From 456397107362af71c722abf731e057ff637e608b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Sat, 25 Sep 2021 19:41:22 +0000 Subject: [PATCH] Move all distros to upstream MariaDB 10.5 Per meeting's agreement [1]. [1] https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-09-22-15.01.log.html#l-71 Change-Id: If24c53b3b89eddfaf2cad39fb9e70cea0f770c96 --- docker/base/Dockerfile.j2 | 4 ++ docker/base/mariadb-aarch64.repo | 6 ++ docker/base/mariadb.repo | 6 ++ docker/mariadb/mariadb-server/Dockerfile.j2 | 13 ++-- .../mariadb-server/security_reset.expect | 17 +++-- .../security_reset.expect.debian | 67 ------------------- kolla/template/repos.yaml | 6 +- ...tos-mariadb-upstream-971216b820ee1f1a.yaml | 9 +++ .../ubuntu-mariadb-10.5-38631eae76f6d091.yaml | 4 ++ 9 files changed, 51 insertions(+), 81 deletions(-) create mode 100644 docker/base/mariadb-aarch64.repo create mode 100644 docker/base/mariadb.repo delete mode 100644 docker/mariadb/mariadb-server/security_reset.expect.debian create mode 100644 releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml create mode 100644 releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml diff --git a/docker/base/Dockerfile.j2 b/docker/base/Dockerfile.j2 index ac43f05381..6e5823bf88 100644 --- a/docker/base/Dockerfile.j2 +++ b/docker/base/Dockerfile.j2 @@ -76,6 +76,7 @@ COPY dnf.conf /etc/dnf/dnf.conf 'elasticsearch.repo', 'grafana.repo', 'influxdb.repo', + 'mariadb.repo', 'proxysql.repo', 'rabbitmq_rabbitmq-server.repo', 'rabbitmq_rabbitmq-erlang.repo', @@ -88,6 +89,7 @@ COPY dnf.conf /etc/dnf/dnf.conf 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', 'https://packages.grafana.com/gpg.key', 'https://repos.influxdata.com/influxdb.key', + 'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://packages.treasuredata.com/GPG-KEY-td-agent', 'https://repo.proxysql.com/ProxySQL/repo_pub_key', @@ -96,6 +98,7 @@ COPY dnf.conf /etc/dnf/dnf.conf {% set base_yum_repo_files = [ 'elasticsearch.repo', 'grafana.repo', + 'mariadb-aarch64.repo', 'proxysql.repo', 'rabbitmq_rabbitmq-server.repo', 'td.repo', @@ -103,6 +106,7 @@ COPY dnf.conf /etc/dnf/dnf.conf {% set base_yum_repo_keys = [ 'https://packages.grafana.com/gpg.key', + 'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://repo.proxysql.com/ProxySQL/repo_pub_key', ] %} diff --git a/docker/base/mariadb-aarch64.repo b/docker/base/mariadb-aarch64.repo new file mode 100644 index 0000000000..7f7a1c8b1b --- /dev/null +++ b/docker/base/mariadb-aarch64.repo @@ -0,0 +1,6 @@ +[mariadb] +name = MariaDB +baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-aarch64 +module_hotfixes = 1 +gpgcheck = 1 +enabled = 0 diff --git a/docker/base/mariadb.repo b/docker/base/mariadb.repo new file mode 100644 index 0000000000..9fbdd12ee0 --- /dev/null +++ b/docker/base/mariadb.repo @@ -0,0 +1,6 @@ +[mariadb] +name = MariaDB +baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-amd64 +module_hotfixes = 1 +gpgcheck = 1 +enabled = 0 diff --git a/docker/mariadb/mariadb-server/Dockerfile.j2 b/docker/mariadb/mariadb-server/Dockerfile.j2 index 9ee7ef37da..01510dbe8b 100644 --- a/docker/mariadb/mariadb-server/Dockerfile.j2 +++ b/docker/mariadb/mariadb-server/Dockerfile.j2 @@ -10,21 +10,22 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.configure_user(name='mysql') }} {# NOTE(mgoddard): EPEL required for pv package #} -{{ macros.enable_extra_repos(['epel', 'mariadb']) }} +{{ macros.enable_extra_repos(['epel']) }} {% if base_package_type == 'rpm' %} {% set mariadb_packages = [ 'expect', - 'galera', 'hostname', 'mariadb-backup', - 'mariadb-server-galera', - 'mariadb-server-utils', + 'mariadb-server', 'pv', 'rsync', 'tar' ] %} +{# NOTE(yoctozepto): this is to ensure Kolla Ansible can configure MariaDB to find it #} +RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera + {% elif base_package_type == 'deb' %} {% set mariadb_packages = [ 'expect', @@ -37,11 +38,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers COPY extend_start.sh /usr/local/bin/kolla_extend_start -{% if base_distro == 'debian' %} -COPY security_reset.expect.debian /usr/local/bin/kolla_security_reset -{% else %} COPY security_reset.expect /usr/local/bin/kolla_security_reset -{% endif %} RUN chmod 755 /usr/local/bin/kolla_extend_start \ && chmod 755 /usr/local/bin/kolla_security_reset \ && chmod 750 /etc/sudoers.d \ diff --git a/docker/mariadb/mariadb-server/security_reset.expect b/docker/mariadb/mariadb-server/security_reset.expect index 6d2755e4d4..06f1d5c8e1 100644 --- a/docker/mariadb/mariadb-server/security_reset.expect +++ b/docker/mariadb/mariadb-server/security_reset.expect @@ -1,19 +1,28 @@ #!/usr/bin/expect -f if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} -spawn mysql_secure_installation +spawn mariadb-secure-installation expect { timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } "Enter current password for root (enter for none):" } send "\r" + expect { - timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } - "Set root password?" + timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n]' prompt\n"; exit 1 } + "Switch to unix_socket authentication \\\[Y/n\\\] " +} +send "n\r" + +expect { + timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 } + eof { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 } + "Change the root password? \\\[Y/n\\\] " } send "y\r" + expect { timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } diff --git a/docker/mariadb/mariadb-server/security_reset.expect.debian b/docker/mariadb/mariadb-server/security_reset.expect.debian deleted file mode 100644 index ec40eaf903..0000000000 --- a/docker/mariadb/mariadb-server/security_reset.expect.debian +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/expect -f - -if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} -spawn mysql_secure_installation -expect { - timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } - "Enter current password for root (enter for none):" -} -send "\r" - -expect { - timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Switch to unix_socket authentication' prompt\n"; exit 1 } - "Switch to unix_socket authentication \\\[Y/n\\\] " -} -send "n\r" - -expect { - timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Change the root password?' prompt\n"; exit 1 } - "Change the root password? \\\[Y/n\\\] " -} -send "y\r" - -expect { - timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } - "New password:" -} -send "$env(DB_ROOT_PASSWORD)\r" - -expect { - timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 } - "Re-enter new password:" -} -send "$env(DB_ROOT_PASSWORD)\r" - -expect { - timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 } - "Remove anonymous users?" -} -send "y\r" - -expect { - timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 } - "Disallow root login remotely?" -} -send "n\r" - -expect { - timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 } - "Remove test database and access to it?" -} -send "y\r" - -expect { - timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } - eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 } - "Reload privilege tables now?" -} -send "y\r" -expect eof diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml index 3154959230..465139e2f4 100644 --- a/kolla/template/repos.yaml +++ b/kolla/template/repos.yaml @@ -13,6 +13,7 @@ centos: kibana: "elasticsearch-kibana-logstash-7.x" libvirt: "centos-advanced-virtualization" logstash: "elasticsearch-kibana-logstash-7.x" + mariadb: "mariadb" openvswitch: "centos-nfv-openvswitch" opstools: "centos-opstools" powertools: "powertools" @@ -33,6 +34,7 @@ centos-aarch64: kibana: "elasticsearch-kibana-logstash-7.x" libvirt: "centos-advanced-virtualization" logstash: "elasticsearch-kibana-logstash-7.x" + mariadb: "mariadb" openvswitch: "centos-nfv-openvswitch" opstools: "centos-opstools" powertools: "powertools" @@ -183,7 +185,7 @@ ubuntu: component: "main" gpg_key: "elasticsearch.asc" mariadb: - url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu" + url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu" suite: "focal" component: "main" gpg_key: "mariadb.gpg" @@ -235,7 +237,7 @@ ubuntu-aarch64: component: "main" gpg_key: "elasticsearch.asc" mariadb: - url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu" + url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu" suite: "focal" component: "main" gpg_key: "mariadb.gpg" diff --git a/releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml b/releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml new file mode 100644 index 0000000000..1131aecb9e --- /dev/null +++ b/releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + CentOS now uses upstream MariaDB repos (thus following the images + of the other two distros). This is done to simplify MariaDB version + management on Kolla side. + The chosen version is synced with Debian and Ubuntu to 10.5. + Operators may want to reflect this in their repo mirrors and + proxies. diff --git a/releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml b/releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml new file mode 100644 index 0000000000..7dcc8d4b89 --- /dev/null +++ b/releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml @@ -0,0 +1,4 @@ +--- +other: + - | + Ubuntu now uses MariaDB 10.5 to sync with Debian.