repman: configure first cluster with mariadb instances, add proxysql and sysbench

e76ad90d · Alain Takoudjou · 554162a3 · e76ad90d · e76ad90d · e76ad90d
Commit e76ad90d authored Apr 06, 2020 by Alain Takoudjou
14 changed files
--- a/software/repman/buildout.hash.cfg
+++ b/software/repman/buildout.hash.cfg
@@ -14,16 +14,48 @@
 # not need these here).
 [instance.cfg]
 filename = instance.cfg.in
-md5sum = 4373aa04326e85ae6c3136d12367646e
+md5sum = 158e4c884b04442aff9726704b3f4d60

 [instance-repman.cfg]
 _update_hash_filename_ = instance-repman.cfg.jinja2.in
-md5sum = d5b3bbd9317e8ce60acdf03730fca1e5
+md5sum = 0a17bad0a5e7f472641c8a2984ae9400

 [config-toml.in]
 _update_hash_filename_ = templates/config.toml.in
-md5sum = aa7f9fc85cef6061b87b080882d3d0d7
+md5sum = 5114d1bb43025cdc5357572634871da7
+
+[config-cluster-toml.in]
+_update_hash_filename_ = templates/cluster-config.toml.in
+md5sum = d883337a75140c08853960cd6a8fdc5f

 [nginx.conf.in]
 _update_hash_filename_ = templates/nginx.conf.in
-md5sum = 6d555e5e296654dc3e28d2ad5fa1bb8d
\ No newline at end of file
+md5sum = 0eeb24c6aa0760f0d33c4cc2828ddf30
+
+[template-mariadb.cfg]
+_update_hash_filename_ = instance-mariadb.cfg.jinja2.in
+md5sum = 57ffd0fc1a7bca46b07cdc3121bbf36f
+
+[template-my-cnf]
+_update_hash_filename_ = templates/my.cnf.in
+md5sum = 04a12d3271857fcf29cb010fd7e38a5c
+
+[template-mariadb-initial-setup]
+_update_hash_filename_ = templates/mariadb_initial_setup.sql.in
+md5sum = 6c88f4a98668d7c5c0aec14ae662686e
+
+[mariadb-init-root-sql]
+_update_hash_filename_ = templates/mariadb_init_root.sql.in
+md5sum = bd39fb1e20212c820e5c6b74102b72e8
+
+[init-root-wrapper-in]
+_update_hash_filename_ = templates/init_root_wrapper.in
+md5sum = 3ba02b99c3fcbc24b3659917980b310f
+
+[repman-manager-sh.in]
+_update_hash_filename_ = templates/repman-manager.sh.in
+md5sum = 8ad6565e7b26e57b41bda4023a9d29ed
+
+[dbjobs-in]
+_update_hash_filename_ = templates/dbjobs.in
+md5sum = d623a4c684578602b9d8ee49034aebfa
--- a/software/repman/instance-mariadb.cfg.jinja2.in
+++ b/software/repman/instance-mariadb.cfg.jinja2.in
+{% set part_list = [] -%}
+{% macro section(name) %}{% do part_list.append(name) %}{{ name }}{% endmacro -%}
+{% set use_ipv6 = slapparameter_dict.get('use-ipv6', False) -%}
+{% set port = slapparameter_dict['tcp-port'] %}
+{% set host = (ipv4_set | list)[0] -%}
+{% if use_ipv6 -%}
+{%   set ip = (ipv6_set | list)[0] -%}
+{%   set host = '[' ~ (ipv4_set | list)[0] ~ ']' -%}
+{% else -%}
+{%   set ip = (ipv4_set | list)[0] -%}
+{% endif -%}
+{% set dash = parameter_dict['dash-location'] ~ '/bin/dash' %}
+{% set database_list = slapparameter_dict.get('database-list', [{'name': 'repdb', 'user': 'user', 'password': 'insecure'}]) -%}
+
+[{{ section('publish') }}]
+recipe = slapos.cookbook:publish.serialised
+-extends = publish-early
+database-host = {{ host }}:{{ port }}
+monitor-base-url = ${monitor-publish-parameters:monitor-base-url}
+partition-path = ${buildout:directory}
+
+[publish-early]
+recipe = slapos.cookbook:publish-early
+-init =
+  server-id gen-server-id:value
+{%- set server_id = slapparameter_dict.get('server-id') %}
+{%- if server_id %}
+server-id = {{ dumps(server_id) }}
+{%- endif %}
+database-list = {{ dumps(database_list) }}
+
+[gen-server-id]
+recipe = slapos.cookbook:random.integer
+minimum = {{ dumps(1) }}
+maximum = {{ dumps(2**32 - 1) }}
+
+[jinja2-template-base]
+recipe = slapos.recipe.template:jinja2
+mode = 644
+
+[jinja2-template-executable]
+< = jinja2-template-base
+mode = 755
+
+[simplefile]
+< = jinja2-template-base
+template = inline:{{ '{{ content }}' }}
+
+{% macro simplefile(section_name, file_path, content, mode='') -%}
+{%   set content_section_name = section_name ~ '-content' -%}
+[{{  content_section_name }}]
+content = {{ dumps(content) }}
+
+[{{  section(section_name) }}]
+< = simplefile
+rendered = {{ file_path }}
+context = key content {{content_section_name}}:content
+mode = {{ mode }}
+{%- endmacro %}
+
+[my-cnf-parameters]
+socket = ${directory:run}/mariadb.sock
+ip = {{ ip }}
+data-directory = ${directory:srv}/mariadb
+pid-file = ${directory:run}/mariadb.pid
+max-connection-count = {{ dumps(slapparameter_dict.get('max-connection-count', 1000)) }}
+innodb-buffer-pool-size = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-size', 0)) }}
+innodb-buffer-pool-instances = {{ dumps(slapparameter_dict.get('innodb-buffer-pool-instances', 0)) }}
+innodb-log-file-size = {{ dumps(slapparameter_dict.get('innodb-log-file-size', 0)) }}
+innodb-file-per-table = {{ dumps(slapparameter_dict.get('innodb-file-per-table', 0)) }}
+innodb-log-buffer-size = {{ dumps(slapparameter_dict.get('innodb-log-buffer-size', 0)) }}
+relaxed-writes = {{ dumps(slapparameter_dict.get('relaxed-writes', False)) }}
+server-id = ${publish-early:server-id}
+ssl-crt = ${directory:mariadb-ssl}/crt.pem
+ssl-key = ${directory:mariadb-ssl}/key.pem
+ssl-ca-crt = ${certificate-authority:ca-dir}/cacert.pem
+
+[my-cnf]
+< = jinja2-template-base
+rendered = ${directory:etc}/mariadb.cnf
+template = {{ parameter_dict['template-my-cnf'] }}
+context = section parameter_dict my-cnf-parameters
+
+[init-root-sql]
+< = jinja2-template-base
+rendered = ${directory:etc}/.init-root.sql
+template = {{ parameter_dict['template-mariadb-init-root'] }}
+context = section parameter_dict init-script-parameters
+mode = 600
+
+[init-script-parameters]
+password = {{ slapparameter_dict['root-password'] }}
+database-list = {{ dumps(database_list) }}
+root-user = repman
+
+[init-script]
+< = jinja2-template-executable
+# XXX: is there a better location ?
+rendered = ${directory:etc}/mariadb_initial_setup.sql
+template = {{ parameter_dict['template-mariadb-initial-setup'] }}
+context = section parameter_dict init-script-parameters
+
+[update-mysql]
+recipe = slapos.cookbook:generic.mysql.wrap_update_mysql
+output = ${directory:bin}/mariadb_update
+binary = ${binary-wrap-mysql_upgrade:wrapper-path}
+mysql = ${binary-wrap-mysql:wrapper-path}
+init-script = ${init-script:rendered}
+mysql_tzinfo_to_sql = ${binary-wrap-mysql_tzinfo_to_sql:wrapper-path}
+
+[{{ section('update-mysql-script') }}]
+< = jinja2-template-executable
+rendered = ${directory:scripts}/mariadb_update
+init-password = ${directory:etc}/.init-passwd.done
+upgrade-done = ${directory:lib}/mariadb-update-done
+context =
+  key init_password_done :init-password
+  key upgrade_done       :upgrade-done
+  key init_root_sql      init-root-sql:rendered
+  key mysql_update       update-mysql:output
+  raw mysql_conf         ${directory:etc}/mysql/my.cnf
+  raw dash_bin           {{ dash }}
+  raw mysql_bin          {{ parameter_dict['mariadb-location'] }}/bin/mysql
+template = {{ parameter_dict['template-init-root-wrapper'] }}
+
+[mysqld]
+< = jinja2-template-executable
+rendered = ${directory:bin}/mysqld
+template = {{ parameter_dict['template-mysqld-wrapper'] }}
+context =
+  key defaults_file install-mysql-config:config
+  key datadir my-cnf-parameters:data-directory
+  key environ :environ
+environ =
+  ODBCSYSINI='${directory:etc}'
+  LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}'{{ parameter_dict['unixodbc-location'] }}/lib'
+  {%- for variable in slapparameter_dict.get('environment-variables', ()) %}
+  {{ variable }}
+  {%- endfor %}
+
+[{{ section('ca-mysqld') }}]
+<= certificate-authority
+recipe = slapos.cookbook:certificate_authority.request
+key-file = ${my-cnf-parameters:ssl-key}
+cert-file = ${my-cnf-parameters:ssl-crt}
+executable = ${mysqld:rendered}
+wrapper = ${directory:services}/mariadb
+
+[odbc-ini-text]
+text = {{ dumps(slapparameter_dict.get('odbc-ini', '').encode('base64')) }}
+
+[{{ section('odbc-ini') }}]
+< = jinja2-template-base
+rendered = ${directory:etc}/odbc.ini
+template = inline:{% raw -%}
+  {{ parameter_dict['text'].decode('base64') }}
+  {%- endraw %}
+context = section parameter_dict odbc-ini-text
+
+# XXX - probably not needed anymore, to check
+#[logrotate-entry-mariadb]
+#< = logrotate-entry-base
+#name = mariadb
+#log = ${my-cnf-parameters:error-log} ${my-cnf-parameters:slow-query-log}
+#post = "${binary-wrap-mysql:wrapper-path}" -B -e "FLUSH LOGS"
+
+[{{ section('binary-link') }}]
+recipe = slapos.cookbook:symbolic.link
+target-directory = ${directory:bin}
+link-binary = {{ dumps(parameter_dict['link-binary']) }}
+
+[binary-wrap-base]
+recipe = slapos.cookbook:wrapper
+# Note: --defaults-file must be the first argument, otherwise wrapped binary
+# will reject it.
+command-line = 
+  "{{ parameter_dict['mariadb-location'] }}/bin/${:command}"
+  --defaults-file="${directory:etc}/mysql/my.cnf" --protocol=socket ${:extra-args}
+wrapper-path = ${directory:bin}/${:command}
+extra-args =
+
+[binary-wrap-mysql]
+<= binary-wrap-base
+command = mysql
+
+[binary-wrap-mysqldump]
+<= binary-wrap-base
+command = mysqldump
+
+[binary-wrap-mysql_upgrade]
+<= binary-wrap-base
+command = mysql_upgrade
+extra-args = --skip-write-binlog
+
+[binary-wrap-mysqladmin]
+<= binary-wrap-base
+command = mysqladmin
+
+[binary-wrap-mysql_tzinfo_to_sql]
+<= binary-wrap-base
+command-line = "{{ parameter_dict['mariadb-location'] }}/bin/${:command}" --skip-write-binlog
+command = mysql_tzinfo_to_sql
+
+[binary-wrap-pt-digest]
+<= binary-wrap-base
+command-line = "{{ parameter_dict['percona-tools-location'] }}/bin/${:command}"
+command = pt-query-digest
+
+
+[directory]
+recipe = slapos.cookbook:mkdirectory
+bin = ${buildout:directory}/bin
+etc = ${buildout:directory}/etc
+scripts = ${:etc}/run
+services = ${:etc}/service
+plugin = ${:etc}/plugin
+srv = ${buildout:directory}/srv
+tmp = ${buildout:directory}/tmp
+backup = ${:srv}/backup
+mariadb-backup-full = ${:backup}/mariadb-full
+mariadb-backup-incremental = ${:backup}/mariadb-incremental
+mariadb-ssl = ${:etc}/mariadb-ssl
+var = ${buildout:directory}/var
+lib = ${:var}/lib
+mysql = ${:lib}/mysql
+log = ${:var}/log
+run = ${:var}/run
+config-tmp = ${:tmp}/config
+custom = ${directory:etc}/mysql/custom
+
+[dbjob-parameter]
+bash-bin = {{ bash_bin }}
+db-user = ${init-script-parameters:root-user}
+db-password = ${init-script-parameters:password}
+mysql-dir = ${directory:mysql}
+dbjob-cnf = ${directory:etc}/mysql/my.cnf
+log-dir = ${directory:mysql}/.system/logs
+tmp-dir = ${directory:tmp}
+mysqld-socket  = ${my-cnf-parameters:socket}
+socat-port = {{ port + 1 }}
+restart-script = ${mysqld-restart-script:path}
+socat-location = {{ parameter_dict['socat-location'] }}
+mysql-location = {{ parameter_dict['mariadb-location'] }}
+ip = {{ ip }}
+port = {{ port }}
+
+[dbjobs-executable]
+< = jinja2-template-executable
+rendered = ${directory:bin}/dbjobs
+context =
+  section parameter_dict dbjob-parameter
+template = {{ parameter_dict['dbjobs-template'] }}
+
+[{{ section('dbjobs-cron-entry') }}]
+recipe = slapos.cookbook:cron.d
+cron-entries = ${cron:cron-entries}
+name = dbjobs
+frequency = * * * * *
+command = ${dbjobs-executable:rendered}
+
+[mysqld-restart-script]
+recipe = plone.recipe.command
+command =
+  echo "NOT IMPLEMENTED FOR NOW" > ${:path}
+update-command = ${:command}
+path = ${directory:bin}/mysqld_restart
+
+# Donwnload mariadb configuration from repman
+[{{ section('install-mysql-config') }}]
+recipe = plone.recipe.command
+stop-on-error = true
+# XXX - for now, we make only one cluster
+cluster = cluster1
+config = ${directory:etc}/mysql/my.cnf
+command =
+  cd ${directory:config-tmp} &&
+  {{ curl_bin }} -o config.tar.gz {{ slapparameter_dict['repman-url'] }}/api/clusters/${:cluster}/servers/{{ ip }}/{{ port }}/config &&
+  tar -xzf config.tar.gz &&
+  cp -r data/.system ${directory:mysql} &&
+  rm -rf ${directory:etc}/mysql &&
+  cp -r etc/mysql ${directory:etc} &&
+  ln -sf ${directory:mysql}/.system ${directory:var}/system &&
+  ln -sf ${my-cnf:rendered} ${directory:etc}/mysql/custom/01_mariadb.cnf
+
+update-command = ${:command}
+
+[dash]
+dash = {{ dumps(dash) }}
+
+[{{ section('promise-check-computer-memory') }}]
+<= monitor-promise-base
+module = check_command_execute
+name = check-computer-memory.py
+config-command = "{{ parameter_dict["check-computer-memory-binary"] }}" -db ${monitor-instance-parameter:collector-db} --threshold "{{ slapparameter_dict["computer-memory-percent-threshold"] }}" --unit percent
+
+[{{ section('promise') }}]
+<= monitor-promise-base
+module = check_command_execute
+name = mariadb.py
+config-command = "{{ parameter_dict['bin-directory'] }}/is-local-tcp-port-opened" "{{ ip }}" "{{ port }}"
+
+[monitor-instance-parameter]
+monitor-httpd-ipv6 = {{ (ipv6_set | list)[0] }}
+monitor-httpd-port = {{ port + 1 }}
+monitor-title = {{ slapparameter_dict['name'] }}
+password = {{ slapparameter_dict['monitor-passwd'] }}
+
+[buildout]
+extends =
+  {{ template_monitor }}
+parts +=
+  {{ part_list | join('\n  ') }}
--- a/software/repman/instance-repman.cfg.jinja2.in
+++ b/software/repman/instance-repman.cfg.jinja2.in
+{% set publish_dict = {} -%}
+{% set part_list = [] -%}
+{% set monitor_base_url_dict = {} -%}
+{% set mariadb_dict = {} -%}
+{% set mariadb_server_list = [] -%}
+{% set mariadb_path_list = [] -%}
+{% set ip = (ipv6_set | list)[0] -%}
+{% set ipv4 = (ipv4_set | list)[0] -%}
+
 [directory]
 recipe = slapos.cookbook:mkdirectory
 home = ${buildout:directory}
 etc = ${:home}/etc
 var = ${:home}/var
 run = ${:var}/run
-script = ${:etc}/run
+scripts = ${:etc}/run
 service = ${:etc}/service
 promise = ${:etc}/promise
 log = ${:var}/log
 data = ${:var}/lib
 nginx-prefix = ${:var}/nginx
+tmp = ${:home}/tmp
+
+
+[request-common]
+recipe = slapos.cookbook:request.serialised
+software-url = ${slap-connection:software-release-url}
+server-url = ${slap-connection:server-url}
+key-file = ${slap-connection:key-file}
+cert-file = ${slap-connection:cert-file}
+computer-id = ${slap-connection:computer-id}
+partition-id = ${slap-connection:partition-id}
+
+{% do mariadb_dict.__setitem__('computer-memory-percent-threshold', 80) -%}
+{% do mariadb_dict.__setitem__('innodb-file-per-table', slapparameter_dict.get('innodb-file-per-table', 1)) -%}
+
+# Request mariadb instances
+{% for i in range(0, slapparameter_dict.get('database-amount', 2)) -%}
+{% do mariadb_dict.__setitem__('tcp-port', 2099 + (i * 100)) -%}
+{% set section = 'request-mariadb-' ~ i -%}
+{% set name = 'Mariadb-' ~ i -%}
+
+[{{ section }}]
+<= request-common
+software-type = mariadb
+name = {{ name }}
+sla-computer_guid = {{ dumps(slapparameter_dict.get('mariadb-computer-guid', '')) }}
+{% for key, value in mariadb_dict.items() -%}
+config-{{ key }} = {{ dumps(value) }}
+{% endfor -%}
+config-monitor-passwd = ${publish-early:monitor-password}
+config-root-password = ${publish-early:root-password}
+config-repman-url = ${nginx-parameter:backend-url}
+config-repman-secure-url = ${nginx-parameter:backend-url}
+config-name = {{ name }}
+return = 
+  database-host
+  monitor-base-url
+  partition-path
+
+{% do part_list.append(section) -%}
+{% do mariadb_server_list.append('${' ~ section ~ ':connection-database-host}') -%}
+{% do mariadb_path_list.append('${' ~ section ~ ':connection-partition-path}') -%}
+{% do monitor_base_url_dict.__setitem__('mariadb' ~ i, '${' ~ section ~ ':connection-monitor-base-url}') -%}
+
+{% endfor -%}
+
+# Manage Replication Manager clusters
+{% set cluster_parameter_dict = {"cluster1": {"name": "cluster1", "db-prefered-master": "", "proxy-admin-port": 6032, "proxy-port": 6033, "proxysql-user": "external"}} -%}
+{% for name, parameter_dict in cluster_parameter_dict.items() -%}
+{% set prefered_master = parameter_dict.pop("db-prefered-master") -%}
+[{{ name ~ '-cluster-parameter' }}]
+{% for key, value in parameter_dict.items() -%}
+{{ key }} = {{ dumps(value) }}
+{% endfor -%}
+db-credential = repman:${publish-early:root-password}
+db-list = {{ mariadb_server_list | join(',') }}
+partition-list = {{ mariadb_path_list | join(',') }}
+{% if prefered_master -%}
+db-prefered-master = {{ prefered_master }}
+{% else -%}
+# First database is the prefered master
+db-prefered-master = {{ mariadb_server_list[0] }}
+{% endif -%}
+proxysql-servers = {{ ipv4 }}
+password = ${repman-parameter:password}
+proxysql-partition = ${buildout:directory}
+
+[{{ 'config-' ~ name }}]
+recipe = slapos.recipe.template:jinja2
+template = {{ config_cluster_toml_in }}
+rendered = ${repman:clusters}/config-{{ name }}.toml
+extra-context =
+context =
+  section parameter_dict {{ name ~ '-cluster-parameter' }}
+
+# Donwnload mariadb configuration from repman
+[config-proxysql-{{ name }}]
+recipe = plone.recipe.command
+# if Repman is not started, cannot download config from server
+stop-on-error = false
+config = ${repman:proxies}/proxysql-{{ name }}.cnf
+data = ${repman:proxy-data}/{{ name }}
+command =
+  mkdir -p ${repman:config-tmp}/proxies &&
+  mkdir -p ${:data} &&
+  cd ${repman:config-tmp}/proxies &&
+  {{ curl_bin }} -o proxies.tar.gz ${nginx-parameter:repman-url}/api/clusters/{{ name }}/servers/{{ ipv4 }}/{{ parameter_dict['proxy-admin-port'] }}/config &&
+  tar -xzf proxies.tar.gz &&
+  cp conf/proxysql.cnf  ${:config}
+update-command = ${:command}
+
+[service-proxysql-{{ name }}]
+recipe = slapos.cookbook:wrapper
+command-line =
+  {{ proxysql_location }}/bin/proxysql -f
+  -c ${config-proxysql-{{ name }}:config}
+  -D ${config-proxysql-{{ name }}:data}
+  --reload
+#  -S /tmp/proxysql_admin.sock
+wrapper-path = ${directory:service}/proxysql-{{ name }}
+wait-for-files =
+  ${repman:bootstrap}/{{ name }}_bootstrapped
+
+{% do part_list.append('config-' ~ name) -%}
+{% do part_list.append('service-proxysql-' ~ name) -%}
+{% endfor -%}

 [slap-configuration]
 recipe = slapos.cookbook:slapconfiguration
@@ -22,8 +137,10 @@ cert = ${slap-connection:cert-file}
 [instance-parameter]
 <= slap-configuration
 # repman monitor seems to use a fixed port
-repman-port = 10005
-nginx-port  = 10006
+repman-secure-port = 10005
+repman-port = 10001
+nginx-ssl-port  = 10006
+nginx-port  = 10007


 [repman]
@@ -31,43 +148,84 @@ recipe   = slapos.cookbook:mkdirectory
 etc      = ${directory:etc}/repman
 data-dir = ${directory:var}/lib
 root-dir = ${directory:srv}/repman
+clusters = ${:etc}/cluster.d
+proxies  = ${:etc}/proxy
+proxy-data = ${:data-dir}/proxy
+config-tmp = ${directory:tmp}/config
+bootstrap = ${:etc}/bootstrap

 [nginx-parameter]
 ipv6 = ${instance-parameter:ipv6-random}
 port = ${instance-parameter:nginx-port}
+ssl-port = ${instance-parameter:nginx-ssl-port}
 ssl-certificate = ${ca-nginx:cert-file}
 ssl-key = ${ca-nginx:key-file}
 pid-file = ${directory:run}/nginx.pid
 access-log = ${directory:log}/nginx_access.log
 error-log = ${directory:log}/nginx_error.log
-repman-url = https://${repman-parameter:ipv4}:${repman-parameter:port}
+repman-secure-url = https://${repman-parameter:ipv4}:${repman-parameter:secure-port}
+repman-url = http://${repman-parameter:ipv4}:${repman-parameter:port}
 config-file = ${directory:etc}/nginx.conf
-backend-url = https://[${:ipv6}]:${:port}
+backend-ssl-url = https://[${:ipv6}]:${:ssl-port}
+backend-url = http://[${:ipv6}]:${:port}

 [repman-password]
 recipe = slapos.cookbook:generate.password
 bytes = 12

+[gen-root-password]
+recipe = slapos.cookbook:generate.password
+bytes = 12
+
 [repman-parameter]
 log = ${directory:log}/repman.log
 http-root = ${repman:root-dir}/dashboard
 share-dir = ${repman:root-dir}/share
+secure-port = ${instance-parameter:repman-secure-port}
 port = ${instance-parameter:repman-port}
 ipv4 = ${instance-parameter:ipv4-random}
 username = admin
 password = ${repman-password:passwd}
+cluster-d = ${repman:clusters}
+mysql-bin-dir = {{ mariadb_location }}/bin
+mysqlbinlog-path = {{ mariadb_location }}/bin/mysqlbinlog
+mysqlclient-path = {{ mariadb_location }}/bin/mysql
+mysqldump-path = {{ mariadb_location }}/bin/mysqldump
+haproxy-bin   = {{ haproxy_location }}/sbin/haproxy
+sysbench-bin  = {{ sysbench_location }}/bin/sysbench
+
+mail-from = {{ slapparameter_dict.get("mail-from", "mrm@localhost") }}
+mail-smtp-addr = {{ slapparameter_dict.get("mail-smtp-addr", "localhost:25") }}
+mail-smtp-password = {{ slapparameter_dict.get("mail-smtp-password", "") }}
+mail-smtp-user = {{ slapparameter_dict.get("mail-smtp-user", "") }}
+mail-to = {{ slapparameter_dict.get("mail-to", "") }}

 [repman-config-folder]
 recipe = plone.recipe.command
 repman-location = {{ repman_src_location }}
 command = 
  cd ${:repman-location}
-  cp -r share ${repman-parameter:share-dir}
-  cp -r dashboard ${repman-parameter:http-root}
+  {{ rsync_location }}/bin/rsync -av share ${repman:root-dir}/
+  {{ rsync_location }}/bin/rsync -av  dashboard ${repman:root-dir}/

 # XXX - this need to be checked/optimized in case of upgrade.
-update-command =
+update-command = ${:command}
  
+[replication-manager-reload]
+recipe = slapos.recipe.template:jinja2
+template = {{ template_repman_manager_sh }}
+cluster-list = {{ dumps(cluster_parameter_dict.keys() ) }}
+context =
+  section parameter_dict repman
+  key username repman-parameter:username
+  key password repman-parameter:password
+  key secure_url nginx-parameter:backend-ssl-url
+  key cluster_name_list :cluster-list
+  raw jq_bin {{ jq_bin }}
+  raw curl_bin {{ curl_bin }}
+  raw bash_bin {{ bash_bin }}
+rendered = ${directory:scripts}/repman-reload
+mode = 755

 [replication-manager]
 recipe = slapos.cookbook:wrapper
@@ -79,13 +237,14 @@ command-line =
   --monitoring-datadir=${repman:data-dir}
   --config=${repman-config.toml:rendered}
   --log-file=${repman-parameter:log}
+   --memprofile=${directory:tmp}/repmgr.mprof
   monitor

 wrapper-path = ${directory:service}/replication-manager
 # setup repman instance folder
 depends =
  ${repman-config-folder:recipe}
-
+  ${replication-manager-reload:recipe}

 [repman-config.toml]
 recipe = slapos.recipe.template:jinja2
@@ -119,14 +278,15 @@ wrapper-path = ${directory:bin}/nginx-start
 wait-for-files =
  ${ca-directory:certs}/nginx.key
  ${ca-directory:certs}/nginx.crt
-  ${nginx-graceful-wrapper:wrapper-path}
+  ${nginx-graceful-wrapper:rendered}

 [nginx-graceful-wrapper]
-recipe = slapos.cookbook:wrapper
-wrapper-path = ${directory:scripts}/nginx-graceful
-command-line =
-  kill -USR1 $(cat ${nginx-parameter:pid-file})
-
+recipe = slapos.recipe.template:jinja2
+template = inline:#!{{ bash_bin }}
+  kill -USR1 "$(cat ${nginx-parameter:pid-file})"
+rendered = ${directory:scripts}/nginx-graceful
+context =
+mode = 755

 [ca-nginx]
 <= certificate-authority
@@ -148,13 +308,34 @@ name = nginx
 log = ${nginx-parameter:access-log} ${nginx-parameter:error-log}
 post = kill -USR1 $(cat ${nginx-parameter:pid-file})

+[publish-early]
+recipe = slapos.cookbook:publish-early
+-init =
+  monitor-password monitor-htpasswd:passwd
+  root-password gen-root-password:passwd
+
 [publish-connection-parameter]
 <= monitor-publish
 recipe = slapos.cookbook:publish
-backend-url = ${nginx-parameter:backend-url}
+backend-url = ${nginx-parameter:backend-ssl-url}
 url = ${repman-frontend:connection-secure_access}
 username = ${repman-parameter:username}
 password = ${repman-parameter:password}
+{% for name, value in publish_dict.items() -%}
+{{   name }} = {{ value }}
+{% endfor %}
+
+
+[monitor-instance-parameter]
+monitor-httpd-port = 8060
+cors-domains = {{ slapparameter_dict.get('monitor-cors-domains', 'monitor.app.officejs.com') }} 
+username = admin
+password = ${publish-early:monitor-password}
+
+[monitor-base-url-dict]
+{% for key, value in monitor_base_url_dict.items() -%}
+{{ key }} = {{ value }}
+{% endfor %}

 [repman-frontend]
 <= slap-connection
@@ -163,7 +344,7 @@ name = Replication Manager Frontend
 # XXX We have hardcoded SR URL here.
 software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
 slave = true
-config-url = ${nginx-parameter:backend-url}
+config-url = ${nginx-parameter:backend-ssl-url}
 config-domain = 
 return = domain secure_access

@@ -178,7 +359,7 @@ config-check-secure = 1
 <= monitor-promise-base
 module = check_url_available
 name = check_repman_frontend.py
-config-url = ${nginx-parameter:backend-url}
+config-url = ${nginx-parameter:backend-ssl-url}
 config-check-secure = 1


@@ -189,7 +370,7 @@ config-check-secure = 1
 #############################
 [buildout]
 extends =
-  {{ template_monitor_cfg }}
+  {{ template_monitor }}
 parts =
  replication-manager
  repman-listen-promise
@@ -200,6 +381,8 @@ parts =
  repman-frontend-promise
  repman-backend-promise

+# Complete parts with sections
+  {{ part_list | join('\n  ') }}

 eggs-directory = {{ eggs_directory }}
 develop-eggs-directory = {{ develop_eggs_directory }}

--- a/software/repman/instance.cfg.in
+++ b/software/repman/instance.cfg.in
-# GitLab "switch-softwaretype" instance
 [buildout]
 parts = switch-softwaretype

-# std stuff for slapos instance
-eggs-directory = ${buildout:eggs-directory}
-develop-eggs-directory = ${buildout:develop-eggs-directory}
+eggs-directory = {{ buildout_egg_directory }}
+develop-eggs-directory = {{ buildout_develop_directory }}
 offline = true


 [switch-softwaretype]
-recipe = slapos.cookbook:softwaretype
-repman  = $${template-instance-repman.cfg:rendered}
-default = $${:repman}
+recipe = slapos.cookbook:switch-softwaretype
+default = template-instance-repman.cfg:rendered
+RootSoftwareInstance = ${:default}
+mariadb = template-instance-mariadb.cfg:rendered


-# macro: render instance-*.cfg from instance-*.cfg.in
-[instance-cfg]
+[slap-configuration]
+recipe = slapos.cookbook:slapconfiguration.serialised
+computer = ${slap-connection:computer-id}
+partition = ${slap-connection:partition-id}
+url = ${slap-connection:server-url}
+key = ${slap-connection:key-file}
+cert = ${slap-connection:cert-file}
+
+
+[jinja2-template-base]
 recipe  = slapos.recipe.template:jinja2
 mode    = 0644
-rendered= $${buildout:directory}/$${:_buildout_section_name_}
+extensions = jinja2.ext.do
+rendered= ${buildout:directory}/${:_buildout_section_name_}
 context =
-
-    key bin_directory           buildout:bin-directory
-    key eggs_directory          buildout:eggs-directory
-    key develop_eggs_directory  buildout:develop-eggs-directory
+    key slapparameter_dict      slap-configuration:configuration
+    key computer_id             slap-configuration:computer
+    key ipv4_set                slap-configuration:ipv4
+    key ipv6_set                slap-configuration:ipv6
+    raw bin_directory           {{ buildout_directory }}
+    raw eggs_directory          {{ buildout_egg_directory }}
+    raw develop_eggs_directory  {{ buildout_develop_directory }}
+    raw mariadb_location        {{ mariadb_location }}
+    raw template_monitor        {{ template_monitor_cfg }}

 # program binaries
-    raw bash_bin                    ${bash:location}/bin/bash
-    raw gowork_bin                  ${gowork:bin}
-    raw nginx_bin                   ${nginx:location}/sbin/nginx
-    raw repman_src_location         ${git.signal18.io_signal18_repman:location}
-    raw template_monitor_cfg        ${monitor2-template:rendered}
+    raw bash_bin                {{ bash_location }}/bin/bash
+    raw jq_bin                  {{ jq_location }}/jq
+    raw curl_bin                {{ curl_location }}/bin/curl

-# config files
-    raw config_toml_in             ${config-toml.in:target}
-    raw nginx_conf_in              ${nginx.conf.in:target}
-
-    $${:extra-context}
+    ${:extra-context}
 extra-context =

 [template-instance-repman.cfg]
-<= instance-cfg
-template= ${instance-repman.cfg:target}
+<= jinja2-template-base
+template= {{ template_repman_cfg }}
+extra-context =
+    raw gowork_bin                  {{ gowork_bin }}
+    raw haproxy_location            {{ haproxy_location }}
+    raw nginx_bin                   {{ nginx_location }}/sbin/nginx
+    raw repman_src_location         {{ repman_src_location }}
+
+# config files
+    raw config_toml_in             {{ config_toml_in }}
+    raw config_cluster_toml_in     {{ config_cluster_toml_in }}
+    raw nginx_conf_in              {{ nginx_conf_in }}
+    raw rsync_location             {{ rsync_location }}
+    raw sysbench_location          {{ sysbench_location }}
+    raw proxysql_location          {{ proxysql_location }}
+    raw template_repman_manager_sh {{ template_repman_manager_sh }}
+
+[template-mariadb-parameters]
+bash = {{ bash_location }}
+dash-location = {{ dash_location }}
+gzip-location = {{ gzip_location }}
+mariadb-location = {{ mariadb_location }}
+template-my-cnf = {{ template_my_cnf }}
+template-mariadb-initial-setup = {{ template_mariadb_initial_setup }}
+template-mariadb-init-root = {{ template_init_root_sql }}
+template-init-root-wrapper = {{ template_init_root_wrapper }}
+template-mysqld-wrapper = {{ template_mysqld_wrapper }}
+link-binary = {{ dumps(mariadb_link_binary) }}
+check-computer-memory-binary = {{ bin_directory }}/check-computer-memory
+bin-directory = {{ bin_directory }}
+percona-tools-location = {{ percona_toolkit_location }}
+unixodbc-location = {{ unixodbc_location }}
+curl-location = {{ curl_location }}
+dbjobs-template = {{ dbjobs_in }}
+socat-location = {{ socat_location }}
+
+[template-instance-mariadb.cfg]
+<= jinja2-template-base
+template = {{ template_mariadb }}
+filename = instance-mariadb.cfg
 extra-context =
+    section parameter_dict template-mariadb-parameters
+
+
--- a/software/repman/software.cfg
+++ b/software/repman/software.cfg
@@ -2,24 +2,88 @@

 extends =
  buildout.hash.cfg
+  ../neoppod/software-common.cfg
  ../../stack/monitor/buildout.cfg
  ../../component/replication-manager/buildout.cfg
  ../../component/mariadb/buildout.cfg
  ../../component/nginx/buildout.cfg
-  ../../stack/monitor/buildout.cfg
+  ../../component/haproxy/buildout.cfg
  ../../component/logrotate/buildout.cfg
+  ../../component/percona-toolkit/buildout.cfg
+  ../../component/gzip/buildout.cfg
+  ../../component/sed/buildout.cfg
+  ../../component/coreutils/buildout.cfg
+  ../../component/grep/buildout.cfg
+  ../../component/sysbench/buildout.cfg
+  ../../component/proxysql/buildout.cfg
+  ../../component/socat/buildout.cfg
+  ../../component/rsync/buildout.cfg
+  ../../stack/monitor/buildout.cfg
  ../../stack/slapos.cfg

 parts =
  slapos-cookbook
+  mroonga-mariadb
  instance.cfg
-  mariadb
+  template-mariadb.cfg
+  template-mysqld-wrapper

+[mariadb]
+# Compile dir is for plugins, there's no plugin yet
+keep-compile-dir = false

 [instance.cfg]
-recipe  = slapos.recipe.template
-url     = ${:_profile_base_location_}/${:filename}
-output  = ${buildout:directory}/instance.cfg
+recipe = slapos.recipe.template:jinja2
+rendered = ${buildout:directory}/instance.cfg
+template = ${:_profile_base_location_}/${:filename}
+mode = 0644
+context =
+    key bash_location bash:location
+    key bin_directory buildout:bin-directory
+    key config_toml_in config-toml.in:target
+    key config_cluster_toml_in config-cluster-toml.in:target
+    key coreutils_location coreutils:location
+    key curl_location curl:location
+    key buildout_egg_directory buildout:eggs-directory
+    key buildout_develop_directory buildout:develop-eggs-directory
+    key buildout_directory buildout:directory
+    key dbjobs_in dbjobs-in:target
+    key dash_location dash:location
+    key jq_location jq-binary:location
+    key logrotate_cfg template-logrotate-base:rendered
+    key gowork_bin gowork:bin
+    key gzip_location gzip:location
+    key haproxy_location haproxy:location
+    key template_monitor monitor2-template:rendered
+    key mariadb_link_binary template-mariadb.cfg:link-binary
+    key mariadb_location mariadb:location
+    key nginx_conf_in nginx.conf.in:target
+    key nginx_location nginx:location
+    key percona_toolkit_location percona-toolkit:location
+    key repman_src_location git.signal18.io_signal18_repman:location
+    key rsync_location rsync:location
+    key socat_location socat:location
+    key template_repman_manager_sh repman-manager-sh.in:target
+    key template_mariadb template-mariadb.cfg:target
+    key template_mariadb_initial_setup template-mariadb-initial-setup:target
+    key template_monitor_cfg monitor2-template:rendered
+    key template_my_cnf template-my-cnf:target
+    key template_mysqld_wrapper template-mysqld-wrapper:rendered
+    key template_init_root_sql mariadb-init-root-sql:target
+    key template_init_root_wrapper init-root-wrapper-in:target
+    key template_repman_cfg instance-repman.cfg:target
+    key unixodbc_location unixodbc:location
+    key sysbench_location sysbench:location
+    key proxysql_location proxysql:location
+
+
+[jq-binary]
+recipe = hexagonit.recipe.download
+url = https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
+md5sum = 1fffde9f3c7944f063265e9a5e67ae4f
+filename = jq
+mode = 0755
+download-only = true

 [download-file]
 recipe  = slapos.recipe.build:download
@@ -29,13 +93,48 @@ destination = ${buildout:directory}/${:_buildout_section_name_}
 [config-toml.in]
 <= download-file

+[config-cluster-toml.in]
+<= download-file
+
 [instance-repman.cfg]
 <= download-file

+[repman-manager-sh.in]
+<= download-file
+
+[template-mariadb.cfg]
+<= download-file
+link-binary =
+  ${coreutils:location}/bin/basename
+  ${coreutils:location}/bin/cat
+  ${coreutils:location}/bin/cp
+  ${coreutils:location}/bin/ls
+  ${coreutils:location}/bin/tr
+  ${coreutils:location}/bin/uname
+  ${gettext:location}/lib/gettext/hostname
+  ${grep:location}/bin/grep
+  ${sed:location}/bin/sed
+  ${mariadb:location}/bin/mysqlbinlog
+
+[template-mariadb-initial-setup]
+<= download-file
+
+[template-my-cnf]
+<= download-file
+
+[mariadb-init-root-sql]
+<= download-file
+
+[init-root-wrapper-in]
+<= download-file
+
 [nginx.conf.in]
 <= download-file

+[dbjobs-in]
+<= download-file
+
 # Pin versions of eggs used that are not already pinned by stack/slapos.cfg
 [versions]
 slapos.recipe.template = 4.3
-rubygemsrecipe  = 0.2.2+slapos001
\ No newline at end of file
+rubygemsrecipe  = 0.2.2+slapos001
--- a/software/repman/templates/cluster-config.toml.in
+++ b/software/repman/templates/cluster-config.toml.in
+[{{ parameter_dict['name'] }}]
+title = "{{ parameter_dict['name'] }}"
+db-servers-hosts = "{{ parameter_dict['db-list'] }}"
+db-servers-prefered-master = "{{ parameter_dict['db-prefered-master'] }}"
+db-servers-credential = "{{ parameter_dict['db-credential'] }}"
+replication-credential = "{{ parameter_dict['db-credential'] }}"
+db-servers-connect-timeout = 1
+slapos-db-partitions = "{{ parameter_dict['partition-list'] }}"
+slapos-proxysql-partitions = "{{ parameter_dict['proxysql-partition'] }}"
+
+proxysql = true
+proxysql-port = {{ parameter_dict['proxy-port'] }}
+proxysql-servers = "{{ parameter_dict['proxysql-servers'] }}"
+proxysql-user = "{{ parameter_dict['proxysql-user'] }}"
+proxysql-bootstrap = true
+proxysql-admin-port = {{ parameter_dict['proxy-admin-port'] }}
+proxysql-password = "{{ parameter_dict['password'] }}"
+
+prov-proxy-tags = "pkg,masterslave,linux,noreadwritesplit"
+
+monitoring-scheduler = true
+scheduler-db-servers-logical-backup  = true
+scheduler-db-servers-logical-backup-cron= "0 0 1 * * 6"
+scheduler-db-servers-logs   =  true
+scheduler-db-servers-logs-cron = "0 0 * * * *"
+#scheduler-db-servers-logs-table-keep = 12
+scheduler-db-servers-logs-table-keep = 4
+scheduler-db-servers-logs-table-rotate  = true
+#scheduler-db-servers-logs-table-rotate-cron = "0 0 0/6 * * *"
+scheduler-db-servers-logs-table-rotate-cron = "0 0 23 * * *"
+scheduler-db-servers-optimize  = true
+scheduler-db-servers-optimize-cron = "0 0 3 1 * 5"
+scheduler-db-servers-physical-backup = true
+scheduler-db-servers-physical-backup-cron = "0 0 0 * * *"
+backup-physical-type = "mariabackup"
+backup-logical-type = "mysqldump"
+# scheduler-db-servers-receiver-ports="4444,4445"
\ No newline at end of file
--- a/software/repman/templates/config.toml.in
+++ b/software/repman/templates/config.toml.in
 [Default]
-api-bind = "[{{ parameter_dict['ipv4'] }}]"
-http-bind-address = "[{{ parameter_dict['ipv4'] }}]"
-monitoring-save-config = true
+api-bind = "{{ parameter_dict['ipv4'] }}"
+http-bind-address = "{{ parameter_dict['ipv4'] }}"
+monitoring-save-config = false
 api-https-bind = true
 api-credentials = "{{ parameter_dict['username'] }}:{{ parameter_dict['password'] }}"
+include = "{{ parameter_dict['cluster-d'] }}"
+autorejoin = true
+db-servers-binary-path = "{{ parameter_dict['mysql-bin-dir'] }}"
+# Database list of hosts to ignore in election
+#db-servers-ignored-hosts =
+# Database hosts list to monitor, IP and port (optional), specified in the host:[port] format and separated by commas
+# XXX - check if mandatory (as present in cluster)
+#db-servers-hosts =
+
+#haproxy = true
+haproxy-binary-path = "{{ parameter_dict['haproxy-bin'] }}"
+# HaProxy input bind address for read (default "0.0.0.0")
+#haproxy-ip-read-bind =
+# HaProxy input bind address for write (default "0.0.0.0")
+#haproxy-ip-write-bind =
+# HaProxy load balance read port to all nodes (default 3307)
+#haproxy-read-port =
+# HaProxy hosts (default "127.0.0.1")
+#haproxy-servers =
+# HaProxy statistics port (default 1988)
+#haproxy-stat-port =
+#HaProxy read-write port to leader (default 3306)
+#haproxy-write-port =
+
+# Mail configuration
+# Alert email sender (default "mrm@localhost")
+mail-from = "{{ parameter_dict['mail-from'] }}"
+# Alert email SMTP server address, in host:[port] format (default "localhost:25")
+mail-smtp-addr = "{{ parameter_dict['mail-smtp-addr'] }}"
+mail-smtp-password = "{{ parameter_dict['mail-smtp-password'] }}"
+mail-smtp-user = "{{ parameter_dict['mail-smtp-user'] }}"
+# Alert email recipients, separated by commas
+mail-to = "{{ parameter_dict['mail-to'] }}"
+
+mysqlbinlog-path = "{{ parameter_dict['mysqlbinlog-path'] }}"
+mysqlclient-path = "{{ parameter_dict['mysqlclient-path'] }}"
+mysqldump-path = "{{ parameter_dict['mysqldump-path'] }}"
+
+prov-orchestrator = "slapos"
+prov-db-tags="gtidstrict,bind,pkg,innodb,noquerycache,slow,pfs,linux,readonly,diskmonitor,sqlerror,compressbinlog"
+
+sysbench-binary-path = "{{ parameter_dict['sysbench-bin'] }}"
+# Number of threads to run benchmark (default 4)
+sysbench-threads = 4
+# Time to run benchmark (default 100)
+sysbench-time = 100
+sysbench-v1 = true

-[cluster1]
-title = "cluster1"
-#db-servers-hosts = "[2408:5180:0:43::d2a5]:3306,[2409:5180:0:43::d2a5]:3306"
-#db-servers-prefered-master = "[2408:5180:0:43::d2a5]:3306"
-db-servers-hosts = ""
-db-servers-credential = "root:test"
--- a/software/repman/templates/dbjobs.in
+++ b/software/repman/templates/dbjobs.in
+#!{{ parameter_dict['bash-bin'] }}
+
+USER={{ parameter_dict['db-user'] }}
+PASSWORD={{ parameter_dict['db-password'] }}
+ERROLOG={{ parameter_dict['mysql-dir'] }}/.system/logs/errors.log
+SLOWLOG={{ parameter_dict['mysql-dir']}}/.system/logs/sql-slow
+BACKUPDIR={{ parameter_dict['mysql-dir'] }}/.system/backup
+DATADIR={{ parameter_dict['mysql-dir'] }}/
+export PATH={{ parameter_dict['socat-location'] }}/bin:{{ parameter_dict['mysql-location'] }}/bin:$PATH
+JOBS=( "xtrabackup" "mariabackup" "error" "slowquery" "zfssnapback" "optimize" "reseedxtrabackup" "reseedmariabackup" "reseedmysqldump" "flashbackxtrabackup" "flashbackmariadbackup" "flashbackmysqldump" "stop" "start")
+
+doneJob()
+{
+  mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }} -e "set sql_log_bin=0;UPDATE replication_manager_schema.jobs set end=NOW(), result=LOAD_FILE('{{ parameter_dict['log-dir'] }}/dbjob.out') WHERE id='$ID';" &
+}
+
+pauseJob()
+{
+  mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "select sleep(6);set sql_log_bin=0;UPDATE replication_manager_schema.jobs set result=LOAD_FILE('{{ parameter_dict['log-dir'] }}/dbjob.out') WHERE id='$ID';" &
+}
+
+partialRestore()
+{
+ mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;install plugin BLACKHOLE soname 'ha_blackhole.so'"
+ for dir in $(ls -d $BACKUPDIR/*/ | xargs -n 1 basename | grep -vE 'mysql|performance_schema|replication_manager_schema') ; do
+ mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;drop database IF EXISTS $dir; CREATE DATABASE $dir;"
+
+
+  for file in $(find $BACKUPDIR/$dir/ -name "*.exp" | xargs -n 1 basename | cut -d'.' --complement -f2-) ; do
+    cat $BACKUPDIR/$dir/$file.frm | sed -e 's/\x06\x00\x49\x6E\x6E\x6F\x44\x42\x00\x00\x00/\x09\x00\x42\x4C\x41\x43\x4B\x48\x4F\x4C\x45/g' > $DATADIR/$dir/mrm_pivo.frm
+    mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;ALTER TABLE $dir.mrm_pivo  engine=innodb;RENAME TABLE $dir.mrm_pivo TO $dir.$file; ALTER TABLE $dir.$file DISCARD TABLESPACE;"
+    mv $BACKUPDIR/$dir/$file.ibd $DATADIR/$dir/$file.ibd
+    mv $BACKUPDIR/$dir/$file.exp $DATADIR/$dir/$file.exp
+    mv $BACKUPDIR/$dir/$file.cfg $DATADIR/$dir/$file.cfg
+    mv $BACKUPDIR/$dir/$file.TRG $DATADIR/$dir/$file.TRG
+    mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;ALTER TABLE $dir.$file IMPORT TABLESPACE"
+  done
+  for file in $(find $BACKUPDIR/$dir/ -name "*.MYD" | xargs -n 1 basename | cut -d'.' --complement -f2-) ; do
+    mv $BACKUPDIR/$dir/$file.* $DATADIR/$dir/
+    mysql --defaults-file=/etc/mysql/dbjob.cnf  -e "set sql_log_bin=0;FLUSH TABLE $dir.$file"
+  done
+  for file in $(find $BACKUPDIR/$dir/ -name "*.CSV" | xargs -n 1 basename | cut -d'.' --complement -f2-) ; do
+    mv $BACKUPDIR/$dir/$file.* $DATADIR/$dir/
+    mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;FLUSH TABLE $dir.$file"
+  done
+ done
+ for file in $(find $BACKUPDIR/mysql/ -name "*.MYD" | xargs -n 1 basename | cut -d'.' --complement -f2-) ; do
+    mv $BACKUPDIR/mysql/$file.* $DATADIR/mysql/
+    mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;FLUSH TABLE mysql.$file"
+ done
+ cat $BACKUPDIR/xtrabackup_info | grep binlog_pos | awk  -F, '{ print $3 }' | sed -e 's/GTID of the last change/set sql_log_bin=0;set global gtid_slave_pos=/g' | mysql -h{{ parameter_dict['ip'] }} -P{{ parameter_dict['port'] }} -p$PASSWORD -u$USER
+ mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}   -e"flush privileges;start slave;"
+}
+
+for job in "${JOBS[@]}"
+do
+
+ TASK=($(echo "select concat(id,'@',server,':',port) from replication_manager_schema.jobs WHERE task='$job' and done=0 order by task desc limit 1" | mysql -h{{ parameter_dict['ip'] }} -P{{ parameter_dict['port'] }} -p$PASSWORD -u$USER -N))
+
+ ADDRESS=($(echo $TASK | awk -F@ '{ print $2 }'))
+ ID=($(echo $TASK | awk -F@ '{ print $1 }'))
+ #purge de past
+ mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e "set sql_log_bin=0;UPDATE replication_manager_schema.jobs set done=1 WHERE done=0 AND task='$job';"
+
+  if [ "$ADDRESS" == "" ]; then
+    echo "No $job needed"
+  else
+    echo "Processing $job"
+    case "$job" in
+      reseedmysqldump)
+       echo "Waiting backup." >  {{ parameter_dict['log-dir'] }}/dbjob.out
+       pauseJob
+       socat -u TCP-LISTEN:{{ parameter_dict['socat-port'] }},reuseaddr STDOUT | gunzip | mysql -h{{ parameter_dict['ip'] }} -P{{ parameter_dict['port'] }} -p$PASSWORD -u$USER > {{ parameter_dict['log-dir'] }}/dbjob.out 2>&1
+        mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e 'start slave;'
+      ;;
+      flashbackmysqldump)
+       echo "Waiting backup." >  {{ parameter_dict['log-dir'] }}/dbjob.out
+       pauseJob
+       socat -u TCP-LISTEN:{{ parameter_dict['socat-port'] }},reuseaddr STDOUT | gunzip | mysql -h{{ parameter_dict['ip'] }} -P{{ parameter_dict['port'] }} -p$PASSWORD -u$USER > {{ parameter_dict['log-dir'] }}/dbjob.out 2>&1
+       mysql --defaults-file={{ parameter_dict['dbjob-cnf'] }}  -e 'start slave;'
+      ;;
+      reseedmariabackup)
+       rm -rf $BACKUPDIR
+       mkdir $BACKUPDIR
+       echo "Waiting backup." >  {{ parameter_dict['log-dir'] }}/dbjob.out
+       pauseJob
+       socat -u TCP-LISTEN:{{ parameter_dict['socat-port'] }},reuseaddr STDOUT | mbstream -x -C $BACKUPDIR
+       # mbstream -p, --parallel
+       mariabackup --prepare --export --target-dir=$BACKUPDIR
+       partialRestore
+      ;;
+      flashbackmariadbackup)
+       rm -rf $BACKUPDIR
+       mkdir $BACKUPDIR
+       echo "Waiting backup." >  {{ parameter_dict['log-dir'] }}/dbjob.out
+       pauseJob
+       socat -u TCP-LISTEN:{{ parameter_dict['socat-port'] }},reuseaddr STDOUT | xbstream -x -C $BACKUPDIR
+       mariabackup --prepare --export --target-dir=$BACKUPDIR
+       partialRestore
+      ;;
+      mariabackup)
+       cd {{ parameter_dict['tmp-dir'] }}
+       mariadb-backup --innobackupex --defaults-file={{ parameter_dict['dbjob-cnf'] }} --socket='{{ parameter_dict["mysqld-socket"] }}'  --no-version-check  --user=$USER --password=$PASSWORD --stream=xbstream {{ parameter_dict['tmp-dir'] }}/ | socat -u stdio TCP:$ADDRESS &>{{ parameter_dict['log-dir'] }}/dbjob.out
+      ;;
+      error)
+       cat $ERROLOG| socat -u stdio TCP:$ADDRESS &>{{ parameter_dict['log-dir'] }}/dbjob.out
+       > $ERROLOG
+      ;;
+      slowquery)
+       cat $SLOWLOG| socat -u stdio TCP:$ADDRESS &>{{ parameter_dict['log-dir'] }}/dbjob.out
+       > $SLOWLOG
+      ;;
+      optimize)
+       mysqlcheck --defaults-file={{ parameter_dict['dbjob-cnf'] }} -o --all-databases --skip-write-binlog &>{{ parameter_dict['log-dir'] }}/dbjob.out
+      ;;
+      restart)
+        {{ parameter_dict['restart-script'] }} > {{ parameter_dict['log-dir'] }}/dbjob.out
+      ;;
+  esac
+  doneJob
+  fi
+
+done
--- a/software/repman/templates/init_root_wrapper.in
+++ b/software/repman/templates/init_root_wrapper.in
+#!{{ dash_bin }}
+
+run_mysql () {
+  {{ mysql_bin }} --defaults-file="{{ mysql_conf }}" \
+  --protocol=socket -uroot -hlocalhost $@
+}
+
+if [ ! -f "{{ init_password_done }}" ]; then
+  for i in {30..0}; do
+    if echo 'SELECT 1' | run_mysql  &> /dev/null; then
+      break
+    fi
+    echo 'MySQL init process in progress...'
+    sleep 1
+  done
+  if [ "$i" = 0 ]; then
+    echo >&2 'MySQL init process failed.'
+    exit 1
+  fi
+  echo "Setting mariabdb root password...";
+  run_mysql  < {{ init_root_sql }} && touch {{ init_password_done }} || exit 1;
+  echo "done"
+fi
+
+# Run mariadb_upgrade when replication is bootstrapped will break replication topology.
+# skip when already upgraded until we have a good solution.
+if [ ! -f "{{ upgrade_done }}" ]; then
+  {{ mysql_update }}
+  if [ $? -eq 0 ]; then
+    touch {{ upgrade_done }};
+  fi
+fi
\ No newline at end of file
--- a/software/repman/templates/mariadb_init_root.sql.in
+++ b/software/repman/templates/mariadb_init_root.sql.in
+--  What's done in this file shouldn't be replicated
+--  or products like mysql-fabric won't work
+SET @@SESSION.SQL_LOG_BIN=0;
+
+CREATE USER 'repman'@'localhost' IDENTIFIED BY '{{ parameter_dict["password"] }}' ;
+GRANT ALL ON *.* TO 'repman'@'localhost' WITH GRANT OPTION ;
+CREATE USER 'repman'@'%' IDENTIFIED BY '{{ parameter_dict["password"] }}' ;
+GRANT ALL ON *.* TO 'repman'@'%' WITH GRANT OPTION ;
+DROP DATABASE IF EXISTS test ;
+FLUSH PRIVILEGES ;
\ No newline at end of file
--- a/software/repman/templates/mariadb_initial_setup.sql.in
+++ b/software/repman/templates/mariadb_initial_setup.sql.in
+USE mysql;
+DROP FUNCTION IF EXISTS last_insert_grn_id;
+DROP FUNCTION IF EXISTS mroonga_snippet;
+DROP FUNCTION IF EXISTS mroonga_command;
+{% set mroonga = parameter_dict.get('mroonga', 'ha_mroonga.so') -%}
+{% if mroonga %}CREATE FUNCTION last_insert_grn_id RETURNS INTEGER SONAME '{{ mroonga }}';
+CREATE FUNCTION mroonga_snippet RETURNS STRING SONAME '{{ mroonga }}';
+CREATE FUNCTION mroonga_command RETURNS STRING SONAME '{{ mroonga }}';{% endif %}
+DROP FUNCTION IF EXISTS sphinx_snippets;
+#CREATE FUNCTION sphinx_snippets RETURNS STRING SONAME 'ha_sphinx.so';
+
+{% macro database(name, user, password) -%}
+CREATE DATABASE IF NOT EXISTS `{{ name }}`;
+{% if user -%}
+GRANT ALL PRIVILEGES ON `{{ name }}`.* TO `{{ user }}`@`%` IDENTIFIED BY '{{ password }}';
+GRANT ALL PRIVILEGES ON `{{ name }}`.* TO `{{ user }}`@localhost IDENTIFIED BY '{{ password }}';
+{%- endif %}
+{% endmacro -%}
+
+{% for entry in parameter_dict['database-list'] -%}
+{{   database(entry['name'], entry.get('user'), entry.get('password')) }}
+{% endfor -%}
\ No newline at end of file
--- a/software/repman/templates/my.cnf.in
+++ b/software/repman/templates/my.cnf.in
+{% set socket = parameter_dict['socket'] -%}
+# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
+# The MySQL server
+[mysqld]
+# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
+# different engine, like MyISAM. Such behaviour generates problems only, when
+# tables requested as InnoDB are silently created with MyISAM engine.
+#
+# Loud fail is really required in such case.
+# Already present in REPMAN
+#sql_mode="NO_ENGINE_SUBSTITUTION"
+
+socket = {{ socket }}
+bind_address = {{ parameter_dict['ip'] }}
+datadir = {{ parameter_dict['data-directory'] }}
+pid_file = {{ parameter_dict['pid-file'] }}
+
+default_time_zone = '+00:00'
+
+plugin_load = ha_mroonga
+
+max_connections = {{ parameter_dict['max-connection-count'] }}
+
+{% set innodb_buffer_pool_size = parameter_dict['innodb-buffer-pool-size'] -%}
+{% if innodb_buffer_pool_size %}innodb_buffer_pool_size = {{ innodb_buffer_pool_size }}{% endif %}
+{% set innodb_buffer_pool_instances = parameter_dict['innodb-buffer-pool-instances'] -%}
+{% if innodb_buffer_pool_instances %}innodb_buffer_pool_instances = {{ innodb_buffer_pool_instances }}{% endif %}
+{% set innodb_log_file_size = parameter_dict['innodb-log-file-size'] -%}
+{% if innodb_log_file_size %} innodb_log_file_size = {{ innodb_log_file_size }}{% endif %}
+{% set innodb_log_buffer_size = parameter_dict['innodb-log-buffer-size'] -%}
+{% if innodb_log_buffer_size %} innodb_log_buffer_size = {{ innodb_log_buffer_size }}{% endif %}
+
+# very important to allow parallel indexing
+# Note: this is compatible with binlog-based incremental backups, because ERP5
+# doesn't use "insert ... select" (in any number of queries) pattern.
+innodb_locks_unsafe_for_binlog = 1
+
+
+{% if 'ssl-key' in parameter_dict -%}
+ssl
+ssl-cert = {{ parameter_dict['ssl-crt'] }}
+ssl-key = {{ parameter_dict['ssl-key'] }}
+{%   if 'ssl-ca-crt' in parameter_dict -%}
+ssl-ca = {{ parameter_dict['ssl-ca-crt'] }}
+{%-  endif %}
+{%   if 'ssl-crl' in parameter_dict -%}
+ssl-crl = {{ parameter_dict['ssl-crl'] }}
+{%-  endif %}
+{%   if 'ssl-cipher' in parameter_dict -%}
+ssl-cipher = {{ parameter_dict['ssl-cipher'] }}
+{%-  endif %}
+{%- endif %}
+
+#server_id = {{ parameter_dict['server-id'] }}
+
+
+# Some dangerous settings you may want to uncomment temporarily
+# if you only want performance or less disk access.
+{% set x = '' if parameter_dict['relaxed-writes'] else '#' -%}
+{{x}}innodb_flush_log_at_trx_commit = 0
+{{x}}innodb_flush_method = nosync
+{{x}}innodb_doublewrite = 0
+{{x}}sync_frm = 0
+
+# Force utf8 usage
+character_set_server = utf8mb4
+collation_server = utf8mb4_general_ci
+skip_character_set_client_handshake
+
+
+[client]
+socket = {{ socket }}
+user = root
+
+[mysql]
+no_auto_rehash
+
+[mysqlhotcopy]
+interactive_timeout
+
+[mysqldump]
+max_allowed_packet = 128M
--- a/software/repman/templates/nginx.conf.in
+++ b/software/repman/templates/nginx.conf.in
@@ -18,7 +18,7 @@ http {
     }

     server {
-        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }} ssl;
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['ssl-port'] }} ssl;
        server_name _;
        ssl_certificate     {{ parameter_dict['ssl-certificate'] }};
        ssl_certificate_key {{ parameter_dict['ssl-key'] }};
@@ -27,6 +27,21 @@ http {
        ssl_prefer_server_ciphers on;
        keepalive_timeout 90s;

+        location / {
+            proxy_redirect off;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host  $http_host;
+            proxy_connect_timeout 200;
+
+            proxy_pass {{ parameter_dict['repman-secure-url'] }};
+        }
+    }
+
+    server {
+        listen [{{ parameter_dict['ipv6'] }}]:{{ parameter_dict['port'] }};
+        server_name _;
+
        location / {
            proxy_redirect off;
            proxy_set_header   X-Forwarded-Proto $scheme;

--- a/software/repman/templates/repman-manager.sh.in
+++ b/software/repman/templates/repman-manager.sh.in
+#!{{ bash_bin }}
+
+#set -e
+
+curl () {
+  {{ curl_bin }} -k --silent -H "Accept: application/json" "$@"
+}
+
+wait_database () {
+  NAME=$1
+  for retry in {1..5}; do
+    echo ">> Wait until $NAME databases are ready...";
+    CODE=$(curl -H "Authorization: Bearer ${TOKEN}" -o /dev/null -w "%{http_code}" {{ secure_url }}/api/clusters/$NAME/actions/waitdatabases);
+    if [ $CODE -eq 504 ]; then
+      # We have a timeout try again
+      echo ">> [$retry] Timeout on {{ secure_url }}/api/clusters/$NAME/actions/waitdatabases, trying again...";
+    else
+      if [ $CODE -eq 200 ]; then
+        break;
+      else:
+        echo ">> [$retry] waitdatabases returned code $CODE...";
+      fi
+    fi
+    sleep 1
+  done
+}
+
+TOKEN=$(curl -s -X POST --data '{"username":"{{ username }}","password":"{{ password}}"}' {{ secure_url }}/api/login | {{ jq_bin }} -r '.token')
+
+# Always reload cluster configuration to apply recent changes
+{% for name in cluster_name_list -%}
+# reload {{ name }} settings
+echo "Reloading settings for {{ name }}..."
+curl -H "Authorization: Bearer ${TOKEN}" \
+  {{ secure_url }}/api/clusters/{{ name }}/settings/actions/reload
+
+# Start Replication on {{ name }}
+if [ ! -f "{{ parameter_dict['bootstrap'] }}/{{ name }}_bootstrapped" ]; then
+
+  wait_database {{ name }}
+
+  echo "Bootstrap replication on {{ name }}..."
+  TOKEN=$(curl -s -X POST --data '{"username":"{{ username }}","password":"{{ password}}"}' {{ secure_url }}/api/login | {{ jq_bin }} -r '.token')
+
+  curl -H "Authorization: Bearer ${TOKEN}" \
+    {{ secure_url }}/api/clusters/{{ name }}/actions/replication/cleanup
+  CODE=$(curl -H "Authorization: Bearer ${TOKEN}" -o /dev/null -w "%{http_code}" {{ secure_url }}/api/clusters/{{ name }}/actions/replication/bootstrap/master-slave)
+  if [ $CODE -eq 200 ]; then
+    # Mark boostrap done!
+    echo "Cluster {{ name }} replication bootstrapped"
+    echo "DO NOT REMOVE THIS FILE" > {{ parameter_dict['bootstrap'] }}/{{ name }}_bootstrapped
+  else
+    echo "ERROR: Failed to bootstrap cluster {{ name }}... http_code $CODE"
+  fi
+fi
+
+{% endfor %}
\ No newline at end of file