From 1db0ef2efbd22b3491e1cf57e172a3d87b6f62a9 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Tue, 23 Feb 2021 10:23:38 +0000 Subject: [PATCH] Bump MariaDB version to 10.5.9 We also workaround known mariadb bug which make upgrades from previous version to fail because of changing privileges bits which ends up in revoking some of the privileges from superusers. Depends-On: https://review.opendev.org/775684 Depends-On: https://review.opendev.org/781305 Change-Id: Id28057c9b9043c9ef609f4ed6f40a8a21a2e6a8e --- defaults/main.yml | 2 +- handlers/galera_upgrade_hook.yml | 39 +++++++++++++++++++ handlers/main.yml | 10 +++++ .../galera_upgrade_bug-88faad86f94d4f26.yaml | 7 ++++ 4 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 handlers/galera_upgrade_hook.yml create mode 100644 releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml diff --git a/defaults/main.yml b/defaults/main.yml index e5bac9b1..f0dbfcca 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -43,7 +43,7 @@ galera_mariadb_server_package: "{{ _galera_mariadb_server_package }}" # The major version used to select the repo URL path galera_major_version: 10.5 -galera_minor_version: 8 +galera_minor_version: 9 # Set the URL for the MariaDB repository galera_repo_host: "downloads.mariadb.com" diff --git a/handlers/galera_upgrade_hook.yml b/handlers/galera_upgrade_hook.yml new file mode 100644 index 00000000..eb32ec56 --- /dev/null +++ b/handlers/galera_upgrade_hook.yml @@ -0,0 +1,39 @@ +--- +# Copyright 2021, City Network International AB +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Start mysql_safe instance + command: mariadbd-safe --skip-grant-tables --skip-networking + async: 300 + poll: 0 + +- name: Get current root permissions + community.mysql.mysql_query: + login_unix_socket: "{{ galera_unix_socket }}" + query: select Priv from mysql.global_priv where User = 'root' and Host = 'localhost' + retries: 10 + delay: 2 + register: maria_root_priv + until: maria_root_priv is success + +- name: Fixing root access permissions + community.mysql.mysql_query: + login_unix_socket: "{{ galera_unix_socket }}" + query: UPDATE mysql.global_priv SET Priv = %(priv)s where User = 'root' and Host = 'localhost' + named_args: + priv: "{{ maria_root_priv['query_result'][0][0]['Priv'] | replace('274877906943', '549755813887') | string }}" + when: "'549755813887' not in maria_root_priv['query_result'][0][0]['Priv']" + +- name: Stop mysql_safe + command: mysql -e shutdown diff --git a/handlers/main.yml b/handlers/main.yml index 0ee2005b..d06c32bb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -58,6 +58,16 @@ - galera_install_server | bool - not galera_cluster_ready | bool +# TODO: Remove this include once MariaDB bug will be resolved +# https://jira.mariadb.org/browse/MDEV-25030 +- name: Fix root user permissions during upgrade + include_tasks: handlers/galera_upgrade_hook.yml + listen: Bootstrap cluster + when: + - galera_install_server | bool + - galera_upgrade | bool + - inventory_hostname == galera_server_bootstrap_node + - name: Start new cluster command: /usr/local/bin/galera_new_cluster failed_when: not start_new_cluster.rc in [0, 3] diff --git a/releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml b/releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml new file mode 100644 index 00000000..3c5b0ed4 --- /dev/null +++ b/releasenotes/notes/galera_upgrade_bug-88faad86f94d4f26.yaml @@ -0,0 +1,7 @@ +--- +upgrade: + - | + MariaDB version 10.5.9 is know to have `bug `_ + which results in broken root permissions after upgrade. We have implemented + a workarond for it which will be triggered automatically. This note + is informative only.