| 3294 |
rexy |
1 |
#!/bin/bash
|
|
|
2 |
|
|
|
3 |
#########################
|
|
|
4 |
## ALCASAR replication ##
|
|
|
5 |
## install ##
|
|
|
6 |
#########################
|
|
|
7 |
# The script is designed to setup replication between ALCASAR instances.
|
|
|
8 |
|
|
|
9 |
# Constants
|
|
|
10 |
readonly PASSWD_FILE="/root/ALCASAR-passwords.txt"
|
|
|
11 |
readonly REPL_USER="replication"
|
| 3308 |
rexy |
12 |
readonly REPL_DB_USER="db_replication"
|
| 3294 |
rexy |
13 |
readonly REPL_PWD_LENGTH=16
|
|
|
14 |
readonly REPL_DB_PWD_LENGTH=16
|
|
|
15 |
readonly DB_CONF=/etc/my.cnf.d/server.cnf
|
|
|
16 |
readonly DB_REPL_CONF=/etc/my.cnf.d/replication.cnf
|
|
|
17 |
readonly EXPIRE_BINLOG_DAYS=31
|
|
|
18 |
readonly ALCASAR_CONF=/usr/local/etc/alcasar.conf
|
|
|
19 |
|
|
|
20 |
# Dynamically generated constants
|
|
|
21 |
DB_ROOT_PWD="$(grep db_root "$PASSWD_FILE" | cut -d '=' -f 2-)"
|
|
|
22 |
readonly DB_ROOT_PWD
|
|
|
23 |
REPL_PWD="$(tr -dc "a-zA-Z0-9" < /dev/random | head -c "$REPL_PWD_LENGTH")"
|
|
|
24 |
readonly REPL_PWD
|
|
|
25 |
REPL_DB_PWD="$(tr -dc "a-zA-Z0-9" < /dev/random | head -c "$REPL_DB_PWD_LENGTH")"
|
|
|
26 |
readonly REPL_DB_PWD
|
|
|
27 |
|
|
|
28 |
# Execute SQL queries on local server
|
|
|
29 |
exec_query() {
|
|
|
30 |
if [ $# -ne 1 ]
|
|
|
31 |
then
|
|
|
32 |
echo "A SQL query must be given." >&2
|
|
|
33 |
return 1
|
|
|
34 |
fi
|
|
|
35 |
# Execute the query
|
|
|
36 |
/usr/bin/mariadb --user=root --password="$DB_ROOT_PWD" --execute="$1"
|
|
|
37 |
}
|
|
|
38 |
|
|
|
39 |
if grep -q "REPLICATION=on" "$ALCASAR_CONF"
|
|
|
40 |
then
|
|
|
41 |
echo "error: replication is already installed" >&2
|
|
|
42 |
exit 2
|
|
|
43 |
fi
|
|
|
44 |
|
|
|
45 |
# Save generated credentials for system user
|
|
|
46 |
echo "# Replication account for remote access" >> "$PASSWD_FILE"
|
|
|
47 |
echo "replication=$REPL_USER" >> "$PASSWD_FILE"
|
|
|
48 |
echo "replication_pwd=$REPL_PWD" >> "$PASSWD_FILE"
|
|
|
49 |
echo "Replication user: $REPL_USER"
|
|
|
50 |
echo "Replication password: $REPL_PWD"
|
|
|
51 |
|
|
|
52 |
# Save generated credentials for database user
|
|
|
53 |
echo "# Database replication account" >> "$PASSWD_FILE"
|
|
|
54 |
echo "db_replication=$REPL_DB_USER" >> "$PASSWD_FILE"
|
|
|
55 |
echo "db_replication_pwd=$REPL_DB_PWD" >> "$PASSWD_FILE"
|
|
|
56 |
echo "Database replication user: $REPL_DB_USER"
|
|
|
57 |
echo "Database replication password: $REPL_DB_PWD"
|
|
|
58 |
|
| 3318 |
rexy |
59 |
# Create local database replication user
|
| 3294 |
rexy |
60 |
echo "Creating '$REPL_DB_USER' user on database..."
|
|
|
61 |
exec_query "CREATE USER '$REPL_DB_USER'@'%' IDENTIFIED BY '$REPL_DB_PWD'" || exit
|
|
|
62 |
echo "Granting '$REPL_DB_USER' user for replication..."
|
|
|
63 |
exec_query "GRANT REPLICATION REPLICA ON *.* TO '$REPL_DB_USER'@'%'" || exit
|
|
|
64 |
exec_query "FLUSH PRIVILEGES" || exit
|
|
|
65 |
|
|
|
66 |
# Remove forbidden characters for MariaDB
|
|
|
67 |
safe_hostname=$(echo "$HOSTNAME" | tr "[./]" '-')
|
|
|
68 |
|
|
|
69 |
# Enable binary logging
|
|
|
70 |
echo "Enabling binary logging..."
|
|
|
71 |
echo -n "[mariadb]
|
|
|
72 |
log-bin
|
|
|
73 |
report_host=$safe_hostname
|
|
|
74 |
log-basename=$safe_hostname
|
|
|
75 |
binlog-format=mixed
|
|
|
76 |
expire_logs_days=$EXPIRE_BINLOG_DAYS
|
|
|
77 |
master_retry_count=0
|
| 3317 |
rexy |
78 |
log_slave_updates=0
|
| 3294 |
rexy |
79 |
binlog-ignore-db=information_schema
|
|
|
80 |
binlog-ignore-db=mysql
|
|
|
81 |
binlog-ignore-db=performance_schema
|
| 3317 |
rexy |
82 |
binlog-ignore-db=sys
|
|
|
83 |
binlog-ignore-db=gammu
|
|
|
84 |
replicate-ignore-table = radius.radacct
|
|
|
85 |
replicate-ignore-table = radius.totacct
|
|
|
86 |
replicate-ignore-table = radius.mtotacct
|
| 3294 |
rexy |
87 |
" > "$DB_REPL_CONF"
|
|
|
88 |
|
|
|
89 |
# Listen on localhost
|
|
|
90 |
sed -i "s?^.*skip-networking.*?#skip-networking?" "$DB_CONF"
|
|
|
91 |
sed -i "s?^#bind-address.*?bind-address=127.0.0.1?" "$DB_CONF"
|
|
|
92 |
|
|
|
93 |
# Apply binary logging
|
|
|
94 |
echo "Restarting MariaDB..."
|
|
|
95 |
/usr/bin/systemctl restart mariadb.service
|
| 3309 |
rexy |
96 |
echo "initializing binary logging"
|
|
|
97 |
exec_query "RESET MASTER" || exit
|
| 3294 |
rexy |
98 |
|
|
|
99 |
# User for SSH tunneling
|
|
|
100 |
echo "Creating replication user..."
|
|
|
101 |
/usr/sbin/useradd -s /bin/sh -m "$REPL_USER"
|
|
|
102 |
echo -e "$REPL_PWD\n$REPL_PWD" | passwd "$REPL_USER"
|
|
|
103 |
mkdir "/home/$REPL_USER/.ssh"
|
|
|
104 |
touch "/home/$REPL_USER/.ssh/authorized_keys"
|
|
|
105 |
chown replication:replication -R "/home/$REPL_USER/.ssh"
|
| 3318 |
rexy |
106 |
echo $REPL_DB_PWD > /home/$REPL_USER/db_replication_user_pass.txt
|
|
|
107 |
chown $REPL_USER:$REPL_USER /home/$REPL_USER/db_replication_user_pass.txt; chmod 400 /home/$REPL_USER/db_replication_user_pass.txt
|
| 3294 |
rexy |
108 |
|
|
|
109 |
# Generate user SSH key
|
|
|
110 |
if ! ls ~/.ssh/id_* &> /dev/null
|
|
|
111 |
then
|
|
|
112 |
echo "Generating SSH key..."
|
|
|
113 |
mkdir ~/.ssh
|
|
|
114 |
/usr/bin/ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
|
|
|
115 |
fi
|
|
|
116 |
|
|
|
117 |
echo "Setting replication state to 'on'..."
|
|
|
118 |
sed -i "/^REPLICATION=/s/off/on/" "$ALCASAR_CONF"
|
|
|
119 |
|
|
|
120 |
echo "Database replication succesfully installed."
|