| 3294 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
#########################
|
|
|
4 |
## ALCASAR replication ##
|
|
|
5 |
## install ##
|
|
|
6 |
#########################
|
|
|
7 |
# The script is designed to setup replication between ALCASAR instances.
|
|
|
8 |
|
|
|
9 |
# Constants
|
|
|
10 |
readonly PASSWD_FILE="/root/ALCASAR-passwords.txt"
|
|
|
11 |
readonly REPL_USER="replication"
|
| 3308 |
rexy |
12 |
readonly REPL_DB_USER="db_replication"
|
| 3294 |
rexy |
13 |
readonly REPL_PWD_LENGTH=16
|
|
|
14 |
readonly REPL_DB_PWD_LENGTH=16
|
|
|
15 |
readonly DB_CONF=/etc/my.cnf.d/server.cnf
|
|
|
16 |
readonly DB_REPL_CONF=/etc/my.cnf.d/replication.cnf
|
|
|
17 |
readonly EXPIRE_BINLOG_DAYS=31
|
|
|
18 |
readonly ALCASAR_CONF=/usr/local/etc/alcasar.conf
|
|
|
19 |
|
|
|
20 |
# Dynamically generated constants
|
|
|
21 |
DB_ROOT_PWD="$(grep db_root "$PASSWD_FILE" | cut -d '=' -f 2-)"
|
|
|
22 |
readonly DB_ROOT_PWD
|
|
|
23 |
REPL_PWD="$(tr -dc "a-zA-Z0-9" < /dev/random | head -c "$REPL_PWD_LENGTH")"
|
|
|
24 |
readonly REPL_PWD
|
|
|
25 |
REPL_DB_PWD="$(tr -dc "a-zA-Z0-9" < /dev/random | head -c "$REPL_DB_PWD_LENGTH")"
|
|
|
26 |
readonly REPL_DB_PWD
|
|
|
27 |
|
| 3322 |
rexy |
28 |
# Variables
|
|
|
29 |
role=""
|
|
|
30 |
|
|
|
31 |
# Check script args
|
|
|
32 |
# $@: script args
|
|
|
33 |
check_args() {
|
|
|
34 |
# Parse args
|
|
|
35 |
args="$(getopt --longoptions "primary,secondary,help" --options "p,s,h" -- "$@")"
|
|
|
36 |
# Reset script args list
|
|
|
37 |
eval set -- "$args"
|
|
|
38 |
# Print help
|
|
|
39 |
if [ "$#" -eq 1 ]
|
|
|
40 |
then
|
|
|
41 |
usage
|
|
|
42 |
return 1
|
|
|
43 |
fi
|
|
|
44 |
# Loop over all args
|
|
|
45 |
while true
|
|
|
46 |
do
|
|
|
47 |
case "$1" in
|
|
|
48 |
--primary | -p)
|
|
|
49 |
role="primary"
|
|
|
50 |
break
|
|
|
51 |
;;
|
|
|
52 |
--secondary | -s)
|
|
|
53 |
role="secondary"
|
|
|
54 |
break
|
|
|
55 |
;;
|
|
|
56 |
--help | -h)
|
|
|
57 |
usage
|
|
|
58 |
return 2
|
|
|
59 |
;;
|
|
|
60 |
--)
|
|
|
61 |
# End of args
|
|
|
62 |
break
|
|
|
63 |
;;
|
|
|
64 |
*)
|
|
|
65 |
echo "error: unknown $1" >&2
|
|
|
66 |
return 3
|
|
|
67 |
break
|
|
|
68 |
;;
|
|
|
69 |
esac
|
|
|
70 |
done
|
|
|
71 |
}
|
|
|
72 |
|
| 3294 |
rexy |
73 |
# Execute SQL queries on local server
|
|
|
74 |
exec_query() {
|
|
|
75 |
if [ $# -ne 1 ]
|
|
|
76 |
then
|
|
|
77 |
echo "A SQL query must be given." >&2
|
|
|
78 |
return 1
|
|
|
79 |
fi
|
|
|
80 |
# Execute the query
|
|
|
81 |
/usr/bin/mariadb --user=root --password="$DB_ROOT_PWD" --execute="$1"
|
|
|
82 |
}
|
|
|
83 |
|
| 3322 |
rexy |
84 |
# Print help message
|
|
|
85 |
usage() {
|
|
|
86 |
echo "usage: $0 OPTIONS"
|
|
|
87 |
echo
|
|
|
88 |
echo "OPTIONS"
|
|
|
89 |
echo " --primary, -p"
|
|
|
90 |
echo " Install replication as primary"
|
|
|
91 |
echo " --secandary, -s"
|
|
|
92 |
echo " Install replication as secondary"
|
|
|
93 |
echo " --help, -h"
|
|
|
94 |
echo " print this help message"
|
|
|
95 |
}
|
|
|
96 |
|
|
|
97 |
# Main
|
|
|
98 |
check_args "$@" || exit
|
|
|
99 |
|
|
|
100 |
if grep -q "REPLICATION=primary" "$ALCASAR_CONF" || grep -q "REPLICATION=secondary" "$ALCASAR_CONF"
|
| 3294 |
rexy |
101 |
then
|
|
|
102 |
echo "error: replication is already installed" >&2
|
|
|
103 |
exit 2
|
|
|
104 |
fi
|
|
|
105 |
|
|
|
106 |
# Save generated credentials for system user
|
|
|
107 |
echo "# Replication account for remote access" >> "$PASSWD_FILE"
|
|
|
108 |
echo "replication=$REPL_USER" >> "$PASSWD_FILE"
|
|
|
109 |
echo "replication_pwd=$REPL_PWD" >> "$PASSWD_FILE"
|
|
|
110 |
echo "Replication user: $REPL_USER"
|
|
|
111 |
echo "Replication password: $REPL_PWD"
|
|
|
112 |
|
|
|
113 |
# Save generated credentials for database user
|
|
|
114 |
echo "# Database replication account" >> "$PASSWD_FILE"
|
|
|
115 |
echo "db_replication=$REPL_DB_USER" >> "$PASSWD_FILE"
|
|
|
116 |
echo "db_replication_pwd=$REPL_DB_PWD" >> "$PASSWD_FILE"
|
|
|
117 |
echo "Database replication user: $REPL_DB_USER"
|
|
|
118 |
echo "Database replication password: $REPL_DB_PWD"
|
|
|
119 |
|
| 3318 |
rexy |
120 |
# Create local database replication user
|
| 3294 |
rexy |
121 |
echo "Creating '$REPL_DB_USER' user on database..."
|
|
|
122 |
exec_query "CREATE USER '$REPL_DB_USER'@'%' IDENTIFIED BY '$REPL_DB_PWD'" || exit
|
|
|
123 |
echo "Granting '$REPL_DB_USER' user for replication..."
|
|
|
124 |
exec_query "GRANT REPLICATION REPLICA ON *.* TO '$REPL_DB_USER'@'%'" || exit
|
|
|
125 |
exec_query "FLUSH PRIVILEGES" || exit
|
|
|
126 |
|
|
|
127 |
# Remove forbidden characters for MariaDB
|
|
|
128 |
safe_hostname=$(echo "$HOSTNAME" | tr "[./]" '-')
|
|
|
129 |
|
|
|
130 |
# Enable binary logging
|
|
|
131 |
echo "Enabling binary logging..."
|
|
|
132 |
echo -n "[mariadb]
|
|
|
133 |
log-bin
|
|
|
134 |
report_host=$safe_hostname
|
|
|
135 |
log-basename=$safe_hostname
|
|
|
136 |
binlog-format=mixed
|
|
|
137 |
expire_logs_days=$EXPIRE_BINLOG_DAYS
|
|
|
138 |
master_retry_count=0
|
| 3317 |
rexy |
139 |
log_slave_updates=0
|
| 3294 |
rexy |
140 |
binlog-ignore-db=information_schema
|
|
|
141 |
binlog-ignore-db=mysql
|
|
|
142 |
binlog-ignore-db=performance_schema
|
| 3317 |
rexy |
143 |
binlog-ignore-db=sys
|
|
|
144 |
binlog-ignore-db=gammu
|
|
|
145 |
replicate-ignore-table = radius.radacct
|
|
|
146 |
replicate-ignore-table = radius.totacct
|
|
|
147 |
replicate-ignore-table = radius.mtotacct
|
| 3294 |
rexy |
148 |
" > "$DB_REPL_CONF"
|
|
|
149 |
|
|
|
150 |
# Listen on localhost
|
|
|
151 |
sed -i "s?^.*skip-networking.*?#skip-networking?" "$DB_CONF"
|
|
|
152 |
sed -i "s?^#bind-address.*?bind-address=127.0.0.1?" "$DB_CONF"
|
|
|
153 |
|
|
|
154 |
# Apply binary logging
|
|
|
155 |
echo "Restarting MariaDB..."
|
|
|
156 |
/usr/bin/systemctl restart mariadb.service
|
| 3309 |
rexy |
157 |
echo "initializing binary logging"
|
|
|
158 |
exec_query "RESET MASTER" || exit
|
| 3294 |
rexy |
159 |
|
|
|
160 |
# User for SSH tunneling
|
|
|
161 |
echo "Creating replication user..."
|
|
|
162 |
/usr/sbin/useradd -s /bin/sh -m "$REPL_USER"
|
|
|
163 |
echo -e "$REPL_PWD\n$REPL_PWD" | passwd "$REPL_USER"
|
|
|
164 |
mkdir "/home/$REPL_USER/.ssh"
|
|
|
165 |
touch "/home/$REPL_USER/.ssh/authorized_keys"
|
|
|
166 |
chown replication:replication -R "/home/$REPL_USER/.ssh"
|
| 3321 |
rexy |
167 |
echo $REPL_DB_PWD > /home/$REPL_USER/local-db_replication-pwd.txt
|
|
|
168 |
chown $REPL_USER:$REPL_USER /home/$REPL_USER/local-db_replication-pwd.txt; chmod 400 /home/$REPL_USER/local-db_replication-pwd.txt
|
| 3294 |
rexy |
169 |
|
|
|
170 |
# Generate user SSH key
|
|
|
171 |
if ! ls ~/.ssh/id_* &> /dev/null
|
|
|
172 |
then
|
|
|
173 |
echo "Generating SSH key..."
|
|
|
174 |
mkdir ~/.ssh
|
|
|
175 |
/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
|
|
|
176 |
fi
|
|
|
177 |
|
| 3322 |
rexy |
178 |
echo "Setting replication state to $role"
|
|
|
179 |
sed -i "/^REPLICATION=/s/=.*/=$role/" "$ALCASAR_CONF"
|
| 3294 |
rexy |
180 |
|
|
|
181 |
echo "Database replication succesfully installed."
|
| 3322 |
rexy |
182 |
|