Mariadb: move to mariabackup as wsrep sst method
This PS moves mariadb to use mariabackup as the wsrep sst method. Change-Id: Icc1c27d72a3bee5aaa091cdf3ca6cff0c5509f30 Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
parent
15a0cd7c2b
commit
8863bcfc11
@ -93,6 +93,15 @@ if check_env_var("MYSQL_DBADMIN_USERNAME"):
|
|||||||
mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
|
mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
|
||||||
if check_env_var("MYSQL_DBADMIN_PASSWORD"):
|
if check_env_var("MYSQL_DBADMIN_PASSWORD"):
|
||||||
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
|
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
|
||||||
|
if check_env_var("MYSQL_DBSST_USERNAME"):
|
||||||
|
mysql_dbsst_username = os.environ['MYSQL_DBSST_USERNAME']
|
||||||
|
if check_env_var("MYSQL_DBSST_PASSWORD"):
|
||||||
|
mysql_dbsst_password = os.environ['MYSQL_DBSST_PASSWORD']
|
||||||
|
|
||||||
|
if mysql_dbadmin_username == mysql_dbsst_username:
|
||||||
|
logger.critical(
|
||||||
|
"The dbadmin username should not match the sst user username")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
# Set some variables for tuneables
|
# Set some variables for tuneables
|
||||||
cluster_leader_ttl = 120
|
cluster_leader_ttl = 120
|
||||||
@ -245,16 +254,17 @@ def mysqld_bootstrap():
|
|||||||
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
||||||
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
||||||
"DROP DATABASE IF EXISTS test ;\n"
|
"DROP DATABASE IF EXISTS test ;\n"
|
||||||
|
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
|
||||||
|
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
|
||||||
"FLUSH PRIVILEGES ;\n"
|
"FLUSH PRIVILEGES ;\n"
|
||||||
"SHUTDOWN ;".format(mysql_dbadmin_username,
|
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
|
||||||
mysql_dbadmin_password))
|
mysql_dbsst_username, mysql_dbsst_password))
|
||||||
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
||||||
with open(bootstrap_sql_file, 'w') as f:
|
with open(bootstrap_sql_file, 'w') as f:
|
||||||
f.write(template)
|
f.write(template)
|
||||||
f.close()
|
f.close()
|
||||||
run_cmd_with_logging([
|
run_cmd_with_logging([
|
||||||
'mysqld',
|
'mysqld', '--bind-address=127.0.0.1',
|
||||||
'--bind-address=127.0.0.1',
|
|
||||||
'--wsrep_cluster_address=gcomm://',
|
'--wsrep_cluster_address=gcomm://',
|
||||||
"--init-file={0}".format(bootstrap_sql_file)
|
"--init-file={0}".format(bootstrap_sql_file)
|
||||||
], logger)
|
], logger)
|
||||||
@ -505,8 +515,7 @@ def update_grastate_on_restart():
|
|||||||
stderr=subprocess.PIPE)
|
stderr=subprocess.PIPE)
|
||||||
out, err = wsrep_recover.communicate()
|
out, err = wsrep_recover.communicate()
|
||||||
for item in err.split("\n"):
|
for item in err.split("\n"):
|
||||||
logger.info(
|
logger.info("Recovering wsrep position: {0}".format(item))
|
||||||
"Recovering wsrep position: {0}".format(item))
|
|
||||||
if "WSREP: Recovered position:" in item:
|
if "WSREP: Recovered position:" in item:
|
||||||
line = item.strip().split()
|
line = item.strip().split()
|
||||||
wsrep_rec_pos = line[-1].split(':')[-1]
|
wsrep_rec_pos = line[-1].split(':')[-1]
|
||||||
@ -603,8 +612,7 @@ def get_nodes_with_highest_seqno():
|
|||||||
if key == 'seqno':
|
if key == 'seqno':
|
||||||
seqnos[node] = value
|
seqnos[node] = value
|
||||||
max_seqno = max(seqnos.values())
|
max_seqno = max(seqnos.values())
|
||||||
max_seqno_nodes = sorted(
|
max_seqno_nodes = sorted([k for k, v in seqnos.items() if v == max_seqno])
|
||||||
[k for k, v in seqnos.items() if v == max_seqno])
|
|
||||||
return max_seqno_nodes
|
return max_seqno_nodes
|
||||||
|
|
||||||
|
|
||||||
@ -625,6 +633,7 @@ def resolve_leader_node(nodename_array):
|
|||||||
logger.info("Resolved leader is %s", leader)
|
logger.info("Resolved leader is %s", leader)
|
||||||
return leader
|
return leader
|
||||||
|
|
||||||
|
|
||||||
def check_if_i_lead():
|
def check_if_i_lead():
|
||||||
"""Check on full restart of cluster if this node should lead the cluster
|
"""Check on full restart of cluster if this node should lead the cluster
|
||||||
reformation."""
|
reformation."""
|
||||||
@ -718,18 +727,20 @@ def run_mysqld(cluster='existing'):
|
|||||||
], logger)
|
], logger)
|
||||||
|
|
||||||
logger.info("Setting the root password to the current value")
|
logger.info("Setting the root password to the current value")
|
||||||
template = ("CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
template = (
|
||||||
|
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
||||||
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
||||||
|
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
|
||||||
|
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
|
||||||
"FLUSH PRIVILEGES ;\n"
|
"FLUSH PRIVILEGES ;\n"
|
||||||
"SHUTDOWN ;".format(mysql_dbadmin_username,
|
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
|
||||||
mysql_dbadmin_password))
|
mysql_dbsst_username, mysql_dbsst_password))
|
||||||
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
||||||
with open(bootstrap_sql_file, 'w') as f:
|
with open(bootstrap_sql_file, 'w') as f:
|
||||||
f.write(template)
|
f.write(template)
|
||||||
f.close()
|
f.close()
|
||||||
run_cmd_with_logging([
|
run_cmd_with_logging([
|
||||||
'mysqld',
|
'mysqld', '--bind-address=127.0.0.1',
|
||||||
'--bind-address=127.0.0.1',
|
|
||||||
'--wsrep_cluster_address=gcomm://',
|
'--wsrep_cluster_address=gcomm://',
|
||||||
"--init-file={0}".format(bootstrap_sql_file)
|
"--init-file={0}".format(bootstrap_sql_file)
|
||||||
], logger)
|
], logger)
|
||||||
|
@ -16,6 +16,9 @@ limitations under the License.
|
|||||||
|
|
||||||
{{- if .Values.manifests.configmap_bin }}
|
{{- if .Values.manifests.configmap_bin }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
{{ if eq .Values.endpoints.oslo_db.auth.admin.username .Values.endpoints.oslo_db.auth.sst.username }}
|
||||||
|
{{ fail "the DB admin username should not match the sst user username" }}
|
||||||
|
{{ end }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
|
@ -95,9 +95,8 @@ wsrep_on=1
|
|||||||
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
||||||
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||||
wsrep_slave_threads=12
|
wsrep_slave_threads=12
|
||||||
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
|
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
|
||||||
# FIXME(portdirect): use rsync for compatibility between image variations
|
wsrep_sst_method=mariabackup
|
||||||
wsrep_sst_method=rsync
|
|
||||||
|
|
||||||
[mysqldump]
|
[mysqldump]
|
||||||
max-allowed-packet=16M
|
max-allowed-packet=16M
|
||||||
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
{{- if .Values.manifests.secret_db }}
|
{{- if .Values.manifests.secret_dbadmin_password }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
27
mariadb/templates/secret-sst-password.yaml
Normal file
27
mariadb/templates/secret-sst-password.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright 2017 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_sst_password }}
|
||||||
|
{{- $envAll := . }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: mariadb-dbsst-password
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
MYSQL_DBSST_PASSWORD: {{ .Values.endpoints.oslo_db.auth.sst.password | b64enc }}
|
||||||
|
{{- end }}
|
@ -74,6 +74,7 @@ metadata:
|
|||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
labels:
|
labels:
|
||||||
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
spec:
|
spec:
|
||||||
@ -91,6 +92,8 @@ spec:
|
|||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
|
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||||
spec:
|
spec:
|
||||||
shareProcessNamespace: true
|
shareProcessNamespace: true
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
@ -143,6 +146,13 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: mariadb-dbadmin-password
|
name: mariadb-dbadmin-password
|
||||||
key: MYSQL_DBADMIN_PASSWORD
|
key: MYSQL_DBADMIN_PASSWORD
|
||||||
|
- name: MYSQL_DBSST_USERNAME
|
||||||
|
value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
|
||||||
|
- name: MYSQL_DBSST_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: mariadb-dbsst-password
|
||||||
|
key: MYSQL_DBSST_PASSWORD
|
||||||
ports:
|
ports:
|
||||||
- name: mysql
|
- name: mysql
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
@ -277,6 +277,9 @@ endpoints:
|
|||||||
admin:
|
admin:
|
||||||
username: root
|
username: root
|
||||||
password: password
|
password: password
|
||||||
|
sst:
|
||||||
|
username: sst
|
||||||
|
password: password
|
||||||
exporter:
|
exporter:
|
||||||
username: exporter
|
username: exporter
|
||||||
password: password
|
password: password
|
||||||
@ -334,7 +337,8 @@ manifests:
|
|||||||
service_exporter: true
|
service_exporter: true
|
||||||
pdb_server: true
|
pdb_server: true
|
||||||
network_policy: false
|
network_policy: false
|
||||||
secret_db: true
|
secret_dbadmin_password: true
|
||||||
|
secret_sst_password: true
|
||||||
secret_etc: true
|
secret_etc: true
|
||||||
service_discovery: true
|
service_discovery: true
|
||||||
service_ingress: true
|
service_ingress: true
|
||||||
|
Loading…
Reference in New Issue
Block a user