Implement a proper WSREP check for galera
The galera cluster rely on WSREP for cluster consistency. While the
default MySQL monitor will allow us to know when the database node is
minimally functional it does not provide the ability to query the node
state allowing loadbalancers, operators, and deployers to know a node
is healthy prior to being allowed to accept connections. This change
implements the checkcluster script as provided by the fine folks at
Percona. The implementation of this check follows the guild-lines noted
here [0]. With this in-place, we'll be able to convert our haproxy check
for the galera cluster nodes to use an HTTP check on port 9200 instead
of the default MySQL login which will provide for a more robust and
fault tolerant cluster.
[0] https://www.percona.com/doc/percona-xtradb-cluster/LATEST/howtos/virt_sandbox.html
Combined backport of:
- https://review.openstack.org/520665
- https://review.openstack.org/523850
Conflicts:
>------handlers/main.yml
>------tests/test-galera-server-functional.yml
>------vars/suse-42.yml
Closes-Bug: #1665667
Change-Id: Ie1b3b9724dd33de1d90634166e585ecceb1f4c96
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
(cherry picked from commit ed739a5243
)
This commit is contained in:
parent
b586b9fa1e
commit
515ab131fa
|
@ -69,6 +69,18 @@ galera_running_and_bootstrapped: false
|
|||
|
||||
galera_monitoring_user: monitoring
|
||||
galera_monitoring_user_password: ""
|
||||
|
||||
# WARNING: Set this to open xinetd rules for galera monitoring.
|
||||
# This is REQUIRED to run a working openstack-ansible deployment.
|
||||
# If it's undefined the galera cluster state can't be reported,
|
||||
# and haproxy would fail to do proper load balancing on the cluster.
|
||||
# Because this opens connections to the cluster status, this
|
||||
# should be restricted, which we do in the integrated build.
|
||||
# Please override accordingly to your use case.
|
||||
# This can be replaced with other hostnames, cidr, ips, and ips + wildcards.
|
||||
#
|
||||
#galera_monitoring_allowed_source: "0.0.0.0/0"
|
||||
|
||||
galera_root_user: root
|
||||
|
||||
# WARNING: This option is deprecated and will be removed in v12.0
|
||||
|
|
|
@ -56,3 +56,8 @@
|
|||
until: galera_restart_fall_back | success
|
||||
retries: 3
|
||||
delay: 5
|
||||
|
||||
- name: Restart xinetd
|
||||
service:
|
||||
name: xinetd
|
||||
state: restarted
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- The galera cluster now supports cluster health checks over HTTP using port
|
||||
9200. The new cluster check ensures a node is healthy by running a simple
|
||||
query against the wsrep sync status using monitoring user. This change will
|
||||
provide for a more robust cluster check ensuring we have the most fault
|
||||
tolerant galera cluster possible.
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Galera healthcheck has been improved, and relies on an xinetd service.
|
||||
By default, the service is unaccessible (filtered with the no_access
|
||||
directive). You can override the directive by setting any xinetd
|
||||
valid value to ``galera_monitoring_allowed_source``.
|
|
@ -124,3 +124,31 @@
|
|||
command: "systemctl daemon-reload"
|
||||
when:
|
||||
- ansible_service_mgr == 'systemd'
|
||||
|
||||
- name: Create clustercheck script
|
||||
template:
|
||||
src: "clustercheck.j2"
|
||||
dest: "/usr/local/bin/clustercheck"
|
||||
mode: "0755"
|
||||
tags:
|
||||
- galera-config
|
||||
|
||||
- name: Create mysqlchk config
|
||||
template:
|
||||
src: "mysqlchk.j2"
|
||||
dest: "/etc/xinetd.d/mysqlchk"
|
||||
mode: "0644"
|
||||
notify:
|
||||
- Restart xinetd
|
||||
tags:
|
||||
- galera-config
|
||||
|
||||
- name: Add galera service check to services
|
||||
lineinfile:
|
||||
dest: /etc/services
|
||||
state: present
|
||||
regexp: '^mysqlchk'
|
||||
line: 'mysqlchk 9200/tcp # MySQL check'
|
||||
backup: yes
|
||||
tags:
|
||||
- galera-config
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Script to make a proxy (ie HAProxy) capable of monitoring Percona XtraDB Cluster nodes properly
|
||||
#
|
||||
# Author: Olaf van Zandwijk <olaf.vanzandwijk@nedap.com>
|
||||
# Author: Raghavendra Prabhu <raghavendra.prabhu@percona.com>
|
||||
#
|
||||
# Documentation and download: https://github.com/olafz/percona-clustercheck
|
||||
#
|
||||
# Based on the original script from Unai Rodriguez
|
||||
#
|
||||
|
||||
# {{ ansible_managed }}
|
||||
|
||||
if [[ $1 == '-h' || $1 == '--help' ]];then
|
||||
echo "Usage: $0 <user> <pass> <available_when_donor=0|1> <log_file> <available_when_readonly=0|1> <defaults_extra_file>"
|
||||
exit
|
||||
fi
|
||||
|
||||
# if the disabled file is present, return 503. This allows
|
||||
# admins to manually remove a node from a cluster easily.
|
||||
if [ -e "/var/tmp/clustercheck.disabled" ]; then
|
||||
# Shell return-code is 1
|
||||
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
|
||||
echo -en "Content-Type: text/plain\r\n"
|
||||
echo -en "Connection: close\r\n"
|
||||
echo -en "Content-Length: 51\r\n"
|
||||
echo -en "\r\n"
|
||||
echo -en "Percona XtraDB Cluster Node is manually disabled.\r\n"
|
||||
sleep 0.1
|
||||
exit 1
|
||||
fi
|
||||
|
||||
MYSQL_USERNAME="${1-{{ galera_monitoring_user }}}"
|
||||
MYSQL_PASSWORD="${2-{{ galera_monitoring_user_password }}}"
|
||||
AVAILABLE_WHEN_DONOR=${3:-0}
|
||||
ERR_FILE="${4:-/dev/null}"
|
||||
AVAILABLE_WHEN_READONLY=${5:-1}
|
||||
DEFAULTS_EXTRA_FILE=${6:-/etc/my.cnf}
|
||||
|
||||
#Timeout exists for instances where mysqld may be hung
|
||||
TIMEOUT=10
|
||||
|
||||
EXTRA_ARGS=""
|
||||
if [[ -n "$MYSQL_USERNAME" ]]; then
|
||||
EXTRA_ARGS="$EXTRA_ARGS --user=${MYSQL_USERNAME}"
|
||||
fi
|
||||
|
||||
if [[ -n "$MYSQL_PASSWORD" ]]; then
|
||||
EXTRA_ARGS="$EXTRA_ARGS --password=${MYSQL_PASSWORD}"
|
||||
else
|
||||
EXTRA_ARGS="$EXTRA_ARGS --password="
|
||||
fi
|
||||
|
||||
if [[ -r $DEFAULTS_EXTRA_FILE ]]; then
|
||||
MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \
|
||||
${EXTRA_ARGS}"
|
||||
else
|
||||
MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT ${EXTRA_ARGS}"
|
||||
fi
|
||||
|
||||
#
|
||||
# Perform the query to check the wsrep_local_state
|
||||
#
|
||||
WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \
|
||||
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
|
||||
|
||||
if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]]; then
|
||||
# Check only when set to 0 to avoid latency in response.
|
||||
if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then
|
||||
READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \
|
||||
2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
|
||||
|
||||
if [[ "${READ_ONLY}" == "ON" ]];then
|
||||
# Percona XtraDB Cluster node local state is 'Synced', but it is in
|
||||
# read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0.
|
||||
# => return HTTP 503
|
||||
# Shell return-code is 1
|
||||
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
|
||||
echo -en "Content-Type: text/plain\r\n"
|
||||
echo -en "Connection: close\r\n"
|
||||
echo -en "Content-Length: 43\r\n"
|
||||
echo -en "\r\n"
|
||||
echo -en "Percona XtraDB Cluster Node is read-only.\r\n"
|
||||
sleep 0.1
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
# Percona XtraDB Cluster node local state is 'Synced' => return HTTP 200
|
||||
# Shell return-code is 0
|
||||
echo -en "HTTP/1.1 200 OK\r\n"
|
||||
echo -en "Content-Type: text/plain\r\n"
|
||||
echo -en "Connection: close\r\n"
|
||||
echo -en "Content-Length: 40\r\n"
|
||||
echo -en "\r\n"
|
||||
echo -en "Percona XtraDB Cluster Node is synced.\r\n"
|
||||
sleep 0.1
|
||||
exit 0
|
||||
else
|
||||
# Percona XtraDB Cluster node local state is not 'Synced' => return HTTP 503
|
||||
# Shell return-code is 1
|
||||
echo -en "HTTP/1.1 503 Service Unavailable\r\n"
|
||||
echo -en "Content-Type: text/plain\r\n"
|
||||
echo -en "Connection: close\r\n"
|
||||
echo -en "Content-Length: 44\r\n"
|
||||
echo -en "\r\n"
|
||||
echo -en "Percona XtraDB Cluster Node is not synced.\r\n"
|
||||
sleep 0.1
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,20 @@
|
|||
# default: on
|
||||
# description: mysqlchk
|
||||
# {{ ansible_managed }}
|
||||
service mysqlchk
|
||||
{
|
||||
disable = no
|
||||
flags = REUSE
|
||||
socket_type = stream
|
||||
port = 9200
|
||||
wait = no
|
||||
user = nobody
|
||||
server = /usr/local/bin/clustercheck
|
||||
log_on_failure += USERID
|
||||
{% if galera_monitoring_allowed_source is defined %}
|
||||
only_from = {{ galera_monitoring_allowed_source }}
|
||||
{% else %}
|
||||
no_access
|
||||
{% endif %}
|
||||
per_source = UNLIMITED
|
||||
}
|
|
@ -27,6 +27,7 @@ galera_server_required_distro_packages:
|
|||
- libgcrypt
|
||||
- MariaDB-client
|
||||
- MariaDB-devel
|
||||
- xinetd
|
||||
|
||||
_galera_mariadb_server_package: "MariaDB-server"
|
||||
|
||||
|
|
|
@ -38,6 +38,7 @@ galera_server_required_distro_packages:
|
|||
- libstdc++6
|
||||
- python-software-properties
|
||||
- software-properties-common
|
||||
- xinetd
|
||||
|
||||
# The package name for mariaDB is set as a variable
|
||||
# so that it can be used in debconf later in the
|
||||
|
|
Loading…
Reference in New Issue