With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.
Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.
By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.
RHEL distros already have a removal step for galera-*
Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile
With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.
[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150
Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
This provides the capability to add and remove additional users
in the Galera database which may be used by external resource
monitoring systems (for example).
The Ansible mysql 'resource_limits' variable is also exposed to
enable setting connection limits against individual users.
Change-Id: Idcc9251340215baf5e6f550a9ca844c8c097d353
There are no official binary pacakges available for Ubuntu 22.04
so we use the distro provided version of MariaDB instead.
Change-Id: If8d8d8ff9bc5270bc077cf777f88bbaab142b8cd
Control mysql datadir with variable. Decrease code dublication since path
is heavily used in different places. If path needs to be changed
overriding config won't be enough.
Change-Id: I6fcefe216236ffea60da5fee42aad47c6f7da133
Also remove vars/debian-11.yml so that bullseye takes packages from the official mariadb repo
rather than using the distro provided package.
Change-Id: I084f63d071394022b4b2dd6ad1433e4036adc978
Instead of placing bunch of templates, we can use our systemd_role
that is capable of placing just overrides file, that will have same
functionality but also provide ability to easily add required data into
systemd overrides.
Change-Id: I7b3b0f4da047f82a49266ef57fba2fbaa24cebdc
There is no offical MariaDB build for bullseye so we must use
the version from the operating system repo.
Change-Id: I46f9d73ac27928edf4236fd797afde6e5ea9427e
There might be cases, where devel packages installation might be required
Since it's pretty specific usecases, we don't inlcude it into
tasks/main.yml and intend to use tasks_from during rule include.
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/777607
Change-Id: I79be2197aa1859ece853a197ec685e4bc460c133
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I50bb0f00658e292f39269c3980109e56319a00ca
Keepalived 2 depends on mysql-common so it's removal will result in
cluster VIPs being down until re-running keepalived role.
Also the package we really want to remove is mariadb-common.
Change-Id: I5a87d9c7364ca36397b119c8b7261aebce26a1ac
This is the first stable release from the 10.5 series.
Depends-On: https://review.opendev.org/758399
Change-Id: I76438e6519eac09be7f9729de3cefb4130f72dea
Upstream MariaDB do not provide packages for 10.4 until 10.4.13.
That version suffers from a critical bug which causes the database
to segfault during the openstack database creation. This will be
fixed in 10.4.14 but that version is not due for release until July
2020.
This patch uses a repo providing a version of daily build of 10.4.14
compiled for Ubuntu Focal in order to progress development of OSA on Focal.
Depends-On: https://review.opendev.org/734672
Depends-On: https://review.opendev.org/735289
Depends-On: https://review.opendev.org/732013
Change-Id: Id584f5c770b35f2e78301edd55eeb0f0129363d6
After bumping version to mariadb 10.4 upgrade path has been broken
as service name and packages have new naming patterns
for a while.
We also temporary disable ubuntu upgrade jobs to be able
to merge patch.
Change-Id: I3696b3131de424a4b30ff016da714aef22af4e59
Patch aims to use next stable release of MariaDB
Remove no_log from functional tests, the only credentials used here
are for the purposes of the test and debug output is valuable.
Change-Id: Ic4cdc26ddf1cb0591f0a2218355b7cca7af0b0fb
Running this module with ansible 2.7.13 to an Ubuntu 16.04 target was failing
with the following error message:
"The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module
is required."
Not sure why the fallback to using MysqlDB wasn't working, but it looks like
PyMySQL is the way forward.
This should fix https://bugs.launchpad.net/openstack-ansible/+bug/1824987.
Change-Id: Ic4ff3e24937d38e16fde843e350875c0024c92b2
We had two variable names which were duplicated for the service
name, this converges them all to "mariadb" which uses the actual
systemd unit instead of the init.d compatiblity layer.
Change-Id: I5805fb11a5118c4011701377cd30b2511edca505
The MariaDB repositories are offering a download repo under
the leap major version, e.g. "opensuse15" or "opensuse42" for all leap
42.x and leap 15.x versions, respectively. There isn't a specific
build for openSUSE Leap 15.1, so the previous logic selected
a repo url of opensuse-151 which does not exist.
Change-Id: Ia0985c03d51c3bfe06b98ae73a3533c3402453e3
The RedHat-based operating systems such as CentOS have a pretty
stable list of packages, therefore, we don't need to pin it by
version and we can instead move to a much more generic redhat.yml
which will support a bigger range of systems.
This patch also sets up the mode for the /etc/mysql directory
to be 755 for things to work. We should lock that down eventually
for only the MySQL user.
Change-Id: I2e9ee987a353a28da00cd37cbdb82ec46ccc414c
This patch adds support for this role to be able to deploy on
Debian Stretch.
Change-Id: I1d218d3f7a43b59f39baaa9a76d1a73df52a0a99
Needed-By: I9a92b73c419a0dc1cca40dacfef75de61a61db94
We're currently deploying 10.2.17 which is quite old and we seem
to be having issues in the gate with some database sync's causing
MariaDB to crash, as well as personal experience with similar
crashes around Cinder database syncs
In addition, this change implements the usage of mariabackup for
SST transfers which eliminates the need for the Percona repos.
The compression is no longer recommended by upstream now, therefore,
we remove it.
Change-Id: I59a0e225205be43b5bfc76c4bc3381b6e9c54cfd
This patch adds /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY which
comes from installing [1] and is required in order to install
the percona packages on CentOS packages. Without it we get
the error:
Public key for percona-toolkit-3.0.13-1.el7.x86_64.rpm is not installed
We also rename RPM-GPG-KEY-percona to RPM-GPG-KEY-Percona in
order to match what is done by [1].
[1] https://repo.percona.com/yum/percona-release-latest.noarch.rpm
Change-Id: I2eeac8ea21c52fac3b1f32036fedcf7c62aac37f
To ensure that we have a consistent implementation
between the galera_client and galera_server roles,
we change the galera_server role to match galera_client
as was done in I520ccbadf3320b0d07fc83e3dbec9ea2bd16ec83
This updates it to a mechanism which will be easier to
maintain.
Change-Id: I7ac1a5e3a05aa3d0b4fae86c4a325ef147a9a528
In https://review.openstack.org/534819 we introduced the removal
of conflicting packages from the targeted host, but then we deleted
the list for RedHat in https://review.openstack.org/578844 because
yum kept removing and re-adding the same packages.
In https://review.openstack.org/603205 we solve the issue properly
given that yum is case-insensitive, and the root cause of the repeat
remove/install.
As such, in this patch, we restore the removal of conflicting
packages for RedHat in a different way. Each of the package removal
tasks are moved into the tasks specific to each package manager so
that each can be handled differently.
Change-Id: I70fbfa6eff8796713c6bec32319382273f8281f8
Related-Bug: #1762421
Related-Bug: #1742206
mariadb 10.2 was first released in April 2016 and OpenStack services
should be ready to use it by now, so lets switch to 10.2. For mariadb
10.2 we need to use xtrabackup-24. This version is not available in Leap
42.3 so we add an extra OBS repository for it.
Change-Id: I5f1aaf1f8608ad085acfebc8458910391f280193
Commit c41b80cee9 ("Remove python-crypto and use in-repo GPG keys")
removed the ancient python-crypto package from CentOS but it didn't do
it for SUSE. Similar to CentOS, we don't need python-crypto anymore for
Galera so we can simply drop it.
Fixes: c41b80cee9 ("Remove python-crypto and use in-repo GPG keys")
Change-Id: If8fc1641cc26e98e2851ccae95827fcfc4794282
Removing mariadb-server and mariadb-libs leads to
removing MariaDB-server and MariaDB-shared and its
dependencies
rpmquery --whatprovides mariadb-server
MariaDB-server-10.1.30-1.el7.centos.x86_64
rpmquery --whatprovides mariadb-libs
MariaDB-shared-10.1.30-1.el7.centos.x86_64
Which in turn shuts down the server.
Change-Id: I89df8f6b57b1ebe0ce96d63f193da35107d2bad9
Closes-Bug: #1762421
Related-Bug: #1742206
We have mirrored provided by the OpenStack infrastructure which
should reduce the amount of network failures with MariaDB.
Depends-On: I49a744ee5c41279f4a17bc7d2339d12c3a132026
Change-Id: I205e471dba844a98a5c81e0e387704bef648069e
We don't need python cryptography bindings in order to deploy a Galera
server therefore drop it from our dependencies. It also is no longer
used inside OpenStack world for lack of security.
Also, we make remote network hits to get the GPG keys which are quite
unreliable so let's store them inside the role and use them.
Change-Id: I9443f10e8c803599cbebfc2a53cb9c432bfa60d1
Dmitriy Rabotyagov