openstack/openstack-helm
Code Issues Proposed changes

Mariadb upgrade to 11.4.8

Browse Source 
- replace deprecates mysql* binaries with mariadb*
- fix mysql-exporter TLS connection to mariadb
- using freshly built mariadb image based on ubuntu noble

Change-Id: I8594f9df6b3cecd45466d41c625fa2b7a45604d9
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
This commit is contained in:
Sergiy Markin
2025-12-04 22:11:57 +00:00
parent c31cd6c962
commit aac927d57c
11 changed files with 45 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mariadb/templates/bin/_backup_mariadb.sh.tpl
View File

@@ -35,11 +35,11 @@ dump_databases_to_directory() {
SCOPE=${3:-"all"} SCOPE=${3:-"all"}
MYSQL="mysql \ MYSQL="mariadb \
--defaults-file=/etc/mysql/admin_user.cnf \ --defaults-file=/etc/mysql/admin_user.cnf \
--connect-timeout 10" --connect-timeout 10"
MYSQLDUMP="mysqldump \ MYSQLDUMP="mariadb-dump \
--defaults-file=/etc/mysql/admin_user.cnf" --defaults-file=/etc/mysql/admin_user.cnf"
if [[ "${SCOPE}" == "all" ]]; then if [[ "${SCOPE}" == "all" ]]; then
@@ -441,11 +441,11 @@ verify_databases_backup_archives() {
export ARCHIVE_DIR=${MARIADB_BACKUP_BASE_DIR}/db/${MARIADB_POD_NAMESPACE}/${DB_NAME}/archive export ARCHIVE_DIR=${MARIADB_BACKUP_BASE_DIR}/db/${MARIADB_POD_NAMESPACE}/${DB_NAME}/archive
export BAD_ARCHIVE_DIR=${ARCHIVE_DIR}/quarantine export BAD_ARCHIVE_DIR=${ARCHIVE_DIR}/quarantine
export MYSQL_OPTS="--silent --skip-column-names" export MYSQL_OPTS="--silent --skip-column-names"
export MYSQL_LIVE="mysql ${MYSQL_OPTS}" export MYSQL_LIVE="mariadb ${MYSQL_OPTS}"
export MYSQL_LOCAL_OPTS="" export MYSQL_LOCAL_OPTS=""
export MYSQL_LOCAL_SHORT="mysql ${MYSQL_LOCAL_OPTS} --connect-timeout 2" export MYSQL_LOCAL_SHORT="mariadb ${MYSQL_LOCAL_OPTS} --connect-timeout 2"
export MYSQL_LOCAL_SHORT_SILENT="${MYSQL_LOCAL_SHORT} ${MYSQL_OPTS}" export MYSQL_LOCAL_SHORT_SILENT="${MYSQL_LOCAL_SHORT} ${MYSQL_OPTS}"
export MYSQL_LOCAL="mysql ${MYSQL_LOCAL_OPTS} --connect-timeout 10" export MYSQL_LOCAL="mariadb ${MYSQL_LOCAL_OPTS} --connect-timeout 10"
max_wait={{ .Values.conf.mariadb_server.setup_wait.iteration }} max_wait={{ .Values.conf.mariadb_server.setup_wait.iteration }}
duration={{ .Values.conf.mariadb_server.setup_wait.duration }} duration={{ .Values.conf.mariadb_server.setup_wait.duration }}
@@ -513,8 +513,8 @@ verify_databases_backup_archives() {
# Before insert the tuple mentioned above, we should make sure that the MariaDB version is 10.4.+ # Before insert the tuple mentioned above, we should make sure that the MariaDB version is 10.4.+
mariadb_version=$($MYSQL_LOCAL_SHORT -e "status" | grep -E '^Server\s+version:') mariadb_version=$($MYSQL_LOCAL_SHORT -e "status" | grep -E '^Server\s+version:')
log "Current database ${mariadb_version}" log "Current database ${mariadb_version}"
if [[ ! -z ${mariadb_version} && -z $(grep '10.2' <<< ${mariadb_version}}) ]]; then if [[ ! -z ${mariadb_version} && -z $(grep '10.2' <<< ${mariadb_version}) ]]; then
if [[ -z $(grep 'mariadb.sys' <<< $($MYSQL_LOCAL_SHORT mysql -e "select * from global_priv where user='mariadb.sys'")) ]]; then if [[ -z $(grep 'mariadb.sys' <<< $($MYSQL_LOCAL_SHORT mariadb -e "select * from global_priv where user='mariadb.sys'")) ]]; then
$MYSQL_LOCAL_SHORT -e "insert into mysql.global_priv values ('localhost','mariadb.sys',\ $MYSQL_LOCAL_SHORT -e "insert into mysql.global_priv values ('localhost','mariadb.sys',\
'{\"access\":0,\"plugin\":\"mysql_native_password\",\"authentication_string\":\"\",\"account_locked\":true,\"password_last_changed\":0}');" '{\"access\":0,\"plugin\":\"mysql_native_password\",\"authentication_string\":\"\",\"account_locked\":true,\"password_last_changed\":0}');"
$MYSQL_LOCAL_SHORT -e 'flush privileges;' $MYSQL_LOCAL_SHORT -e 'flush privileges;'

10
mariadb/templates/bin/_health.sh.tpl
View File

@@ -18,7 +18,7 @@
set -e set -e
MYSQL="mysql \ MYSQL="mariadb \
--defaults-file=/etc/mysql/admin_user.cnf \ --defaults-file=/etc/mysql/admin_user.cnf \
--host=localhost \ --host=localhost \
{{- if .Values.manifests.certificates }} {{- if .Values.manifests.certificates }}
@@ -92,12 +92,12 @@ check_readiness () {
} }
check_liveness () { check_liveness () {
if pidof mysql_upgrade > /dev/null 2>&1 ; then if pidof mariadb-upgrade > /dev/null 2>&1 ; then
echo "The process mysql_upgrade is active. Skip rest checks" echo "The process mariadb-upgrade is active. Skip rest checks"
exit 0 exit 0
fi fi
if ! pidof mysqld > /dev/null 2>&1 ; then if ! pidof mariadbd > /dev/null 2>&1 ; then
echo "The mysqld pid not found" echo "The mariadbd pid not found"
exit 1 exit 1
fi fi
# NOTE(mkarpin): SST process may take significant time in case of large databases, # NOTE(mkarpin): SST process may take significant time in case of large databases,

10
mariadb/templates/bin/_prometheus-create-mysql-user.sh.tpl
View File

@@ -26,12 +26,12 @@ set -e
# is an alias for BINLOG MONITOR and the capabilities have changed. BINLOG MONITOR grants # is an alias for BINLOG MONITOR and the capabilities have changed. BINLOG MONITOR grants
# ability to SHOW MASTER STATUS, SHOW BINARY LOGS, SHOW BINLOG EVENTS, and SHOW BINLOG STATUS. # ability to SHOW MASTER STATUS, SHOW BINARY LOGS, SHOW BINLOG EVENTS, and SHOW BINLOG STATUS.
mariadb_version=$(mysql --defaults-file=/etc/mysql/admin_user.cnf -e "status" | grep -E '^Server\s+version:') mariadb_version=$(mariadb --defaults-file=/etc/mysql/admin_user.cnf -e "status" | grep -E '^Server\s+version:')
echo "Current database ${mariadb_version}" echo "Current database ${mariadb_version}"
if [[ ! -z ${mariadb_version} && -z $(grep -E '10.2|10.3|10.4' <<< ${mariadb_version}) ]]; then if [[ ! -z ${mariadb_version} && -z $(grep -E '10.2|10.3|10.4' <<< ${mariadb_version}) ]]; then
# In case MariaDB version is 10.2.x-10.4.x - we use old privileges definitions # In case MariaDB version is 10.2.x-10.4.x - we use old privileges definitions
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \ if ! mariadb --defaults-file=/etc/mysql/admin_user.cnf -e \
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'127.0.0.1' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \ "CREATE OR REPLACE USER '${EXPORTER_USER}'@'127.0.0.1' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
GRANT SLAVE MONITOR, PROCESS, BINLOG MONITOR, SLAVE MONITOR, SELECT ON *.* TO '${EXPORTER_USER}'@'127.0.0.1'; \ GRANT SLAVE MONITOR, PROCESS, BINLOG MONITOR, SLAVE MONITOR, SELECT ON *.* TO '${EXPORTER_USER}'@'127.0.0.1'; \
FLUSH PRIVILEGES;" ; then FLUSH PRIVILEGES;" ; then
@@ -40,9 +40,9 @@ set -e
fi fi
else else
# here we use new MariaDB privileges definitions defines since version 10.5 # here we use new MariaDB privileges definitions defines since version 10.5
if ! mysql --defaults-file=/etc/mysql/admin_user.cnf -e \ if ! mariadb --defaults-file=/etc/mysql/admin_user.cnf -e \
"CREATE OR REPLACE USER '${EXPORTER_USER}'@'%' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \ "CREATE OR REPLACE USER '${EXPORTER_USER}'@'127.0.0.1' IDENTIFIED BY '${EXPORTER_PASSWORD}'; \
GRANT SLAVE MONITOR, PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'%' ${MARIADB_X509}; \ GRANT SLAVE MONITOR, PROCESS, REPLICATION CLIENT, SELECT ON *.* TO '${EXPORTER_USER}'@'127.0.0.1' ${MARIADB_X509}; \
FLUSH PRIVILEGES;" ; then FLUSH PRIVILEGES;" ; then
echo "ERROR: Could not create user: ${EXPORTER_USER}" echo "ERROR: Could not create user: ${EXPORTER_USER}"
exit 1 exit 1

4
mariadb/templates/bin/_restore_mariadb.sh.tpl Executable file → Normal file
View File

@@ -35,14 +35,14 @@ RESTORE_LOG='/tmp/restore_error.log'
rm -f $RESTORE_LOG rm -f $RESTORE_LOG
# This is for commands which require admin access # This is for commands which require admin access
MYSQL="mysql \ MYSQL="mariadb \
--defaults-file=/etc/mysql/admin_user.cnf \ --defaults-file=/etc/mysql/admin_user.cnf \
--host=$MARIADB_SERVER_SERVICE_HOST \ --host=$MARIADB_SERVER_SERVICE_HOST \
--connect-timeout 10" --connect-timeout 10"
# This is for commands which we want the temporary "restore" user # This is for commands which we want the temporary "restore" user
# to execute # to execute
RESTORE_CMD="mysql \ RESTORE_CMD="mariadb \
--user=${RESTORE_USER} \ --user=${RESTORE_USER} \
--password=${RESTORE_PW} \ --password=${RESTORE_PW} \
--host=$MARIADB_SERVER_SERVICE_HOST \ --host=$MARIADB_SERVER_SERVICE_HOST \

8
mariadb/templates/bin/_start.py.tpl
View File

@@ -128,7 +128,7 @@ state_configmap_update_period = 10
default_sleep = 20 default_sleep = 20
# set one name for all commands, avoid "magic names" # set one name for all commands, avoid "magic names"
MYSQL_BINARY_NAME='mysqld' MYSQL_BINARY_NAME='mariadbd'
def ensure_state_configmap(pod_namespace, configmap_name, configmap_body): def ensure_state_configmap(pod_namespace, configmap_name, configmap_body):
@@ -183,7 +183,7 @@ def wait_mysql_status(delay=30):
res = 1 res = 1
while True: while True:
logger.info("Checking mysql status {0}".format(i)) logger.info("Checking mysql status {0}".format(i))
cmd = ['mysql', cmd = ['mariadb',
"--defaults-file=/etc/mysql/admin_user.cnf", "--defaults-file=/etc/mysql/admin_user.cnf",
"--host=localhost"] "--host=localhost"]
if mysql_x509: if mysql_x509:
@@ -300,7 +300,7 @@ def mysqld_bootstrap():
stop_mysqld() stop_mysqld()
mysqld_write_cluster_conf(mode='bootstrap') mysqld_write_cluster_conf(mode='bootstrap')
run_cmd_with_logging([ run_cmd_with_logging([
'mysql_install_db', '--user=mysql', 'mariadb-install-db', '--user=mysql',
"--datadir={0}".format(mysql_data_dir) "--datadir={0}".format(mysql_data_dir)
], logger) ], logger)
if not mysql_dbaudit_username: if not mysql_dbaudit_username:
@@ -897,7 +897,7 @@ def run_mysqld(cluster='existing'):
run_cmd_with_logging_thread.start() run_cmd_with_logging_thread.start()
wait_mysql_status() wait_mysql_status()
logger.info("Upgrading local mysql instance") logger.info("Upgrading local mysql instance")
upgrade_cmd=['mysql_upgrade', '--skip-write-binlog', upgrade_cmd=['mariadb-upgrade', '--skip-write-binlog',
"--user={0}".format(mysql_dbadmin_username), "--user={0}".format(mysql_dbadmin_username),
"--password={0}".format(mysql_dbadmin_password)] "--password={0}".format(mysql_dbadmin_password)]
if mysql_x509: if mysql_x509:

4
mariadb/templates/bin/_start_mariadb_verify_server.sh.tpl
View File

@@ -25,5 +25,5 @@ log () {
} }
log "Starting Mariadb server for backup verification..." log "Starting Mariadb server for backup verification..."
mysql_install_db --user=nobody --ldata=/var/lib/mysql >/dev/null 2>&1 mariadb-install-db --user=nobody --ldata=/var/lib/mysql >/dev/null 2>&1
MYSQL_ALLOW_EMPTY_PASSWORD=1 mysqld --user=nobody --verbose >/dev/null 2>&1 MYSQL_ALLOW_EMPTY_PASSWORD=1 mariadbd --user=nobody --verbose >/dev/null 2>&1

2
mariadb/templates/bin/_test.sh.tpl
View File

@@ -17,7 +17,7 @@ set -ex
rm -f /tmp/test-success rm -f /tmp/test-success
mysqlslap \ mariadb-slap \
--defaults-file=/etc/mysql/test-params.cnf \ --defaults-file=/etc/mysql/test-params.cnf \
{{ include "helm-toolkit.utils.joinListWithSpace" $.Values.conf.tests.params }} -vv \ {{ include "helm-toolkit.utils.joinListWithSpace" $.Values.conf.tests.params }} -vv \
--post-system="touch /tmp/test-success" --post-system="touch /tmp/test-success"

5
mariadb/templates/secrets/_prometheus-exporter_user.cnf.tpl
View File

@@ -17,3 +17,8 @@ user = {{ .Values.endpoints.oslo_db.auth.exporter.username }}
password = {{ .Values.endpoints.oslo_db.auth.exporter.password }} password = {{ .Values.endpoints.oslo_db.auth.exporter.password }}
host = localhost host = localhost
port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port = {{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- if .Values.manifests.certificates }}
ssl-ca = /etc/mysql/certs/ca.crt
ssl-key = /etc/mysql/certs/tls.key
ssl-cert = /etc/mysql/certs/tls.crt
{{- end }}

1
mariadb/templates/statefulset.yaml
View File

@@ -315,6 +315,7 @@ spec:
mountPath: /tmp/mysqld-exporter.sh mountPath: /tmp/mysqld-exporter.sh
subPath: mysqld-exporter.sh subPath: mysqld-exporter.sh
readOnly: true readOnly: true
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }} {{- end }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp

8
mariadb/values.yaml
View File

@@ -20,16 +20,16 @@ release_group: null
images: images:
tags: tags:
mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_jammy mariadb: quay.io/airshipit/mariadb:latest-ubuntu_noble
prometheus_create_mysql_user: quay.io/airshipit/mariadb:10.6.20-focal prometheus_create_mysql_user: quay.io/airshipit/mariadb:11.4.8-noble
prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1 prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
prometheus_mysql_exporter_helm_tests: quay.io/airshipit/heat:2025.1-ubuntu_noble prometheus_mysql_exporter_helm_tests: quay.io/airshipit/heat:2025.1-ubuntu_noble
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy
image_repo_sync: quay.io/airshipit/docker:27.5.0 image_repo_sync: quay.io/airshipit/docker:27.5.0
mariadb_backup: quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_jammy mariadb_backup: quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_jammy
ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble ks_user: quay.io/airshipit/heat:2025.1-ubuntu_noble
scripted_test: docker.io/openstackhelm/mariadb:ubuntu_focal-20210415 scripted_test: quay.io/airshipit/mariadb:latest-ubuntu_noble
mariadb_controller: docker.io/openstackhelm/mariadb:latest-ubuntu_jammy mariadb_controller: quay.io/airshipit/mariadb:latest-ubuntu_noble
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
local_registry: local_registry:
active: false active: false

9
releasenotes/notes/mariadb-b923ac9345734125.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
mariadb:
- |
Updated to use MariaDB 11.4.8 built on Ubuntu 22.04 (Noble).
fixes:
- |
Replaced deprecated mysql* binaries to their mariadb* equivalents in
scripts. Also fixed TLS connection for myqsl-exporter side conainers.
...