Merge branch 'db-cluster'

ansible/inventory/group_vars/all/ifupdown.yml

@@ -12,3 +12,4 @@ ifupdown__interfaces:
   'internal':
     iface: 'eth1'
     inet: 'dhcp'
+    allow: 'boot'

ansible/inventory/group_vars/all/mariadb_server.yml

@@ -0,0 +1,30 @@
+---
+
+mariadb_server__bind_address: '*'
+mariadb_server__allow: [ '10.13.12.0/24' ]
+mariadb_server__pki: true
+mariadb_server__pki_path: '/etc/pki/realms'
+
+mariadb_server__packages: [ 'galera-4', 'mariadb-backup' ]
+
+mariadb_server__mysqld_cluster_options:
+  name: 'cluster-options'
+  comment: 'Required for cluster operation'
+  state: 'present'
+  options:
+    'wsrep_provider': '/usr/lib/galera/libgalera_smm.so'
+    'wsrep_cluster_address': 'gcomm://db.internal.bij1.net,db2.internal.bij1.net'
+    'binlog_format': 'ROW'
+    'default_storage_engine': 'InnoDB'
+    'innodb_autoinc_lock_mode': '2'
+    'wsrep_on': 'ON'
+    'wsrep_sst_method': 'mariabackup'
+    'wsrep_sst_auth': 'mysql:'
+
+mariadb_server__ferm__dependent_rules:
+  - type: 'accept'
+    dport: [ 'mysql', '4567', '4568', '4444' ]
+    saddr: '{{ mariadb_server__allow }}'
+    accept_any: False
+    weight: '50'
+    role: 'mariadb_server'

ansible/inventory/group_vars/all/postgresql_server.yml

@@ -0,0 +1,5 @@
+---
+
+postgresql_server__listen_addresses: [ '*' ]
+postgresql_server__allow: [ '10.13.12.0/24' ]
+postgresql_server__pki: true

ansible/inventory/group_vars/all/python.yml

@@ -0,0 +1,3 @@
+---
+
+python__v2: false

ansible/inventory/host_vars/db/mariadb_server.yml

@@ -1,4 +1,4 @@
 ---
 
-mariadb_server__bind_address: '0.0.0.0'
-mariadb_server__pki: true
+mariadb_server__options:
+  'wsrep_node_address': 'db.internal.bij1.net'

ansible/inventory/host_vars/db/postgresql_server.yml

@@ -1,5 +1,15 @@
 ---
 
-postgresql_server__listen_addresses: [ '0.0.0.0' ]
-postgresql_server__allow: [ '10.13.12.0/24' ]
-postgresql_server__pki: true
+postgresql_server__cluster_main:
+  name: 'main'
+  port: '5432'
+
+  max_replication_slots: 1
+  max_wal_senders: 2
+  wal_level: 'replica'
+
+postgresql__roles:
+  - name: 'replication'
+    flags:
+      - 'REPLICATION'
+      - 'LOGIN'

ansible/inventory/host_vars/db2/mariadb_server.yml

@@ -0,0 +1,4 @@
+---
+
+mariadb_server__options:
+  'wsrep_node_address': 'db2.internal.bij1.net'

ansible/inventory/host_vars/db2/postgresql_server.yml

@@ -0,0 +1,11 @@
+---
+
+postgresql_server__cluster_main:
+  name: 'main'
+  port: '5432'
+
+  max_wal_senders: 2
+  wal_level: 'replica'
+  hot_standby: 'on'
+  standby:
+    conninfo: 'host=db.internal.bij1.net user=replication'

ansible/inventory/hosts

@@ -21,6 +21,7 @@ controller  ansible_host=controller.bij1.net  ansible_user=ansible-admin
 code        ansible_host=code.bij1.net        ansible_user=ansible-admin
 build       ansible_host=build.bij1.net       ansible_user=ansible-admin
 db          ansible_host=db.bij1.net          ansible_user=ansible-admin
+db2         ansible_host=db2.bij1.net         ansible_user=ansible-admin
 vergadering ansible_host=vergadering.bij1.net ansible_user=ansible-admin
 ; turn        ansible_host=turn.bij1.net        ansible_user=ansible-admin
 static      ansible_host=static.bij1.net      ansible_user=ansible-admin
@@ -39,6 +40,7 @@ controller
 code
 build
 db
+db2
 vergadering
 ; turn
 static
@@ -69,9 +71,14 @@ build
 
 [debops_service_mariadb_server]
 db
+db2
 
 [debops_service_postgresql_server]
 db
+db2
+
+[debops_service_postgresql]
+db
 
 [webserver]
 wp

ansible/secret/pki/realms/by-host/db2/domain/internal/intermediate.pem

@@ -0,0 +1 @@
+../../../../../authorities/domain/subject/cert.pem

ansible/secret/pki/realms/by-host/db2/domain/internal/root.pem

@@ -0,0 +1 @@
+../../../../../authorities/domain/issuer/subject/cert.pem