openstack/kolla
Code Issues Proposed changes

Merge "Move all distros to upstream MariaDB 10.5"

Browse Source
This commit is contained in:
Zuul 2021-10-04 10:00:50 +00:00 committed by Gerrit Code Review
commit 26e468ba40
9 changed files with 51 additions and 81 deletions

4
docker/base/Dockerfile.j2

@ -76,6 +76,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
'elasticsearch.repo', 'elasticsearch.repo',
'grafana.repo', 'grafana.repo',
'influxdb.repo', 'influxdb.repo',
'mariadb.repo',
'proxysql.repo', 'proxysql.repo',
'rabbitmq_rabbitmq-server.repo', 'rabbitmq_rabbitmq-server.repo',
'rabbitmq_rabbitmq-erlang.repo', 'rabbitmq_rabbitmq-erlang.repo',
@ -88,6 +89,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
'https://artifacts.elastic.co/GPG-KEY-elasticsearch', 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
'https://packages.grafana.com/gpg.key', 'https://packages.grafana.com/gpg.key',
'https://repos.influxdata.com/influxdb.key', 'https://repos.influxdata.com/influxdb.key',
'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
'https://packages.treasuredata.com/GPG-KEY-td-agent', 'https://packages.treasuredata.com/GPG-KEY-td-agent',
'https://repo.proxysql.com/ProxySQL/repo_pub_key', 'https://repo.proxysql.com/ProxySQL/repo_pub_key',
@ -96,6 +98,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
{% set base_yum_repo_files = [ {% set base_yum_repo_files = [
'elasticsearch.repo', 'elasticsearch.repo',
'grafana.repo', 'grafana.repo',
'mariadb-aarch64.repo',
'proxysql.repo', 'proxysql.repo',
'rabbitmq_rabbitmq-server.repo', 'rabbitmq_rabbitmq-server.repo',
'td.repo', 'td.repo',
@ -103,6 +106,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
{% set base_yum_repo_keys = [ {% set base_yum_repo_keys = [
'https://packages.grafana.com/gpg.key', 'https://packages.grafana.com/gpg.key',
'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc', 'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
'https://repo.proxysql.com/ProxySQL/repo_pub_key', 'https://repo.proxysql.com/ProxySQL/repo_pub_key',
] %} ] %}

6
docker/base/mariadb-aarch64.repo Normal file

@ -0,0 +1,6 @@
[mariadb]
name = MariaDB
baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-aarch64
module_hotfixes = 1
gpgcheck = 1
enabled = 0

6
docker/base/mariadb.repo Normal file

@ -0,0 +1,6 @@
[mariadb]
name = MariaDB
baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-amd64
module_hotfixes = 1
gpgcheck = 1
enabled = 0

13
docker/mariadb/mariadb-server/Dockerfile.j2

@ -10,21 +10,22 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
{{ macros.configure_user(name='mysql') }} {{ macros.configure_user(name='mysql') }}
{# NOTE(mgoddard): EPEL required for pv package #} {# NOTE(mgoddard): EPEL required for pv package #}
{{ macros.enable_extra_repos(['epel', 'mariadb']) }} {{ macros.enable_extra_repos(['epel']) }}
{% if base_package_type == 'rpm' %} {% if base_package_type == 'rpm' %}
{% set mariadb_packages = [ {% set mariadb_packages = [
'expect', 'expect',
'galera',
'hostname', 'hostname',
'mariadb-backup', 'mariadb-backup',
'mariadb-server-galera', 'mariadb-server',
'mariadb-server-utils',
'pv', 'pv',
'rsync', 'rsync',
'tar' 'tar'
] %} ] %}
{# NOTE(yoctozepto): this is to ensure Kolla Ansible can configure MariaDB to find it #}
RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
{% elif base_package_type == 'deb' %} {% elif base_package_type == 'deb' %}
{% set mariadb_packages = [ {% set mariadb_packages = [
'expect', 'expect',
@ -37,11 +38,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start COPY extend_start.sh /usr/local/bin/kolla_extend_start
{% if base_distro == 'debian' %}
COPY security_reset.expect.debian /usr/local/bin/kolla_security_reset
{% else %}
COPY security_reset.expect /usr/local/bin/kolla_security_reset COPY security_reset.expect /usr/local/bin/kolla_security_reset
{% endif %}
RUN chmod 755 /usr/local/bin/kolla_extend_start \ RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& chmod 755 /usr/local/bin/kolla_security_reset \ && chmod 755 /usr/local/bin/kolla_security_reset \
&& chmod 750 /etc/sudoers.d \ && chmod 750 /etc/sudoers.d \

17
docker/mariadb/mariadb-server/security_reset.expect

@ -1,19 +1,28 @@
#!/usr/bin/expect -f #!/usr/bin/expect -f
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10} if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
spawn mysql_secure_installation spawn mariadb-secure-installation
expect { expect {
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 } eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
"Enter current password for root (enter for none):" "Enter current password for root (enter for none):"
} }
send "\r" send "\r"
expect { expect {
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 } eof { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n]' prompt\n"; exit 1 }
"Set root password?" "Switch to unix_socket authentication \\\[Y/n\\\] "
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
"Change the root password? \\\[Y/n\\\] "
} }
send "y\r" send "y\r"
expect { expect {
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 } eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }

67
docker/mariadb/mariadb-server/security_reset.expect.debian

@ -1,67 +0,0 @@
#!/usr/bin/expect -f
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
spawn mysql_secure_installation
expect {
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
"Enter current password for root (enter for none):"
}
send "\r"
expect {
timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Switch to unix_socket authentication' prompt\n"; exit 1 }
"Switch to unix_socket authentication \\\[Y/n\\\] "
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Change the root password?' prompt\n"; exit 1 }
"Change the root password? \\\[Y/n\\\] "
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
"New password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
"Re-enter new password:"
}
send "$env(DB_ROOT_PASSWORD)\r"
expect {
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
"Remove anonymous users?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
"Disallow root login remotely?"
}
send "n\r"
expect {
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
"Remove test database and access to it?"
}
send "y\r"
expect {
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
"Reload privilege tables now?"
}
send "y\r"
expect eof

6
kolla/template/repos.yaml

@ -13,6 +13,7 @@ centos:
kibana: "elasticsearch-kibana-logstash-7.x" kibana: "elasticsearch-kibana-logstash-7.x"
libvirt: "centos-advanced-virtualization" libvirt: "centos-advanced-virtualization"
logstash: "elasticsearch-kibana-logstash-7.x" logstash: "elasticsearch-kibana-logstash-7.x"
mariadb: "mariadb"
openvswitch: "centos-nfv-openvswitch" openvswitch: "centos-nfv-openvswitch"
opstools: "centos-opstools" opstools: "centos-opstools"
powertools: "powertools" powertools: "powertools"
@ -33,6 +34,7 @@ centos-aarch64:
kibana: "elasticsearch-kibana-logstash-7.x" kibana: "elasticsearch-kibana-logstash-7.x"
libvirt: "centos-advanced-virtualization" libvirt: "centos-advanced-virtualization"
logstash: "elasticsearch-kibana-logstash-7.x" logstash: "elasticsearch-kibana-logstash-7.x"
mariadb: "mariadb"
openvswitch: "centos-nfv-openvswitch" openvswitch: "centos-nfv-openvswitch"
opstools: "centos-opstools" opstools: "centos-opstools"
powertools: "powertools" powertools: "powertools"
@ -183,7 +185,7 @@ ubuntu:
component: "main" component: "main"
gpg_key: "elasticsearch.asc" gpg_key: "elasticsearch.asc"
mariadb: mariadb:
url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu" url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu"
suite: "focal" suite: "focal"
component: "main" component: "main"
gpg_key: "mariadb.gpg" gpg_key: "mariadb.gpg"
@ -235,7 +237,7 @@ ubuntu-aarch64:
component: "main" component: "main"
gpg_key: "elasticsearch.asc" gpg_key: "elasticsearch.asc"
mariadb: mariadb:
url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu" url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu"
suite: "focal" suite: "focal"
component: "main" component: "main"
gpg_key: "mariadb.gpg" gpg_key: "mariadb.gpg"

9
releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml Normal file

@ -0,0 +1,9 @@
---
upgrade:
- |
CentOS now uses upstream MariaDB repos (thus following the images
of the other two distros). This is done to simplify MariaDB version
management on Kolla side.
The chosen version is synced with Debian and Ubuntu to 10.5.
Operators may want to reflect this in their repo mirrors and
proxies.

4
releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml Normal file

@ -0,0 +1,4 @@
---
other:
- |
Ubuntu now uses MariaDB 10.5 to sync with Debian.