community.proxysql icon indicating copy to clipboard operation
community.proxysql copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

add support for PROXYSQL TLS RELOAD

Open markuman opened this issue 4 years ago • 5 comments

SUMMARY

with proxsql 2.3.0 command PROXYSQL TLS RELOAD is available

Added support for reloading TLS files at runtime, allowing ProxySQL to change its cert/key files used for client connections. This also introduces the command PROXYSQL TLS RELOAD
https://github.com/sysown/proxysql/releases/tag/v2.3.0

But where to include? maybe proxysql_manage_config?

ISSUE TYPE
  • Feature Idea

markuman avatar Oct 27 '21 06:10 markuman

It's not compatible with proxysql_manage_config, because it required 4 parameters, but we need only 3 parameters.

I can think of 2 options

  1. Implement community.proxysql.proxysql_query and use it to query PROXYSQL TLS RELOAD
  2. Implement community.proxysql.proxysql_tls

Instead of community.proxysql.proxysql_query we can use community.mysql.mysql_query.

proxysql_tls could be use to setup entire tls confirguration.
But that might be also overkill, because you only need to set some vars to some files.

Any more ideas @Andersson007 ?

markuman avatar Nov 10 '21 19:11 markuman

@markuman when reading the issue description, i was thinking about proxysql_query too. A separate module for TLS configuration seems to be overkill, yeah. So mysql_query works with ProxySQL, right? There are 2 options i can see:

  1. Mention in the collection doc (README, NOTES sections, ..) that users can use mysql_query to run arbitrary queries in ProxySQL if they need.
  2. Copy the module from community.mysql and rename it to proxysql_query (i think slight code modifications will be needed).

For consistency, i would prefer to see proxysql_query module but it's a chunk of code that needs to be maintained (at least backport patches from c.mysql). I don't see a lot of bugreports / patches for mysql_query module since it was introduced but c.proxysql maintainers will have to subscribe to c.mysql to track related changes. So it's up to maintainers of c.proxysql collection to decide if they wanna maintain one more module;) (If i have free time, i could help backport related patches, though I'm not against mentioning mysql_query in the doc).

Andersson007 avatar Nov 11 '21 07:11 Andersson007

yes, this is working fine.

- name: reload proxysql tls certificates
  community.mysql.mysql_query:
    login_user: admin
    login_password: admin
    login_port: 6032
    query: PROXYSQL RELOAD TLS;
  register: out

results in

    "out": {
        "changed": false,
        "executed_queries": [
            "PROXYSQL RELOAD TLS;"
        ],
        "failed": false,
        "query_result": [
            []
        ],
        "rowcount": [
            0
        ]
    }

Mention in the collection doc (README, NOTES sections, ..) that users can use mysql_query to run arbitrary queries in ProxySQL if they need.

So where to add @Andersson007 ?
Is it possible to add here a note block? https://docs.ansible.com/ansible/latest/collections/community/proxysql/index.html

markuman avatar Nov 30 '21 10:11 markuman

Great question:) I've been thinking of where we could add this but have failed.. I'll ask in ansible-docs channel if it's possible or not to add the note block. We could also add the SEEALSO section to each module referring to other modules including mysql_query but it would be an overkill i think..

Andersson007 avatar Nov 30 '21 11:11 Andersson007

Done, will see. Another (or additional) way could be mentioning it in README (though I agree that it would be nice to mention it on the doc site).

Andersson007 avatar Nov 30 '21 11:11 Andersson007