In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: I5f7e27158a4bf8f4bf14d4a5e32cc9204441da02
Since ansible-core 2.11 it's possible to use module_hotfixes argument of
yum_repository instead of standalone task. This improves role
idempotency and simplifies logic.
Change-Id: I65a79d82816665dc903c259eab11c8f02361e51d
In case of standalone deployment of the role, it's important to avoid
client-installation on server-side, as this causes a race condition,
where deployed my.cnf is used before the respective user is created.
Patch also adds all requirements which needed for the role execution
in a standalone mode.
Change-Id: I0900e1d413a80020ca4dfe7477499da25eb64689
With migration to mirror.mariadb.org repo path for CentOS was incorrect
as logic for CentOS/Rocky is quite different in terms of resulting
path in repo.
With that RHEL might be a universal one which would satisfy both parties
without need for more complex logic in role.
Change-Id: I7ed89d7e8a6338564d86548a797b9f40ba43b0df
At the moment we fixup only x86_64 arch while there way more arches
in the wild. So it's worth to have a mapping for architectures in place
rather then maintain quite complex replaces.
Related-Bug: #2081764
Change-Id: Ic1582465c7c822a1f41bf7acd06e154b7bc238b3
Instead of using a conditional block, use the "state" parameter
of the yum_repository module to ensure that the repo
config is correctly added/removed if galera_install_method is
changed after initial deployment.
Change-Id: I442e44a2d414896799d8223d8fe6c120894fc67c
The apt-key module is deprecated so the code is refactored to allow
any of the deb822_repository features to used instead.
Change-Id: I1363c6d46e5fc6aad3887b0d6c0c439034026ee2
Conditions in Ansible "when" clauses are combined with "and". But the
cluster check should fail if only one of these conditions is true.
Additionally the second condition on the node status check was inversed.
It checked for a healthy node.
Change-Id: Ib2cd632f437c4771452c22f77bedd3012f37b86b
wsrep_sst_mariabackup script that syncs data for members joining cluster
leverages `find` util heavily. While Ubuntu LXC image seems to contain
it out of the box, EL does miss it. While we do not see any issues due
to missing `find` on modern MariaDB, script still apparently relies on
it's existance, though can handle cases when it's not present.
Still let's ensure it's present, as it feels playing important role.
Change-Id: Ia10a9ab589275f18ff2c92a21cd2ff9aeac07567
This should allow easily switch to using distro-porvided version of MariaDB
rather then installed from external repo which is aligned in version across
all distributions.
Change-Id: I203aa8e6ac5d0c7f604c3342a400aabad34729d9
Add variables `galera_require_secure_transport` and `galera_tls_version`
for requiring encrypted connections to the server and providing the list
of permitted protocols of those connections when `galera_use_ssl` is
enabled.
Change-Id: I28c548a5ee778c4957dc73e3547d585344755c0f
Depends-On: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
Depends-On: I23d839e75b202d0400aeefe6e98c429e16ecd37e
Confusingly, the variable ignore_db_dirs is set by passing it
multiple times in the configuration file, once per directory.
It is then read as a comma separated list, but cannot be set
in this way.
https://mariadb.com/kb/en/server-system-variables/#ignore_db_dirs
Without this, the mariadb-upgrade script can fail as it attempts
to process invalid databases.
Change-Id: Ie997393935e04e127893643e4c72d7af07e993ff
Added variables ``galera_backups_full_init_overrides`` and
``galera_backups_increment_init_overrides`` that can be leveraged to
override default set of systemd unit file for mariadb backups.
Change-Id: Ib15c60dc577b376b1f761c4266eea89c4cb0be9f
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.
Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.
By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.
RHEL distros already have a removal step for galera-*
Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.
Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
As database backups can grow substantially in size, compressing backups
helps to preserve disk space.
While the mariabackup utility offers no compression by itself, we can
stream the backup into a compression tool to create an archive [1].
The xtrabackup_checkpoints file, which contains metadata on a backup,
gets stored alongside the archive, allowing to create incremental
backups from non-compressed backups and vice-versa [2].
One thing to note, is that compressed backups cannot be prepared in
advance, this step must be manually carried out by the user.
Backup compression is disabled by default and different compressors
can be chosen (zstd, xz, ...), with gzip being the default.
[1] https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
[2] https://mariadb.com/kb/en/incremental-backup-and-restore-with-mariabackup/#combining-with-stream-output
Change-Id: I28c6a0e0b41d4d29c3e79e601de45ea373dee4fb
Signed-off-by: Simon Hensel <simon.hensel@inovex.de>
Omit can not be used in timer options, since this is simple mapping
that is passed to the unit file. With that, omit is resolved to a
randomly named omit_place_holder that ends up in a template.
Se we define a delay to 0, which is default systemd behaviour [1]
[1] https://www.freedesktop.org/software/systemd/man/systemd.timer.html#RandomizedDelaySec=
Change-Id: Ib242e66cfb4a24b7e93144e382e50f124015e3bf
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile
With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.
[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150
Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.
To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653