system-config/modules/openstack_project/manifests/translate.pp
Ian Wienand 8739e1448d
translate: fix dump with MySQL 5.7
Recently the hosted database that translate.openstack.org uses was
upgraded to MySQL 5.7.  It turns out there was a breaking
security-related change to MySQL that means you require PROCESS
privileges to dump the DB.  I guess the migration didn't do this, and
via the RAX hosting UI there's no easy way to add this (there's no
root user available by default; perhaps this is a corner case of the
upgrade process).

Rather than trying to figure out the backend, to work around this use
--no-tablespaces to the dump command.  We just need a dump of the
zanata tables as backup, so this is fine.

Change-Id: Idaa35249fe15867103fa7b70dbdc7d135c5e1396
2022-09-13 09:27:10 +10:00

165 lines
5.4 KiB
Puppet

# Copyright 2015 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: openstack_project::translate
#
class openstack_project::translate(
$mysql_host = 'localhost',
$mysql_port = '3306',
$mysql_user = 'zanata',
$mysql_password,
$admin_users = '',
$zanata_server_user = '',
$zanata_server_api_key = '',
$zanata_wildfly_version = '9.0.1',
$zanata_wildfly_install_url = 'https://repo1.maven.org/maven2/org/wildfly/wildfly-dist/9.0.1.Final/wildfly-dist-9.0.1.Final.tar.gz',
$zanata_url = '',
$zanata_checksum = '',
$zanata_main_version = '',
$project_config_repo = '',
$openid_url = '',
$vhost_name = $::fqdn,
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$listeners = [],
$from_address,
) {
class { 'project_config':
url => $project_config_repo,
}
class { '::zanata':
mysql_host => $mysql_host,
mysql_port => $mysql_port,
zanata_db_username => $mysql_user,
zanata_db_password => $mysql_password,
zanata_openid_provider_url => $openid_url,
zanata_listeners => $listeners,
zanata_admin_users => $admin_users,
zanata_default_from_address => $from_address,
zanata_wildfly_version => $zanata_wildfly_version,
zanata_wildfly_install_url => $zanata_wildfly_install_url,
zanata_url => $zanata_url,
zanata_checksum => $zanata_checksum,
zanata_main_version => $zanata_main_version
}
class { '::zanata::apache':
vhost_name => $vhost_name,
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
require => Class['::zanata']
}
include logrotate
logrotate::file { 'console.log':
log => '/var/log/wildfly/console.log',
options => [
'daily',
'rotate 30',
'missingok',
'dateext',
'copytruncate',
'compress',
'delaycompress',
'notifempty',
'maxage 30',
],
require => Service['wildfly'],
}
file { '/home/wildfly/projects.yaml':
ensure => present,
owner => 'wildfly',
group => 'wildfly',
mode => '0444',
source => $::project_config::jeepyb_project_file,
replace => true,
require => User['wildfly'],
}
include jeepyb
exec { 'register-zanata-projects':
command => '/usr/local/bin/register-zanata-projects -v -l /var/log/register-zanata-projects.log',
timeout => 900, # 15 minutes
subscribe => File['/home/wildfly/projects.yaml'],
refreshonly => true,
logoutput => true,
environment => [
"PROJECTS_YAML=/home/wildfly/projects.yaml",
"ZANATA_URL=https://${vhost_name}/",
"ZANATA_USER=${zanata_server_user}",
"ZANATA_KEY=${zanata_server_api_key}",
],
require => [
File['/home/wildfly/projects.yaml'],
Class['jeepyb'],
],
}
logrotate::file { 'register-zanata-projects.log':
log => '/var/log/register-zanata-projects.log',
options => [
'compress',
'missingok',
'rotate 30',
'daily',
'notifempty',
'copytruncate',
],
require => Exec['register-zanata-projects'],
}
# NOTE(ianw) 2021-02-05 : the --all-databases option to mysqldump
# this sets up appears to not be dumping all databases since a
# recent upgrade; see
# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1914695
# This effectively makes this dump useless. Below we are streaming
# the database directly into borg, which does still work.
mysql_backup::backup_remote { 'translate':
database_host => $mysql_host,
database_user => $mysql_user,
database_password => $mysql_password,
num_backups => '10',
require => Class['zanata'],
}
# Streaming backup of zanata db; see borg-backup role
file { '/etc/borg-streams':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/borg-streams/mysql':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => '/usr/bin/mysqldump --defaults-file=/root/.translate_db.cnf --ignore-table mysql.event --skip-extended-insert --single-transaction --no-tablespaces zanata',
require => File['/etc/borg-streams'],
}
}