* Update openstack-ansible-galera_server from branch 'master'
to 3f029767606fe3b82f7f09e4410470fe6e11b541
- Additional TLS configuration options
Add variables `galera_require_secure_transport` and `galera_tls_version`
for requiring encrypted connections to the server and providing the list
of permitted protocols of those connections when `galera_use_ssl` is
enabled.
Change-Id: I28c548a5ee778c4957dc73e3547d585344755c0f
Depends-On: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
Depends-On: I23d839e75b202d0400aeefe6e98c429e16ecd37e
* Update openstack-ansible-galera_server from branch 'master'
to e697948b3420dfc3e2d4efbdca28c8bcbd2186a1
- Bump version to latest stable release of MariaDB 10.11
Change-Id: I9735ecba0db5cffd8b3c2b0e24a41bcfa5856a0e
* Update openstack-ansible-galera_server from branch 'master'
to 229ae217c1e127979cd5370414e6d2b13c910055
- Fix ignored database directories configuration
Confusingly, the variable ignore_db_dirs is set by passing it
multiple times in the configuration file, once per directory.
It is then read as a comma separated list, but cannot be set
in this way.
https://mariadb.com/kb/en/server-system-variables/#ignore_db_dirs
Without this, the mariadb-upgrade script can fail as it attempts
to process invalid databases.
Change-Id: Ie997393935e04e127893643e4c72d7af07e993ff
* Update openstack-ansible-galera_server from branch 'master'
to 28ac2fc7ee661f19170037da489a7a1644d7d84b
- Bump galera version to 10.11.5
The repo for this point release includes packages for debian bookworm.
Change-Id: Ifeb558d92ff1a153ecd523f7f2897e143a66933c
* Update openstack-ansible-galera_server from branch 'master'
to 3e2afc1e4edb152693d4e77a35340791dc80e408
- Added vars to override systemd for mariabackup
Added variables ``galera_backups_full_init_overrides`` and
``galera_backups_increment_init_overrides`` that can be leveraged to
override default set of systemd unit file for mariadb backups.
Change-Id: Ib15c60dc577b376b1f761c4266eea89c4cb0be9f
* Update openstack-ansible-galera_server from branch 'master'
to 626b6cf6b5950fab422fb24d9ad0199ceaaaf824
- Merge "Fix role metadata"
- Fix role metadata
A role name should match a specific patter, which does not include
hyphen. So we define role_name and namespace in
role metadata.
This is follow-up change to [1]
[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/888132
Change-Id: Idbf20d88a12a7208546c4284143fd4058f7b261f
* Update openstack-ansible-galera_server from branch 'master'
to 1ae0dd6165d80feb52115171f604645f613c9d03
- Install compatibility package for mariadb-dev
For compatibility with mysqlclient and to ensure that pkg-config will
successfully find required libraries, comapt package is required to be
installed.
Change-Id: I0cd4073c276a10e5cce727b360ab99ec790e30eb
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/888985
* Update openstack-ansible-galera_server from branch 'master'
to 486c5d07b81c7164970218c15adedecd0798cb9b
- Merge "Remove galera-4 package during upgrades to force version up"
- Remove galera-4 package during upgrades to force version up
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.
By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.
RHEL distros already have a removal step for galera-*
Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
* Update openstack-ansible-galera_server from branch 'master'
to e8663b04edfbe05cf8e59981d78b06975f220317
- Merge "Fix linters issue and metadata"
- Fix linters issue and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
* Update openstack-ansible-galera_server from branch 'master'
to c12dc00258b699bb4c38f62eaf6a1f27c377bce5
- Replace libgcc1 with libgcc-s1 for Debian
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.
Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
* Update openstack-ansible-galera_server from branch 'master'
to 2034d9bf4b60a4f6e0ff5ed4695247f828abc757
- Merge "Do not use notify inside handlers"
- Do not use notify inside handlers
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
* Update openstack-ansible-galera_server from branch 'master'
to cef3aa94f6a39b62f8a3fc337d6b00b4dacb7226
- Remove warn argument for command/shell
Since ansible-core 2.14 you can't use warn as module argument.
Change-Id: Id5ae73222a1109ad13b0b70ba3d02063d931ff90
* Update openstack-ansible-galera_server from branch 'master'
to 60009ed7cebe9c082592fd564b1577068ef94b6c
- Add optional compression to mariabackup
As database backups can grow substantially in size, compressing backups
helps to preserve disk space.
While the mariabackup utility offers no compression by itself, we can
stream the backup into a compression tool to create an archive [1].
The xtrabackup_checkpoints file, which contains metadata on a backup,
gets stored alongside the archive, allowing to create incremental
backups from non-compressed backups and vice-versa [2].
One thing to note, is that compressed backups cannot be prepared in
advance, this step must be manually carried out by the user.
Backup compression is disabled by default and different compressors
can be chosen (zstd, xz, ...), with gzip being the default.
[1] https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
[2] https://mariadb.com/kb/en/incremental-backup-and-restore-with-mariabackup/#combining-with-stream-output
Change-Id: I28c6a0e0b41d4d29c3e79e601de45ea373dee4fb
Signed-off-by: Simon Hensel <simon.hensel@inovex.de>
* Update openstack-ansible-galera_server from branch 'master'
to 92b5711b94d734d77665875bb99deb09cda72b25
- Define backup randomized delay in defaults
Omit can not be used in timer options, since this is simple mapping
that is passed to the unit file. With that, omit is resolved to a
randomly named omit_place_holder that ends up in a template.
Se we define a delay to 0, which is default systemd behaviour [1]
[1] https://www.freedesktop.org/software/systemd/man/systemd.timer.html#RandomizedDelaySec=
Change-Id: Ib242e66cfb4a24b7e93144e382e50f124015e3bf
* Update openstack-ansible-galera_server from branch 'master'
to 670e88071bd8382e787959618f768016523c50cc
- Define GPG key for repo
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile
With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.
[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150
Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
* Update openstack-ansible-galera_server from branch 'master'
to da511a2a19ed63567f6608f187ca92aa717fe305
- Merge "Upgrade MariaDB to 10.11"
- Upgrade MariaDB to 10.11
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
* Update openstack-ansible-galera_server from branch 'master'
to 78f737e7a72e8a13264e33aab8a3aad1b903f1fc
- Merge "Update MariaDB GPG keys for RPM"
- Update MariaDB GPG keys for RPM
Since 04.02.2023 MariaDB has updated their GPG key for new releases [1]
[1] https://mariadb.org/new-gpg-release-key-rpms/
Change-Id: Ic79b03e77c6f6154c0a1796985c17851aa0deec6
* Update openstack-ansible-galera_server from branch 'master'
to 17ff99cedbe033b279cda907d36b88af6e13aaa4
- fix indentation for condition
Change-Id: Ia6712c8847389d6f439c6b768c08a47af91bc3ae
* Update openstack-ansible-galera_server from branch 'master'
to 8a8d29ea490fba6695e3356831846466f6991089
- Allow maridbcheck socket to FreeBind
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.
To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653
* Update openstack-ansible-galera_server from branch 'master'
to bfe6dffee072a14dd838f42df7b53adb9ff2e7a0
- Do not forcefully restart socket
With state:restarted for socket it will be restarted on each playbook
run, even when it's not needed. Instead, we should restart socket
only when it's changed.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/871526
Change-Id: Ia7d3d1cbfa3aea934d10262a8556952e58e82953
* Update openstack-ansible-galera_server from branch 'master'
to 1eb6f73fe654ddca04d4a0d288f8aa7286baf79d
- Merge "Remove "warn" parameter from command module"
- Remove "warn" parameter from command module
This is removed in ansible 2.14.
Change-Id: If48e13dc22d5fbe004444ba9ba74999512ff22c5
* Update openstack-ansible-galera_server from branch 'master'
to bb04a629844c0441ea2f452574ec5c4e0892a0e5
- Merge "Prevent mariadbcheck.socket to wait for network.target"
- Prevent mariadbcheck.socket to wait for network.target
As of today bare metal scenarion does contain systemd ordering cycle [1]
due to mariadbcheck.socket waiting for network.target while being
part of that target. Removing that dependency solves the cycle.
[1] https://paste.openstack.org/show/bE9UlN6dK8awqZl3uwrQ/
Closes-Bug: #2002653
Change-Id: If4729eca992a0e647e2f15b3d77ad6300bbf9c12
* Update openstack-ansible-galera_server from branch 'master'
to badfff13463f5c50698448e8e5d8ea1d2eaa55ac
- Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: I0aa8f63d16d9008ca9c4384fd6e049b13838e097
* Update openstack-ansible-galera_server from branch 'master'
to 0c902dae98abc40b19773c82833b32ad78439b1f
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: Id775e9c34da18cf370b61e19f4966a31bcdbc8f4
* Update openstack-ansible-galera_server from branch 'master'
to 7c00dbf3d2b929c1fefc3a841e812e3fbd9d63cc
- Merge "Bump mariadb version to 10.6.10"
- Bump mariadb version to 10.6.10
With that we also able to use MariaDB provided repo for
Ubuntu 22.04 and CentOS Stream/Rocky 9
Change-Id: I4181691ba3b23c5195b3cee3699637ece94187db
* Update openstack-ansible-galera_server from branch 'master'
to c6218267c6ac7c0845a07dd6c473f894d5f2bf9d
- Use policy_rc_d attribute instead of copy
Since ansible 2.8 it's possible to provide policy_rc_d attribute to the
apt module in order to avoid service restart on installation/upgrade
Change-Id: Ida1ce1b767497c792fbb7bcdb934ba5e282041b1
* Update openstack-ansible-galera_server from branch 'master'
to d37ba4a195f8adde038d76573264640270fea20d
- Remove redundant vars line
This line snuck in with I703079f9ba98ca4c0c825bd36746280d91dd4a5b
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: I829312656d805e972c45a984266b3bd9ce41ff75
* Update openstack-ansible-galera_server from branch 'master'
to 5200b50cf650fb5ad5e0733b9e0ead207dbf6c6a
- Add the ability to specify custom additional galera users
This provides the capability to add and remove additional users
in the Galera database which may be used by external resource
monitoring systems (for example).
The Ansible mysql 'resource_limits' variable is also exposed to
enable setting connection limits against individual users.
Change-Id: Idcc9251340215baf5e6f550a9ca844c8c097d353
* Update openstack-ansible-galera_server from branch 'master'
to ae0e53a9be47dfbf990c346faf821238c9713f91
- Allow setting of RandomizedDelaySec for backup systemd timers
By allowing for a random delay for the OnCalendar timers it's possible
to run backups on multiple nodes without having them happen at the exact
same time. By omitting the option by default the current behavior remains
unchanged.
Change-Id: I005cf8ba94ab043d7075039975d5f0bc250f9187
* Update openstack-ansible-galera_server from branch 'master'
to a5835fd6112933f3f17825de8091f7eb312175e9
- Add support to configure proxy-protocol-networks
MariaDB/Galera can read information about the actual client
connecting via a load balancer from the proxy protocol.
In order to define which sources are trusted the parameter
`proxy-protocol-networks` is used.
See https://mariadb.com/kb/en/proxy-protocol-support
Change-Id: I4ea360fbea5a911ba03a5eca3af00eb91b7bd124
* Update openstack-ansible-galera_server from branch 'master'
to a84dbdaac96ccb92ecc309f4aaa9c97c3a2b5167
- Merge "Do not place debian.cnf when root user not touched"
- Do not place debian.cnf when root user not touched
We used to overwrite /etc/mysql/debian.cnf file that is provided by
package when we were resetting root password for mariadb. That was
required as otherwise systemd couldn't manage service properly.
Now, when galera_root_user can be different then root, we don't need to
do this and can rely on defaults.
Change-Id: Ia8305121900d28aca28a80c6c9d6a664aec40214
Closes-Bug: #1979726
* Update openstack-ansible-galera_server from branch 'master'
to 85c0e127e88efca76b60c7a7a051a289cfcc7d6a
- Switch galera_root_user default value
Change galera_root_user default value from root to admin. It's general
recommendation not to mess up with root user and not adjust/use it
anywhere except by system. We've changed value for OSA
several cycles ago and now it's time to change defaults in role.
Change-Id: I18e868927bded594ba482f1463e999f6bd6ee0da
* Update openstack-ansible-galera_server from branch 'master'
to c9da7d697591ec9343897badee9ce66a18a7fe9e
- Remove mention of haproxy-endpoints role
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
* Update openstack-ansible-galera_server from branch 'master'
to 8b102ff94b3ea0367a3bf5365295426ee649957b
- Merge "Add lost+found to list of ignored db dirs"
- Add lost+found to list of ignored db dirs
In case an ext filesystem is used for the datadir a directory
`lost+found` exists and is recreated on every mount. It's sensible
to ignore this directory as mysql otherwise expects this to be yet
another db.
Change-Id: I2ca7817108709211d8246310482216a255fd9752
* Update openstack-ansible-galera_server from branch 'master'
to 7b555f4119bf2757cf805fb368101abd813a5900
- Fix systemd and centos9.
* some package were missing on c9s
* fix systemd socket as it requires a list.
Change-Id: I9cf60ae7b16639a6bf06e050e284757b35dd0dce
* Update openstack-ansible-galera_server from branch 'master'
to cc703ccb9f934694ea34a1386ebdd34609aa9a1f
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: Ica024d61da18ad948d9bc6717acabc58911715c8
* Update openstack-ansible-galera_server from branch 'master'
to 3e6a28272da2d5393b7c58a8a6b3e9911147c187
- Fix race on boot for mariadb-check socket
Change-Id: If6da4eb1f29549abd28f9e8abb9a850f86853c1f
* Update openstack-ansible-galera_server from branch 'master'
to cd73bd510899f479613e01b939682273eb3c673f
- Merge "Add support for centos-9"
- Add support for centos-9
This uses the distro package for mariadb as there is no release from
mariadb.org yet.
Change-Id: I41cdbb82b6ef82ea7acb4d22ca29aac84efebe30
* Update openstack-ansible-galera_server from branch 'master'
to 6c383a92a5220bf0b94f16ddd970c9b364849aef
- Move slow_query_log_file to location handled by logrotation
Currently slow_query_log_file is not set and the default of `host_name-slow.log` is applied.
This causes an ever growing slow log to fill up `/var/lib/mysql` and which is never rotated.
By placing this file at `/var/log/mysql/mariadb-slow.log` it will be rotated by the bundled
logrotate config of the `mysql-server` package.
Change-Id: Ib66eb5c6bdf94b6c6f4461a7f6e339c1000e0afc
* Update openstack-ansible-galera_server from branch 'master'
to 090d3cc63ec9de019175a62c8482f4a9f49e1cdd
- Add support for Ubuntu 22.04
There are no official binary pacakges available for Ubuntu 22.04
so we use the distro provided version of MariaDB instead.
Change-Id: If8d8d8ff9bc5270bc077cf777f88bbaab142b8cd
* Update openstack-ansible-galera_server from branch 'master'
to 515daa62f029744f76d137ce91efef91c8e5ccdb
- Update MariaDB version to 10.6.7
We also modify workaround applied for 10.6 upgrade wrt to bug [1]
as it has been added extra tools to help with checking state of upgrade.
New flag --check-if-upgrade-is-needed is checking if any upgrade is
already running and waits until it's finished.
It exits with rc 0 if upgrade is required and 1 if not.
If upgrade is required, we fall into rescue and perform upgrade.
[1] https://jira.mariadb.org/browse/MDEV-27068
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/835091
Change-Id: I8f32eb32388c23284b7e0272f6a0fbb7235c443d
* Update openstack-ansible-galera_server from branch 'master'
to 81615669c6f2fd69062918dcabb7735e1c0f7827
- Merge "Add galera_data_dir variable"
- Add galera_data_dir variable
Control mysql datadir with variable. Decrease code dublication since path
is heavily used in different places. If path needs to be changed
overriding config won't be enough.
Change-Id: I6fcefe216236ffea60da5fee42aad47c6f7da133
* Update openstack-ansible-galera_server from branch 'master'
to 992ac7740f771e8da7354b1ae90d4af6a0f2da2c
- Merge "Use separate tmp directory"
- Use separate tmp directory
During upgrades or cluster repairments, temporary directories are created
inside /var/lib/mysql and treated as databases. This results in errors
during mysqlcheck like:
`Got error: 1102: Incorrect database name '#mysql50#tmp.stLr46FBlt'`
Path outside of datadir is not choosen since it could be separate mount
point and it's important for replication
to survive reboots.
Change-Id: Ia110dd9ed09b04f6bb7a0a3adf5a808966558507
* Update openstack-ansible-galera_server from branch 'master'
to af27552b24bfc8359b9ca98cb12c0620fd3dd1eb
- Merge "Clean-up systemd overrides removal task"
- Clean-up systemd overrides removal task
Once upgrade is done and release is branched, we can cleanup
task that was added for upgrade purposes only
Change-Id: Ibe1bc6f5cee30ab0682078dfe3ce5464336cf822
* Update openstack-ansible-galera_server from branch 'master'
to f233bf77156dba59522cefba81dbe35d8749457b
- Merge "Improve incremental backups rotation in mariabackup script"
- Improve incremental backups rotation in mariabackup script
Currently, incremental backups rotation has 2 disadvantages:
1. If full backup is removed manually(accidentally by an engineer as an example),
its incrementals will never be deleted.
2. Script assumes that it will always remove incrementals only for a single
oldest full backup. But there may be corner cases where multiple full backups
will be deleted at once, then script will delete increments only for one of them,
leaving the others forever.
This commit fixes above situations by removing all incremental backups older
than the oldest full backup.
I also changed few variable names to make it easier to understand.
Change-Id: If5b11490d4a61f3200a3bda32b6ace25e12f2216
* Update openstack-ansible-galera_server from branch 'master'
to 802fe752d9b15e22e2a38bca2ab7debb0a86942d
- Change location of ipaddr filter
ipaddr filter has been moved from netcommon to utils collection [1]
Based on that we must add that collection to requirements.
[1] db4920ebf6
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/831525/10
Change-Id: I27b3914806a6218114ba0a196b0cc1f145be7023
* Update openstack-ansible-galera_server from branch 'master'
to 3c57409bdfd0c48e08daf34c60ca401f0861eb56
- Use unix socket while granting access for the backup service
/root/.my.cnf is not stored on galera container anymore, so it's not
possible to run mysql_user via TCP connection.
Unix socket should be used instead.
Change-Id: I71bc866aedaa6fba3cc86d2a2a99ed32f0727c54