Mariadb: move to mariabackup as wsrep sst method
This PS moves mariadb to use mariabackup as the wsrep sst method. Change-Id: Icc1c27d72a3bee5aaa091cdf3ca6cff0c5509f30 Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
parent
15a0cd7c2b
commit
8863bcfc11
@ -93,6 +93,15 @@ if check_env_var("MYSQL_DBADMIN_USERNAME"):
|
||||
mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
|
||||
if check_env_var("MYSQL_DBADMIN_PASSWORD"):
|
||||
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
|
||||
if check_env_var("MYSQL_DBSST_USERNAME"):
|
||||
mysql_dbsst_username = os.environ['MYSQL_DBSST_USERNAME']
|
||||
if check_env_var("MYSQL_DBSST_PASSWORD"):
|
||||
mysql_dbsst_password = os.environ['MYSQL_DBSST_PASSWORD']
|
||||
|
||||
if mysql_dbadmin_username == mysql_dbsst_username:
|
||||
logger.critical(
|
||||
"The dbadmin username should not match the sst user username")
|
||||
sys.exit(1)
|
||||
|
||||
# Set some variables for tuneables
|
||||
cluster_leader_ttl = 120
|
||||
@ -245,16 +254,17 @@ def mysqld_bootstrap():
|
||||
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
||||
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
||||
"DROP DATABASE IF EXISTS test ;\n"
|
||||
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
|
||||
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
|
||||
"FLUSH PRIVILEGES ;\n"
|
||||
"SHUTDOWN ;".format(mysql_dbadmin_username,
|
||||
mysql_dbadmin_password))
|
||||
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
|
||||
mysql_dbsst_username, mysql_dbsst_password))
|
||||
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
||||
with open(bootstrap_sql_file, 'w') as f:
|
||||
f.write(template)
|
||||
f.close()
|
||||
run_cmd_with_logging([
|
||||
'mysqld',
|
||||
'--bind-address=127.0.0.1',
|
||||
'mysqld', '--bind-address=127.0.0.1',
|
||||
'--wsrep_cluster_address=gcomm://',
|
||||
"--init-file={0}".format(bootstrap_sql_file)
|
||||
], logger)
|
||||
@ -505,8 +515,7 @@ def update_grastate_on_restart():
|
||||
stderr=subprocess.PIPE)
|
||||
out, err = wsrep_recover.communicate()
|
||||
for item in err.split("\n"):
|
||||
logger.info(
|
||||
"Recovering wsrep position: {0}".format(item))
|
||||
logger.info("Recovering wsrep position: {0}".format(item))
|
||||
if "WSREP: Recovered position:" in item:
|
||||
line = item.strip().split()
|
||||
wsrep_rec_pos = line[-1].split(':')[-1]
|
||||
@ -603,8 +612,7 @@ def get_nodes_with_highest_seqno():
|
||||
if key == 'seqno':
|
||||
seqnos[node] = value
|
||||
max_seqno = max(seqnos.values())
|
||||
max_seqno_nodes = sorted(
|
||||
[k for k, v in seqnos.items() if v == max_seqno])
|
||||
max_seqno_nodes = sorted([k for k, v in seqnos.items() if v == max_seqno])
|
||||
return max_seqno_nodes
|
||||
|
||||
|
||||
@ -625,6 +633,7 @@ def resolve_leader_node(nodename_array):
|
||||
logger.info("Resolved leader is %s", leader)
|
||||
return leader
|
||||
|
||||
|
||||
def check_if_i_lead():
|
||||
"""Check on full restart of cluster if this node should lead the cluster
|
||||
reformation."""
|
||||
@ -718,18 +727,20 @@ def run_mysqld(cluster='existing'):
|
||||
], logger)
|
||||
|
||||
logger.info("Setting the root password to the current value")
|
||||
template = ("CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
||||
template = (
|
||||
"CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
|
||||
"GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
|
||||
"CREATE OR REPLACE USER '{2}'@'127.0.0.1' IDENTIFIED BY '{3}' ;\n"
|
||||
"GRANT PROCESS, RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '{2}'@'127.0.0.1' ;\n"
|
||||
"FLUSH PRIVILEGES ;\n"
|
||||
"SHUTDOWN ;".format(mysql_dbadmin_username,
|
||||
mysql_dbadmin_password))
|
||||
"SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password,
|
||||
mysql_dbsst_username, mysql_dbsst_password))
|
||||
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
|
||||
with open(bootstrap_sql_file, 'w') as f:
|
||||
f.write(template)
|
||||
f.close()
|
||||
run_cmd_with_logging([
|
||||
'mysqld',
|
||||
'--bind-address=127.0.0.1',
|
||||
'mysqld', '--bind-address=127.0.0.1',
|
||||
'--wsrep_cluster_address=gcomm://',
|
||||
"--init-file={0}".format(bootstrap_sql_file)
|
||||
], logger)
|
||||
|
@ -16,6 +16,9 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.configmap_bin }}
|
||||
{{- $envAll := . }}
|
||||
{{ if eq .Values.endpoints.oslo_db.auth.admin.username .Values.endpoints.oslo_db.auth.sst.username }}
|
||||
{{ fail "the DB admin username should not match the sst user username" }}
|
||||
{{ end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -95,9 +95,8 @@ wsrep_on=1
|
||||
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
||||
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
||||
wsrep_slave_threads=12
|
||||
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
|
||||
# FIXME(portdirect): use rsync for compatibility between image variations
|
||||
wsrep_sst_method=rsync
|
||||
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
|
||||
wsrep_sst_method=mariabackup
|
||||
|
||||
[mysqldump]
|
||||
max-allowed-packet=16M
|
||||
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- if .Values.manifests.secret_dbadmin_password }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
27
mariadb/templates/secret-sst-password.yaml
Normal file
27
mariadb/templates/secret-sst-password.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.secret_sst_password }}
|
||||
{{- $envAll := . }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mariadb-dbsst-password
|
||||
type: Opaque
|
||||
data:
|
||||
MYSQL_DBSST_PASSWORD: {{ .Values.endpoints.oslo_db.auth.sst.password | b64enc }}
|
||||
{{- end }}
|
@ -74,6 +74,7 @@ metadata:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
labels:
|
||||
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||
spec:
|
||||
@ -91,6 +92,8 @@ spec:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
mariadb-dbadmin-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
mariadb-sst-password-hash: {{ tuple "secret-dbadmin-password.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
shareProcessNamespace: true
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
@ -143,6 +146,13 @@ spec:
|
||||
secretKeyRef:
|
||||
name: mariadb-dbadmin-password
|
||||
key: MYSQL_DBADMIN_PASSWORD
|
||||
- name: MYSQL_DBSST_USERNAME
|
||||
value: {{ .Values.endpoints.oslo_db.auth.sst.username }}
|
||||
- name: MYSQL_DBSST_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mariadb-dbsst-password
|
||||
key: MYSQL_DBSST_PASSWORD
|
||||
ports:
|
||||
- name: mysql
|
||||
protocol: TCP
|
||||
|
@ -277,6 +277,9 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
sst:
|
||||
username: sst
|
||||
password: password
|
||||
exporter:
|
||||
username: exporter
|
||||
password: password
|
||||
@ -334,7 +337,8 @@ manifests:
|
||||
service_exporter: true
|
||||
pdb_server: true
|
||||
network_policy: false
|
||||
secret_db: true
|
||||
secret_dbadmin_password: true
|
||||
secret_sst_password: true
|
||||
secret_etc: true
|
||||
service_discovery: true
|
||||
service_ingress: true
|
||||
|
Loading…
Reference in New Issue
Block a user