Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
Once upgrade is done and release is branched, we can cleanup
task that was added for upgrade purposes only
Change-Id: Ibe1bc6f5cee30ab0682078dfe3ce5464336cf822
Currently, ``galera_force_bootstrap`` fuctionality is eqivalent to
``galera_ignore_cluster_state`` and not really functional.
We add extra conditions to cluster bootstrap handlers that allow
to force bootstrap cluster when it's already running.
This could also be leveraged while stretching galera cluster.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/821415
Change-Id: I0380782a034d291fd2173c2ae59fdfb8f4468bf0
Supports two scenarios:
1) variables defined in defaults/main.yml are sufficient to create
a root/intermediate CA certificate for mariadb when this role
is used outside openstack-ansible.
2) when:
openstack_pki_dir
openstack_pki_setup_host
openstack_pki_authorities
openstack_pki_service_intermediate_cert_name
are defined, an external CA already created on the deploy host
with a previous run of ansible-role-pki will be used as the CA.
Server certificates for the galera instances are created from the
data in galera_pki_certificates in both situations
Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/807771
Change-Id: I72738e4f8bd2233dedbed4428baafd4436de84b5
This revert removes the workarounds needed for 10.5.9 due to
root user losing ability to grant privs.
This reverts commit 1db0ef2efb.
Change-Id: Ia8881d0c247fc53ed24836eaa11fc5b5243f9e3f
It appears that inside CentOS 8 LXC containers, MariaDB
after upgrade is not being enabled.
This happens, because "Reload the systemd daemon" is not
being triggered during upgrade, while during upgrade
we basically re-install mariadb package along with systemd units.
Change-Id: I6def8dd1708e475d028d13a390c05f51e1f76515
This reverts commit 973402f179.
Reason for revert: We suspect that 10.5.10 release of mariadb brings
in intermiment error that raises during cinder migration.
This way we also align with the mariadb version available for bullseye
Change-Id: I36192deb77bea3a4ade35b1741aa9386ac8a4d01
This release includes the fix for MDEV-25030 [1] which means the
workaround for this bug can be reverted.
[1] https://jira.mariadb.org/browse/MDEV-25030
[2] Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e
Change-Id: Ie9963a9a5dc3424b9eddcbbe3061b4de87750554
We also workaround known mariadb bug which make upgrades from previous
version to fail because of changing privileges bits which ends up
in revoking some of the privileges from superusers.
Depends-On: https://review.opendev.org/775684
Depends-On: https://review.opendev.org/781305
Change-Id: Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e
This reverts commit 3d405dfd52.
See [1], thia ahould be fixed in 2.9.10 and we must either remove or
refactor this code to move past ansible 2.9.9
Change-Id: Ibf636be010edb30e4f186f4d8e411f514ff1b58d
After bumping version to mariadb 10.4 upgrade path has been broken
as service name and packages have new naming patterns
for a while.
We also temporary disable ubuntu upgrade jobs to be able
to merge patch.
Change-Id: I3696b3131de424a4b30ff016da714aef22af4e59
In some cases when delegated hosts are used with connection plugins
and variables are used in the ansible_host var, they can be resolved
using the wrong node (the source of the delegated task, rather than
the target of the delegated task), causing the connection plugin to
run all of the mysql restarts on the same host, rather than delegating
to the correct ansible_host.
This minor fix improves compatibility in these situations so that
ansible_host is set to the correct host, causing the task to run
against the correct node.
Depends-On: https://review.opendev.org/687142
Change-Id: I082f4920cc8366e3b1309c952a5104d3d63215e5
We had two variable names which were duplicated for the service
name, this converges them all to "mariadb" which uses the actual
systemd unit instead of the init.d compatiblity layer.
Change-Id: I5805fb11a5118c4011701377cd30b2511edca505
The mysqlcheck allows deployers the ability to perform a cluster health
check from anywhere using simple http requests on a specific port. This
change makes it possible for deployers to enable or disable this check
capability. This also allows deployers to change the port used for the
mysqlcheck running within xinetd.
New options:
+ galera_monitoring_check_enabled - bool
+ galera_monitoring_check_port - int
The new options retains the hard-coded values as defaults, it will be
enabled and run on port 9200.
Change-Id: Ic966fbe5dfb39a35ecd10ece2901bb317c905c84
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
If the Galera container is rebooted, the xinetd service should be
started. Otherwise the haproxy health check will fail and haproxy will
not forward database connections.
Change-Id: Iefa7b72ea1fa6743fb8486af663512c2ffe1c31d
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: I239a472c1d76f1cc00666280a93b73ecd84ba3d9
The role tests execute in parallel however the integrated repo executes
in serial. This change simply makes sure that this role always functions
no matter the execution method.
Change-Id: I3938eb54996a8ea5183cf4109b992451345b0585
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The galera server role has quite a bit going on within it and because of
recent improvements in Ansible we can make better use of tasks, blocks,
facts, local facts, and organization. This change tunes the role up
following some of our better/more modern patterns allowing the role to
not only be more efficient but also easier to understand and improves
the roles idempotency.
Change-Id: If189a8192f22aafb168587361ca8e6903c918697
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The galera cluster rely on WSREP for cluster consistency. While the
default MySQL monitor will allow us to know when the database node is
minimally functional it does not provide the ability to query the node
state allowing loadbalancers, operators, and deployers to know a node
is healthy prior to being allowed to accept connections. This change
implements the checkcluster script as provided by the fine folks at
Percona. The implementation of this check follows the guild-lines noted
here [0]. With this in-place, we'll be able to convert our haproxy check
for the galera cluster nodes to use an HTTP check on port 9200 instead
of the default MySQL login which will provide for a more robust and
fault tolerant cluster.
[0] https://www.percona.com/doc/percona-xtradb-cluster/LATEST/howtos/virt_sandbox.html
Closes-Bug: #1665667
Change-Id: Ie1b3b9724dd33de1d90634166e585ecceb1f4c96
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Allow the playbook to define its own restart handlers in lieu of the
restart tasks included with the role. This is ideal when upstream
load balancer orchestration should occur around service restarts.
Change-Id: Ia0a37527a73c940d4f164e147ce66c40a670c370
Add support for the openSUSE Leap distributions. For openSUSE we use the
packages provided by the Open Build Service repository which contains the
Galera clustering support. These packages are different compared to the
CentOS7 and Ubuntu ones so the way the cluster is being bootstrapped is
also different. The systemd service file can't be used for that, so we
need to modify the MariaDB configuration file on the boostrap node to
initiate the cluster. Moreover, files are installed in different places
so we need to modify the distribution files and templates to take that
into consideration as well.
Change-Id: I1ac31fbc06152da7f93e57911d4a952f0dd83849
NB There was an issue with https://review.openstack.org/#/c/395932/
which meant that "pid1_name != systemd" got changed to
"ansible_service_mgr == systemd" - since we are removing trusty this
task has been removed, but a fix for Newton will be made.
Change-Id: I2f502737e2cc52678cf479de2ef94b818e253622
Implements: blueprint trusty-removal
With the implementation of https://review.openstack.org/382683 a single
MariaDB node has no peers configured, so there's no need to bootstrap
the cluster on restart.
This patch removes the condition in the handler which previously was
needed to handle the re-bootstrap during a single node cluster service
restart.
Closes-Bug: #1595143
Closes-Bug: #1639900
Related-Bug: #1624327
Change-Id: I599bbf0efa4e3d5abdf6d95c95d7983c464b3ae5
This patch removes some extra tasks for detecting systemd and uses
the `ansible_service_mgr` fact instead.
Partial-Bug: #1640125
Change-Id: I1a30b79a759057afb74f24f2239f474b60c1db35
Since handlers are executed in the order in which they are defined
the handler to restart systemd should come before the handlers to
restart mysql. This avoids the error case where the playbook is run
multiple times and systemd refuses to restart mysql giving the
following message:
"Warning: mysql.service changed on disk. Run 'systemctl
daemon-reload' to reload units."
Closes-Bug: #1633472
Change-Id: I3962c0e8f9f1cf3c01a3160be4c744e9fbd1ecfe
This commit implements support for Ubuntu 16.04 Xenial. Changes
include renaming several variables from galera_* to percona_* for
clarity. The reason for this change is that 16.04 will be using
distribution provided packages for percona-xtrabackup.
Mariadb 10.0 packages are available for Ubuntu 16.04, so those
packages and installations procedures will remain unchanged.
Depends-On: Iab5485529cf14933fd7f37430d234a5c41185c18
Change-Id: I4baeb2eddf137619ffedba2f9efd61b7bd142f92
The handler to restart mysql is using an incorrect registered variable
to check if the restart succeeded, leading to multiple service restarts
each time its notified.
The 'Remove stale .sst' and 'Restart mysql fall back' handlers will only
be notified if 'Restart mysql' is 'changed', but their when clauses
were checking for 'failed'. Regardless, their when clauses can be
removed.
Change-Id: Icc038d17b560b24bb9bf5fdd523835102ca97030
Create a new variable called galera_cluster_members which is a list of
the hosts that make up the galera cluster. Set the default value to
groups['galera_all'] which is the group used by openstack-ansible to
refer to the members of the cluster. Replace all other references to
groups['galera_all'] with the new variable. This allows other consumers
of this role to use their own group naming scheme.
Add a new task to verify that current host is a member of
galera_cluster_members.
Add the var galera_client_drop_config_file=true to the role dependency
galera_client, this is required because the default value for that var
in the galera_client role is based on membership of the galera_all
group.
Modify the functional testing to override galera_cluster_members, this
aims to prevent the return of any hard-coded role references.
Change-Id: I59af07217114a001cbebaa95a651919d53c9ec21
Modify the mysql restart handler so that the arg '--wsrep-new-cluster'
is supplied when restarting a cluster of one node.
This fixes an issue where restarting a single-node cluster fails because
there are no other members of the cluster available with which to
re-establish a connection.
Change-Id: I2cdc1e61dde68e441c6927f85123467568df5e27
The change adds in the ability for the role to take care of a major upgrade
in a version of an installed mariadb galera cluster.
The change adds a new task file that checks if the installed version of the
galera cluster matches that of the specified major version. The role will
hard stop if there is a version mismatch and the option "galera_upgrade=true"
is not passed.
Change-Id: I26560668325d45f670c8b946c978c48559f58419
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Notifies are only fired when the result of a task is "changed". In this
case we want the fallback handlers to be notified when the initial
handler fails so we set changed_when: result|failed.
Change-Id: Ib12e8de961d9c55ed3701cc883a00de878211c27
Closes-Bug: #1533126
The role was changed to make it compatible with the OpenStack
CI. The changes effect defaults, handlers, and the tests for
the role and adds gitignore/review files.
The changes essentially get the role to a state where its passing
the tests which are spinning up a galera cluster, adding users
and databases, and then testing integrity from every node. The
tests specifically ensure we're able to guarantee that after the
role runs everything works. Previously to these changes the role
assumed everything was working and nothing had been done to
guarantee cluster state.
In the handler changes, the temporary "sst" directory is cleaned up
should the handler restart fail. This ensure that a node is in a clean
state if a leftover sst directory was on the disk which would cause
a node to fail to join a cluster or bootstrap. Additionally the
environment variable "MYSQLD_STARTUP_TIMEOUT" is now being passed
into the init script because the defaults are not being sourced
at the init script runtime.
In the task changes a new configuration file, that is part of the
mariadb package, is being removed which has unforeseen options within
it causing no logs to be created.
the default option "galera_innodb_additional_mem_pool_size" was removed
because its no longer valid within MariaDB10 and we'd never caught that
error message until now.
The tests were updated to support running the role from a user which
was not root.
Change-Id: I16af30c660790656fc2d59f9943c172b88098905
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>