18 Commits

Author SHA1 Message Date
Jeffrey Zhang
502196d8fa Add --wsrep-new-cluster option back in the bootstrap_db function
Ia2acb09e877a586243fc1acb49d8d140cf27d7b5 removed the
"--wsrep-new-cluster" option and left "--wsrep-on=OFF".
But it seems "--wsrep-on=OFF" won't work with mariadb 10.0. and In
Ubuntu, we are still using mariadb 10.0.

Try to add --wsrep-new-cluster back

Change-Id: I4d382d1b9c83def62dc85a773580c8c6b2500f68
2018-01-22 17:36:22 +08:00
Xinliang Liu
6ff3a55aed Fix MariaDB bootstrap for 10.1 version
Option "wsrep_on" behaves differently between 10.0 and 10.1 [1]:
"Before MariaDB 10.1, even though this variable is ON by default,
its value get automatically adjusted based on whether mandatory
configurations to turn on Galera replication have been specified.
Since MariaDB 10.1, it is set to OFF by default and must be turned
on to enable Galera replication."

So on MariaDB 10.0 although wsrep_on set to OFF, its value will
automatically adjusted to ON because wsrep mandatory configurations
are set. Whereas on MariaDB 10.1, it will failed at galera provider
'wsrep_ready' checking because wsrep_on is set to OFF.

We can set wsrep_on to ON to handle both 10.0 and 10.1.

But, the point is that the cluster bits, which are creating a cluster
and wsrep_ready checking, are no need at bootstrap stage.

At bootstrap stage it mainly do two things:
Creating required system DBs (by mysql_install_db)
and securing the mariadb (by bootstrap_db).

After the bootstrap stage, it will create a cluster when starting the
first node.

[1] https://mariadb.com/kb/en/library/galera-cluster-status-variables/#wsrep_ready

Partial-Bug: 1740060
Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: Ia2acb09e877a586243fc1acb49d8d140cf27d7b5
2018-01-04 09:31:22 +08:00
Serguei Bezverkhi
5e07cc1ab4 Fixing mariadb bootstrap failure in kolla-kubernetes
With latest master, mariadb is failing to bootstrap in kolla-kubernetes
cluster. The issue is with the name of mysql pid file. When it is not forced
in the command line, in kolla kubernetes it gets created in the form of
mariadb-init-element-xqg4b.pid where mariadb-init-element-xqg3b is pod name,
but bootstrap scripts explicitely checks for mysql.pid.

Change-Id: Ic0ee577d73d196ef40354efa51ca3ba60bf4e125
Closes-Bug: #1704671
2017-07-16 15:15:47 -04:00
Steven Dake
4607ab5e53 Remove sudo operations that are no longer necessary
set_configs.py has logic to handle chown of directories.  Simplify
the codebase by removing these unnessary chowns.  Further the chowns
cause some forms of NFS backed storage to not work properly.

Change-Id: I8df95d06b1010778deb3e2a3065aaab26ed2eb6a
Closes-Bug: #1693973
2017-05-26 21:40:31 -07:00
huweihua
f1d143128e check mariadb galera status in every loop.
in extend_start.sh, if Mariadb galera is not ready at first time, it will sleep 60s and then exit 1.
we should check it`s status every time in the loop.

Change-Id: I89174969687eecbf467ca3cad9aad1bfbfb8c4fe
Closes-Bug: #1676316
2017-03-27 17:04:17 +08:00
Sam Yaple
ae8df40b03 Disable networking during bootstrapping
There is no reason to have networking active while bootstrapping the
initial mysql folder structure. It is an additional attack vector that
serves no purpose.

Change-Id: Ia636ba9f563dbfb969dbfb613198c98748ee8a3c
2016-12-31 21:17:16 +00:00
Jeffrey Zhang
4417ffbfab Wait the wsrep_ready to be ON in mariadb
Mariadb galera will be ready only when wsrep_ready to be ON, rather then
wsrep_cluster_status is equal to Primary.

Closes-Bug: #1639838
Change-Id: I9ef60a39a195057eeee0404a39b174cc8feed793
2016-11-07 15:30:35 +00:00
Serguei Bezverkhi
cafdbb35d9 Mariadb bootstrap - no need to check for cluster ready in Kube
The change c7c87909 has introduced an unconditional check
for wsrep cluster during bootstrap process whether is ready or not
and if it is not, bootstrap fails.
In kubernetes environment wsrep driver is set to none, cluster will
NEVER reach ready state hence causing kubernetes mariadb bootstrap job
failure.

Closes-Bug: #1623662

Change-Id: I0e6fc098861b7eeab544229d0b04a78fa498ddb9
2016-09-14 17:22:26 -04:00
Hui Kang
c7c879095f Fix mariadb bootstrap error
Wait until the mariadb cluster is fully functional
- check existence of mariadb.pid is insufficient because the cluster
  may not be fully prepared

Change-Id: I611b38f7dbc8032c42aee2a040fb1210b4bee7eb
closes-bug: #1614363
2016-09-13 04:25:38 +00:00
Ryan Hallisey
994d1e50a5 Add kolla-kubernetes bootstrap capability to mariadb
Kolla-kubernetes requires there be an alternative way to bootstrap
the container.  Kolla-kubernetes uses the Kubernetes API endpoint to
read information about the cluster so that the bootstrap process runs
serially.

Partially-implements: blueprint kolla-kubernetes-extended-dockerfiles
Change-Id: I6185f2522b1151c934871a1ad2387f0001c0a320
Co-authored-by: Ken Wronkiewicz <wh-openstack@wirewd.com>
2016-06-05 11:28:24 -04:00
SamYaple
afce10dea4 Fix mysql bootstrap
The lightsout recover patch broke multinode mysql. Also the lightsout
recovery didnt probably pass the --wsrep-new-cluster flag. This
updates the mariadb bootstrap to work with multinode again.

Closes-Bug: #1559480
Related-Id: I903c3bcd069af39814bcabcef37684b1f043391f
Change-Id: I1ec91a8b2144930ea8f04cc1c201b53712352e4e
2016-03-21 12:23:00 +00:00
SamYaple
2aaaed770e MariaDB lights out recovery
This playbook only matters for multinode since AIO can recover from
power outage without additional configuration.

DocImpact
Implements: blueprint mariadb-lights-out
Change-Id: I903c3bcd069af39814bcabcef37684b1f043391f
2016-03-16 15:53:44 +00:00
Éric Lemoine
4445c81991 Make Heka collect MariaDB logs
Partially implements: blueprint heka
Change-Id: Ib5e740683cee296bcac69228f525594850d62a27
2016-02-19 21:49:21 +00:00
SamYaple
7e2ce01431 Cleanup mariadb and make compatiable with mesos
There is no reason to have a hostname-unique pidfile in the container
as we currently have. This posed problems with kolla-mesos reusing
the same script. Since there is no reason for this pidfile to be
configurable in path _at_ _all_, we hardcode the path.

Additionally, we adjust the file perm change to only update the perms
on the folder if it is not already properly set.

This also incorperates a kolla-ansible file in the bootstrap process
which follows our other container techniques of using the idempotent
creation of a volume in the bootstrap process (see nova)

TrivialFix
Related-Bug: #1538136
Change-Id: I2380529fc7146a9603145cdc31e649cb8841f7dd
2016-01-28 20:26:41 +00:00
Sidharth Surana
37d44444d7 Make galeradb bootstraping robust
Currently, there are arbitrary wait for mariadb service startup.
However, this leads to nondeterministic results in the current
workflow. This patch tries to make the workflow more deterministic.

Change-Id: I3c6245cce93c7ff0d3d57cb2ae065a1ed1487769
Closes-Bug: #1491782
2016-01-04 09:10:04 -08:00
Steven Dake
4c9e15b94e Drop root privileges for mariadb
Drop root privileges for mariadb.  This isn't perfect.  If somemone
breaks out of the container and can run sudo within the contianer,
it would be possible to replace the root credentials of the database.

Any container that uses sudo suffers from some extra attack vector
related to the sudo command.  That said, the sudo commands are
locked down to minimize harm.

Change-Id: I4b3573725d940bb8aa90d43a6235d8cf7d30fc64
Partially-Implements: blueprint drop-root
2015-11-12 03:12:40 -05:00
Steven Dake
09e9b1be33 Move the mariadb expect code to a script
Atleast in a script, sudo can be made to only allow the script to
run from the mysql process in the future, versus all the proceesses
being able to be executed as root presently.

Change-Id: I030b57086e37e4dc8f668f98c04335d94ab9d2b0
Partially-Implements: blueprint drop-root
2015-11-11 18:42:07 -05:00
Sam Yaple
cb4e875ae1 Common start.sh
The majority of the start.sh code is identical. This removes that
duplicate code while still maintaining the ability to call code in a
specific container.

The start.sh is moved into /usr/local/bin/kolla_start in the container

The extend_start.sh script is called by the kolla_start script at the
location /usr/local/bin/kolla_extend_start . It always exists because
we create a noop kolla_extend_start in the base directory. We override
it with extend_start.sh in a specific image should we need to.

Of note, the neutron-agents container is exempt from this new
structure due to it being a fat container.

Additionally, we fix the inconsistent permissions throughout. 644 for
repo files and the scripts are set to 755 via a Docker RUN command to
ensure someones local perm change won't break upstream containers.

Change-Id: I7da8d19965463ad30ee522a71183e3f092e0d6ad
Closes-Bug: #1501295
2015-10-06 03:30:26 +00:00