feat(mysql): 创建 MySQL 主从复制集群和单节点实例的 Terraform 配置文件

.gitignore

@@ -0,0 +1,8 @@
+.terraform/
+*.tfstate
+*.tfstate.lock.info
+*.tfstate.backup
+crash.log
+custom-plugins/
+*.lock.hcl
+*.auto.*

mysql/replication/data.tf

@@ -0,0 +1,14 @@
+data "qiniu_compute_images" "available_official_images" {
+  type  = "Official"
+  state = "Available"
+}
+
+locals {
+  ubuntu_image_id = [
+    for item in data.qiniu_compute_images.available_official_images.items : item
+    if item.os_distribution == "Ubuntu" && item.os_version == "24.04 LTS"
+  ][0].id
+
+  replication_username = "replicator"
+  instance_final_state = "Running"
+}

mysql/replication/main.tf

@@ -0,0 +1,64 @@
+# MySQL Replication Cluster Configuration
+
+# 用于生成资源后缀
+resource "random_string" "random_suffix" {
+  length  = 6
+  upper   = false
+  lower   = true
+  special = false
+}
+
+locals {
+  replication_cluster_suffix = random_string.random_suffix.result
+}
+
+# 创建置放组
+resource "qiniu_compute_placement_group" "mysql_pg" {
+  name        = format("mysql-repl-%s", local.replication_cluster_suffix)
+  description = format("Placement group for MySQL replication cluster %s", local.replication_cluster_suffix)
+  strategy    = "Spread"
+}
+
+# 创建 MySQL 主库
+resource "qiniu_compute_instance" "mysql_primary_node" {
+  instance_type      = var.instance_type
+  placement_group_id = qiniu_compute_placement_group.mysql_pg.id
+  name               = format("mysql-primary-%s", local.replication_cluster_suffix)
+  description        = format("Primary node for MySQL replication cluster %s", local.replication_cluster_suffix)
+  state              = local.instance_final_state
+  image_id           = local.ubuntu_image_id
+  system_disk_size   = var.instance_system_disk_size
+
+  user_data = base64encode(templatefile("${path.module}/mysql_master.sh", {
+    mysql_server_id            = "1"
+    mysql_admin_username       = var.mysql_username
+    mysql_admin_password       = var.mysql_password
+    mysql_replication_username = local.replication_username
+    mysql_replication_password = var.mysql_password
+    mysql_db_name              = var.mysql_db_name
+  }))
+}
+
+
+# 创建 MySQL 从库节点
+resource "qiniu_compute_instance" "mysql_replication_nodes" {
+  depends_on = [qiniu_compute_instance.mysql_primary_node]
+
+  count              = var.mysql_replica_count
+  instance_type      = var.instance_type
+  placement_group_id = qiniu_compute_placement_group.mysql_pg.id
+  name               = format("mysql-repl-%02d-%s", count.index + 1, local.replication_cluster_suffix)
+  description        = format("Replica node %02d for MySQL replication cluster %s", count.index + 1, local.replication_cluster_suffix)
+  state              = local.instance_final_state
+  image_id           = local.ubuntu_image_id
+  system_disk_size   = var.instance_system_disk_size
+
+  user_data = base64encode(templatefile("${path.module}/mysql_slave.sh", {
+    mysql_master_ip            = qiniu_compute_instance.mysql_primary_node.private_ip_addresses[0].ipv4
+    mysql_server_id            = tostring(count.index + 2) // 从库ID从2开始递增
+    mysql_replication_username = local.replication_username
+    mysql_replication_password = var.mysql_password
+  }))
+}
+
+

mysql/replication/mysql_master.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+echo "This is the primary node."
+
+# 允许外部IP访问
+sed -i 's/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
+
+# 确保删除旧的server uuid配置文件，防止uuid冲突
+rm -f /var/lib/mysql/auto.cnf
+
+# 配置主从复制
+tee /etc/mysql/mysql.conf.d/replication.cnf >/dev/null <<EOF
+[mysqld]
+server_id = ${mysql_server_id}
+log_bin = /var/log/mysql/mysql-bin.log  # binlog 路径前缀
+binlog_format = ROW # binlog 格式
+gtid_mode = ON # 开启 GTID 模式
+expire_logs_days = 7 # 自动清理7天前的binlog
+max_binlog_size = 100M # 单个binlog文件最大大小
+enforce_gtid_consistency = ON # 强制保证 GTID 一致性（避免非事务操作）
+EOF
+
+# 重启 MySQL 服务
+systemctl restart mysql
+
+# 等待 MySQL 服务重启完成
+while ! mysqladmin ping --silent; do sleep 1; done  
+
+mysql -uroot <<EOF
+  ALTER USER 'root'@'localhost' IDENTIFIED BY '${mysql_admin_password}';
+  CREATE USER '${mysql_admin_username}'@'%' IDENTIFIED BY '${mysql_admin_password}';为管理用户 '${mysql_admin_username}' 授权时使用了 '%' 作为主机，这意味着该用户可以从任何 IP 地址连接。如果实例有公网 IP，这将带来安全风险。建议将主机限制在特定的 IP 范围或 VPC 子网内，以增强安全性。
+
+
+  GRANT ALL PRIVILEGES ON *.* TO '${mysql_admin_username}'@'%' WITH GRANT OPTION;
+
+  CREATE USER '${mysql_replication_username}'@'%' IDENTIFIED WITH mysql_native_password BY '${mysql_replication_password}';
+  GRANT REPLICATION SLAVE ON *.* TO '${mysql_replication_username}'@'%';
+  FLUSH PRIVILEGES;
+EOF
+
+# 如果 mysql_db_name 不为空，则创建数据库
+if [[ -n "${mysql_db_name}" ]]; then
+  mysql -u"${mysql_admin_username}" -p"${mysql_admin_password}" <<EOF
+CREATE DATABASE IF NOT EXISTS \`${mysql_db_name}\`;
+EOF
+fi
+
+# 查看数据库
+mysql -u"${mysql_admin_username}" -p"${mysql_admin_password}" -e "SHOW DATABASES;"

mysql/replication/mysql_slave.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+echo "This is a replica node."
+
+# 允许外部IP访问
+sed -i 's/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
+
+# 确保删除旧的server uuid配置文件，防止uuid冲突
+rm -f /var/lib/mysql/auto.cnf
+
+# 配置主从复制
+tee /etc/mysql/mysql.conf.d/replication.cnf >/dev/null <<EOF
+[mysqld]
+server_id = ${mysql_server_id}
+relay_log = /var/lib/mysql/mysql-relay-bin # 中继日志路径
+read_only = ON # 设置从库为只读
+super_read_only = ON # 设置root用户也是只读模式
+gtid_mode = ON # 开启 GTID 模式
+enforce_gtid_consistency = ON # 强制保证 GTID 一致性（避免非事务操作）
+EOF
+
+# 重启 MySQL 服务
+systemctl restart mysql
+sleep 1 # 等待 MySQL 服务重启完成
+
+# 轮询等待主库启动
+while ! mysqladmin ping -h "${mysql_master_ip}" -u"${mysql_replication_username}" -p"${mysql_replication_password}" --silent; do
+  echo "Waiting for MySQL master at ${mysql_master_ip} to be ready..."
+  sleep 2
+done
+
+# 配置从库，将自动将主库所有变更都同步过来，包括用户配置
+mysql -uroot <<EOF
+  CHANGE MASTER TO
+    MASTER_HOST = '${mysql_master_ip}',
+    MASTER_USER = '${mysql_replication_username}',
+    MASTER_PASSWORD = '${mysql_replication_password}',
+    MASTER_AUTO_POSITION = 1;
+  START SLAVE;
+  SHOW SLAVE STATUS\G;
+EOF

mysql/replication/outputs.tf

@@ -0,0 +1,9 @@
+output "mysql_primary_endpoint" {
+  value       = qiniu_compute_instance.mysql_primary_node.private_ip_addresses[0].ipv4
+  description = "MySQL primary node private IP address"
+}
+
+output "mysql_replica_endpoints" {
+  value       = [for instance in qiniu_compute_instance.mysql_replication_nodes : instance.private_ip_addresses[0].ipv4]
+  description = "MySQL replica nodes private IP addresses"
+}

mysql/replication/variables.tf

@@ -0,0 +1,72 @@
+variable "instance_type" {
+  type        = string
+  description = "MySQL instance type"
+  validation {
+    condition     = var.instance_type != ""
+    error_message = "instance_type parameter is required but not provided"
+  }
+}
+
+variable "instance_system_disk_size" {
+  type        = number
+  description = "System disk size in GiB"
+  default     = 20
+
+  validation {
+    condition     = var.instance_system_disk_size > 0
+    error_message = "instance_system_disk_size parameter must be a positive integer"
+  }
+}
+
+variable "mysql_replica_count" {
+  type        = number
+  description = "Number of MySQL replica nodes"
+  default     = 2
+
+  validation {
+    condition     = var.mysql_replica_count >= 1 && var.mysql_replica_count <= 10
+    error_message = "mysql_replica_count must be between 1 and 10"
+  }
+}
+
+variable "mysql_username" {
+  type        = string
+  description = "MySQL admin username"
+
+  validation {
+    condition     = length(var.mysql_username) >= 1 && length(var.mysql_username) <= 32
+    error_message = "mysql_username parameter must be between 1 and 32 characters long"
+  }
+}
+
+variable "mysql_password" {
+  type        = string
+  description = "MySQL admin password"
+  sensitive   = true
+
+  validation {
+    condition     = length(var.mysql_password) >= 8
+    error_message = "mysql_password parameter must be at least 8 characters long"
+  }
+
+  validation {
+    condition     = can(regex("[a-z]", var.mysql_password)) && can(regex("[A-Z]", var.mysql_password)) && can(regex("[0-9]", var.mysql_password)) && can(regex("[!-/:-@\\[-`{-~]", var.mysql_password))
+    error_message = "mysql_password parameter must contain at least one lowercase letter, one uppercase letter, one digit, and one special character"
+  }
+}
+
+variable "mysql_db_name" {
+  type        = string
+  description = "Initial MySQL database name (optional)"
+  default     = ""
+
+  validation {
+    condition = var.mysql_db_name == "" ? true : (
+      length(var.mysql_db_name) >= 1 &&
+      length(var.mysql_db_name) <= 64 &&
+      can(regex("^[a-zA-Z0-9_]*$", var.mysql_db_name)) &&
+      !contains(["mysql", "information_schema", "performance_schema", "sys"], var.mysql_db_name)
+    )
+    error_message = "mysql_db_name must be 1-64 chars, only alphanumeric/underscore, and not a reserved name (mysql, information_schema, performance_schema, sys)"
+  }
+}

mysql/replication/versions.tf

@@ -0,0 +1,3 @@
+provider "qiniu" {}
+
+provider "random" {}

mysql/standalone/data.tf

@@ -0,0 +1,11 @@
+data "qiniu_compute_images" "available_official_images" {
+  type  = "Official"
+  state = "Available"
+}
+
+locals {
+  ubuntu_image_id = [
+    for item in data.qiniu_compute_images.available_official_images.items : item
+    if item.os_distribution == "Ubuntu" && item.os_version == "24.04 LTS"
+  ][0].id
+}

mysql/standalone/main.tf

@@ -0,0 +1,24 @@
+# 生成资源后缀，避免命名冲突
+resource "random_string" "resource_suffix" {
+  length  = 6
+  upper   = false
+  lower   = true
+  special = false
+}
+
+locals {
+  standalone_suffix = random_string.resource_suffix.result
+}
+
+resource "qiniu_compute_instance" "mysql_primary_node" {
+  instance_type    = var.instance_type // 虚拟机实例规格
+  name             = format("mysql-standalone-%s", local.standalone_suffix)
+  description      = format("Standalone MySQL node %s", local.standalone_suffix)
+  image_id         = local.ubuntu_image_id         // 预设的MysSQL系统镜像ID
+  system_disk_size = var.instance_system_disk_size // 系统盘大小，单位是GiB
+  user_data = base64encode(templatefile("${path.module}/mysql_standalone.sh", {
+    mysql_username = var.mysql_username,
+    mysql_password = var.mysql_password,
+    mysql_db_name  = var.mysql_db_name,
+  }))
+}

mysql/standalone/mysql_standalone.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# Install MySQL if not already installed
+
+echo "Checking for MySQL installation..."
+
+if ! command -v mysql &> /dev/null; then
+    echo "MySQL not found, installing..."
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-client-8.0 mysql-server-8.0 mysql-router mysql-shell
+fi
+
+echo "Setting up MySQL standalone instance..."
+
+# 允许外部IP访问
+sed -i 's/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
+
+# 确保删除旧的server uuid配置文件，防止uuid冲突
+rm -f /var/lib/mysql/auto.cnf
+
+# 重启 MySQL 服务
+systemctl restart mysql
+
+# 等待 MySQL 服务重启完成
+while ! mysqladmin ping --silent; do sleep 1; done  
+
+# 配置基础用户
+mysql -uroot <<EOF
+ALTER USER 'root'@'localhost' IDENTIFIED BY '${mysql_password}';
+CREATE USER '${mysql_username}'@'%' IDENTIFIED BY '${mysql_password}';
+GRANT ALL PRIVILEGES ON *.* TO '${mysql_username}'@'%' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+# 如果 mysql_db_name 不为空，则创建数据库
+if [[ -n "${mysql_db_name}" ]]; then
+  mysql -u"${mysql_username}" -p"${mysql_password}" <<EOF
+CREATE DATABASE IF NOT EXISTS \`${mysql_db_name}\`;
+EOF
+fi
+
+echo "MySQL standalone setup completed successfully!"

mysql/standalone/outputs.tf

@@ -0,0 +1,4 @@
+output "mysql_primary_endpoint" {
+  value       = qiniu_compute_instance.mysql_primary_node.private_ip_addresses[0].ipv4
+  description = "MySQL primary node private IP address"
+}