Mariadb: move to mariabackup as wsrep sst method

This PS moves mariadb to use mariabackup as the wsrep sst method. Change-Id: Icc1c27d72a3bee5aaa091cdf3ca6cff0c5509f30 Signed-off-by: Pete Birley <pete@port.direct>
2019-03-29 11:43:54 -05:00 · 2019-03-29 11:43:54 -05:00 · 8863bcfc11
parent 15a0cd7c2b
commit 8863bcfc11
7 changed files with 75 additions and 21 deletions
--- a/mariadb/templates/bin/_start.py.tpl
+++ b/mariadb/templates/bin/_start.py.tpl
@ -93,6 +93,15 @@ if check_env_var("MYSQL_DBADMIN_USERNAME"):
    mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
 if check_env_var("MYSQL_DBADMIN_PASSWORD"):
    mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
+if check_env_var("MYSQL_DBSST_USERNAME"):
+    mysql_dbsst_username = os.environ['MYSQL_DBSST_USERNAME']
+if check_env_var("MYSQL_DBSST_PASSWORD"):
+    mysql_dbsst_password = os.environ['MYSQL_DBSST_PASSWORD']
+
+if mysql_dbadmin_username == mysql_dbsst_username:
+    logger.critical(
+        "The dbadmin username should not match the sst user username")
+    sys.exit(1)

 # Set some variables for tuneables
 cluster_leader_ttl = 120
@ -245,16 +254,17 @@ def mysqld_bootstrap():
            "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
            "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
            "DROP DATABASE IF EXISTS test ;\n"
+            "CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
+            "GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
            "FLUSH PRIVILEGES ;\n"
-            "SHUTDOWN ;".format(mysql_dbadmin_username,
-                                mysql_dbadmin_password))
+            "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
+                                mysql_dbsst_username, mysql_dbsst_password))
        bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
        with open(bootstrap_sql_file, 'w') as f:
            f.write(template)
            f.close()
        run_cmd_with_logging([
-            'mysqld',
-            '--bind-address=127.0.0.1',
+            'mysqld', '--bind-address=127.0.0.1',
            '--wsrep_cluster_address=gcomm://',
            "--init-file={0}".format(bootstrap_sql_file)
        ], logger)
@ -505,8 +515,7 @@ def update_grastate_on_restart():
                    stderr=subprocess.PIPE)
                out, err = wsrep_recover.communicate()
                for item in err.split("\n"):
-                    logger.info(
-                        "Recovering wsrep position: {0}".format(item))
+                    logger.info("Recovering wsrep position: {0}".format(item))
                    if "WSREP: Recovered position:" in item:
                        line = item.strip().split()
                        wsrep_rec_pos = line[-1].split(':')[-1]
@ -603,8 +612,7 @@ def get_nodes_with_highest_seqno():
        if key == 'seqno':
            seqnos[node] = value
    max_seqno = max(seqnos.values())
-    max_seqno_nodes = sorted(
-        [k for k, v in seqnos.items() if v == max_seqno])
+    max_seqno_nodes = sorted([k for k, v in seqnos.items() if v == max_seqno])
    return max_seqno_nodes


@ -617,7 +625,7 @@ def resolve_leader_node(nodename_array):
    lowest = sys.maxint
    leader = nodename_array[0]
    for nodename in nodename_array:
-        nodenum = int(nodename[nodename.rindex('-')+1:])
+        nodenum = int(nodename[nodename.rindex('-') + 1:])
        logger.info("Nodename %s has nodenum %d", nodename, nodenum)
        if nodenum < lowest:
            lowest = nodenum
@ -625,6 +633,7 @@ def resolve_leader_node(nodename_array):
    logger.info("Resolved leader is %s", leader)
    return leader

+
 def check_if_i_lead():
    """Check on full restart of cluster if this node should lead the cluster
    reformation."""
@ -718,18 +727,20 @@ def run_mysqld(cluster='existing'):
                ], logger)

    logger.info("Setting the root password to the current value")
-    template = ("CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
-                "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
-                "FLUSH PRIVILEGES ;\n"
-                "SHUTDOWN ;".format(mysql_dbadmin_username,
-                                    mysql_dbadmin_password))
+    template = (
+        "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
+        "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
+        "CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
+        "GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
+        "FLUSH PRIVILEGES ;\n"
+        "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
+                            mysql_dbsst_username, mysql_dbsst_password))
    bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
    with open(bootstrap_sql_file, 'w') as f:
        f.write(template)
        f.close()
    run_cmd_with_logging([
-        'mysqld',
-        '--bind-address=127.0.0.1',
+        'mysqld', '--bind-address=127.0.0.1',
        '--wsrep_cluster_address=gcomm://',
        "--init-file={0}".format(bootstrap_sql_file)
    ], logger)
--- a/mariadb/templates/configmap-bin.yaml
+++ b/mariadb/templates/configmap-bin.yaml
@ -16,6 +16,9 @@ limitations under the License.

 {{- if .Values.manifests.configmap_bin }}
 {{- $envAll := . }}
+{{ if eq .Values.endpoints.oslo_db.auth.admin.username .Values.endpoints.oslo_db.auth.sst.username }}
+{{ fail "the DB admin username should not match the sst user username" }}
+{{ end }}
 ---
 apiVersion: v1
 kind: ConfigMap
--- a/mariadb/templates/etc/_00-base.cnf.tpl
+++ b/mariadb/templates/etc/_00-base.cnf.tpl
@ -95,9 +95,8 @@ wsrep_on=1
 wsrep_provider=/usr/lib/galera/libgalera_smm.so
 wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
 wsrep_slave_threads=12
-wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
-# FIXME(portdirect): use rsync for compatibility between image variations
-wsrep_sst_method=rsync
+wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
+wsrep_sst_method=mariabackup

 [mysqldump]
 max-allowed-packet=16M
--- a/mariadb/templates/secret-dbadmin-password.yaml
+++ b/mariadb/templates/secret-dbadmin-password.yaml
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

-{{- if .Values.manifests.secret_db }}
+{{- if .Values.manifests.secret_dbadmin_password }}
 {{- $envAll := . }}
 ---
 apiVersion: v1
--- a/mariadb/templates/secret-sst-password.yaml
+++ b/mariadb/templates/secret-sst-password.yaml
@ -0,0 +1,27 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_sst_password }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mariadb-dbsst-password
+type: Opaque
+data:
+  MYSQL_DBSST_PASSWORD: {{ .Values.endpoints.oslo_db.auth.sst.password | b64enc }}
+{{- end }}
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@ -74,6 +74,7 @@ metadata:
    configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
    configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
+    mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
  labels:
 {{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 spec:
@ -91,6 +92,8 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+        mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
+        mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      shareProcessNamespace: true
      serviceAccountName: {{ $serviceAccountName }}
@ -143,6 +146,13 @@ spec:
                secretKeyRef:
                  name: mariadb-dbadmin-password
                  key: MYSQL_DBADMIN_PASSWORD
+            - name: MYSQL_DBSST_USERNAME
+              value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
+            - name: MYSQL_DBSST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-dbsst-password
+                  key: MYSQL_DBSST_PASSWORD
          ports:
            - name: mysql
              protocol: TCP
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@ -277,6 +277,9 @@ endpoints:
      admin:
        username: root
        password: password
+      sst:
+        username: sst
+        password: password
      exporter:
        username: exporter
        password: password
@ -334,7 +337,8 @@ manifests:
      service_exporter: true
  pdb_server: true
  network_policy: false
-  secret_db: true
+  secret_dbadmin_password: true
+  secret_sst_password: true
  secret_etc: true
  service_discovery: true
  service_ingress: true