{"id":357,"sha1":"5c7d6b8d61ed6df6eff4bb96c517ec68df863fa9","playbook":{"id":3,"items":{"plays":37,"tasks":374,"results":364,"hosts":2,"files":208,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:33:24.432723Z","ended":"2025-12-08T13:39:38.483304Z","duration":"00:06:14.050581","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Run the systemd service role\n ansible.builtin.import_role:\n name: systemd_service\n vars:\n systemd_tempd_prefix: openstack\n systemd_services:\n - service_name: \"{{ galera_mariadb_service_name }}\"\n systemd_overrides_only: true\n systemd_overrides: \"{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}\"\n - service_name: \"mariadbcheck@\"\n service_type: \"oneshot\"\n execstarts: \"-/usr/local/bin/clustercheck\"\n enabled: false\n load: false\n standard_output: \"socket\"\n after_targets: []\n sockets:\n - socket_name: \"mariadbcheck\"\n enabled: \"{{ galera_monitoring_check_enabled }}\"\n options:\n ListenStream: \"{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}\"\n IPAddressDeny: any\n IPAddressAllow: \"{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}\"\n Accept: \"yes\"\n FreeBind: \"true\"\n tags:\n - galera-service\n\n# NOTE(cloudnull): The secure task is not needed on Debian based systems\n# as all of these tasks will be run on Package install\n# and running them again will cause a conflict within\n# debian based deployments.\n- name: Create galera initial secure tool\n ansible.builtin.template:\n src: \"galera_secure_node.j2\"\n dest: \"/usr/local/bin/galera_secure_node\"\n mode: \"0750\"\n when:\n - ansible_facts['pkg_mgr'] != \"apt\"\n - not galera_upgrade\n\n- name: Run galera secure\n command: \"/usr/local/bin/galera_secure_node\"\n args:\n creates: \"{{ galera_data_dir }}/osa_default_secured\"\n when:\n - ansible_facts['pkg_mgr'] != \"apt\"\n - not galera_upgrade\n tags:\n - skip_ansible_lint\n - molecule-idempotence-notest\n\n- name: Create the local directories\n ansible.builtin.file:\n path: \"{{ item.path }}\"\n state: \"directory\"\n owner: \"{{ item.owner | default('root') }}\"\n group: \"{{ item.group | default('root') }}\"\n mode: \"{{ item.mode | default('0755') }}\"\n recurse: \"{{ item.recurse | default('false') }}\"\n with_items:\n - { path: \"{{ galera_data_dir }}\", owner: \"mysql\", mode: \"02755\" }\n - { path: \"{{ galera_tmp_dir }}\", owner: \"mysql\", mode: \"02755\" } # TMP needs to be re-created after clustering, so breaks idempotence test on all[1:]\n - { path: \"/etc/mysql/conf.d\" }\n tags:\n - molecule-idempotence-notest\n\n- name: Create and install SSL certificates\n ansible.builtin.include_role:\n name: pki\n tasks_from: \"{{ galera_pki_create_ca | ternary('main.yml', 'main_certs.yml') }}\"\n vars:\n pki_setup_host: \"{{ galera_ssl_server }}\"\n pki_dir: \"{{ galera_pki_dir }}\"\n pki_create_ca: \"{{ galera_pki_create_ca }}\"\n pki_regen_ca: \"{{ galera_pki_regen_ca }}\"\n pki_authorities: \"{{ galera_pki_authorities }}\"\n pki_install_ca: \"{{ galera_pki_install_ca }}\"\n pki_create_certificates: \"{{ galera_user_ssl_cert is not defined and galera_user_ssl_key is not defined }}\"\n pki_regen_cert: \"{{ galera_pki_regen_cert }}\"\n pki_certificates: \"{{ galera_pki_certificates }}\"\n pki_install_certificates: \"{{ galera_pki_install_certificates }}\"\n when:\n - galera_use_ssl | bool\n\n# NOTE: (hwoarang) mariadb packages may drop some default configuration files\n# in {{ galera_etc_include_dir }} so make sure they are gone if necessary in\n# case they cause some conflicts with the ones we provide.\n- name: Remove existing mariadb configuration files\n ansible.builtin.file:\n state: absent\n path: \"{{ galera_etc_include_dir }}/{{ item }}\"\n with_items: \"{{ mariadb_delete_etc_conf_files | default([]) }}\"\n\n- name: Drop mariadb config(s)\n openstack.config_template.config_template:\n src: \"{{ item.src }}\"\n dest: \"{{ item.dest }}\"\n owner: \"root\"\n group: \"root\"\n mode: \"{{ item.mode | default('0644') }}\"\n config_overrides: \"{{ item.config_overrides }}\"\n config_type: \"{{ item.config_type }}\"\n ignore_none_type: false\n when: item.condition | default(True)\n with_items:\n - src: my.cnf.j2\n dest: \"{{ galera_etc_conf_file }}\"\n config_overrides: \"{{ galera_my_cnf_overrides }}\"\n config_type: \"ini\"\n - src: cluster.cnf.j2\n dest: \"{{ galera_etc_include_dir }}/cluster.cnf\"\n config_overrides: \"{{ galera_cluster_cnf_overrides }}\"\n config_type: \"ini\"\n - src: debian.cnf.j2\n dest: /etc/mysql/debian.cnf\n config_overrides: \"{{ galera_debian_cnf_overrides }}\"\n config_type: \"ini\"\n condition: \"{{ (ansible_facts['os_family'] | lower == 'debian') and (galera_root_user == 'root') }}\"\n - src: \"client.my.cnf.j2\"\n dest: \"/root/.my.cnf\"\n config_overrides: \"{{ galera_client_my_cnf_overrides }}\"\n config_type: \"ini\"\n mode: \"0600\"\n condition: \"{{ (galera_root_user == 'root') }}\"\n notify:\n - Restart all mysql\n\n- name: Apply service defaults\n ansible.builtin.template:\n src: \"mysql_defaults.j2\"\n dest: \"/etc/default/mariadb\"\n mode: \"0644\"\n notify:\n - Restart all mysql\n\n- name: Link mysql and mariadb config files\n ansible.builtin.file:\n src: \"/etc/default/mariadb\"\n dest: \"/etc/default/mysql\"\n state: \"link\"\n force: \"yes\"\n\n- name: Remove default mysql_safe_syslog\n ansible.builtin.file:\n path: \"/etc/mysql/conf.d/mysqld_safe_syslog.cnf\"\n state: absent\n\n- name: Create new cluster tool\n ansible.builtin.template:\n src: \"galera_new_cluster.j2\"\n dest: \"/usr/local/bin/galera_new_cluster\"\n mode: \"0750\"\n\n- name: Create clustercheck script\n ansible.builtin.template:\n src: \"clustercheck.j2\"\n dest: \"/usr/local/bin/clustercheck\"\n mode: \"0755\"\n","created":"2025-12-08T13:36:06.188178Z","updated":"2025-12-08T13:36:06.188221Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-galera_server/tasks/galera_server_post_install.yml"}