wsrep_sst_mariabackup script that syncs data for members joining cluster
leverages `find` util heavily. While Ubuntu LXC image seems to contain
it out of the box, EL does miss it. While we do not see any issues due
to missing `find` on modern MariaDB, script still apparently relies on
it's existance, though can handle cases when it's not present.
Still let's ensure it's present, as it feels playing important role.
Change-Id: Ia10a9ab589275f18ff2c92a21cd2ff9aeac07567
This should allow easily switch to using distro-porvided version of MariaDB
rather then installed from external repo which is aligned in version across
all distributions.
Change-Id: I203aa8e6ac5d0c7f604c3342a400aabad34729d9
Add variables `galera_require_secure_transport` and `galera_tls_version`
for requiring encrypted connections to the server and providing the list
of permitted protocols of those connections when `galera_use_ssl` is
enabled.
Change-Id: I28c548a5ee778c4957dc73e3547d585344755c0f
Depends-On: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
Depends-On: I23d839e75b202d0400aeefe6e98c429e16ecd37e
Confusingly, the variable ignore_db_dirs is set by passing it
multiple times in the configuration file, once per directory.
It is then read as a comma separated list, but cannot be set
in this way.
https://mariadb.com/kb/en/server-system-variables/#ignore_db_dirs
Without this, the mariadb-upgrade script can fail as it attempts
to process invalid databases.
Change-Id: Ie997393935e04e127893643e4c72d7af07e993ff
Added variables ``galera_backups_full_init_overrides`` and
``galera_backups_increment_init_overrides`` that can be leveraged to
override default set of systemd unit file for mariadb backups.
Change-Id: Ib15c60dc577b376b1f761c4266eea89c4cb0be9f
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.
Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.
By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.
RHEL distros already have a removal step for galera-*
Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
As database backups can grow substantially in size, compressing backups
helps to preserve disk space.
While the mariabackup utility offers no compression by itself, we can
stream the backup into a compression tool to create an archive [1].
The xtrabackup_checkpoints file, which contains metadata on a backup,
gets stored alongside the archive, allowing to create incremental
backups from non-compressed backups and vice-versa [2].
One thing to note, is that compressed backups cannot be prepared in
advance, this step must be manually carried out by the user.
Backup compression is disabled by default and different compressors
can be chosen (zstd, xz, ...), with gzip being the default.
[1] https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
[2] https://mariadb.com/kb/en/incremental-backup-and-restore-with-mariabackup/#combining-with-stream-output
Change-Id: I28c6a0e0b41d4d29c3e79e601de45ea373dee4fb
Signed-off-by: Simon Hensel <simon.hensel@inovex.de>
Omit can not be used in timer options, since this is simple mapping
that is passed to the unit file. With that, omit is resolved to a
randomly named omit_place_holder that ends up in a template.
Se we define a delay to 0, which is default systemd behaviour [1]
[1] https://www.freedesktop.org/software/systemd/man/systemd.timer.html#RandomizedDelaySec=
Change-Id: Ib242e66cfb4a24b7e93144e382e50f124015e3bf
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile
With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.
[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150
Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.
To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653
As of today bare metal scenarion does contain systemd ordering cycle [1]
due to mariadbcheck.socket waiting for network.target while being
part of that target. Removing that dependency solves the cycle.
[1] https://paste.openstack.org/show/bE9UlN6dK8awqZl3uwrQ/
Closes-Bug: #2002653
Change-Id: If4729eca992a0e647e2f15b3d77ad6300bbf9c12
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: I0aa8f63d16d9008ca9c4384fd6e049b13838e097
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Id775e9c34da18cf370b61e19f4966a31bcdbc8f4
Since ansible 2.8 it's possible to provide policy_rc_d attribute to the
apt module in order to avoid service restart on installation/upgrade
Change-Id: Ida1ce1b767497c792fbb7bcdb934ba5e282041b1
This line snuck in with I703079f9ba98ca4c0c825bd36746280d91dd4a5b
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I829312656d805e972c45a984266b3bd9ce41ff75
This provides the capability to add and remove additional users
in the Galera database which may be used by external resource
monitoring systems (for example).
The Ansible mysql 'resource_limits' variable is also exposed to
enable setting connection limits against individual users.
Change-Id: Idcc9251340215baf5e6f550a9ca844c8c097d353
By allowing for a random delay for the OnCalendar timers it's possible
to run backups on multiple nodes without having them happen at the exact
same time. By omitting the option by default the current behavior remains
unchanged.
Change-Id: I005cf8ba94ab043d7075039975d5f0bc250f9187
MariaDB/Galera can read information about the actual client
connecting via a load balancer from the proxy protocol.
In order to define which sources are trusted the parameter
`proxy-protocol-networks` is used.
See https://mariadb.com/kb/en/proxy-protocol-support
Change-Id: I4ea360fbea5a911ba03a5eca3af00eb91b7bd124
Change galera_root_user default value from root to admin. It's general
recommendation not to mess up with root user and not adjust/use it
anywhere except by system. We've changed value for OSA
several cycles ago and now it's time to change defaults in role.
Change-Id: I18e868927bded594ba482f1463e999f6bd6ee0da
We used to overwrite /etc/mysql/debian.cnf file that is provided by
package when we were resetting root password for mariadb. That was
required as otherwise systemd couldn't manage service properly.
Now, when galera_root_user can be different then root, we don't need to
do this and can rely on defaults.
Change-Id: Ia8305121900d28aca28a80c6c9d6a664aec40214
Closes-Bug: #1979726
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5