commit cac3bdab217673d892301e9d0e2a956fe080433f · pyrox.dev/nixpkgs

+15

nixos/doc/manual/release-notes/rl-2505.section.md

···

       379
       379
        
       

     

       380
       380
        
       - [`system.stateVersion`](#opt-system.stateVersion) is now validated and must be in the `"YY.MM"` format, ideally corresponding to a prior NixOS release.

     

       381
       381
        
       

     

       382
       382
       +
       - `services.mysql` now supports easy cluster setup via [`services.mysql.galeraCluster`](#opt-services.mysql.galeraCluster.enable) option.

     

       383
       383
       +
       

     

       384
       384
       +
         Example:

     

       385
       385
       +
       

     

       386
       386
       +
         ```nix

     

       387
       387
       +
         services.mysql = {

     

       388
       388
       +
           enable = true;

     

       389
       389
       +
           galeraCluster = {

     

       390
       390
       +
             enable = true;

     

       391
       391
       +
             localName = "Node 1";

     

       392
       392
       +
             localAddress = "galera_01";

     

       393
       393
       +
             nodeAddresses = [ "galera_01" "galera_02" "galera_03"];

     

       394
       394
       +
           };

     

       395
       395
       +
         };

     

       396
       396
       +
         ```

     

       382
       397
        
       

     

       383
       398
        
       - [`services.geoclue2`](#opt-services.geoclue2.enable) now has an `enableStatic` option, which allows the NixOS configuration to specify a fixed location for GeoClue to use.

     

       384
       399

+169 -5

nixos/modules/services/databases/mysql.nix

···

       320
       320
        
                 description = "Port number on which the MySQL master server runs.";

     

       321
       321
        
               };

     

       322
       322
        
             };

     

       323
       323
       +
       

     

       324
       324
       +
             galeraCluster = {

     

       325
       325
       +
               enable = lib.mkEnableOption "MariaDB Galera Cluster";

     

       326
       326
       +
       

     

       327
       327
       +
               package = lib.mkOption {

     

       328
       328
       +
                 type = lib.types.package;

     

       329
       329
       +
                 description = "The MariaDB Galera package that provides the shared library 'libgalera_smm.so' required for cluster functionality.";

     

       330
       330
       +
                 default = lib.literalExpression "pkgs.mariadb-galera";

     

       331
       331
       +
               };

     

       332
       332
       +
       

     

       333
       333
       +
               name = lib.mkOption {

     

       334
       334
       +
                 type = lib.types.str;

     

       335
       335
       +
                 description = "The logical name of the Galera cluster. All nodes in the same cluster must use the same name.";

     

       336
       336
       +
                 default = "galera";

     

       337
       337
       +
               };

     

       338
       338
       +
       

     

       339
       339
       +
               sstMethod = lib.mkOption {

     

       340
       340
       +
                 type = lib.types.enum [

     

       341
       341
       +
                   "rsync"

     

       342
       342
       +
                   "mariabackup"

     

       343
       343
       +
                 ];

     

       344
       344
       +
                 description = "Method for the initial state transfer (wsrep_sst_method) when a node joins the cluster. Be aware that rsync needs SSH keys to be generated and authorized on all nodes!";

     

       345
       345
       +
                 default = "rsync";

     

       346
       346
       +
                 example = "mariabackup";

     

       347
       347
       +
               };

     

       348
       348
       +
       

     

       349
       349
       +
               localName = lib.mkOption {

     

       350
       350
       +
                 type = lib.types.str;

     

       351
       351
       +
                 description = "The unique name that identifies this particular node within the cluster. Each node must have a different name.";

     

       352
       352
       +
                 example = "node1";

     

       353
       353
       +
               };

     

       354
       354
       +
       

     

       355
       355
       +
               localAddress = lib.mkOption {

     

       356
       356
       +
                 type = lib.types.str;

     

       357
       357
       +
                 description = "IP address or hostname of this node that will be used for cluster communication. Must be reachable by all other nodes.";

     

       358
       358
       +
                 example = "1.2.3.4";

     

       359
       359
       +
                 default = cfg.galeraCluster.localName;

     

       360
       360
       +
                 defaultText = lib.literalExpression "config.services.mysql.galeraCluster.localName";

     

       361
       361
       +
               };

     

       362
       362
       +
       

     

       363
       363
       +
               nodeAddresses = lib.mkOption {

     

       364
       364
       +
                 type = lib.types.listOf lib.types.str;

     

       365
       365
       +
                 description = "IP addresses or hostnames of all nodes in the cluster, including this node. This is used to construct the default clusterAddress connection string.";

     

       366
       366
       +
                 example = lib.literalExpression ''["10.0.0.10" "10.0.0.20" "10.0.0.30"]'';

     

       367
       367
       +
                 default = [ ];

     

       368
       368
       +
               };

     

       369
       369
       +
       

     

       370
       370
       +
               clusterPassword = lib.mkOption {

     

       371
       371
       +
                 type = lib.types.str;

     

       372
       372
       +
                 description = "Optional password for securing cluster communications. If provided, it will be used in the clusterAddress for authentication between nodes.";

     

       373
       373
       +
                 example = "SomePassword";

     

       374
       374
       +
                 default = "";

     

       375
       375
       +
               };

     

       376
       376
       +
       

     

       377
       377
       +
               clusterAddress = lib.mkOption {

     

       378
       378
       +
                 type = lib.types.str;

     

       379
       379
       +
                 description = "Full Galera cluster connection string. If nodeAddresses is set, this will be auto-generated, but you can override it with a custom value. Format is typically 'gcomm://node1,node2,node3' with optional parameters.";

     

       380
       380
       +
                 example = "gcomm://10.0.0.10,10.0.0.20,10.0.0.30?gmcast.seg=1:SomePassword";

     

       381
       381
       +
                 default =

     

       382
       382
       +
                   if (cfg.galeraCluster.nodeAddresses == [ ]) then

     

       383
       383
       +
                     ""

     

       384
       384
       +
                   else

     

       385
       385
       +
                     "gcomm://${builtins.concatStringsSep "," cfg.galeraCluster.nodeAddresses}"

     

       386
       386
       +
                     + lib.optionalString (

     

       387
       387
       +
                       cfg.galeraCluster.clusterPassword != ""

     

       388
       388
       +
                     ) "?gmcast.seg=1:${cfg.galeraCluster.clusterPassword}";

     

       389
       389
       +
                 defaultText = lib.literalExpression ''

     

       390
       390
       +
                   if (config.services.mysql.galeraCluster.nodeAddresses == [ ]) then

     

       391
       391
       +
                     ""

     

       392
       392
       +
                   else

     

       393
       393
       +
                     "gcomm://''${builtins.concatStringsSep \",\" config.services.mysql.galeraCluster.nodeAddresses}"

     

       394
       394
       +
                     + lib.optionalString (config.services.mysql.galeraCluster.clusterPassword != "")

     

       395
       395
       +
                       "?gmcast.seg=1:''${config.services.mysql.galeraCluster.clusterPassword}"

     

       396
       396
       +
                 '';

     

       397
       397
       +
               };

     

       398
       398
       +
       

     

       399
       399
       +
             };

     

       323
       400
        
           };

     

       324
       401
        
       

     

       325
       402
        
         };

     
···

       327
       404
        
         ###### implementation

     

       328
       405
        
       

     

       329
       406
        
         config = lib.mkIf cfg.enable {

     

       407
       407
       +
           assertions = [

     

       408
       408
       +
             {

     

       409
       409
       +
               assertion = !cfg.galeraCluster.enable || isMariaDB;

     

       410
       410
       +
               message = "'services.mysql.galeraCluster.enable' expect services.mysql.package to be an mariadb variant";

     

       411
       411
       +
             }

     

       412
       412
       +
             {

     

       413
       413
       +
               assertion =

     

       414
       414
       +
                 !cfg.galeraCluster.enable

     

       415
       415
       +
                 || (

     

       416
       416
       +
                   cfg.galeraCluster.localAddress != ""

     

       417
       417
       +
                   && (cfg.galeraCluster.nodeAddresses != [ ] || cfg.galeraCluster.clusterAddress != "")

     

       418
       418
       +
                 );

     

       419
       419
       +
               message = "mariadb galera cluster is enabled but the localAddress and (nodeAddresses or clusterAddress) are not set";

     

       420
       420
       +
             }

     

       421
       421
       +
             {

     

       422
       422
       +
               assertion = !(cfg.galeraCluster.clusterAddress != "" && cfg.galeraCluster.clusterPassword != "");

     

       423
       423
       +
               message = "mariadb galera clusterPassword is set but overwritten by clusterAddress";

     

       424
       424
       +
             }

     

       425
       425
       +
             {

     

       426
       426
       +
               assertion =

     

       427
       427
       +
                 !(

     

       428
       428
       +
                   cfg.galeraCluster.enable

     

       429
       429
       +
                   && cfg.galeraCluster.nodeAddresses != [ ]

     

       430
       430
       +
                   && cfg.galeraCluster.clusterAddress != ""

     

       431
       431
       +
                 );

     

       432
       432
       +
               message = "When services.mysql.galeraCluster.clusterAddress is set, setting services.mysql.galeraCluster.nodeAddresses is redundant and will be overwritten by clusterAddress. Choose one approach.";

     

       433
       433
       +
             }

     

       434
       434
       +
           ];

     

       330
       435
        
       

     

       331
       436
        
           services.mysql.dataDir = lib.mkDefault (

     

       332
       437
        
             if lib.versionAtLeast config.system.stateVersion "17.09" then "/var/lib/mysql" else "/var/mysql"

     
···

       351
       456
        
             (lib.mkIf (!isMariaDB) {

     

       352
       457
        
               plugin-load-add = [ "auth_socket.so" ];

     

       353
       458
        
             })

     

       459
       459
       +
             (lib.mkIf cfg.galeraCluster.enable {

     

       460
       460
       +
               # Ensure Only InnoDB is used as galera clusters can only work with them

     

       461
       461
       +
               enforce_storage_engine = "InnoDB";

     

       462
       462
       +
               default_storage_engine = "InnoDB";

     

       463
       463
       +
       

     

       464
       464
       +
               # galera only support this binlog format

     

       465
       465
       +
               binlog-format = "ROW";

     

       466
       466
       +
       

     

       467
       467
       +
               bind_address = lib.mkDefault "0.0.0.0";

     

       468
       468
       +
             })

     

       354
       469
        
           ];

     

       355
       470
        
       

     

       471
       471
       +
           services.mysql.settings.galera = lib.optionalAttrs cfg.galeraCluster.enable {

     

       472
       472
       +
             wsrep_on = "ON";

     

       473
       473
       +
             wsrep_debug = lib.mkDefault "NONE";

     

       474
       474
       +
             wsrep_retry_autocommit = lib.mkDefault "3";

     

       475
       475
       +
             wsrep_provider = "${cfg.galeraCluster.package}/lib/galera/libgalera_smm.so";

     

       476
       476
       +
       

     

       477
       477
       +
             wsrep_cluster_name = cfg.galeraCluster.name;

     

       478
       478
       +
             wsrep_cluster_address = cfg.galeraCluster.clusterAddress;

     

       479
       479
       +
       

     

       480
       480
       +
             wsrep_node_address = cfg.galeraCluster.localAddress;

     

       481
       481
       +
             wsrep_node_name = "${cfg.galeraCluster.localName}";

     

       482
       482
       +
       

     

       483
       483
       +
             # SST method using rsync

     

       484
       484
       +
             wsrep_sst_method = lib.mkDefault cfg.galeraCluster.sstMethod;

     

       485
       485
       +
             wsrep_sst_auth = lib.mkDefault "check_repl:check_pass";

     

       486
       486
       +
       

     

       487
       487
       +
             binlog_format = "ROW";

     

       488
       488
       +
             innodb_autoinc_lock_mode = 2;

     

       489
       489
       +
           };

     

       490
       490
       +
       

     

       356
       491
        
           users.users = lib.optionalAttrs (cfg.user == "mysql") {

     

       357
       492
        
             mysql = {

     

       358
       493
        
               description = "MySQL server user";

     
···

       384
       519
        
       

     

       385
       520
        
             unitConfig.RequiresMountsFor = cfg.dataDir;

     

       386
       521
        
       

     

       387
       387
       -
             path = [

     

       388
       388
       -
               # Needed for the mysql_install_db command in the preStart script

     

       389
       389
       -
               # which calls the hostname command.

     

       390
       390
       -
               pkgs.nettools

     

       391
       391
       -
             ];

     

       522
       522
       +
             path =

     

       523
       523
       +
               [

     

       524
       524
       +
                 # Needed for the mysql_install_db command in the preStart script

     

       525
       525
       +
                 # which calls the hostname command.

     

       526
       526
       +
                 pkgs.nettools

     

       527
       527
       +
               ]

     

       528
       528
       +
               # tools 'wsrep_sst_rsync' needs

     

       529
       529
       +
               ++ lib.optionals cfg.galeraCluster.enable [

     

       530
       530
       +
                 cfg.package

     

       531
       531
       +
                 pkgs.bash

     

       532
       532
       +
                 pkgs.gawk

     

       533
       533
       +
                 pkgs.gnutar

     

       534
       534
       +
                 pkgs.gzip

     

       535
       535
       +
                 pkgs.inetutils

     

       536
       536
       +
                 pkgs.iproute2

     

       537
       537
       +
                 pkgs.netcat

     

       538
       538
       +
                 pkgs.procps

     

       539
       539
       +
                 pkgs.pv

     

       540
       540
       +
                 pkgs.rsync

     

       541
       541
       +
                 pkgs.socat

     

       542
       542
       +
                 pkgs.stunnel

     

       543
       543
       +
                 pkgs.which

     

       544
       544
       +
               ];

     

       392
       545
        
       

     

       393
       546
        
             preStart =

     

       394
       547
        
               if isMariaDB then

     
···

       581
       734
        
               })

     

       582
       735
        
             ];

     

       583
       736
        
           };

     

       737
       737
       +
       

     

       738
       738
       +
           # Open firewall ports for MySQL (and Galera)

     

       739
       739
       +
           networking.firewall.allowedTCPPorts = lib.optionals cfg.galeraCluster.enable [

     

       740
       740
       +
             3306 # MySQL

     

       741
       741
       +
             4567 # Galera Cluster

     

       742
       742
       +
             4568 # Galera IST

     

       743
       743
       +
             4444 # SST

     

       744
       744
       +
           ];

     

       745
       745
       +
           networking.firewall.allowedUDPPorts = lib.optionals cfg.galeraCluster.enable [

     

       746
       746
       +
             4567 # Galera Cluster

     

       747
       747
       +
           ];

     

       584
       748
        
         };

     

       585
       749
        
       

     

       586
       750
        
         meta.maintainers = [ lib.maintainers._6543 ];

+15 -42

nixos/tests/mysql/mariadb-galera.nix

···

       58
       58
        
                       extraHosts = lib.concatMapStringsSep "\n" (i: "192.168.1.${toString i} galera_0${toString i}") (

     

       59
       59
        
                         lib.range 1 6

     

       60
       60
        
                       );

     

       61
       61
       -
                       firewall.allowedTCPPorts = [

     

       62
       62
       -
                         3306

     

       63
       63
       -
                         4444

     

       64
       64
       -
                         4567

     

       65
       65
       -
                         4568

     

       66
       66
       -
                       ];

     

       67
       67
       -
                       firewall.allowedUDPPorts = [ 4567 ];

     

       68
       68
       -
                     };

     

       69
       69
       -
                     systemd.services.mysql = with pkgs; {

     

       70
       70
       -
                       path = with pkgs; [

     

       71
       71
       -
                         bash

     

       72
       72
       -
                         gawk

     

       73
       73
       -
                         gnutar

     

       74
       74
       -
                         gzip

     

       75
       75
       -
                         inetutils

     

       76
       76
       -
                         iproute2

     

       77
       77
       -
                         netcat

     

       78
       78
       -
                         procps

     

       79
       79
       -
                         pv

     

       80
       80
       -
                         rsync

     

       81
       81
       -
                         socat

     

       82
       82
       -
                         stunnel

     

       83
       83
       -
                         which

     

       84
       84
       -
                       ];

     

       85
       61
        
                     };

     

       86
       62
        
                     services.mysql = {

     

       87
       63
        
                       enable = true;

     
···

       101
       77
        
                           FLUSH PRIVILEGES;

     

       102
       78
        
                         ''

     

       103
       79
        
                       );

     

       80
       80
       +
       

     

       81
       81
       +
                       galeraCluster = {

     

       82
       82
       +
                         enable = true;

     

       83
       83
       +
                         package = galeraPackage;

     

       84
       84
       +
                         sstMethod = method;

     

       85
       85
       +
       

     

       86
       86
       +
                         localAddress = address;

     

       87
       87
       +
                         localName = "galera_0${toString id}";

     

       88
       88
       +
       

     

       89
       89
       +
                         clusterAddress =

     

       90
       90
       +
                           "gcomm://"

     

       91
       91
       +
                           + lib.optionalString (id == 2 || id == 3) "galera_01,galera_02,galera_03"

     

       92
       92
       +
                           + lib.optionalString (id == 5 || id == 6) "galera_04,galera_05,galera_06";

     

       93
       93
       +
                       };

     

       94
       94
       +
       

     

       104
       95
        
                       settings = {

     

       105
       105
       -
                         mysqld = {

     

       106
       106
       -
                           bind_address = "0.0.0.0";

     

       107
       107
       -
                         };

     

       108
       96
        
                         galera = {

     

       109
       109
       -
                           wsrep_on = "ON";

     

       110
       97
        
                           wsrep_debug = "NONE";

     

       111
       111
       -
                           wsrep_retry_autocommit = "3";

     

       112
       112
       -
                           wsrep_provider = "${galeraPackage}/lib/galera/libgalera_smm.so";

     

       113
       113
       -
                           wsrep_cluster_address =

     

       114
       114
       -
                             "gcomm://"

     

       115
       115
       -
                             + lib.optionalString (id == 2 || id == 3) "galera_01,galera_02,galera_03"

     

       116
       116
       -
                             + lib.optionalString (id == 5 || id == 6) "galera_04,galera_05,galera_06";

     

       117
       117
       -
                           wsrep_cluster_name = "galera";

     

       118
       118
       -
                           wsrep_node_address = address;

     

       119
       119
       -
                           wsrep_node_name = "galera_0${toString id}";

     

       120
       120
       -
                           wsrep_sst_method = method;

     

       121
       121
       -
                           wsrep_sst_auth = "check_repl:check_pass";

     

       122
       122
       -
                           binlog_format = "ROW";

     

       123
       123
       -
                           enforce_storage_engine = "InnoDB";

     

       124
       124
       -
                           innodb_autoinc_lock_mode = "2";

     

       125
       98
        
                         };

     

       126
       99
        
                       };

     

       127
       100
        
                     };