificates:\n - src: \"{{ galera_user_ssl_cert | default(galera_pki_certs_path ~ 'galera_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ galera_ssl_cert }}\"\n owner: \"root\"\n group: \"root\"\n mode: \"0644\"\n - src: \"{{ galera_user_ssl_key | default(galera_pki_keys_path ~ 'galera_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ galera_ssl_key }}\"\n owner: \"mysql\"\n group: \"root\"\n mode: \"0600\"\n - src: \"{{ galera_user_ssl_ca_cert | default(galera_pki_intermediate_cert_path) }}\"\n dest: \"{{ galera_ssl_ca_cert }}\"\n owner: \"root\"\n group: \"root\"\n mode: \"0644\"\n\n# MariaDB 10.1+ ships with 'PrivateDevices=True' in the systemd unit file. This\n# provides some additional security, but it causes problems with systemd 219.\n# While the security enhancements are helpful on bare metal hosts with multiple\n# services running, they are not as helpful when MariaDB is running in a\n# container with its own isolated namespaces.\n#\n# Related bugs:\n# https://bugs.launchpad.net/openstack-ansible/+bug/1697531\n# https://github.com/lxc/lxc/issues/1623\n# https://github.com/systemd/systemd/issues/6121\n#\n# Setting the following variable to 'yes' will disable the PrivateDevices\ngalera_disable_privatedevices: \"{{ _galera_disable_privatedevices }}\"\n\n# install and configure the galera client as well as the server\ngalera_install_client: false\ngalera_client_package_install: \"{{ galera_install_client }}\"\ngalera_client_package_state: \"latest\"\ngalera_client_drop_config_file: \"true\"\ngalera_client_my_cnf_overrides: {}\n\n# Delegated host for operating the certificate authority\ngalera_ssl_server: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n## Database info\ngalera_db_setup_host: \"{{ openstack_db_setup_host | default(galera_cluster_members[0] | default('localhost')) }}\"\ngalera_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])\n )\n }}\n\n# Configure backups of database\n# copies is the number of full backups to be kept, the corresponding\n# incremental backups will also be kept. Uses systemd timer instead of cron.\ngalera_mariadb_backups_enabled: false\n# galera_mariadb_backups_group_gid: \ngalera_mariadb_backups_group_name: backups\ngalera_mariadb_backups_path: \"/var/backup/mariadb_backups\"\ngalera_mariadb_backups_full_copies: 2\ngalera_mariadb_backups_full_on_calendar: \"*-*-* 00:00:00\"\ngalera_mariadb_backups_full_randomized_delay_sec: 0\ngalera_mariadb_backups_full_init_overrides: {}\n\ngalera_mariadb_backups_increment_on_calendar:\n - \"*-*-* 06:00:00\"\n - \"*-*-* 12:00:00\"\n - \"*-*-* 18:00:00\"\ngalera_mariadb_backups_increment_randomized_delay_sec: 0\ngalera_mariadb_backups_increment_init_overrides: {}\n# galera_mariadb_backups_user is the name of the mariadb database user\ngalera_mariadb_backups_user: galera_mariadb_backup\ngalera_mariadb_backups_suffix: \"{{ inventory_hostname }}\"\ngalera_mariadb_backups_cnf_file: \"/etc/mysql/mariabackup.cnf\"\ngalera_mariadb_backups_nodes: [\"{{ galera_cluster_members[0] }}\"]\ngalera_mariadb_backups_compress: false\ngalera_mariadb_backups_compressor: gzip\n\ngalera_mariadb_encryption_enabled: false\ngalera_mariadb_encryption_plugin: \"file_key_management\"\ngalera_db_encryption_tmp_dir: \"\"\n","created":"2025-12-08T13:57:15.898667Z","updated":"2025-12-08T13:57:15.898679Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-galera_server/defaults/main.yml"}