Bump MariaDB version to 10.5.9

We also workaround known mariadb bug which make upgrades from previous version to fail because of changing privileges bits which ends up in revoking some of the privileges from superusers. Depends-On: https://review.opendev.org/775684 Depends-On: https://review.opendev.org/781305 Change-Id: Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e
2021-02-23 10:23:38 +00:00 · 2021-02-23 10:23:38 +00:00 · 1db0ef2efb
parent e336046b63
commit 1db0ef2efb
4 changed files with 57 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -43,7 +43,7 @@ galera_mariadb_server_package: "{{ _galera_mariadb_server_package }}"

 # The major version used to select the repo URL path
 galera_major_version: 10.5
-galera_minor_version: 8
+galera_minor_version: 9

 # Set the URL for the MariaDB repository
 galera_repo_host: "downloads.mariadb.com"
--- a/handlers/galera_upgrade_hook.yml
+++ b/handlers/galera_upgrade_hook.yml
@ -0,0 +1,39 @@
+---
+# Copyright 2021, City Network International AB
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Start mysql_safe instance
+  command: mariadbd-safe --skip-grant-tables --skip-networking
+  async: 300
+  poll: 0
+
+- name: Get current root permissions
+  community.mysql.mysql_query:
+    login_unix_socket: "{{ galera_unix_socket }}"
+    query: select Priv from mysql.global_priv where User = 'root' and Host = 'localhost'
+  retries: 10
+  delay: 2
+  register: maria_root_priv
+  until: maria_root_priv is success
+
+- name: Fixing root access permissions
+  community.mysql.mysql_query:
+    login_unix_socket: "{{ galera_unix_socket }}"
+    query: UPDATE mysql.global_priv SET Priv = %(priv)s where User = 'root' and Host = 'localhost'
+    named_args:
+      priv: "{{ maria_root_priv['query_result'][0][0]['Priv'] | replace('274877906943', '549755813887') | string }}"
+  when: "'549755813887' not in maria_root_priv['query_result'][0][0]['Priv']"
+
+- name: Stop mysql_safe
+  command: mysql -e shutdown
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -58,6 +58,16 @@
    - galera_install_server | bool
    - not galera_cluster_ready | bool

+# TODO: Remove this include once MariaDB bug will be resolved
+# https://jira.mariadb.org/browse/MDEV-25030
+- name: Fix root user permissions during upgrade
+  include_tasks: handlers/galera_upgrade_hook.yml
+  listen: Bootstrap cluster
+  when:
+    - galera_install_server | bool
+    - galera_upgrade | bool
+    - inventory_hostname == galera_server_bootstrap_node
+
 - name: Start new cluster
  command: /usr/local/bin/galera_new_cluster
  failed_when: not start_new_cluster.rc in [0, 3]
--- a/releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml
+++ b/releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml
@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    MariaDB version 10.5.9 is know to have `bug <https://jira.mariadb.org/browse/MDEV-25030?>`_
+    which results in broken root permissions after upgrade. We have implemented
+    a workarond for it which will be triggered automatically. This note
+    is informative only.