Mariadb: move to mariabackup as wsrep sst method

This PS moves mariadb to use mariabackup as the wsrep sst method.

Change-Id: Icc1c27d72a3bee5aaa091cdf3ca6cff0c5509f30
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2019-03-29 11:43:54 -05:00
parent 15a0cd7c2b
commit 8863bcfc11
7 changed files with 75 additions and 21 deletions

View File

@ -93,6 +93,15 @@ if check_env_var("MYSQL_DBADMIN_USERNAME"):
mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
if check_env_var("MYSQL_DBADMIN_PASSWORD"):
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
if check_env_var("MYSQL_DBSST_USERNAME"):
mysql_dbsst_username = os.environ['MYSQL_DBSST_USERNAME']
if check_env_var("MYSQL_DBSST_PASSWORD"):
mysql_dbsst_password = os.environ['MYSQL_DBSST_PASSWORD']
if mysql_dbadmin_username == mysql_dbsst_username:
logger.critical(
"The dbadmin username should not match the sst user username")
sys.exit(1)
# Set some variables for tuneables
cluster_leader_ttl = 120
@ -245,16 +254,17 @@ def mysqld_bootstrap():
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
"DROP DATABASE IF EXISTS test ;\n"
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
"FLUSH PRIVILEGES ;\n"
"SHUTDOWN ;".format(mysql_dbadmin_username,
mysql_dbadmin_password))
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
mysql_dbsst_username, mysql_dbsst_password))
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
with open(bootstrap_sql_file, 'w') as f:
f.write(template)
f.close()
run_cmd_with_logging([
'mysqld',
'--bind-address=127.0.0.1',
'mysqld', '--bind-address=127.0.0.1',
'--wsrep_cluster_address=gcomm://',
"--init-file={0}".format(bootstrap_sql_file)
], logger)
@ -505,8 +515,7 @@ def update_grastate_on_restart():
stderr=subprocess.PIPE)
out, err = wsrep_recover.communicate()
for item in err.split("\n"):
logger.info(
"Recovering wsrep position: {0}".format(item))
logger.info("Recovering wsrep position: {0}".format(item))
if "WSREP: Recovered position:" in item:
line = item.strip().split()
wsrep_rec_pos = line[-1].split(':')[-1]
@ -603,8 +612,7 @@ def get_nodes_with_highest_seqno():
if key == 'seqno':
seqnos[node] = value
max_seqno = max(seqnos.values())
max_seqno_nodes = sorted(
[k for k, v in seqnos.items() if v == max_seqno])
max_seqno_nodes = sorted([k for k, v in seqnos.items() if v == max_seqno])
return max_seqno_nodes
@ -625,6 +633,7 @@ def resolve_leader_node(nodename_array):
logger.info("Resolved leader is %s", leader)
return leader
def check_if_i_lead():
"""Check on full restart of cluster if this node should lead the cluster
reformation."""
@ -718,18 +727,20 @@ def run_mysqld(cluster='existing'):
], logger)
logger.info("Setting the root password to the current value")
template = ("CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
template = (
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
"FLUSH PRIVILEGES ;\n"
"SHUTDOWN ;".format(mysql_dbadmin_username,
mysql_dbadmin_password))
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
mysql_dbsst_username, mysql_dbsst_password))
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
with open(bootstrap_sql_file, 'w') as f:
f.write(template)
f.close()
run_cmd_with_logging([
'mysqld',
'--bind-address=127.0.0.1',
'mysqld', '--bind-address=127.0.0.1',
'--wsrep_cluster_address=gcomm://',
"--init-file={0}".format(bootstrap_sql_file)
], logger)

View File

@ -16,6 +16,9 @@ limitations under the License.
{{- if .Values.manifests.configmap_bin }}
{{- $envAll := . }}
{{ if eq .Values.endpoints.oslo_db.auth.admin.username .Values.endpoints.oslo_db.auth.sst.username }}
{{ fail "the DB admin username should not match the sst user username" }}
{{ end }}
---
apiVersion: v1
kind: ConfigMap

View File

@ -95,9 +95,8 @@ wsrep_on=1
wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
wsrep_slave_threads=12
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
# FIXME(portdirect): use rsync for compatibility between image variations
wsrep_sst_method=rsync
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
wsrep_sst_method=mariabackup
[mysqldump]
max-allowed-packet=16M

View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_db }}
{{- if .Values.manifests.secret_dbadmin_password }}
{{- $envAll := . }}
---
apiVersion: v1

View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_sst_password }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: mariadb-dbsst-password
type: Opaque
data:
MYSQL_DBSST_PASSWORD: {{ .Values.endpoints.oslo_db.auth.sst.password | b64enc }}
{{- end }}

View File

@ -74,6 +74,7 @@ metadata:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
@ -91,6 +92,8 @@ spec:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
@ -143,6 +146,13 @@ spec:
secretKeyRef:
name: mariadb-dbadmin-password
key: MYSQL_DBADMIN_PASSWORD
- name: MYSQL_DBSST_USERNAME
value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
- name: MYSQL_DBSST_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-dbsst-password
key: MYSQL_DBSST_PASSWORD
ports:
- name: mysql
protocol: TCP

View File

@ -277,6 +277,9 @@ endpoints:
admin:
username: root
password: password
sst:
username: sst
password: password
exporter:
username: exporter
password: password
@ -334,7 +337,8 @@ manifests:
service_exporter: true
pdb_server: true
network_policy: false
secret_db: true
secret_dbadmin_password: true
secret_sst_password: true
secret_etc: true
service_discovery: true
service_ingress: true