Mariadb: move to mariabackup as wsrep sst method

This PS moves mariadb to use mariabackup as the wsrep sst method.

Change-Id: Icc1c27d72a3bee5aaa091cdf3ca6cff0c5509f30
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2019-03-29 11:43:54 -05:00
parent 15a0cd7c2b
commit 8863bcfc11
7 changed files with 75 additions and 21 deletions

View File

@ -93,6 +93,15 @@ if check_env_var("MYSQL_DBADMIN_USERNAME"):
mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME'] mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
if check_env_var("MYSQL_DBADMIN_PASSWORD"): if check_env_var("MYSQL_DBADMIN_PASSWORD"):
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD'] mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
if check_env_var("MYSQL_DBSST_USERNAME"):
mysql_dbsst_username = os.environ['MYSQL_DBSST_USERNAME']
if check_env_var("MYSQL_DBSST_PASSWORD"):
mysql_dbsst_password = os.environ['MYSQL_DBSST_PASSWORD']
if mysql_dbadmin_username == mysql_dbsst_username:
logger.critical(
"The dbadmin username should not match the sst user username")
sys.exit(1)
# Set some variables for tuneables # Set some variables for tuneables
cluster_leader_ttl = 120 cluster_leader_ttl = 120
@ -245,16 +254,17 @@ def mysqld_bootstrap():
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n" "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n" "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
"DROP DATABASE IF EXISTS test ;\n" "DROP DATABASE IF EXISTS test ;\n"
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
"FLUSH PRIVILEGES ;\n" "FLUSH PRIVILEGES ;\n"
"SHUTDOWN ;".format(mysql_dbadmin_username, "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
mysql_dbadmin_password)) mysql_dbsst_username, mysql_dbsst_password))
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
with open(bootstrap_sql_file, 'w') as f: with open(bootstrap_sql_file, 'w') as f:
f.write(template) f.write(template)
f.close() f.close()
run_cmd_with_logging([ run_cmd_with_logging([
'mysqld', 'mysqld', '--bind-address=127.0.0.1',
'--bind-address=127.0.0.1',
'--wsrep_cluster_address=gcomm://', '--wsrep_cluster_address=gcomm://',
"--init-file={0}".format(bootstrap_sql_file) "--init-file={0}".format(bootstrap_sql_file)
], logger) ], logger)
@ -505,8 +515,7 @@ def update_grastate_on_restart():
stderr=subprocess.PIPE) stderr=subprocess.PIPE)
out, err = wsrep_recover.communicate() out, err = wsrep_recover.communicate()
for item in err.split("\n"): for item in err.split("\n"):
logger.info( logger.info("Recovering wsrep position: {0}".format(item))
"Recovering wsrep position: {0}".format(item))
if "WSREP: Recovered position:" in item: if "WSREP: Recovered position:" in item:
line = item.strip().split() line = item.strip().split()
wsrep_rec_pos = line[-1].split(':')[-1] wsrep_rec_pos = line[-1].split(':')[-1]
@ -603,8 +612,7 @@ def get_nodes_with_highest_seqno():
if key == 'seqno': if key == 'seqno':
seqnos[node] = value seqnos[node] = value
max_seqno = max(seqnos.values()) max_seqno = max(seqnos.values())
max_seqno_nodes = sorted( max_seqno_nodes = sorted([k for k, v in seqnos.items() if v == max_seqno])
[k for k, v in seqnos.items() if v == max_seqno])
return max_seqno_nodes return max_seqno_nodes
@ -625,6 +633,7 @@ def resolve_leader_node(nodename_array):
logger.info("Resolved leader is %s", leader) logger.info("Resolved leader is %s", leader)
return leader return leader
def check_if_i_lead(): def check_if_i_lead():
"""Check on full restart of cluster if this node should lead the cluster """Check on full restart of cluster if this node should lead the cluster
reformation.""" reformation."""
@ -718,18 +727,20 @@ def run_mysqld(cluster='existing'):
], logger) ], logger)
logger.info("Setting the root password to the current value") logger.info("Setting the root password to the current value")
template = ("CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n" template = (
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n" "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
"FLUSH PRIVILEGES ;\n" "FLUSH PRIVILEGES ;\n"
"SHUTDOWN ;".format(mysql_dbadmin_username, "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
mysql_dbadmin_password)) mysql_dbsst_username, mysql_dbsst_password))
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
with open(bootstrap_sql_file, 'w') as f: with open(bootstrap_sql_file, 'w') as f:
f.write(template) f.write(template)
f.close() f.close()
run_cmd_with_logging([ run_cmd_with_logging([
'mysqld', 'mysqld', '--bind-address=127.0.0.1',
'--bind-address=127.0.0.1',
'--wsrep_cluster_address=gcomm://', '--wsrep_cluster_address=gcomm://',
"--init-file={0}".format(bootstrap_sql_file) "--init-file={0}".format(bootstrap_sql_file)
], logger) ], logger)

View File

@ -16,6 +16,9 @@ limitations under the License.
{{- if .Values.manifests.configmap_bin }} {{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }} {{- $envAll := . }}
{{ if eq .Values.endpoints.oslo_db.auth.admin.username .Values.endpoints.oslo_db.auth.sst.username }}
{{ fail "the DB admin username should not match the sst user username" }}
{{ end }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap

View File

@ -95,9 +95,8 @@ wsrep_on=1
wsrep_provider=/usr/lib/galera/libgalera_smm.so wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
wsrep_slave_threads=12 wsrep_slave_threads=12
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }} wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
# FIXME(portdirect): use rsync for compatibility between image variations wsrep_sst_method=mariabackup
wsrep_sst_method=rsync
[mysqldump] [mysqldump]
max-allowed-packet=16M max-allowed-packet=16M

View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_dbadmin_password }}
{{- $envAll := . }} {{- $envAll := . }}
--- ---
apiVersion: v1 apiVersion: v1

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_sst_password }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: mariadb-dbsst-password
type: Opaque
data:
MYSQL_DBSST_PASSWORD: {{ .Values.endpoints.oslo_db.auth.sst.password | b64enc }}
{{- end }}

View File

@ -74,6 +74,7 @@ metadata:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }} mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
labels: labels:
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec: spec:
@ -91,6 +92,8 @@ spec:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
spec: spec:
shareProcessNamespace: true shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
@ -143,6 +146,13 @@ spec:
secretKeyRef: secretKeyRef:
name: mariadb-dbadmin-password name: mariadb-dbadmin-password
key: MYSQL_DBADMIN_PASSWORD key: MYSQL_DBADMIN_PASSWORD
- name: MYSQL_DBSST_USERNAME
value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
- name: MYSQL_DBSST_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-dbsst-password
key: MYSQL_DBSST_PASSWORD
ports: ports:
- name: mysql - name: mysql
protocol: TCP protocol: TCP

View File

@ -277,6 +277,9 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
sst:
username: sst
password: password
exporter: exporter:
username: exporter username: exporter
password: password password: password
@ -334,7 +337,8 @@ manifests:
service_exporter: true service_exporter: true
pdb_server: true pdb_server: true
network_policy: false network_policy: false
secret_db: true secret_dbadmin_password: true
secret_sst_password: true
secret_etc: true secret_etc: true
service_discovery: true service_discovery: true
service_ingress: true service_ingress: true