Commit Graph

44 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov 6eef428a42 Do not use notify inside handlers
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.

Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
2023-07-03 16:49:41 +02:00
Dmitriy Rabotyagov c9da7d6975 Remove mention of haproxy-endpoints role
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.

Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
2022-06-14 19:07:55 +02:00
Dmitriy Rabotyagov 45263ac621 Clean-up systemd overrides removal task
Once upgrade is done and release is branched, we can cleanup
task that was added for upgrade purposes only

Change-Id: Ibe1bc6f5cee30ab0682078dfe3ce5464336cf822
2022-03-10 16:50:35 +01:00
Jonathan Rosser 41553dfa7a Convert xinetd clustercheck to systemd socket service
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/826602
Change-Id: I76e7498b1676a2b4c550fda049f332aa209ce53d
2022-02-01 08:27:12 +00:00
Dmitriy Rabotyagov 47d708e161 Fix galera_force_bootstrap behaviour
Currently, ``galera_force_bootstrap`` fuctionality is eqivalent to
``galera_ignore_cluster_state`` and not really functional.
We add extra conditions to cluster bootstrap handlers that allow
to force bootstrap cluster when it's already running.

This could also be leveraged while stretching galera cluster.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/821415
Change-Id: I0380782a034d291fd2173c2ae59fdfb8f4468bf0
2021-12-24 16:29:34 +00:00
Dmitriy Rabotyagov 6bc6929d09 Use ansible-role-pki to generate SSL certificates
Supports two scenarios:

1) variables defined in defaults/main.yml are sufficient to create
a root/intermediate CA certificate for mariadb when this role
is used outside openstack-ansible.

2) when:

openstack_pki_dir
openstack_pki_setup_host
openstack_pki_authorities
openstack_pki_service_intermediate_cert_name

are defined, an external CA already created on the deploy host
with a previous run of ansible-role-pki will be used as the CA.

Server certificates for the galera instances are created from the
data in galera_pki_certificates in both situations

Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/807771
Change-Id: I72738e4f8bd2233dedbed4428baafd4436de84b5
2021-09-09 15:21:38 +00:00
Jonathan Rosser f240cc916f Partial Revert "Bump MariaDB version to 10.5.9"
This revert removes the workarounds needed for 10.5.9 due to
root user losing ability to grant privs.

This reverts commit 1db0ef2efb.

Change-Id: Ia8881d0c247fc53ed24836eaa11fc5b5243f9e3f
2021-08-12 09:58:24 +00:00
Dmitriy Rabotyagov d0e268f739 Ensure mariadb service is enabled
It appears that inside CentOS 8 LXC containers, MariaDB
after upgrade is not being enabled.
This happens, because "Reload the systemd daemon" is not
being triggered during upgrade, while during upgrade
we basically re-install mariadb package along with systemd units.

Change-Id: I6def8dd1708e475d028d13a390c05f51e1f76515
2021-06-10 19:08:58 +03:00
Dmitriy Rabotyagov 3f61ca7cdb Revert "Update mariadb version to 10.5.10"
This reverts commit 973402f179.

Reason for revert: We suspect that 10.5.10 release of mariadb brings
in intermiment error that raises during cinder migration.

This way we also align with the mariadb version available for bullseye

Change-Id: I36192deb77bea3a4ade35b1741aa9386ac8a4d01
2021-05-14 04:15:30 +00:00
Jonathan Rosser 973402f179 Update mariadb version to 10.5.10
This release includes the fix for MDEV-25030 [1] which means the
workaround for this bug can be reverted.

[1] https://jira.mariadb.org/browse/MDEV-25030
[2] Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e

Change-Id: Ie9963a9a5dc3424b9eddcbbe3061b4de87750554
2021-05-11 14:44:39 +01:00
Zuul 99a5559f60 Merge "Bump MariaDB version to 10.5.9" 2021-04-21 10:58:41 +00:00
Sebastian Gumprich e91c8be449 add support for encryption
Closes-Bug: #1921861

Change-Id: I73e548ac208a96ddaa687a1b5fbb22cac20037d0
2021-04-20 06:42:28 +00:00
Jonathan Rosser 1db0ef2efb Bump MariaDB version to 10.5.9
We also workaround known mariadb bug which make upgrades from previous
version to fail because of changing privileges bits which ends up
in revoking some of the privileges from superusers.

Depends-On: https://review.opendev.org/775684
Depends-On: https://review.opendev.org/781305
Change-Id: Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e
2021-04-19 14:35:25 +00:00
Jonathan Rosser e70e392b33 Revert "Improve compatibility with connection delegation"
This reverts commit 3d405dfd52.

See [1], thia ahould be fixed in 2.9.10 and we must either remove or
refactor this code to move past ansible 2.9.9

Change-Id: Ibf636be010edb30e4f186f4d8e411f514ff1b58d
2020-09-25 18:49:26 +03:00
Dmitriy Rabotyagov 9e5497aa0a Fix Mariadb 10.3 -> 10.4 upgrade path
After bumping version to mariadb 10.4 upgrade path has been broken
as service name and packages have new naming patterns
for a while.

We also temporary disable ubuntu upgrade jobs to be able
to merge patch.

Change-Id: I3696b3131de424a4b30ff016da714aef22af4e59
2020-06-13 17:09:52 +00:00
Jonathan Rosser 49b95ebcb7 Combine galera client role into galera_server
Depends-On: https://review.opendev.org/725902
Depends-On: https://review.opendev.org/728434
Change-Id: I02dc06d61006bb71a417a1470343e9c9c77d7935
2020-05-22 15:13:20 +03:00
Logan V 3d405dfd52 Improve compatibility with connection delegation
In some cases when delegated hosts are used with connection plugins
and variables are used in the ansible_host var, they can be resolved
using the wrong node (the source of the delegated task, rather than
the target of the delegated task), causing the connection plugin to
run all of the mysql restarts on the same host, rather than delegating
to the correct ansible_host.

This minor fix improves compatibility in these situations so that
ansible_host is set to the correct host, causing the task to run
against the correct node.

Depends-On: https://review.opendev.org/687142
Change-Id: I082f4920cc8366e3b1309c952a5104d3d63215e5
2019-10-07 19:28:31 +00:00
Mohammed Naser 7c7ade4fc9 cleanup: refactor into galera_mariadb_service_name
We had two variable names which were duplicated for the service
name, this converges them all to "mariadb" which uses the actual
systemd unit instead of the init.d compatiblity layer.

Change-Id: I5805fb11a5118c4011701377cd30b2511edca505
2019-07-12 12:42:24 -04:00
Zuul 152ae31478 Merge "Add gentoo support to galera_server" 2019-02-26 19:23:43 +00:00
Matthew Thode ccf108ed24
Add gentoo support to galera_server
Depends-On: https://review.openstack.org/633289
Change-Id: I1ba3630e3f673aab419ebaff966f88868560df3b
2019-02-26 09:02:19 -06:00
Kevin Carter b78e58b1d7
Allow mysqlcheck to be enabled/disabled and tuned
The mysqlcheck allows deployers the ability to perform a cluster health
check from anywhere using simple http requests on a specific port. This
change makes it possible for deployers to enable or disable this check
capability. This also allows deployers to change the port used for the
mysqlcheck running within xinetd.

New options:
 + galera_monitoring_check_enabled - bool
 + galera_monitoring_check_port - int

The new options retains the hard-coded values as defaults, it will be
enabled and run on port 9200.

Change-Id: Ic966fbe5dfb39a35ecd10ece2901bb317c905c84
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-25 22:25:14 -06:00
Nicolas Bock 9fee5107c2
Enable the xinetd service for reboot
If the Galera container is rebooted, the xinetd service should be
started. Otherwise the haproxy health check will fail and haproxy will
not forward database connections.

Change-Id: Iefa7b72ea1fa6743fb8486af663512c2ffe1c31d
2018-09-26 12:58:10 -06:00
kaiokassiano 1cea6fca84 Remove the unnecessary space
Change-Id: Id70a5d6c9a6fbd8733a211ab9f6963d1f672a78a
2018-07-30 12:29:07 -03:00
Jean-Philippe Evrard 6191d3afcb Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I239a472c1d76f1cc00666280a93b73ecd84ba3d9
2018-07-12 17:01:05 +02:00
Kevin Carter 67a665ee98
Ensure the role works when run in serial
The role tests execute in parallel however the integrated repo executes
in serial. This change simply makes sure that this role always functions
no matter the execution method.

Change-Id: I3938eb54996a8ea5183cf4109b992451345b0585
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-11-30 00:35:33 -06:00
Kevin Carter ca054bd8f7 Tune-up the galera role for efficiency
The galera server role has quite a bit going on within it and because of
recent improvements in Ansible we can make better use of tasks, blocks,
facts, local facts, and organization. This change tunes the role up
following some of our better/more modern patterns allowing the role to
not only be more efficient but also easier to understand and improves
the roles idempotency.

Change-Id: If189a8192f22aafb168587361ca8e6903c918697
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-11-29 01:59:52 +00:00
Kevin Carter 94821f8108 Implement a proper WSREP check for galera
The galera cluster rely on WSREP for cluster consistency. While the
default MySQL monitor will allow us to know when the database node is
minimally functional it does not provide the ability to query the node
state allowing loadbalancers, operators, and deployers to know a node
is healthy prior to being allowed to accept connections. This change
implements the checkcluster script as provided by the fine folks at
Percona. The implementation of this check follows the guild-lines noted
here [0]. With this in-place, we'll be able to convert our haproxy check
for the galera cluster nodes to use an HTTP check on port 9200 instead
of the default MySQL login which will provide for a more robust and
fault tolerant cluster.

[0] https://www.percona.com/doc/percona-xtradb-cluster/LATEST/howtos/virt_sandbox.html
Closes-Bug: #1665667

Change-Id: Ie1b3b9724dd33de1d90634166e585ecceb1f4c96
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2017-11-29 01:52:15 +00:00
Logan V 149076cd2c Reimplement external LB management handler hook
Based on conversation on an ansible issue[1], I implemented
a LB orchestration role[2] similar to the POC here[3].

This will allow external loadbalancer management roles to hook
into a universal notify listener "Manage LB" to perform before/
after endpoint management actions when the service is being
restarted.

[1]: https://github.com/ansible/ansible/issues/27813
[2]: https://github.com/Logan2211/ansible-haproxy-endpoints
[3]: https://github.com/Logan2211/tmp-ansible-27813

This reverts commit f876cf2926.

Change-Id: Ib17c9ae6f5e75ce2288d52f6368cd40e9586ffdb
2017-09-10 17:05:30 -05:00
Logan V f876cf2926 Allow external restart handler orchestration
Allow the playbook to define its own restart handlers in lieu of the
restart tasks included with the role. This is ideal when upstream
load balancer orchestration should occur around service restarts.

Change-Id: Ia0a37527a73c940d4f164e147ce66c40a670c370
2017-08-07 22:57:34 +00:00
Markos Chandras 34d3b00255 Add support for the openSUSE Leap distributions
Add support for the openSUSE Leap distributions. For openSUSE we use the
packages provided by the Open Build Service repository which contains the
Galera clustering support. These packages are different compared to the
CentOS7 and Ubuntu ones so the way the cluster is being bootstrapped is
also different. The systemd service file can't be used for that, so we
need to modify the MariaDB configuration file on the boostrap node to
initiate the cluster. Moreover, files are installed in different places
so we need to modify the distribution files and templates to take that
into consideration as well.

Change-Id: I1ac31fbc06152da7f93e57911d4a952f0dd83849
2017-06-19 20:57:29 +01:00
Andy McCrae 4318ef6c5a Remove Trusty support from galera_server role
NB There was an issue with https://review.openstack.org/#/c/395932/
which meant that "pid1_name != systemd" got changed to
"ansible_service_mgr == systemd" - since we are removing trusty this
task has been removed, but a fix for Newton will be made.

Change-Id: I2f502737e2cc52678cf479de2ef94b818e253622
Implements: blueprint trusty-removal
2016-12-15 13:12:54 +00:00
Jesse Pretorius ff4e9c6ece Allow a single-node MariaDB cluster to restart properly
With the implementation of https://review.openstack.org/382683 a single
MariaDB node has no peers configured, so there's no need to bootstrap
the cluster on restart.

This patch removes the condition in the handler which previously was
needed to handle the re-bootstrap during a single node cluster service
restart.

Closes-Bug: #1595143
Closes-Bug: #1639900
Related-Bug: #1624327
Change-Id: I599bbf0efa4e3d5abdf6d95c95d7983c464b3ae5
2016-11-14 15:11:38 +00:00
Logan V 714b846aad Use ansible_service_mgr fact
This patch removes some extra tasks for detecting systemd and uses
the `ansible_service_mgr` fact instead.

Partial-Bug: #1640125
Change-Id: I1a30b79a759057afb74f24f2239f474b60c1db35
2016-11-11 22:28:52 -06:00
Jimmy McCrory 909fe09ef5 Use arguments parameter with service module
In Ansible 2.2, the 'args' alias for the 'arguments' parameter
of the service module is not recognized correctly.

https://github.com/ansible/ansible-modules-core/issues/5584

Change-Id: I75ee2c5239984ceabf99b5b3da5191697d60d9e1
2016-11-11 20:19:53 -08:00
Kyle L. Henderson 678128f13a Move systemd handler above restart handler
Since handlers are executed in the order in which they are defined
the handler to restart systemd should come before the handlers to
restart mysql. This avoids the error case where the playbook is run
multiple times and systemd refuses to restart mysql giving the
following message:

"Warning: mysql.service changed on disk. Run 'systemctl
daemon-reload' to reload units."

Closes-Bug: #1633472

Change-Id: I3962c0e8f9f1cf3c01a3160be4c744e9fbd1ecfe
2016-10-14 08:11:06 -05:00
Kevin Carter 21aaa7cc4f Adjust file descriptor limit when systemd is used
Change-Id: I083c60d28904e6a6eeebd36ed114df06d83072a6
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-09-15 21:26:26 +00:00
Michael Gugino 5136160186 Implement Xenial Support
This commit implements support for Ubuntu 16.04 Xenial.  Changes
include renaming several variables from galera_* to percona_* for
clarity.  The reason for this change is that 16.04 will be using
distribution provided packages for percona-xtrabackup.

Mariadb 10.0 packages are available for Ubuntu 16.04, so those
packages and installations procedures will remain unchanged.

Depends-On: Iab5485529cf14933fd7f37430d234a5c41185c18
Change-Id: I4baeb2eddf137619ffedba2f9efd61b7bd142f92
2016-05-19 16:38:40 -04:00
Jimmy McCrory a94f88dddc Fix handlers
The handler to restart mysql is using an incorrect registered variable
to check if the restart succeeded, leading to multiple service restarts
each time its notified.

The 'Remove stale .sst' and 'Restart mysql fall back' handlers will only
be notified if 'Restart mysql' is 'changed', but their when clauses
were checking for 'failed'. Regardless, their when clauses can be
removed.

Change-Id: Icc038d17b560b24bb9bf5fdd523835102ca97030
2016-04-09 14:41:01 -07:00
git-harry 72a1dfb4d7 Use var galera_cluster_members to identify cluster
Create a new variable called galera_cluster_members which is a list of
the hosts that make up the galera cluster. Set the default value to
groups['galera_all'] which is the group used by openstack-ansible to
refer to the members of the cluster. Replace all other references to
groups['galera_all'] with the new variable. This allows other consumers
of this role to use their own group naming scheme.

Add a new task to verify that current host is a member of
galera_cluster_members.

Add the var galera_client_drop_config_file=true to the role dependency
galera_client, this is required because the default value for that var
in the galera_client role is based on membership of the galera_all
group.

Modify the functional testing to override galera_cluster_members, this
aims to prevent the return of any hard-coded role references.

Change-Id: I59af07217114a001cbebaa95a651919d53c9ec21
2016-03-17 09:30:36 +00:00
git-harry 24a6f1fea8 Re-initialise when restarting 1-node cluster
Modify the mysql restart handler so that the arg '--wsrep-new-cluster'
is supplied when restarting a cluster of one node.

This fixes an issue where restarting a single-node cluster fails because
there are no other members of the cluster available with which to
re-establish a connection.

Change-Id: I2cdc1e61dde68e441c6927f85123467568df5e27
2016-03-09 17:33:28 +00:00
Kevin Carter b651fa3bd8 Added major version upgrade support
The change adds in the ability for the role to take care of a major upgrade
in a version of an installed mariadb galera cluster.

The change adds a new task file that checks if the installed version of the
galera cluster matches that of the specified major version. The role will
hard stop if there is a version mismatch and the option "galera_upgrade=true"
is not passed.

Change-Id: I26560668325d45f670c8b946c978c48559f58419
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-02-12 12:36:57 +00:00
Hugh Saunders 5d1f8bf4e1 Ensure fallback galera restarts are notified
Notifies are only fired when the result of a task is "changed". In this
case we want the fallback handlers to be notified when the initial
handler fails so we set changed_when: result|failed.

Change-Id: Ib12e8de961d9c55ed3701cc883a00de878211c27
Closes-Bug: #1533126
2016-01-18 10:20:42 +00:00
Kevin Carter cd11c5a56e Updated repo for new org
The role was changed to make it compatible with the OpenStack
CI. The changes effect defaults, handlers, and the tests for 
the role and adds gitignore/review files. 

The changes essentially get the role to a state where its passing
the tests which are spinning up a galera cluster, adding users 
and databases, and then testing integrity from every node. The 
tests specifically ensure we're able to guarantee that after the
role runs everything works. Previously to these changes the role
assumed everything was working and nothing had been done to 
guarantee cluster state. 

In the handler changes, the temporary "sst" directory is cleaned up
should the handler restart fail. This ensure that a node is in a clean
state if a leftover sst directory was on the disk which would cause 
a node to fail to join a cluster or bootstrap. Additionally the 
environment variable "MYSQLD_STARTUP_TIMEOUT" is now being passed
into the init script because the defaults are not being sourced
at the init script runtime. 

In the task changes a new configuration file, that is part of the 
mariadb package, is being removed which has unforeseen options within
it causing no logs to be created.

the default option "galera_innodb_additional_mem_pool_size" was removed
because its no longer valid within MariaDB10 and we'd never caught that
error message until now.

The tests were updated to support running the role from a user which 
was not root.

Change-Id: I16af30c660790656fc2d59f9943c172b88098905
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-12-14 15:20:02 +00:00
Kevin Carter 25a9eb3901
first commit
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-12-09 09:23:50 -06:00