Move all distros to upstream MariaDB 10.5

Per meeting's agreement [1]. [1] https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-09-22-15.01.log.html#l-71 Change-Id: If24c53b3b89eddfaf2cad39fb9e70cea0f770c96
2021-09-25 19:41:22 +00:00 · 2021-09-25 19:41:22 +00:00 · 4563971073
parent e6c124f6c2
commit 4563971073
9 changed files with 51 additions and 81 deletions
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@ -76,6 +76,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
        'elasticsearch.repo',
        'grafana.repo',
        'influxdb.repo',
+        'mariadb.repo',
        'proxysql.repo',
        'rabbitmq_rabbitmq-server.repo',
        'rabbitmq_rabbitmq-erlang.repo',
@ -88,6 +89,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
        'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
        'https://packages.grafana.com/gpg.key',
        'https://repos.influxdata.com/influxdb.key',
+        'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
        'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
        'https://packages.treasuredata.com/GPG-KEY-td-agent',
        'https://repo.proxysql.com/ProxySQL/repo_pub_key',
@ -96,6 +98,7 @@ COPY dnf.conf /etc/dnf/dnf.conf
    {% set base_yum_repo_files = [
        'elasticsearch.repo',
        'grafana.repo',
+        'mariadb-aarch64.repo',
        'proxysql.repo',
        'rabbitmq_rabbitmq-server.repo',
        'td.repo',
@ -103,6 +106,7 @@ COPY dnf.conf /etc/dnf/dnf.conf

    {% set base_yum_repo_keys = [
        'https://packages.grafana.com/gpg.key',
+        'https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB',
        'https://github.com/rabbitmq/signing-keys/releases/download/2.0/rabbitmq-release-signing-key.asc',
        'https://repo.proxysql.com/ProxySQL/repo_pub_key',
    ] %}
--- a/docker/base/mariadb-aarch64.repo
+++ b/docker/base/mariadb-aarch64.repo
@ -0,0 +1,6 @@
+[mariadb]
+name = MariaDB
+baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-aarch64
+module_hotfixes = 1
+gpgcheck = 1
+enabled = 0
--- a/docker/base/mariadb.repo
+++ b/docker/base/mariadb.repo
@ -0,0 +1,6 @@
+[mariadb]
+name = MariaDB
+baseurl = https://downloads.mariadb.com/MariaDB/mariadb-10.5/yum/centos8-amd64
+module_hotfixes = 1
+gpgcheck = 1
+enabled = 0
--- a/docker/mariadb/mariadb-server/Dockerfile.j2
+++ b/docker/mariadb/mariadb-server/Dockerfile.j2
@ -10,21 +10,22 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {{ macros.configure_user(name='mysql') }}

 {# NOTE(mgoddard): EPEL required for pv package #}
-{{ macros.enable_extra_repos(['epel', 'mariadb']) }}
+{{ macros.enable_extra_repos(['epel']) }}

 {% if base_package_type == 'rpm' %}
    {% set mariadb_packages = [
        'expect',
-        'galera',
        'hostname',
        'mariadb-backup',
-        'mariadb-server-galera',
-        'mariadb-server-utils',
+        'mariadb-server',
        'pv',
        'rsync',
        'tar'
    ] %}

+{# NOTE(yoctozepto): this is to ensure Kolla Ansible can configure MariaDB to find it #}
+RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
+
 {% elif base_package_type == 'deb' %}
    {% set mariadb_packages = [
        'expect',
@ -37,11 +38,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build

 COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-{% if base_distro == 'debian' %}
-COPY security_reset.expect.debian /usr/local/bin/kolla_security_reset
-{% else %}
 COPY security_reset.expect /usr/local/bin/kolla_security_reset
-{% endif %}
 RUN chmod 755 /usr/local/bin/kolla_extend_start \
    && chmod 755 /usr/local/bin/kolla_security_reset \
    && chmod 750 /etc/sudoers.d \
--- a/docker/mariadb/mariadb-server/security_reset.expect
+++ b/docker/mariadb/mariadb-server/security_reset.expect
@ -1,19 +1,28 @@
 #!/usr/bin/expect -f

 if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
-spawn mysql_secure_installation
+spawn mariadb-secure-installation
 expect {
  timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
  eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
  "Enter current password for root (enter for none):"
 }
 send "\r"
+
 expect {
-  timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
-  "Set root password?"
+  timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n]' prompt\n"; exit 1 }
+  "Switch to unix_socket authentication \\\[Y/n\\\] "
+}
+send "n\r"
+
+expect {
+  timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
+  eof { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
+  "Change the root password? \\\[Y/n\\\] "
 }
 send "y\r"
+
 expect {
  timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
  eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
--- a/docker/mariadb/mariadb-server/security_reset.expect.debian
+++ b/docker/mariadb/mariadb-server/security_reset.expect.debian
@ -1,67 +0,0 @@
-#!/usr/bin/expect -f
-
-if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
-spawn mysql_secure_installation
-expect {
-  timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
-  "Enter current password for root (enter for none):"
-}
-send "\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Switch to unix_socket authentication [Y/n] ' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Switch to unix_socket authentication' prompt\n"; exit 1 }
-  "Switch to unix_socket authentication \\\[Y/n\\\] "
-}
-send "n\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Change the root password? [Y/n]' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Change the root password?' prompt\n"; exit 1 }
-  "Change the root password? \\\[Y/n\\\] "
-}
-send "y\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
-  "New password:"
-}
-send "$env(DB_ROOT_PASSWORD)\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
-  "Re-enter new password:"
-}
-send "$env(DB_ROOT_PASSWORD)\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
-  "Remove anonymous users?"
-}
-send "y\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
-  "Disallow root login remotely?"
-}
-send "n\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
-  "Remove test database and access to it?"
-}
-send "y\r"
-
-expect {
-  timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
-  eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
-  "Reload privilege tables now?"
-}
-send "y\r"
-expect eof
--- a/kolla/template/repos.yaml
+++ b/kolla/template/repos.yaml
@ -13,6 +13,7 @@ centos:
  kibana: "elasticsearch-kibana-logstash-7.x"
  libvirt: "centos-advanced-virtualization"
  logstash: "elasticsearch-kibana-logstash-7.x"
+  mariadb: "mariadb"
  openvswitch: "centos-nfv-openvswitch"
  opstools: "centos-opstools"
  powertools: "powertools"
@ -33,6 +34,7 @@ centos-aarch64:
  kibana: "elasticsearch-kibana-logstash-7.x"
  libvirt: "centos-advanced-virtualization"
  logstash: "elasticsearch-kibana-logstash-7.x"
+  mariadb: "mariadb"
  openvswitch: "centos-nfv-openvswitch"
  opstools: "centos-opstools"
  powertools: "powertools"
@ -183,7 +185,7 @@ ubuntu:
    component: "main"
    gpg_key: "elasticsearch.asc"
  mariadb:
-    url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu"
+    url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu"
    suite: "focal"
    component: "main"
    gpg_key: "mariadb.gpg"
@ -235,7 +237,7 @@ ubuntu-aarch64:
    component: "main"
    gpg_key: "elasticsearch.asc"
  mariadb:
-    url: "http://downloads.mariadb.com/MariaDB/mariadb-10.3/repo/ubuntu"
+    url: "http://downloads.mariadb.com/MariaDB/mariadb-10.5/repo/ubuntu"
    suite: "focal"
    component: "main"
    gpg_key: "mariadb.gpg"
--- a/releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml
+++ b/releasenotes/notes/centos-mariadb-upstream-971216b820ee1f1a.yaml
@ -0,0 +1,9 @@
+---
+upgrade:
+  - |
+    CentOS now uses upstream MariaDB repos (thus following the images
+    of the other two distros). This is done to simplify MariaDB version
+    management on Kolla side.
+    The chosen version is synced with Debian and Ubuntu to 10.5.
+    Operators may want to reflect this in their repo mirrors and
+    proxies.
--- a/releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml
+++ b/releasenotes/notes/ubuntu-mariadb-10.5-38631eae76f6d091.yaml
@ -0,0 +1,4 @@
+---
+other:
+  - |
+    Ubuntu now uses MariaDB 10.5 to sync with Debian.