716 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov
3add3ee734 Auto-fix yaml rules
In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.

In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.

Change-Id: I5f7e27158a4bf8f4bf14d4a5e32cc9204441da02
2025-02-12 08:21:19 +01:00
Dmitriy Rabotyagov
77995baef7 Add molecule testing for the role
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/939771
Change-Id: I5e11a0309c3ba4a35f4fafb5927799d7d7b449f0
2025-01-22 19:14:21 +01:00
Dmitriy Rabotyagov
e31cc13254 Use module_hotfixes for yum_repository
Since ansible-core 2.11 it's possible to use module_hotfixes argument of
yum_repository instead of standalone task. This improves role
idempotency and simplifies logic.

Change-Id: I65a79d82816665dc903c259eab11c8f02361e51d
2025-01-22 14:48:04 +01:00
Dmitriy Rabotyagov
25eba0bab6 Extend example playbook to contain valid values
In case of standalone deployment of the role, it's important to avoid
client-installation on server-side, as this causes a race condition,
where deployed my.cnf is used before the respective user is created.

Patch also adds all requirements which needed for the role execution
in a standalone mode.

Change-Id: I0900e1d413a80020ca4dfe7477499da25eb64689
2025-01-21 18:47:19 +01:00
Dmitriy Rabotyagov
f773a8fb23 Use rhel packages for all EL-based distros
With migration to mirror.mariadb.org repo path for CentOS was incorrect
as logic for CentOS/Rocky is quite different in terms of resulting
path in repo.

With that RHEL might be a universal one which would satisfy both parties
without need for more complex logic in role.

Change-Id: I7ed89d7e8a6338564d86548a797b9f40ba43b0df
2024-11-19 16:41:24 +01:00
Jonathan Rosser
ef1bb11cb3 Update mariadb to 11.4.4
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/934430
Change-Id: Id20fa5e0b5dc0b2c1e5330799e0edbc20bbd2605
2024-11-08 14:20:39 +00:00
Jonathan Rosser
bfb7999346 Use mirror.mariadb.org to install packages from
This has packages for Ubuntu Noble which are missing from
download.mariadb.com.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/934037
Change-Id: Ia3c21e0606e4bfe8918cc8ed90207b8e66767876
2024-11-05 10:31:57 +00:00
Dmitriy Rabotyagov
e5b4fd0d55 Map all relevant architectures for deb822 repository setup
At the moment we fixup only x86_64 arch while there way more arches
in the wild. So it's worth to have a mapping for architectures in place
rather then maintain quite complex replaces.

Related-Bug: #2081764
Change-Id: Ic1582465c7c822a1f41bf7acd06e154b7bc238b3
2024-09-24 11:22:15 +02:00
Jonathan Rosser
c10ce105e6 Improve handling of galera_install_method changing
Instead of using a conditional block, use the "state" parameter
of the yum_repository module to ensure that the repo
config is correctly added/removed if galera_install_method is
changed after initial deployment.

Change-Id: I442e44a2d414896799d8223d8fe6c120894fc67c
2024-09-16 10:01:27 +00:00
Jonathan Rosser
e01b9194b4 Manage apt repositores and keys using deb822_repository module
The apt-key module is deprecated so the code is refactored to allow
any of the deb822_repository features to used instead.

Change-Id: I1363c6d46e5fc6aad3887b0d6c0c439034026ee2
2024-09-09 12:57:36 +00:00
Jonathan Rosser
c4137b3169 Update to version 10.11.8
This gets packages for Ubuntu Noble available in the repository.

Change-Id: Ia8abcfe0df532ace3333c78d4c5e00320e169d3c
2024-07-19 12:23:24 +00:00
Jonathan Rosser
516c1c255c Remove installation of libaio1
This package does not exist in Ubuntu Noble.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/924384
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/924474
Change-Id: I37ffedcb9c76ebaf1b2cfc27a2ae90990c39cc7c
2024-07-19 12:23:20 +00:00
Dmitriy Rabotyagov
7b57dd9b83 Remove xinetd clean-up tasks
Change-Id: I77cc32f49864f7caaad52150cc6684a488caa128
2024-07-02 15:27:27 +00:00
Gaudenz Steinlin
da6abc6d0a
Fix condition in cluster state checks
Conditions in Ansible "when" clauses are combined with "and". But the
cluster check should fail if only one of these conditions is true.

Additionally the second condition on the node status check was inversed.
It checked for a healthy node.

Change-Id: Ib2cd632f437c4771452c22f77bedd3012f37b86b
2024-06-20 12:46:06 +02:00
Zuul
8341e3abd5 Merge "reno: Update master for unmaintained/zed" 2024-06-06 11:10:03 +00:00
Zuul
87a3d651cd Merge "Add distro infra jobs" 2024-05-14 02:34:59 +00:00
6ba4b0aed8 reno: Update master for unmaintained/zed
Update the zed release notes configuration to build from
unmaintained/zed.

Change-Id: I591ab8edd290af9d544dfe3270f974d556b1bf2c
2024-05-10 18:52:38 +00:00
Zuul
5bc8676f84 Merge "Ensure find is installed on MariaDB containers" 2024-05-03 21:00:12 +00:00
Zuul
90294f065a Merge "Implement installation method selection for MariaDB role" 2024-05-03 21:00:10 +00:00
Dmitriy Rabotyagov
d0266d5ded Add distro infra jobs
These jobs aims to ensure that infra can be installed through distro
method
and it still executes it's required functionality.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/914649
Depends-On: https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/915080
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/915089
Change-Id: I6182bcffb232277a827c726a916ab737564c4989
2024-04-26 11:50:54 +00:00
Dmitriy Rabotyagov
64b54f2458 Ensure find is installed on MariaDB containers
wsrep_sst_mariabackup script that syncs data for members joining cluster
leverages `find` util heavily. While Ubuntu LXC image seems to contain
it out of the box, EL does miss it. While we do not see any issues due
to missing `find` on modern MariaDB, script still apparently relies on
it's existance, though can handle cases when it's not present.
Still let's ensure it's present, as it feels playing important role.

Change-Id: Ia10a9ab589275f18ff2c92a21cd2ff9aeac07567
2024-04-26 13:50:22 +02:00
Dmitriy Rabotyagov
046cd1364e Implement installation method selection for MariaDB role
This should allow easily switch to using distro-porvided version of MariaDB
rather then installed from external repo which is aligned in version across
all distributions.

Change-Id: I203aa8e6ac5d0c7f604c3342a400aabad34729d9
2024-04-05 09:21:16 +00:00
Jimmy McCrory
3f02976760 Additional TLS configuration options
Add variables `galera_require_secure_transport` and `galera_tls_version`
for requiring encrypted connections to the server and providing the list
of permitted protocols of those connections when `galera_use_ssl` is
enabled.

Change-Id: I28c548a5ee778c4957dc73e3547d585344755c0f
Depends-On: I6b77c828d251aeee53b83404e7e3131e3f61cbb1
Depends-On: I23d839e75b202d0400aeefe6e98c429e16ecd37e
2024-03-11 11:02:48 -07:00
Jonathan Rosser
e697948b34 Bump version to latest stable release of MariaDB 10.11
Change-Id: I9735ecba0db5cffd8b3c2b0e24a41bcfa5856a0e
2024-01-15 17:52:50 +00:00
Andrew Bonney
229ae217c1 Fix ignored database directories configuration
Confusingly, the variable ignore_db_dirs is set by passing it
multiple times in the configuration file, once per directory.
It is then read as a comma separated list, but cannot be set
in this way.
https://mariadb.com/kb/en/server-system-variables/#ignore_db_dirs

Without this, the mariadb-upgrade script can fail as it attempts
to process invalid databases.

Change-Id: Ie997393935e04e127893643e4c72d7af07e993ff
2023-11-14 09:31:16 +00:00
Jonathan Rosser
28ac2fc7ee Bump galera version to 10.11.5
The repo for this point release includes packages for debian bookworm.

Change-Id: Ifeb558d92ff1a153ecd523f7f2897e143a66933c
2023-10-17 11:08:05 +00:00
David Hitze
3e2afc1e4e Added vars to override systemd for mariabackup
Added variables ``galera_backups_full_init_overrides`` and
``galera_backups_increment_init_overrides`` that can be leveraged to
override default set of systemd unit file for mariadb backups.

Change-Id: Ib15c60dc577b376b1f761c4266eea89c4cb0be9f
2023-09-11 15:34:38 +02:00
Zuul
626b6cf6b5 Merge "Fix role metadata" 2023-09-04 16:33:45 +00:00
Dmitriy Rabotyagov
1ae0dd6165 Install compatibility package for mariadb-dev
For compatibility with mysqlclient and to ensure that pkg-config will
successfully find required libraries, comapt package is required to be
installed.

Change-Id: I0cd4073c276a10e5cce727b360ab99ec790e30eb
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/888985
2023-08-31 17:01:17 +02:00
Zuul
486c5d07b8 Merge "Remove galera-4 package during upgrades to force version up" 2023-08-30 10:10:00 +00:00
Dmitriy Rabotyagov
0355ab5335 Fix role metadata
A role name should match a specific patter, which does not include
hyphen. So we define role_name and namespace in
role metadata.

This is follow-up change to [1]

[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/888132

Change-Id: Idbf20d88a12a7208546c4284143fd4058f7b261f
2023-08-22 13:34:28 +02:00
Zuul
e8663b04ed Merge "Fix linters issue and metadata" 2023-08-18 15:16:42 +00:00
Dmitriy Rabotyagov
91f578f2c0 Fix linters issue and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
2023-08-09 14:42:56 +00:00
Dmitriy Rabotyagov
c12dc00258 Replace libgcc1 with libgcc-s1 for Debian
libgcc1 is a meta package for Ubuntu 22.04, thus it's worth to
replace it with what this meta package actually provides.

Change-Id: Ie95d42533e85f8e46d9c3d2c2691fed372144615
2023-08-08 19:52:49 +02:00
Andrew Bonney
27cd830c65 Remove galera-4 package during upgrades to force version up
Current upgrades leave the galera-4 package in place which
can cause incompatibilities when the mariadb binaries are
updated.

By forcing removal of this package during upgrades it should
be re-installed with a version matching the rest of the
mariadb packages.

RHEL distros already have a removal step for galera-*

Change-Id: I99d993a7c466cb744136bd06f4ab2e21c2569151
Closes-Bug: #2028946
2023-08-08 13:40:19 +01:00
Zuul
2034d9bf4b Merge "Do not use notify inside handlers" 2023-07-18 11:27:55 +00:00
Dmitriy Rabotyagov
cef3aa94f6 Remove warn argument for command/shell
Since ansible-core 2.14 you can't use warn as module argument.

Change-Id: Id5ae73222a1109ad13b0b70ba3d02063d931ff90
2023-07-06 18:18:48 +02:00
Dmitriy Rabotyagov
6eef428a42 Do not use notify inside handlers
Since latest ansible handlers are not triggered inside the same
handlers flush, which means that triggering mysql restart
the way we did does not work anymore. So instead of
notifying inside handlers, we add listen key to tasks
that are triggered by these newly produced notifications.

Change-Id: I8ebb8ca00b022ae94bafa033110fc365eb673364
2023-07-03 16:49:41 +02:00
Simon Hensel
60009ed7ce Add optional compression to mariabackup
As database backups can grow substantially in size, compressing backups
helps to preserve disk space.
While the mariabackup utility offers no compression by itself, we can
stream the backup into a compression tool to create an archive [1].
The xtrabackup_checkpoints file, which contains metadata on a backup,
gets stored alongside the archive, allowing to create incremental
backups from non-compressed backups and vice-versa [2].
One thing to note, is that compressed backups cannot be prepared in
advance, this step must be manually carried out by the user.
Backup compression is disabled by default and different compressors
can be chosen (zstd, xz, ...), with gzip being the default.

[1] https://mariadb.com/kb/en/using-encryption-and-compression-tools-with-mariabackup/
[2] https://mariadb.com/kb/en/incremental-backup-and-restore-with-mariabackup/#combining-with-stream-output

Change-Id: I28c6a0e0b41d4d29c3e79e601de45ea373dee4fb
Signed-off-by: Simon Hensel <simon.hensel@inovex.de>
2023-06-20 15:34:39 +02:00
Dmitriy Rabotyagov
92b5711b94 Define backup randomized delay in defaults
Omit can not be used in timer options, since this is simple mapping
that is passed to the unit file. With that, omit is resolved to a
randomly named omit_place_holder  that ends up in a template.

Se we define a delay to 0, which is default systemd behaviour [1]

[1] https://www.freedesktop.org/software/systemd/man/systemd.timer.html#RandomizedDelaySec=

Change-Id: Ib242e66cfb4a24b7e93144e382e50f124015e3bf
2023-04-20 12:10:14 +00:00
Dmitriy Rabotyagov
670e88071b Define GPG key for repo
With update of GPG key that was made in [1] we broke upgrade path,
since new key is not being updated by gpg_key module and it results
with OK state despite new content it placed to GPG keyfile

With that patch we replace usage of gpg_key with defining gpgkey
option for yum_repository, which treats it way more properly and
fixes upgrade path as well as simplifying overall flow.

[1] https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/879150

Change-Id: Ie322e0e69c5e7b2acd55bc18cf23fed1fa8f4f17
2023-04-06 16:29:49 +02:00
Zuul
da511a2a19 Merge "Upgrade MariaDB to 10.11" 2023-04-04 19:53:02 +00:00
Zuul
78f737e7a7 Merge "Update MariaDB GPG keys for RPM" 2023-04-04 19:52:16 +00:00
Dmitriy Rabotyagov
515bec4165 Upgrade MariaDB to 10.11
10.11 is the next LTS release of MariaDB which has been released
recently. Let's switch to using new LTS from 10.6 that we're using
for quite a while now.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879069
Change-Id: I430acf61fd4fdacdead19d0c5cc2765e017eb3c7
2023-03-31 17:22:15 +00:00
Dmitriy Rabotyagov
cc7deb1f0e Update MariaDB GPG keys for RPM
Since 04.02.2023 MariaDB has updated their GPG key for new releases [1]

[1] https://mariadb.org/new-gpg-release-key-rpms/

Change-Id: Ic79b03e77c6f6154c0a1796985c17851aa0deec6
2023-03-31 13:05:30 +02:00
Sebastian Gumprich
17ff99cedb fix indentation for condition
Change-Id: Ia6712c8847389d6f439c6b768c08a47af91bc3ae
2023-03-06 14:19:48 +01:00
Dmitriy Rabotyagov
8a8d29ea49 Allow maridbcheck socket to FreeBind
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.

To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653
2023-02-09 22:20:23 +01:00
Dmitriy Rabotyagov
bfe6dffee0 Do not forcefully restart socket
With state:restarted for socket it will be restarted on each playbook
run, even when it's not needed. Instead, we should restart socket
only when it's changed.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/871526
Change-Id: Ia7d3d1cbfa3aea934d10262a8556952e58e82953
2023-01-23 19:17:39 +01:00
Zuul
1eb6f73fe6 Merge "Remove "warn" parameter from command module" 2023-01-18 10:19:13 +00:00
Zuul
bb04a62984 Merge "Prevent mariadbcheck.socket to wait for network.target" 2023-01-13 16:48:01 +00:00