Commit Graph

693 Commits

Author SHA1 Message Date
Jonathan Rosser e697948b34 Bump version to latest stable release of MariaDB 10.11
Change-Id: I9735ecba0db5cffd8b3c2b0e24a41bcfa5856a0e
2024-01-15 17:52:50 +00:00
Andrew Bonney 229ae217c1 Fix ignored database directories configuration
Confusingly, the variable ignore_db_dirs is set by passing it
multiple times in the configuration file, once per directory.
It is then read as a comma separated list, but cannot be set
in this way.
https://mariadb.com/kb/en/server-system-variables/#ignore_db_dirs

Without this, the mariadb-upgrade script can fail as it attempts
to process invalid databases.

Change-Id: Ie997393935e04e127893643e4c72d7af07e993ff
2023-11-14 09:31:16 +00:00
Jonathan Rosser 28ac2fc7ee Bump galera version to 10.11.5
The repo for this point release includes packages for debian bookworm.

Change-Id: Ifeb558d92ff1a153ecd523f7f2897e143a66933c
2023-10-17 11:08:05 +00:00
David Hitze 3e2afc1e4e Added vars to override systemd for mariabackup
Added variables ``galera_backups_full_init_overrides`` and
``galera_backups_increment_init_overrides`` that can be leveraged to
override default set of systemd unit file for mariadb backups.

Change-Id: Ib15c60dc577b376b1f761c4266eea89c4cb0be9f
2023-09-11 15:34:38 +02:00
Zuul 626b6cf6b5 Merge "Fix role metadata" 2023-09-04 16:33:45 +00:00
Dmitriy Rabotyagov 1ae0dd6165 Install compatibility package for mariadb-dev
For compatibility with mysqlclient and to ensure that pkg-config will
successfully find required libraries, comapt package is required to be
installed.

Change-Id: I0cd4073c276a10e5cce727b360ab99ec790e30eb
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/888985
2023-08-31 17:01:17 +02:00
Zuul 486c5d07b8 Merge "Remove galera-4 package during upgrades to force version up" 2023-08-30 10:10:00 +00:00
Dmitriy Rabotyagov 0355ab5335 Fix role metadata
A role name should match a specific patter, which does not include
hyphen. So we define role_name and namespace in
role metadata.

This is follow-up change to [1]

[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/888132

Change-Id: Idbf20d88a12a7208546c4284143fd4058f7b261f
2023-08-22 13:34:28 +02:00
Zuul e8663b04ed Merge "Fix linters issue and metadata" 2023-08-18 15:16:42 +00:00
Dmitriy Rabotyagov 91f578f2c0 Fix linters issue and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
2023-08-09 14:42:56 +00:00
Dmitriy Rabotyagov c12dc00258 Replace libgcc1 with libgcc-s1 for Debian
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.

Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
2023-08-08 19:52:49 +02:00
Andrew Bonney 27cd830c65 Remove galera-4 package during upgrades to force version up
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.

By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.

RHEL distros already have a removal step for galera-*

Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
2023-08-08 13:40:19 +01:00
Zuul 2034d9bf4b Merge "Do not use notify inside handlers" 2023-07-18 11:27:55 +00:00
Dmitriy Rabotyagov cef3aa94f6 Remove warn argument for command/shell
Since ansible-core 2.14 you can't use warn as module argument.

Change-Id: Id5ae73222a1109ad13b0b70ba3d02063d931ff90
2023-07-06 18:18:48 +02:00
Dmitriy Rabotyagov 6eef428a42 Do not use notify inside handlers
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.

Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
2023-07-03 16:49:41 +02:00
Simon Hensel 60009ed7ce Add optional compression to mariabackup
As database backups can grow substantially in size, compressing backups
helps to preserve disk space.
While the mariabackup utility offers no compression by itself, we can
stream the backup into a compression tool to create an archive [1].
The xtrabackup_checkpoints file, which contains metadata on a backup,
gets stored alongside the archive, allowing to create incremental
backups from non-compressed backups and vice-versa [2].
One thing to note, is that compressed backups cannot be prepared in
advance, this step must be manually carried out by the user.
Backup compression is disabled by default and different compressors
can be chosen (zstd, xz, ...), with gzip being the default.

[1] https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
[2] https://mariadb.com/kb/en/incremental-backup-and-restore-with-mariabackup/#combining-with-stream-output

Change-Id: I28c6a0e0b41d4d29c3e79e601de45ea373dee4fb
Signed-off-by: Simon Hensel <simon.hensel@inovex.de>
2023-06-20 15:34:39 +02:00
Dmitriy Rabotyagov 92b5711b94 Define backup randomized delay in defaults
Omit can not be used in timer options, since this is simple mapping
that is passed to the unit file. With that, omit is resolved to a
randomly named omit_place_holder  that ends up in a template.

Se we define a delay to 0, which is default systemd behaviour [1]

[1] https://www.freedesktop.org/software/systemd/man/systemd.timer.html#RandomizedDelaySec=

Change-Id: Ib242e66cfb4a24b7e93144e382e50f124015e3bf
2023-04-20 12:10:14 +00:00
Dmitriy Rabotyagov 670e88071b Define GPG key for repo
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile

With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.

[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150

Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
2023-04-06 16:29:49 +02:00
Zuul da511a2a19 Merge "Upgrade MariaDB to 10.11" 2023-04-04 19:53:02 +00:00
Zuul 78f737e7a7 Merge "Update MariaDB GPG keys for RPM" 2023-04-04 19:52:16 +00:00
Dmitriy Rabotyagov 515bec4165 Upgrade MariaDB to 10.11
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
2023-03-31 17:22:15 +00:00
Dmitriy Rabotyagov cc7deb1f0e Update MariaDB GPG keys for RPM
Since 04.02.2023 MariaDB has updated their GPG key for new releases [1]

[1] https://mariadb.org/new-gpg-release-key-rpms/

Change-Id: Ic79b03e77c6f6154c0a1796985c17851aa0deec6
2023-03-31 13:05:30 +02:00
Sebastian Gumprich 17ff99cedb fix indentation for condition
Change-Id: Ia6712c8847389d6f439c6b768c08a47af91bc3ae
2023-03-06 14:19:48 +01:00
Dmitriy Rabotyagov 8a8d29ea49 Allow maridbcheck socket to FreeBind
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.

To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653
2023-02-09 22:20:23 +01:00
Dmitriy Rabotyagov bfe6dffee0 Do not forcefully restart socket
With state:restarted for socket it will be restarted on each playbook
run, even when it's not needed. Instead, we should restart socket
only when it's changed.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/871526
Change-Id: Ia7d3d1cbfa3aea934d10262a8556952e58e82953
2023-01-23 19:17:39 +01:00
Zuul 1eb6f73fe6 Merge "Remove "warn" parameter from command module" 2023-01-18 10:19:13 +00:00
Zuul bb04a62984 Merge "Prevent mariadbcheck.socket to wait for network.target" 2023-01-13 16:48:01 +00:00
Jonathan Rosser d515ba7711 Remove "warn" parameter from command module
This is removed in ansible 2.14.

Change-Id: If48e13dc22d5fbe004444ba9ba74999512ff22c5
2023-01-13 10:25:37 +00:00
Dmitriy Rabotyagov a2ce91ebcb Prevent mariadbcheck.socket to wait for network.target
As of today bare metal scenarion does contain systemd ordering cycle [1]
due to mariadbcheck.socket waiting for network.target while being
part of that target. Removing that dependency solves the cycle.

[1] https://paste.openstack.org/show/bE9UlN6dK8awqZl3uwrQ/
Closes-Bug: #2002653

Change-Id: If4729eca992a0e647e2f15b3d77ad6300bbf9c12
2023-01-13 11:16:43 +01:00
Dmitriy Rabotyagov badfff1346 Update tox.ini to work with 4.0
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`


Change-Id: I0aa8f63d16d9008ca9c4384fd6e049b13838e097
2022-12-27 17:53:13 +01:00
OpenStack Release Bot 0c902dae98 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: Id775e9c34da18cf370b61e19f4966a31bcdbc8f4
2022-12-13 13:07:49 +00:00
Zuul 7c00dbf3d2 Merge "Bump mariadb version to 10.6.10" 2022-10-07 11:40:21 +00:00
Dmitriy Rabotyagov e04aeacc58 Bump mariadb version to 10.6.10
With that we also able to use MariaDB provided repo for
Ubuntu 22.04 and CentOS Stream/Rocky 9

Change-Id: I4181691ba3b23c5195b3cee3699637ece94187db
2022-10-06 08:35:42 +00:00
Dmitriy Rabotyagov c6218267c6 Use policy_rc_d attribute instead of copy
Since ansible 2.8 it's possible to provide policy_rc_d attribute to the
apt module in order to avoid service restart on installation/upgrade

Change-Id: Ida1ce1b767497c792fbb7bcdb934ba5e282041b1
2022-09-26 13:28:32 +02:00
Erik Berg d37ba4a195 Remove redundant vars line
This line snuck in with I703079f9ba98ca4c0c825bd36746280d91dd4a5b
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.

Change-Id: I829312656d805e972c45a984266b3bd9ce41ff75
2022-09-15 09:07:50 +02:00
Andrew Bonney 5200b50cf6 Add the ability to specify custom additional galera users
This provides the capability to add and remove additional users
in the Galera database which may be used by external resource
monitoring systems (for example).

The Ansible mysql 'resource_limits' variable is also exposed to
enable setting connection limits against individual users.

Change-Id: Idcc9251340215baf5e6f550a9ca844c8c097d353
2022-09-12 13:24:37 +01:00
Christian Rohmann ae0e53a9be Allow setting of RandomizedDelaySec for backup systemd timers
By allowing for a random delay for the OnCalendar timers it's possible
to run backups on multiple nodes without having them happen at the exact
same time. By omitting the option by default the current behavior remains
unchanged.

Change-Id: I005cf8ba94ab043d7075039975d5f0bc250f9187
2022-09-01 13:06:54 +02:00
Christian Rohmann a5835fd611 Add support to configure proxy-protocol-networks
MariaDB/Galera can read information about the actual client
connecting via a load balancer from the proxy protocol.
In order to define which sources are trusted the parameter
`proxy-protocol-networks` is used.

See https://mariadb.com/kb/en/proxy-protocol-support

Change-Id: I4ea360fbea5a911ba03a5eca3af00eb91b7bd124
2022-08-29 15:34:38 +02:00
Zuul a84dbdaac9 Merge "Do not place debian.cnf when root user not touched" 2022-08-05 09:28:43 +00:00
Dmitriy Rabotyagov 85c0e127e8 Switch galera_root_user default value
Change galera_root_user default value from root to admin. It's general
recommendation not to mess up with root user and not adjust/use it
anywhere except by system. We've changed value for OSA
several cycles ago and now it's time to change defaults in role.

Change-Id: I18e868927bded594ba482f1463e999f6bd6ee0da
2022-06-24 10:48:35 +02:00
Dmitriy Rabotyagov 72ffc6d565 Do not place debian.cnf when root user not touched
We used to overwrite /etc/mysql/debian.cnf file that is provided by
package when we were resetting root password for mariadb. That was
required as otherwise systemd couldn't manage service properly.
Now, when galera_root_user can be different then root, we don't need to
do this and can rely on defaults.

Change-Id: Ia8305121900d28aca28a80c6c9d6a664aec40214
Closes-Bug: #1979726
2022-06-24 10:46:19 +02:00
Dmitriy Rabotyagov c9da7d6975 Remove mention of haproxy-endpoints role
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.

Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
2022-06-14 19:07:55 +02:00
Zuul 8b102ff94b Merge "Add lost+found to list of ignored db dirs" 2022-06-03 10:23:51 +00:00
Marc Gariepy 7b555f4119 Fix systemd and centos9.
* some package were missing on c9s
* fix systemd socket as it requires a list.

Change-Id: I9cf60ae7b16639a6bf06e050e284757b35dd0dce
2022-06-01 13:13:23 -04:00
Dmitriy Rabotyagov cc703ccb9f Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.


Change-Id: Ica024d61da18ad948d9bc6717acabc58911715c8
2022-05-30 16:01:15 +02:00
Zuul 96a6ccc077 Merge "Bump mariadb version." 2022-05-27 17:23:31 +00:00
Marc Gariepy 3e6a28272d Fix race on boot for mariadb-check socket
Change-Id: If6da4eb1f29549abd28f9e8abb9a850f86853c1f
2022-05-26 16:34:58 -04:00
Zuul cd73bd5108 Merge "Add support for centos-9" 2022-05-25 23:35:23 +00:00
Christian Rohmann 001e26963b Add lost+found to list of ignored db dirs
In case an ext filesystem is used for the datadir a directory
`lost+found` exists and is recreated on every mount. It's sensible
to ignore this directory as mysql otherwise expects this to be yet
another db.

Change-Id: I2ca7817108709211d8246310482216a255fd9752
2022-05-23 12:00:05 +02:00
Marc Gariepy 1013ee3a5d Bump mariadb version.
This bump will fix:
https://nvd.nist.gov/vuln/detail/CVE-2022-27376
https://nvd.nist.gov/vuln/detail/CVE-2022-27377
https://nvd.nist.gov/vuln/detail/CVE-2022-27380

Change-Id: I90286b01b5578df04447155c69c92f823388185a
2022-05-17 09:39:39 -04:00