Compare commits
17 Commits
pkg/dev/eo
...
2.7.0/deve
| Author | SHA1 | Date | |
|---|---|---|---|
| 834ee16f02 | |||
| 85d1c09aff | |||
| eb80e522f7 | |||
| a14baa049e | |||
| 765b0c9102 | |||
| 0ab65611b0 | |||
| 52eadb6bf1 | |||
| 44629b4587 | |||
| b1bcd05792 | |||
| efc3f5848c | |||
| d19bfdebf9 | |||
| a199b9182d | |||
| d87c9ee307 | |||
| 0327098015 | |||
| 4ee18114f4 | |||
| 796b71a992 | |||
| 921e6b01a1 |
@ -2,25 +2,24 @@
|
||||
<files>
|
||||
<file filelist='dbMariaDB' name='/etc/mysql/conf.d/mariadb.cnf' rm='True' mkdir='True'/>
|
||||
<file filelist='dbCluster' name='/etc/mysql/conf.d/galera.cnf' rm='True' mkdir='True'/>
|
||||
|
||||
<file filelist='dbTunning' name='/etc/mysql/conf.d/tunning.cnf' rm='True' mkdir='True'/>
|
||||
|
||||
<service servicelist='bdd'>mariadb</service>
|
||||
<service_access service='mariadb'>
|
||||
<port service_accesslist='mariadb' protocol='tcp'>3306</port>
|
||||
<tcpwrapper service_accesslist='mariadb'>mariadb</tcpwrapper>
|
||||
<port protocol='tcp'>3306</port>
|
||||
<tcpwrapper>mariadb</tcpwrapper>
|
||||
</service_access>
|
||||
<service_access service='galera'>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4444</port>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4567</port>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4568</port>
|
||||
<port service_accesslist='dbCluster' protocol='udp'>4567</port>
|
||||
<tcpwrapper service_accesslist='mariadb'>mariadb</tcpwrapper>
|
||||
</service_access>
|
||||
|
||||
<service_restriction service='mariadb'>
|
||||
<ip interface='ifMariaDBLimit' interface_type="SymLinkOption" netmask='maskMariaDBLimit' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ipMariaDBLimit</ip>
|
||||
</service_restriction>
|
||||
|
||||
<service_access service='galera'>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>3306</port>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4444</port>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4567</port>
|
||||
<port service_accesslist='dbCluster' protocol='tcp'>4568</port>
|
||||
<port service_accesslist='dbCluster' protocol='udp'>4567</port>
|
||||
</service_access>
|
||||
<service_restriction service='galera'>
|
||||
<ip interface='ifDBCluster' interface_type="SymLinkOption" netmask='255.255.255.255' ip_type='SymLinkOption'>dbClusterMember</ip>
|
||||
</service_restriction>
|
||||
@ -117,9 +116,8 @@
|
||||
<value>galera_cluster</value>
|
||||
</variable>
|
||||
<variable name='ifDBCluster' type='string' description="Interface réseau dédiée à la grappe BDD" mandatory='True'/>
|
||||
<variable name='nodeName' type='domain' description="Nom de domaine du noeud" mandatory='True'/>
|
||||
|
||||
<variable name='dbClusterMember' type='domain' description="Nom de domaine des membres de la grappe" multi="True" mandatory='True'/>
|
||||
<variable name="dbClusterMemberIndex" description="Index du serveur dans la liste des membres de la grappe" type="number" mandatory="True"/>
|
||||
<!-- Expert Variables -->
|
||||
<variable name='dbBinLogFormat' type='string' mode='expert' description='Format du binlog'>
|
||||
<value>ROW</value>
|
||||
@ -169,9 +167,6 @@
|
||||
<slave>ifMariaDBLimit</slave>
|
||||
</group>
|
||||
|
||||
<fill name='calc_val' target='nodeName'>
|
||||
<param type='eole'>nom_domaine_machine</param>
|
||||
</fill>
|
||||
<fill name='calc_multi_condition' target='accLimitTarget'>
|
||||
<param>Default</param>
|
||||
<param type='eole' name='condition_1'>accLimits</param>
|
||||
@ -184,7 +179,6 @@
|
||||
<target type='family'>MariaDB</target>
|
||||
<!--target type='family'>Grappe MariaDB</target-->
|
||||
<target type='family'>MariaDB Tunning</target>
|
||||
<!--target type='service_accesslist'>dbCluster</target-->
|
||||
<target type='filelist'>dbTunning</target>
|
||||
<target type='filelist'>dbMariaDB</target>
|
||||
<!--target type='filelist'>dbCluster</target-->
|
||||
|
||||
11
postservice/00-bdd-cluster
Executable file
11
postservice/00-bdd-cluster
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
if [[ "$1" == "instance" ]] && [[ "$(CreoleGet dbEnable)" == "oui" ]] && [[ "$(CreoleGet dbEnableCluster)" == "oui" ]] && [[ "$(CreoleGet dbClusterPosition)" == "Leader" ]]
|
||||
then
|
||||
service mariadb stop
|
||||
galera_new_cluster
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@ -28,6 +28,8 @@ then
|
||||
|
||||
previousUsers=($(awk -F ':' '{print $1}' ${readerfile} ))
|
||||
|
||||
index=0
|
||||
|
||||
for user in ${accounts[@]}
|
||||
do
|
||||
PASS=$(awk -F ':' "/${user}:/ {print \$2}" ${readerfile})
|
||||
@ -54,7 +56,6 @@ then
|
||||
done
|
||||
fi
|
||||
|
||||
index=0
|
||||
for hst in ${hostsList[@]}
|
||||
do
|
||||
SQL="DROP USER IF EXISTS '${user}'@'${hst}';"
|
||||
@ -86,4 +87,3 @@ then
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
db=$(CreoleGet dbEnable non)
|
||||
cluster=$(CreoleGet dbEnableCluster non)
|
||||
role=$(CreoleGet dbClusterPosition 'Node')
|
||||
gstateFile="/var/lib/mysql/grastate.dat"
|
||||
|
||||
if [[ ${db} == "oui" ]]
|
||||
then
|
||||
if [[ ${cluster} == "oui" ]]
|
||||
then
|
||||
if [[ ${role} == "Leader" ]]
|
||||
then
|
||||
service mariadb stop
|
||||
galera_new_cluster
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
@ -1,66 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
systemctl stop mariadb
|
||||
|
||||
mariadb_cfdir=/etc/mysql/
|
||||
dc=$mysql_cfgdir/mariadbBackup.cnf
|
||||
mariadb_rundir=/var/run/mysqld/
|
||||
mariadb_statedir=/var/lib/mysql
|
||||
|
||||
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
|
||||
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
|
||||
# Basedir is deprecated. Remove the option if it's in an existing mariadbBackup.cnf
|
||||
sed -i '/basedir/d' "$dc"
|
||||
else
|
||||
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
|
||||
if [ ! -d "$mariadb_cfdir" ]; then
|
||||
then install -o 0 -g 0 -m 0755 -d $mariadb_cfdir
|
||||
fi
|
||||
umask 066
|
||||
cat /dev/null > $dc
|
||||
umask 022
|
||||
echo "# Automatically generated DONT'T TOUCH !!!!!!" >>$dc
|
||||
echo "[client]" >>$dc
|
||||
echo "host = localhost" >>$dc
|
||||
echo "user = maria-sys-maint" >>$dc
|
||||
echo "password = $pass" >>$dc
|
||||
echo "socket = $mariadb_rundir/mysqld.sock" >>$dc
|
||||
echo "[mysql_upgrade]" >>$dc
|
||||
echo "host = localhost" >>$dc
|
||||
echo "user = maria-sys-maint" >>$dc
|
||||
echo "password = $pass" >>$dc
|
||||
echo "socket = $mariadb_rundir/mysqld.sock" >>$dc
|
||||
fi
|
||||
|
||||
# If this dir chmod go+w then the admin did it. But this file should not.
|
||||
chown 0:0 $dc
|
||||
chmod 0600 $dc
|
||||
|
||||
# If database doesn't exist we create it.
|
||||
mkdir /var/lib/mariadb-files
|
||||
mariadb_filesdir=/var/lib/mariadb-files
|
||||
|
||||
if [ ! "$(ls -A "${mariadb_statedir}")" ] && [ -d "${mariadb_filesdir}" ]; then
|
||||
existingdatabase=0
|
||||
initfile=`mktemp --tmpdir=/var/lib/mariadb-files/`
|
||||
touch "$initfile"
|
||||
chmod 600 "$initfile"
|
||||
chown mysql:mysql "$initfile"
|
||||
echo "USE mysql; " >> "$initfile"
|
||||
db_get mysql-server/root_password && rootpw="$RET"
|
||||
if [ ! -z "$rootpw" ]; then
|
||||
rootpw=$(printf %q "${rootpw}")
|
||||
echo "ALTER USER 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> "$initfile"
|
||||
fi
|
||||
echo "CREATE USER IF NOT EXISTS 'maria-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> "$initfile"
|
||||
echo "GRANT ALL ON *.* TO 'maria-sys-maint'@'localhost' WITH GRANT OPTION;" >> "$initfile"
|
||||
echo "SHUTDOWN;" >> "$initfile"
|
||||
mysqld --initialize-insecure --user=mysql --init-file="$initfile"> /dev/null 2>&1 || true
|
||||
rm "$initfile"
|
||||
else
|
||||
existingdatabase=1
|
||||
fi
|
||||
|
||||
systemctl start mariadb
|
||||
|
||||
exit 0
|
||||
19
schedule/scripts/mariadb
Normal file
19
schedule/scripts/mariadb
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
DESC="Exportation des bases MariaDB"
|
||||
|
||||
. /usr/share/eole/schedule/config.sh
|
||||
|
||||
MYSQLSAVDIR=$SAVDIR/sql
|
||||
OPTION="--lock-tables"
|
||||
|
||||
if [[ -d ${MYSQLSAVDIR} ]]
|
||||
then
|
||||
rm -rf ${MYSQLSAVDIR}
|
||||
mkdir -p ${MYSQLSAVDIR}
|
||||
fi
|
||||
|
||||
mariabackup --defaults-file=/etc/mysql/debian.cnf --backup --target-dir=$MYSQLSAVDIR
|
||||
exit $?
|
||||
@ -1,7 +0,0 @@
|
||||
# Configuration commune aux scripts schedule
|
||||
# Configuration de base modifiée pour copier dans le partage nfs plutôt que /home
|
||||
|
||||
SAVDIR=/mnt/sauvegardes/
|
||||
# pour que l'affichage de [ ok ] soit ok
|
||||
export TERM='dumb'
|
||||
umask 0077
|
||||
@ -1,27 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
DESC="Exportation des bases MariaDB"
|
||||
|
||||
. /usr/share/eole/schedule/config.sh
|
||||
|
||||
MYSQLSAVDIR=$SAVDIR/sql
|
||||
OPTION="--lock-tables"
|
||||
|
||||
rm -f $MYSQLSAVDIR/*.sql
|
||||
mkdir -p $MYSQLSAVDIR
|
||||
|
||||
CMD="mysql --defaults-file=/etc/mysql/mariadbBackup.cnf -e 'show databases' | grep -v '^Database$'"
|
||||
DATABASES=$(CreoleRun "$CMD" mysql)
|
||||
for databasename in $DATABASES; do
|
||||
case "$databasename" in
|
||||
information_schema|performance_schema|bareos)
|
||||
continue
|
||||
;;
|
||||
*)
|
||||
CMD="mysqldump --defaults-file=/etc/mysql/mariadbBackup.cnf --databases $databasename --flush-privileges --create-options -Q -c $OPTION 2>/dev/null"
|
||||
CreoleRun "$CMD" mysql > $MYSQLSAVDIR/$databasename.sql
|
||||
;;
|
||||
esac
|
||||
done
|
||||
69
scripts/extract_hydra
Normal file
69
scripts/extract_hydra
Normal file
@ -0,0 +1,69 @@
|
||||
#!/bin/bash
|
||||
|
||||
DESC="Extraction des logs de connexion de la base Hydra"
|
||||
|
||||
. /usr/share/eole/schedule/config.sh
|
||||
|
||||
file_date=$(date '+%Y%m%d' -d@$(($(date +%s) -3600*24))) # Date pour le format des noms de fichier
|
||||
today=$(date '+%Y-%m-%d') # Date de fin de requête
|
||||
yesterday=$(date '+%Y-%m-%d' -d@$(($(date +%s) -3600*24))) # Date de début de requête
|
||||
exit_status=0
|
||||
|
||||
echo "Begin date: $(date)"
|
||||
|
||||
mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
|
||||
select concat ('requested_at: ', requested_at),
|
||||
concat ('request_id: ', request_id),
|
||||
concat ('client_id: ', client_id),
|
||||
concat ('subject: ', subject)
|
||||
into outfile 'access-${file_date}' character set utf8 fields terminated by '|'
|
||||
from hydra_oauth2_access
|
||||
where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
|
||||
order by requested_at ;
|
||||
EOF
|
||||
(( exit_status = exit_status || $? ))
|
||||
|
||||
mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
|
||||
select concat ('requested_at: ', requested_at),
|
||||
concat ('challenge: ', challenge),
|
||||
concat ('error: ', error),
|
||||
concat ('session_access_token: ', session_access_token),
|
||||
concat ('session_id_token: ', session_id_token),
|
||||
concat ('handled at: ', handled_at)
|
||||
into outfile 'consent-request-handled-${file_date}' character set utf8 fields terminated by '|'
|
||||
from hydra_oauth2_consent_request_handled
|
||||
where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
|
||||
order by requested_at ;
|
||||
EOF
|
||||
(( exit_status = exit_status || $? ))
|
||||
|
||||
mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
|
||||
select concat ('requested_at: ', requested_at),
|
||||
concat ('challenge: ', challenge),
|
||||
concat ('request_url: ', request_url),
|
||||
concat ('client_id: ', client_id),
|
||||
concat ('login_session_id: ', login_session_id)
|
||||
into outfile 'authentication-request-${file_date}' character set utf8 fields terminated by '|'
|
||||
from hydra_oauth2_authentication_request
|
||||
where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
|
||||
order by requested_at ;
|
||||
EOF
|
||||
(( exit_status = exit_status || $? ))
|
||||
|
||||
# Tags must be 32 char long max (otherwise, default fwd template truncates it)
|
||||
logger -f /var/lib/mysql/hydra/access-${file_date} -t mariadb_hydra-access-${file_date}
|
||||
logger -f /var/lib/mysql/hydra/consent-request-handled-${file_date} -t mariadb_hydra-consreq-h-${file_date}
|
||||
logger -f /var/lib/mysql/hydra/authentication-request-${file_date} -t mariadb_hydra-authreq-${file_date}
|
||||
|
||||
# Remove log files older than 7 days (already saved on the NAS)
|
||||
find /var/lib/mysql/hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
find /var/lib/mysql/hydra/ -name 'consent-request-handled-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
find /var/lib/mysql/hydra/ -name 'authentication-request-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
|
||||
find /var/log/rsyslog/local/mariadb_hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
find /var/log/rsyslog/local/mariadb_hydra/ -name 'consreq-h-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
find /var/log/rsyslog/local/mariadb_hydra/ -name 'authreq-*' -type f -mtime +7 -exec rm -vf {} \;
|
||||
|
||||
echo "End date: $(date)"
|
||||
|
||||
exit $exit_status
|
||||
25
scripts/get_hydra_table_sizes
Executable file
25
scripts/get_hydra_table_sizes
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
(
|
||||
mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
|
||||
SELECT
|
||||
TABLE_NAME AS \`Table\`,
|
||||
ROUND((DATA_LENGTH + INDEX_LENGTH) / 1024 / 1024) AS \`Size\`
|
||||
FROM
|
||||
information_schema.TABLES
|
||||
WHERE
|
||||
TABLE_SCHEMA = "hydra"
|
||||
ORDER BY
|
||||
(DATA_LENGTH + INDEX_LENGTH)
|
||||
DESC;
|
||||
EOF
|
||||
) | while read table size; do
|
||||
if [ "${table}" != Table ]; then
|
||||
real_size=$(ls -lh /var/lib/mysql/hydra/${table}.ibd | cut -d' ' -f 5)
|
||||
else
|
||||
real_size="Taille réelle"
|
||||
fi
|
||||
echo -e ${table}\\t${size}M\\t${real_size}
|
||||
done
|
||||
|
||||
echo $a
|
||||
49
scripts/optimize_hydra
Executable file
49
scripts/optimize_hydra
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Optimize sur les tables d'Hydra
|
||||
|
||||
echo "Begin date: $(date)"
|
||||
|
||||
part=$1
|
||||
|
||||
if [ -z "$part" ]; then
|
||||
echo 'Bad empty part. Please give a number between 1 and 7'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case $part in
|
||||
1)
|
||||
tables='hydra_oauth2_access'
|
||||
;;
|
||||
2)
|
||||
tables='hydra_oauth2_oidc'
|
||||
;;
|
||||
3)
|
||||
tables='hydra_oauth2_code'
|
||||
;;
|
||||
4)
|
||||
tables='hydra_oauth2_authentication_request'
|
||||
;;
|
||||
5)
|
||||
tables='hydra_oauth2_consent_request'
|
||||
;;
|
||||
6)
|
||||
tables='hydra_oauth2_logout_request, hydra_oauth2_consent_request_handled'
|
||||
;;
|
||||
7)
|
||||
tables='hydra_oauth2_authentication_session, hydra_oauth2_authentication_request_handled, hydra_oauth2_pkce'
|
||||
;;
|
||||
*)
|
||||
echo "Unexpected error. Part: $part"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
|
||||
OPTIMIZE TABLE $tables;
|
||||
EOF
|
||||
|
||||
exit_val=$?
|
||||
|
||||
echo "End date: $(date)"
|
||||
|
||||
exit $exit_val
|
||||
@ -8,7 +8,7 @@ wsrep_on=ON
|
||||
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
||||
# Galera Cluster Configuration
|
||||
wsrep_cluster_name="%%dbClusterName"
|
||||
wsrep_cluster_address="gcomm://%%nodeName,%%custom_join(%%dbClusterMember, ',')"
|
||||
wsrep_cluster_address="gcomm://%%custom_join(%%dbClusterMember, ',')"
|
||||
|
||||
# Tunning
|
||||
wsrep_provider_options="gcache.size=%%dbClusterGcacheSizeMb"
|
||||
@ -18,4 +18,4 @@ wsrep_sst_method=%%dbSSTMethod
|
||||
|
||||
# Galera Node Configuration
|
||||
wsrep_node_address="%%getVar('adresse_ip_' + %%ifDBCluster)"
|
||||
wsrep_node_name="%%nodeName"
|
||||
wsrep_node_name="%%dbClusterMember[%%dbClusterMemberIndex]
|
||||
|
||||
Reference in New Issue
Block a user