/chef-percona

Chef cookbooks for Percona MySQL components

Primary LanguageRuby

chef-percona Build Status Code Climate

Description

Installs the Percona MySQL client and/or server components. Optionally installs:

Requirements

Supported Platforms

The following platforms are supported by this cookbook, meaning that the recipes should run on these platforms without error:

  • Ubuntu
  • Debian
  • Amazon Linux AMI
  • CentOS
  • Red Hat
  • Scientific
  • Fedora

Cookbooks

  • apt Opscode LWRP Cookbook
  • openssl Opscode Cookbook
  • yum Opscode LWRP Cookbook

Chef

It is recommended to use a version of Chef >= 10.16.4 as that is the target of my usage and testing, though this should work with any version >= 10.0.0.

Recipes

  • percona - The default no-op recipe.
  • percona::package_repo - Sets up the package repository and installs common packages.
  • percona::client - Installs the Percona MySQL client libraries.
  • percona::server - Installs and configures the Percona MySQL server daemon.
  • percona::backup - Installs and configures the Percona XtraBackup hot backup software.
  • percona::toolkit - Installs the Percona Toolkit software
  • percona::cluster - Installs the Percona XtraDB Cluster server components
  • percona::configure_server - Used internally to manage the server configuration.
  • percona::replication - Used internally to grant permissions for replication.
  • percona::access_grants - Used internally to grant permissions for recipes.
  • percona::monitoring - Installs Percona monitoring plugins for Nagios

Usage

This cookbook installs the Percona MySQL components if not present, and pulls updates if they are installed on the system.

Encrypted Passwords

This cookbook requires Encrypted Data Bags. If you forget to use them or do not use a node attribute to overwrite them empty passwords will be used.

To use encrypted passwords, you must create an encrypted data bag. This cookbook assumes a data bag named passwords, but you can override the name using the node[:percona][:encrypted_data_bag] attribute.

This cookbook expects a mysql item and a system item. Please refer to the official documentation on how to get this setup. It actually uses a MySQL example so it can be mostly copied. Ensure you cover the data bag items as described below.

mysql item

The mysql item should contain entries for root, backup, and replication. If no value is found, the cookbook will fall back to the default non-encrypted password.

system item

The "system" item should contain an entry for the debian system user as specified in the node[:percona][:server][:debian_username] attribute. If no such entry is found, the cookbook will fall back to the default non-encrypted password.

Example: "passwords" data bag - this example assumes that node[:percona][:server][:debian_username] = debian-sys-maint

{
  "mysql" :
  {
    "root" : "trywgFA6R70NO28PNhMpGhEvKBZuxouemnbnAUQsUyo"
    "backup" : "eqoiudfj098389fjadfkadf"
    "replication" : "qwo0fj0213fm9020fm2023fjsld"
  },
  "system" :
  {
    "debian-sys-maint" : "dwoifm2340f024jfadgfu243hf2"
  }
}

Above shows the encrypted password in the data bag. Check out the encrypted_data_bag_secret setting in knife.rb to setup your data bag secret during bootstrapping.

Attributes

You can now create users, databases, and grants using attributes. For example:

"percona": {
  "server": {
    "databases": {
      "mydb1": { "charset": "utf8", "collate": "utf8_unicode_ci" },
      "mydb2": { "charset": "utf8", "collate": "utf8_unicode_ci" }
    },
    "users": {
      "myuser1": {
        "host": "localhost",
        "password": "plaintextisfinesometimes",
        "grants": [
          "all on *.*"
        ]
      },
      "myuser2": {
        "grants": [
          "select, insert, update, delete, create temporary tables ON mydb2.*"
        ]
      }
    }
  }
}

The passwords for your users can only be set via encrypted data bags, in the same way as in the example for mysql root above.

Of course you can also control the server configuration:

# Always restart percona on configuration changes
default["percona"]["auto_restart"] = true

case node["platform_family"]
when "debian"
  default["percona"]["server"]["socket"]                        = "/var/run/mysqld/mysqld.sock"
  default["percona"]["server"]["default_storage_engine"]        = "InnoDB"
  default["percona"]["server"]["includedir"]                    = "/etc/mysql/conf.d/"
  default["percona"]["server"]["pidfile"]                       = "/var/run/mysqld/mysqld.pid"
when "rhel"
  default["percona"]["server"]["socket"]                        = "/var/lib/mysql/mysql.sock"
  default["percona"]["server"]["default_storage_engine"]        = "innodb"
  default["percona"]["server"]["includedir"]                    = ""
  default["percona"]["server"]["pidfile"]                       = "/var/lib/mysql/mysqld.pid"
end

# Cookbook Settings
default["percona"]["main_config_file"]                          = "/etc/my.cnf"
default["percona"]["keyserver"]                                 = "keys.gnupg.net"
default["percona"]["encrypted_data_bag"]                        = "passwords"

# Start percona server on boot
default["percona"]["server"]["enable"]                          = true

# Basic Settings
default["percona"]["server"]["role"]                            = "standalone"
default["percona"]["server"]["username"]                        = "mysql"
default["percona"]["server"]["datadir"]                         = "/var/lib/mysql"
default["percona"]["server"]["tmpdir"]                          = "/tmp"
default["percona"]["server"]["debian_username"]                 = "debian-sys-maint"
default["percona"]["server"]["nice"]                            = 0
default["percona"]["server"]["open_files_limit"]                = 16384
default["percona"]["server"]["hostname"]                        = "localhost"
default["percona"]["server"]["basedir"]                         = "/usr"
default["percona"]["server"]["port"]                            = 3306
default["percona"]["server"]["language"]                        = "/usr/share/mysql/english"
default["percona"]["server"]["skip_external_locking"]           = true
default["percona"]["server"]["net_read_timeout"]                = 120
default["percona"]["server"]["old_passwords"]                   = 1
default["percona"]["server"]["bind_address"]                    = "127.0.0.1"
%w[debian_password root_password].each do |attribute|
  next if defined?(node["percona"]["server"][attribute])
  default["percona"]["server"][attribute]                       = secure_password
end

# Fine Tuning
default["percona"]["server"]["key_buffer"]                      = "16M"
default["percona"]["server"]["max_allowed_packet"]              = "64M"
default["percona"]["server"]["thread_stack"]                    = "192K"
default["percona"]["server"]["query_alloc_block_size"]          = "16K"
default["percona"]["server"]["memlock"]                         = false
default["percona"]["server"]["transaction_isolation"]           = "REPEATABLE-READ"
default["percona"]["server"]["tmp_table_size"]                  = "64M"
default["percona"]["server"]["max_heap_table_size"]             = "64M"
default["percona"]["server"]["sort_buffer_size"]                = "8M"
default["percona"]["server"]["join_buffer_size"]                = "8M"
default["percona"]["server"]["thread_cache_size"]               = 16
default["percona"]["server"]["back_log"]                        = 50
default["percona"]["server"]["max_connections"]                 = 30
default["percona"]["server"]["max_connect_errors"]              = 9999999
default["percona"]["server"]["table_cache"]                     = 8192

# Query Cache Configuration
default["percona"]["server"]["query_cache_size"]                = "64M"
default["percona"]["server"]["query_cache_limit"]               = "2M"

# Logging and Replication
default["percona"]["server"]["sync_binlog"]                     = 1
default["percona"]["server"]["slow_query_log"]                  = 1
default["percona"]["server"]["slow_query_log_file"]             = "/var/log/mysql/mysql-slow.log"
default["percona"]["server"]["long_query_time"]                 = 2
default["percona"]["server"]["server_id"]                       = 1
default["percona"]["server"]["binlog_do_db"]                    = []
default["percona"]["server"]["expire_logs_days"]                = 10
default["percona"]["server"]["max_binlog_size"]                 = "100M"
default["percona"]["server"]["binlog_cache_size"]               = "1M"
default["percona"]["server"]["log_bin"]                         = "master-bin"
default["percona"]["server"]["relay_log"]                       = "slave-relay-bin"
default["percona"]["server"]["log_slave_updates"]               = false
default["percona"]["server"]["log_warnings"]                    = true
default["percona"]["server"]["log_long_format"]                 = false
default["percona"]["server"]["bulk_insert_buffer_size"]         = "64M"

# MyISAM Specific
default["percona"]["server"]["myisam_recover"]                  = "BACKUP"
default["percona"]["server"]["myisam_sort_buffer_size"]         = "128M"
default["percona"]["server"]["myisam_max_sort_file_size"]       = "10G"
default["percona"]["server"]["myisam_repair_threads"]           = 1

# InnoDB Specific
default["percona"]["server"]["skip_innodb"]                     = false
default["percona"]["server"]["innodb_additional_mem_pool_size"] = "32M"
default["percona"]["server"]["innodb_buffer_pool_size"]         = "128M"
default["percona"]["server"]["innodb_data_file_path"]           = "ibdata1:10M:autoextend"
default["percona"]["server"]["innodb_file_per_table"]           = true
default["percona"]["server"]["innodb_data_home_dir"]            = ""
default["percona"]["server"]["innodb_thread_concurrency"]       = 16
default["percona"]["server"]["innodb_flush_log_at_trx_commit"]  = 1
default["percona"]["server"]["innodb_fast_shutdown"]            = false
default["percona"]["server"]["innodb_log_buffer_size"]          = "64M"
default["percona"]["server"]["innodb_log_file_size"]            = "5M"
default["percona"]["server"]["innodb_log_files_in_group"]       = 2
default["percona"]["server"]["innodb_max_dirty_pages_pct"]      = 80
default["percona"]["server"]["innodb_flush_method"]             = "O_DIRECT"
default["percona"]["server"]["innodb_lock_wait_timeout"]        = 120

# Replication Settings
default["percona"]["server"]["replication"]["read_only"]        = false
default["percona"]["server"]["replication"]["host"]             = ""
default["percona"]["server"]["replication"]["username"]         = ""
default["percona"]["server"]["replication"]["password"]         = ""
default["percona"]["server"]["replication"]["port"]             = 3306

# XtraBackup Settings
default["percona"]["backup"]["configure"]                       = false
default["percona"]["backup"]["username"]                        = "backup"
unless defined?(node["percona"]["backup"]["password"])
  default["percona"]["backup"]["password"]                      = secure_password
end

# XtraDB Cluster Settings
default["percona"]["cluster"]["binlog_format"]                  = "ROW"
default["percona"]["cluster"]["wsrep_provider"]                 = "/usr/lib64/libgalera_smm.so"
default["percona"]["cluster"]["wsrep_cluster_address"]          = ""
default["percona"]["cluster"]["wsrep_slave_threads"]            = 2
default["percona"]["cluster"]["wsrep_cluster_name"]             = ""
default["percona"]["cluster"]["wsrep_sst_method"]               = "rsync"
default["percona"]["cluster"]["wsrep_node_name"]                = ""
default["percona"]["cluster"]["innodb_locks_unsafe_for_binlog"] = 1
default["percona"]["cluster"]["innodb_autoinc_lock_mode"]       = 2

Monitoring.rb

default['percona']['plugins_url'] = "http://www.percona.com/downloads/percona-monitoring-plugins/"
default['percona']['plugins_version'] = "1.0.2"
default['percona']['plugins_sha'] = "da84cfe89637292da15ddb1e66f67ad9703fa21392d8d49e664ad08f7aa45585"
default['percona']['plugins_path'] = "/opt/pmp"

Explicit my.cnf templating

In some situation it is preferable to explicitly define the attributes needed in a my.cnf file. This is enabled by adding categories to the node[:percona][:conf] attributes. All keys found in the node[:percona][:conf] map will represent categories in the my.cnf file. Each category contains a map of attributes that will be written to the my.cnf file for that category. See the example for more details.

Example:

node["percona"]["conf"]["mysqld"]["slow_query_log_file"] = "/var/lib/mysql/data/mysql-slow.log"

This configuration would write the mysqld category to the my.cnf file and have an attribute slow_query_log_file whose value would be /var/lib/mysql/data/mysql-slow.log.

Example output (my.cnf):

[mysqld]
slow_query_log_file = /var/lib/mysql/data/mysql-slow.log

Dynamically setting the bind address

There's a special attribute node['percona']['server']['bind_to'] that allows you to dynamically set the bind address. This attribute accepts the values 'public_ip', 'private_ip', 'loopback', or and interface name like 'eth0'. Based on this, the recipe will find a corresponding ipv4 address, and override the node['percona']['server']['bind_address'] attribute.

Goals

In no particular order:

  • Be the most flexible way to setup a MySQL distribution through Chef
    • Support for Chef Solo
    • Support for Chef Server
  • Support the following common database infrastructures:
    • Single server instance
    • Traditional Master/Slave replication
    • Multi-master cluster replication
  • Support the most common Chef runtime environments
  • Be the easiest way to setup a MySQL distribution through Chef

TODO

  • Fully support all of the standard Chef-supported distributions

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Contributors

Many thanks go to the following contributors who have helped to make this cookbook even better:

  • @jagcrete
    • configurable keyserver
    • encrypted password data bag
    • custom my.cnf file
  • @pwelch
    • ensure cookbook dependencies are loaded
    • Foodcritic compliance updates
    • various minor patches and updates
  • @masv
    • compatibility updates for 5.5
  • @stottsan
    • config cleanup to prevent service restarts on chef run
  • @abecciu
    • auto-generate secure passwords by default
    • add ability to dynamically set the bind address
    • add support for main_config_file attribute
  • @patcon
    • add yum support for centos, amazon, scientific, fedora, and redhat distributions
  • @psi
    • fixes required for RedHat platforms
  • @TheSerapher
    • improvements for master/slave replication setup
    • updates and clarifications to the README
    • add attribute to control server restart on config changes
  • @bensomers
    • minor fixes to replication.sql
    • fix a very dangerous bug around binlog-do-db setting for slave servers
    • fix slow query log setting for 5.5
  • @tdg5
    • avoid use of set_unless for chef-solo, workaround for CHEF-2945
  • @gpendler
    • avoid re-installation of packages RedHat platforms
  • @vinu
    • pin the percona apt repo with high priority
  • @ckuttruff
    • improve security on debian-based systems by changing config file permissions
    • don't pass mysql root password in plaintext commands
    • fix issue with -p flag when setting initial password
  • @srodrig0209
    • add the monitoring recipe
  • @jesseadams
    • fixes for custom datadir setting use case
  • @see0
    • fix incorrect root password reference
  • @baldur
    • (honorable mention) fix incorrect root password reference
    • fix typo in attribute for server username
  • @chrisroberts
    • (honorable mention) fix issue with -p flag when setting initial password
  • @aaronjensen
    • allow server to not be started on startup
  • @pioneerit
    • add sections to .my.cnf for mysqladmin and mysqldump
  • @AndreyChernyh
    • use resources helper to support newer chef versions

License

Author:: Phil Cohen (github@phlippers.net) endorse

Copyright:: 2011-2013, Phil Cohen

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.