Since we moved all functionality of galera-client part to galera-server
role there's no sense in futher keeping and branching of client part.
Depends-On: https://review.opendev.org/c/openstack/project-config/+/765777
Change-Id: I1623dbc80bee4eb7d889ee570d0ce27697b58cea
The server and client versions are currently mismatched, resulting
in a failure for the 'metal' jobs where the client is installed
by the utility playbook, before the galera-server playbook.
This patch ensures that the version for the client is set to the
same as that in galera_server.
Related-To: I59a0e225205be43b5bfc76c4bc3381b6e9c54cfd
Change-Id: I53849ad1e97a21d5d99c64b209319607b6e834fd
We make remote network hits to get the GPG keys which are quite
unreliable, and apt_key does not support using a proxy properly [1]
so let's store them inside the role and use them.
The implementation here is derived from that which was done in the
galera_server role in I9443f10e8c803599cbebfc2a53cb9c432bfa60d1,
but opts to use a mechanism that will be simpler to maintain.
[1] https://github.com/ansible/ansible/issues/31691
Change-Id: I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83
mariadb 10.2 was first released in April 2016 and OpenStack services
should be ready to use it by now, so lets switch to 10.2.
Change-Id: If1aaea61b89ea38161451872754b79d151da540f
We have mirrored provided by the OpenStack infrastructure which
should reduce the amount of network failures with MariaDB.
Also, use nodepool variables so that we use our infrastructure
provided mirrors.
Depends-On: I49a744ee5c41279f4a17bc7d2339d12c3a132026
Change-Id: I81f716f640f6742c787e7aaedfdbf942893142de
This bumps the mariadb version, by adding a new repo.
As the package state is by default to "latest", the
addition of the new repo will trigger an upgrade
of the mariadb version.
Change-Id: I43e6cde7e83f62ec8fe0bb7d487c911382f6033b
Nothing in the role requires the MySQL-python package so we can simply
drop it to simplify the role.
Implements: blueprint openstack-distribution-packages
Change-Id: Id9dd2dea146709414ab9ce8d439f1587e6776fd4
Latest mariadb version has a bug that prevents clustering from
behaving properly in bootstrap.
This setups the repo for the galera_client to the same as
galera_server, to have the same client version.
Change-Id: Ia1d7a2c664c6c11ad698a915162281c11a344067
The OBS development repository was proven to be quite fragile since
the mariadb packages were moving far to quickly. Whilst this has helped
to catch bugs when OpenStack services were used against newer MariaDB
versions, it also created a very unstable infrastructure for openSUSE
deployments. As such, we have now switched to using the upstream SLE
packages as provided by MariaDB upstream so all distributions are
aligned to how they deploy the Galera clusters. This further allow us
to report upstream bugs which fix problems across all distributions.
Galera server Role fix: https://review.openstack.org/#/c/536955/
Change-Id: Ib270b0fe23de76620491247efc3352fbc6c1e9b5
The 'galera_cluster_members' variable has been added, matching the
default value from the galera_server role and used by the
'galera_ssl_ca_cert' variable to find a galera node within the inventory
to attempt to pull cert files from.
Since the slurp task that checks for an existing CA cert file is set to
never fail, the debug message should check if any content was found. The
changed_when can also be removed since slurp tasks only return 'ok'
when a file is found.
The task copying an existing cert from a server was using a 'src'
argument where it should be 'dest'.
Change-Id: I95cc994df5118fce7ce588fc0bff979bc283a6f3
The SSL handler was making an assumption a user provided SSL key will
always be available. This change forces this role to look for the SSL
CA key on a galera server and set it locally IF a user provided SSL ca
certificate is not provided.
To ensure we're not introducing regressions a cross project repo test
has been added to run installations that are with and without ssl.
Depends-on: I5f6465f0d955cc1b911a4a76482505edb16c69a8
Change-Id: Ib89dde5cc88182f81d81336f71d9cde89733aa65
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Setting a custom MariaDB mirror URL is very tedious to maintain
because operators must ensure they update the overridden repo
URL every time the major version changes within the galera role.
This will allow operators to set overrides for their local mirror
like:
galera_client_repo_url: "http://mirror.mydomain.com/mariadb/repo/{{ galera_major_version }}/ubuntu"
Change-Id: Ic6a11da9994c5f4bddeb392cbad7e40400c5c117
Allow deployers to choose a specific mirror for the OBS packages
by setting the 'galera_client_opensuse_mirror_obs_url' variable
Change-Id: I51e78cfc3dc2b84141e8a19f31bfc36a81113ab3
The variable name is duplicated, resulting
in only the last one being used and a warning
from Ansible.
Closes-Bug: #1712315
Change-Id: I7533d5908fd020469a5c8e3672c2adfdadced50e
The variables in vars are only loaded when the include_vars
task is run, which is after meta-dependencies are processed.
This patch ensures that the pinning is properly applied when
the meta-dependent role is executed.
Closes-Bug: #1712315
Change-Id: Ib99afee1a3bf9fba8d34c63ffa28e5fa41b73d03
It may be required to override the gpg information
without being forced to use extra vars. This patch
allows that to be done.
Change-Id: I7b6d4ebba44ad3ac42ab5df219646525b1bd7b9f
It may be required to override the repo information
in its entirety, rather than just the URL. This
patch allows that to be done.
Change-Id: Ic7e77f0a442a82a424e75a9d79c9c6116818cfc1
MySQL SSL connections allowed. Self-signed SSL CA cert or user-provided
CA certificate delivered from the deployment host.
Change-Id: Iaa07435357139133e325d85808b419e8c55b5e50
Partial-Bug: #1667789
This patch deprecates the apt/yum specific variables
and moves the common URL variable to defaults to make
it possible to override without using extra-vars.
This technique matches the mechanism used in the
galera_server role.
Change-Id: Iaf9a23d1cbc0601d13bf2e467437d3775da9c812
Related-Bug: #1669897
Apt cannot have 2 mirrors with the same content in 2 different files.
If a deployer has an apt mirror with mariadb (and others), the deployer
still need to add a repository, but will also need to define the
filename used, in order to avoid clashes.
This commit makes possible to decide the filename for the repo.
Change-Id: Ic83d464512f6f8697e520d79520dcf21370f8beb
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
This patch adds the galera_client_package_install option which allows
the deployer to skip the installation of the galera_client packages, and
simply set up the /root/.my.cnf configuration file.
This is useful for deploying the client on hosts that already have
galera client configured, but still want the client configuration setup.
For example the galera_server role which can have a conflict when the
client and server repository version don't match.
Change-Id: I00d662a8afc7ddd4778787d31dc394a0ea3b1401
In order to make it easier to differentiate between the lists of
python packages, distribution packages, downloaded packages,
package pins and other similar variables the variable names are
being changed to ensure that they have a more explicit suffix
that defines the purpose and makes the naming more consistent.
This is to facilitate a lookup plugin which will be able to look
up all the package lists and present them as a consolidated piece
of data which may be used for artifact preparation.
Change-Id: I9fd9e3ca1aec2d76cd78c4013bbb85c189e2d5e5
The cache_timeout variable is moved to the role defaults to allow it
to be overridden more easily and to be exposed in the role docs.
Change-Id: I4dba478a6c0c4fd17abbee40df10a0470af362a4
The current method of installing the distribution packages required is
set in the tasks and cannot be changed by a deployer.
Currently the apt task always installs the latest package. This results
in unexpected binary changes when a deployer may simply be trying to
execute a configuration change.
This patch adds the ability for a deployer to change the desired state
so that the results are predictable.
Change-Id: Id0367754d3538c0e3da808521ba41b9aaa252a5f
The role should not be directly dependent upon the inventory groups defined by
OpenStack-Ansible
Depends-On: I0f5813299d577afae19b8e75a40f986a733f5242
Change-Id: Ida3e7ae37803ce203ef9f46a7e41cbada2db48de
This commit updates the role to support Ubuntu 14/16.04 and CentOS7
Change-Id: Ieadcdd70e9b8271aee3880896255a5037f56567e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Galera client currently only supports Ubuntu 14.04,
trusty. This patch set is intended to support
Ubuntu 16.04, Xenial.
Change-Id: Iab5485529cf14933fd7f37430d234a5c41185c18
Needed-By: I4baeb2eddf137619ffedba2f9efd61b7bd142f92
Add a dependency on the apt_package_pinning role and use it, instead of a
template within this role, to pin the MariaDB repo.
Change-Id: I26111d7191db793b9cddca29c681399040ab6011
* The default apt packages have been moved into a var file
that is only loaded when the detected OS is matched.
* The Install task file has had the apt specific tasks moved
into a named install task file.
Change-Id: Iedc70ee2898c94d326c1a16f2b0064950a7dbd91
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Workarounding the upstream ansible apt module bug
documented here:
https://github.com/ansible/ansible-modules-core/pull/1517
For the next versions of ansible we'll be using, we should
check if the apt bug is fixed. When it's fixed, we could
abandon this change and use the standard apt module
with correct cache handling.
Change-Id: I74205322b1e2c7951d69222e22c3f6913b6d73d5
Carrying Xtrabackup as a hard dependency across all hosts acting as a client
of the cluster is unnecessary, as it is only required on the Galera server cluster
members themselves.
Change-Id: I2fa0e862e3a9ad73c6391969564891d913273a79
Dmitriy Rabotyagov