X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/18e12b0e123fc3e5f344682f884feabc12da0f5a..50aea11082eaa90bd37593b9c987d38a082f4e1b:/cookbooks/mysql/recipes/default.rb diff --git a/cookbooks/mysql/recipes/default.rb b/cookbooks/mysql/recipes/default.rb index ffe699d85..baeff798e 100644 --- a/cookbooks/mysql/recipes/default.rb +++ b/cookbooks/mysql/recipes/default.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: mysql +# Cookbook:: mysql # Recipe:: default # -# Copyright 2013, OpenStreetMap Foundation +# Copyright:: 2013, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,49 +17,53 @@ # limitations under the License. # -package "mysql-server" -package "mysql-client" +include_recipe "prometheus" -service "mysql" do +mysql_variant = if platform?("ubuntu") + "mysql" + else + "mariadb" + end + +package "#{mysql_variant}-server" +package "#{mysql_variant}-client" + +service "#{mysql_variant}" do action [:enable, :start] supports :status => true, :restart => true end -conf_file = if node[:lsb][:release].to_f >= 16.04 - "/etc/mysql/mysql.conf.d/zzz-chef.cnf" - else - "/etc/mysql/conf.d/zzz-chef.cnf" - end - -template conf_file do +template "/etc/mysql/#{mysql_variant}.conf.d/zzz-chef.cnf" do source "my.cnf.erb" owner "root" group "root" - mode 0o644 - notifies :restart, "service[mysql]" + mode "644" + notifies :restart, "service[#{mysql_variant}]" +end + +service "apparmor" do + action :nothing +end + +template "/etc/apparmor.d/local/usr.sbin.mysqld" do + source "apparmor.erb" + owner "root" + group "root" + mode "644" + notifies :restart, "service[apparmor]" + only_if { ::Dir.exist?("/sys/kernel/security/apparmor") } end -package "libdbd-mysql-perl" -package "libcache-cache-perl" +mysql_password = persistent_token("mysql", "prometheus", "password") -%w[ - commands connections files handler_read handler_tmp handler_transaction - handler_write innodb_bpool innodb_bpool_act innodb_history_list_length - innodb_insert_buf innodb_io innodb_io_pend innodb_log innodb_queries - innodb_read_views innodb_rows innodb_semaphores innodb_srv_master_thread - innodb_tnx max_mem mrr myisam_indexes network_traffic performance - qcache qcache_mem select_types slow sorts table_definitions table_locks - tmp_tables -].each do |stat| - munin_plugin "mysql_#{stat}" do - target "mysql_" - end +mysql_user "prometheus" do + password mysql_password + process true + repl_client true end -%w[ - bin_relay_log files_tables replication -].each do |stat| - munin_plugin "mysql_#{stat}" do - action :delete - end +prometheus_exporter "mysqld" do + port 9104 + options "--mysqld.username=prometheus" + environment "MYSQLD_EXPORTER_PASSWORD" => mysql_password end