Add mariadb_clustercheck image
Add mariadb_clustercheck image with xinetd and clustercheck binary for haproxy checking of galera status. Reorganise existing mariadb images by creating mariadb-base and mariadb-server. Existing mariadb image will be deprecated (in a separate change). Change-Id: Ib601f64e1514521154beeaac40f0c058a7119408
This commit is contained in:
parent
28ab9cb451
commit
59616d4423
|
@ -0,0 +1,28 @@
|
||||||
|
FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
|
||||||
|
{% block labels %}
|
||||||
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block mariadb_base_header %}{% endblock %}
|
||||||
|
|
||||||
|
{% import "macros.j2" as macros with context %}
|
||||||
|
|
||||||
|
{{ macros.configure_user(name='mysql') }}
|
||||||
|
|
||||||
|
{{ macros.enable_extra_repos(['mariadb']) }}
|
||||||
|
|
||||||
|
{% if base_package_type == 'rpm' %}
|
||||||
|
{% set mariadb_base_packages = [
|
||||||
|
'mariadb',
|
||||||
|
] %}
|
||||||
|
|
||||||
|
{% elif base_package_type == 'deb' %}
|
||||||
|
{% set mariadb_base_packages = [
|
||||||
|
'mariadb-client',
|
||||||
|
] %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{{ macros.install_packages(mariadb_base_packages | customizable("packages")) }}
|
||||||
|
|
||||||
|
{% block mariadb_base_footer %}{% endblock %}
|
||||||
|
{% block footer %}{% endblock %}
|
|
@ -0,0 +1,28 @@
|
||||||
|
FROM {{ namespace }}/{{ image_prefix }}mariadb-base:{{ tag }}
|
||||||
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
||||||
|
|
||||||
|
{% block mariadb_clustercheck_header %}{% endblock %}
|
||||||
|
|
||||||
|
{% import "macros.j2" as macros with context %}
|
||||||
|
|
||||||
|
{% if base_package_type == 'rpm' %}
|
||||||
|
{% set mariadb_clustercheck_packages = [
|
||||||
|
'mariadb-server-galera',
|
||||||
|
'xinetd'
|
||||||
|
] %}
|
||||||
|
|
||||||
|
{% elif base_package_type == 'deb' %}
|
||||||
|
{% set mariadb_clustercheck_packages = [
|
||||||
|
'xinetd'
|
||||||
|
] %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{{ macros.install_packages(mariadb_clustercheck_packages | customizable("packages")) }}
|
||||||
|
|
||||||
|
{% if base_package_type == 'deb' %}
|
||||||
|
RUN curl -sSL -o /usr/bin/clustercheck https://src.fedoraproject.org/rpms/mariadb/raw/10.3/f/clustercheck.sh \
|
||||||
|
&& chmod 755 /usr/bin/clustercheck
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% block mariadb_clustercheck_footer %}{% endblock %}
|
||||||
|
{% block footer %}{% endblock %}
|
|
@ -0,0 +1,79 @@
|
||||||
|
FROM {{ namespace }}/{{ image_prefix }}mariadb-base:{{ tag }}
|
||||||
|
{% block labels %}
|
||||||
|
LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build_date }}"
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block mariadb_header %}{% endblock %}
|
||||||
|
|
||||||
|
{% import "macros.j2" as macros with context %}
|
||||||
|
|
||||||
|
{{ macros.configure_user(name='mysql') }}
|
||||||
|
|
||||||
|
{# NOTE(mgoddard): EPEL required for pv package #}
|
||||||
|
{{ macros.enable_extra_repos(['epel', 'mariadb']) }}
|
||||||
|
|
||||||
|
{% if base_package_type == 'rpm' %}
|
||||||
|
{% set mariadb_packages = [
|
||||||
|
'expect',
|
||||||
|
'galera',
|
||||||
|
'hostname',
|
||||||
|
'mariadb-backup',
|
||||||
|
'mariadb-server-galera',
|
||||||
|
'mariadb-server-utils',
|
||||||
|
'pv',
|
||||||
|
'rsync',
|
||||||
|
'tar'
|
||||||
|
] %}
|
||||||
|
|
||||||
|
{% elif base_package_type == 'deb' %}
|
||||||
|
{% set mariadb_packages = [
|
||||||
|
'expect',
|
||||||
|
'mariadb-backup',
|
||||||
|
'mariadb-server'
|
||||||
|
] %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{{ macros.install_packages(mariadb_packages | customizable("packages")) }}
|
||||||
|
|
||||||
|
COPY mariadb_sudoers /etc/sudoers.d/kolla_mariadb_sudoers
|
||||||
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
COPY security_reset.expect /usr/local/bin/kolla_security_reset
|
||||||
|
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
||||||
|
&& chmod 755 /usr/local/bin/kolla_security_reset \
|
||||||
|
&& chmod 750 /etc/sudoers.d \
|
||||||
|
&& chmod 440 /etc/sudoers.d/kolla_mariadb_sudoers \
|
||||||
|
&& rm -rf /var/lib/mysql/*
|
||||||
|
|
||||||
|
{% if base_package_type == 'deb' %}
|
||||||
|
RUN mkdir -p /var/run/mysqld && chown mysql /var/run/mysqld && chmod 755 /var/run/mysqld
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
COPY backup.sh /usr/local/bin/kolla_mariadb_backup.sh
|
||||||
|
RUN chmod 755 /usr/local/bin/kolla_mariadb_backup.sh
|
||||||
|
|
||||||
|
{% if docker_healthchecks %}
|
||||||
|
{% block healthcheck_installation %}
|
||||||
|
|
||||||
|
COPY healthcheck_mariadb /usr/local/bin/healthcheck_mariadb
|
||||||
|
RUN chmod 755 /usr/local/bin/healthcheck_mariadb
|
||||||
|
|
||||||
|
{% endblock %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if use_dumb_init %}
|
||||||
|
{% block mariadb_entrypoint %}
|
||||||
|
# NOTE(mgoddard): Override the dumb-init arguments to avoid passing
|
||||||
|
# --single-child. This does not play well with mysqld_safe, which ignores
|
||||||
|
# SIGTERM, meaning Docker needs to forcibly kill the container to stop it.
|
||||||
|
# Without --single-child, the TERM signal is sent to all subprocesses,
|
||||||
|
# including mysqld.
|
||||||
|
|
||||||
|
ENTRYPOINT ["dumb-init", "--"]
|
||||||
|
CMD ["kolla_start"]
|
||||||
|
{% endblock %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% block mariadb_footer %}{% endblock %}
|
||||||
|
{% block footer %}{% endblock %}
|
||||||
|
|
||||||
|
USER mysql
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
# Execute a full backup
|
||||||
|
backup_full() {
|
||||||
|
echo "Taking a full backup"
|
||||||
|
mariabackup \
|
||||||
|
--defaults-file=/etc/mysql/my.cnf \
|
||||||
|
--backup \
|
||||||
|
--stream=xbstream \
|
||||||
|
--history=$(date +%d-%m-%Y) | gzip > \
|
||||||
|
$BACKUP_DIR/mysqlbackup-$(date +%d-%m-%Y-%s).qp.xbc.xbs.gz
|
||||||
|
}
|
||||||
|
|
||||||
|
# Execute an incremental backup
|
||||||
|
backup_incremental() {
|
||||||
|
echo "Taking an incremental backup"
|
||||||
|
mariabackup \
|
||||||
|
--defaults-file=/etc/mysql/my.cnf \
|
||||||
|
--backup \
|
||||||
|
--stream=xbstream \
|
||||||
|
--incremental-history-name=$(date +%d-%m-%Y) \
|
||||||
|
--history=$(date +%d-%m-%Y) | gzip > \
|
||||||
|
$BACKUP_DIR/incremental-$(date +%H)-mysqlbackup-$(date +%d-%m-%Y-%s).qp.xbc.xbs.gz
|
||||||
|
}
|
||||||
|
|
||||||
|
BACKUP_DIR=/backup/
|
||||||
|
cd $BACKUP_DIR
|
||||||
|
|
||||||
|
if [ -n $BACKUP_TYPE ]; then
|
||||||
|
case $BACKUP_TYPE in
|
||||||
|
"full")
|
||||||
|
backup_full
|
||||||
|
;;
|
||||||
|
"incremental")
|
||||||
|
backup_incremental
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Only full or incremental options are supported."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
echo "You need to specify either full or incremental backup options."
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -0,0 +1,58 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
: ${MARIADB_LOG_DIR:=/var/log/kolla/mariadb}
|
||||||
|
|
||||||
|
function bootstrap_db {
|
||||||
|
mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
|
||||||
|
# Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
|
||||||
|
# NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
|
||||||
|
# Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
|
||||||
|
TIMEOUT=${DB_MAX_TIMEOUT:-60}
|
||||||
|
while [[ ! -S /var/lib/mysql/mysql.sock ]] && \
|
||||||
|
[[ ! -S /var/run/mysqld/mysqld.sock ]] || \
|
||||||
|
[[ ! -f /var/lib/mysql/mariadb.pid ]]; do
|
||||||
|
if [[ ${TIMEOUT} -gt 0 ]]; then
|
||||||
|
let TIMEOUT-=1
|
||||||
|
sleep 1
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
sudo -E kolla_security_reset
|
||||||
|
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||||
|
mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
|
||||||
|
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
||||||
|
}
|
||||||
|
|
||||||
|
# Create log directory, with appropriate permissions
|
||||||
|
if [[ ! -d "${MARIADB_LOG_DIR}" ]]; then
|
||||||
|
mkdir -p ${MARIADB_LOG_DIR}
|
||||||
|
fi
|
||||||
|
if [[ $(stat -c %a ${MARIADB_LOG_DIR}) != "755" ]]; then
|
||||||
|
chmod 755 ${MARIADB_LOG_DIR}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This catches all cases of the BOOTSTRAP variable being set, including empty
|
||||||
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
|
mysql_install_db
|
||||||
|
bootstrap_db
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# This catches all cases of the KOLLA_UPGRADE variable being set, including empty
|
||||||
|
if [[ "${!KOLLA_UPGRADE[@]}" ]]; then
|
||||||
|
# The mysql_upgrade command treats any directories under /var/lib/mysql as
|
||||||
|
# databases. Somehow we can end up with a .pki directory, which causes the
|
||||||
|
# command to fail with this error:
|
||||||
|
# Incorrect database name '#mysql50#.pki' when selecting the database
|
||||||
|
# There doesn't seem to be anything in the directory, so remove it.
|
||||||
|
rm -rf /var/lib/mysql/.pki
|
||||||
|
|
||||||
|
mysql_upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${!BOOTSTRAP_ARGS[@]}" ]]; then
|
||||||
|
ARGS="${BOOTSTRAP_ARGS}"
|
||||||
|
fi
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
MYSQL_USERNAME="${MYSQL_USERNAME:=-haproxy}"
|
||||||
|
MYSQL_TIMEOUT=10
|
||||||
|
|
||||||
|
MYSQL_CMDLINE="mysql -nNE --connect-timeout=${MYSQL_TIMEOUT} -u ${MYSQL_USERNAME}"
|
||||||
|
|
||||||
|
WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state_comment';")
|
||||||
|
|
||||||
|
if [[ "${WSREP_STATUS}" == "Synced" ]]
|
||||||
|
then
|
||||||
|
echo "MariaDB Galera Cluster Node is synced."
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
echo "MariaDB Galera Cluster Node is NOT synced"
|
||||||
|
exit 0
|
||||||
|
fi
|
|
@ -0,0 +1 @@
|
||||||
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset
|
|
@ -0,0 +1,58 @@
|
||||||
|
#!/usr/bin/expect -f
|
||||||
|
|
||||||
|
if [catch {set timeout $env(DB_MAX_TIMEOUT)}] {set timeout 10}
|
||||||
|
spawn mysql_secure_installation
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Enter current password for root (enter for none):' prompt\n"; exit 1 }
|
||||||
|
"Enter current password for root (enter for none):"
|
||||||
|
}
|
||||||
|
send "\r"
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Set root password?' prompt\n"; exit 1 }
|
||||||
|
"Set root password?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'New password:' prompt\n"; exit 1 }
|
||||||
|
"New password:"
|
||||||
|
}
|
||||||
|
send "$env(DB_ROOT_PASSWORD)\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Re-enter new password:' prompt\n"; exit 1 }
|
||||||
|
"Re-enter new password:"
|
||||||
|
}
|
||||||
|
send "$env(DB_ROOT_PASSWORD)\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Remove anonymous users?' prompt\n"; exit 1 }
|
||||||
|
"Remove anonymous users?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Disallow root login remotely?' prompt\n"; exit 1 }
|
||||||
|
"Disallow root login remotely?"
|
||||||
|
}
|
||||||
|
send "n\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Remove test database and access to it?' prompt\n"; exit 1 }
|
||||||
|
"Remove test database and access to it?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
|
||||||
|
expect {
|
||||||
|
timeout { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||||
|
eof { send_user "\nFailed to get 'Reload privilege tables now?' prompt\n"; exit 1 }
|
||||||
|
"Reload privilege tables now?"
|
||||||
|
}
|
||||||
|
send "y\r"
|
||||||
|
expect eof
|
Loading…
Reference in New Issue