2018-03-05 19:28:35 +01:00
|
|
|
heat_template_version: rocky
|
2017-04-10 14:43:09 +00:00
|
|
|
|
|
|
|
description: >
|
|
|
|
MySQL service deployment with pacemaker bundle
|
|
|
|
|
|
|
|
parameters:
|
|
|
|
DockerMysqlImage:
|
|
|
|
description: image
|
|
|
|
type: string
|
2017-06-23 18:21:43 +02:00
|
|
|
DockerMysqlConfigImage:
|
|
|
|
description: The container image to use for the mysql config_volume
|
|
|
|
type: string
|
2017-04-10 14:43:09 +00:00
|
|
|
EndpointMap:
|
|
|
|
default: {}
|
|
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
|
|
via parameter_defaults in the resource registry.
|
|
|
|
type: json
|
2017-06-22 17:25:03 +02:00
|
|
|
ServiceData:
|
|
|
|
default: {}
|
|
|
|
description: Dictionary packing service data
|
|
|
|
type: json
|
2017-04-10 14:43:09 +00:00
|
|
|
ServiceNetMap:
|
|
|
|
default: {}
|
|
|
|
description: Mapping of service_name -> network name. Typically set
|
|
|
|
via parameter_defaults in the resource registry. This
|
|
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
|
|
type: json
|
|
|
|
DefaultPasswords:
|
|
|
|
default: {}
|
|
|
|
type: json
|
|
|
|
MysqlRootPassword:
|
|
|
|
type: string
|
|
|
|
hidden: true
|
|
|
|
default: ''
|
2017-07-28 12:13:53 -04:00
|
|
|
MysqlClustercheckPassword:
|
|
|
|
type: string
|
|
|
|
hidden: true
|
2019-01-16 11:48:06 +01:00
|
|
|
MysqlUpgradePersist:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
2019-01-17 13:21:18 +01:00
|
|
|
MysqlUpgradeTransfer:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
2017-04-10 14:43:09 +00:00
|
|
|
RoleName:
|
|
|
|
default: ''
|
|
|
|
description: Role name on which the service is applied
|
|
|
|
type: string
|
|
|
|
RoleParameters:
|
|
|
|
default: {}
|
|
|
|
description: Parameters specific to the role
|
|
|
|
type: json
|
2017-08-02 06:13:48 -04:00
|
|
|
EnableInternalTLS:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
InternalTLSCAFile:
|
|
|
|
default: '/etc/ipa/ca.crt'
|
|
|
|
type: string
|
|
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
|
|
services in the internal network.
|
2017-12-17 20:03:02 +01:00
|
|
|
ConfigDebug:
|
|
|
|
default: false
|
|
|
|
description: Whether to run config management (e.g. Puppet) in debug mode.
|
|
|
|
type: boolean
|
2018-04-11 10:36:55 +00:00
|
|
|
DeployIdentifier:
|
|
|
|
default: ''
|
|
|
|
type: string
|
|
|
|
description: >
|
|
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
|
|
perform configuration on a Heat stack-update.
|
2018-06-05 14:19:24 +00:00
|
|
|
PcmkConfigRestartTimeout:
|
|
|
|
default: 600
|
|
|
|
description: Time in seconds to wait for a pcmk resource to restart when
|
|
|
|
a config change is detected and the resource is being restarted
|
|
|
|
type: number
|
2018-11-13 21:03:47 +01:00
|
|
|
ContainerCli:
|
|
|
|
type: string
|
2019-03-04 19:17:04 -05:00
|
|
|
default: 'podman'
|
2018-11-13 21:03:47 +01:00
|
|
|
description: CLI tool used to manage containers.
|
|
|
|
constraints:
|
|
|
|
- allowed_values: ['docker', 'podman']
|
2017-04-10 14:43:09 +00:00
|
|
|
|
|
|
|
resources:
|
|
|
|
|
|
|
|
ContainersCommon:
|
2019-04-05 12:16:13 -04:00
|
|
|
type: ../containers-common.yaml
|
2017-04-10 14:43:09 +00:00
|
|
|
|
2019-01-30 10:38:15 -05:00
|
|
|
MysqlBase:
|
|
|
|
type: ./mysql-base.yaml
|
2017-04-10 14:43:09 +00:00
|
|
|
properties:
|
|
|
|
EndpointMap: {get_param: EndpointMap}
|
2017-06-22 17:25:03 +02:00
|
|
|
ServiceData: {get_param: ServiceData}
|
2017-04-10 14:43:09 +00:00
|
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
|
|
RoleName: {get_param: RoleName}
|
|
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
|
2017-08-02 06:13:48 -04:00
|
|
|
conditions:
|
2017-12-17 20:03:02 +01:00
|
|
|
puppet_debug_enabled: {get_param: ConfigDebug}
|
2017-08-02 06:13:48 -04:00
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
|
2017-04-10 14:43:09 +00:00
|
|
|
outputs:
|
|
|
|
role_data:
|
|
|
|
description: Containerized service MySQL using composable services.
|
|
|
|
value:
|
2019-01-30 10:38:15 -05:00
|
|
|
service_name: {get_attr: [MysqlBase, role_data, service_name]}
|
2017-04-10 14:43:09 +00:00
|
|
|
config_settings:
|
|
|
|
map_merge:
|
2019-01-30 10:38:15 -05:00
|
|
|
- get_attr: [MysqlBase, role_data, config_settings]
|
|
|
|
- tripleo::profile::pacemaker::database::mysql::bind_address:
|
|
|
|
str_replace:
|
|
|
|
template:
|
|
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
|
|
params:
|
|
|
|
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
|
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
|
|
# local node IP for the given network; replacement examples
|
|
|
|
# (eg. for internal_api):
|
|
|
|
# internal_api -> IP
|
|
|
|
# internal_api_uri -> [IP]
|
|
|
|
# internal_api_subnet - > IP/CIDR
|
|
|
|
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
|
|
|
|
str_replace:
|
|
|
|
template:
|
|
|
|
"%{hiera('$NETWORK')}"
|
|
|
|
params:
|
|
|
|
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
|
|
|
tripleo::profile::pacemaker::database::mysql::ca_file:
|
|
|
|
get_param: InternalTLSCAFile
|
|
|
|
tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
|
2017-08-08 09:46:26 +02:00
|
|
|
list_join:
|
|
|
|
- ':'
|
|
|
|
- - yaql:
|
|
|
|
data: {get_param: DockerMysqlImage}
|
|
|
|
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
|
|
|
|
- 'pcmklatest'
|
2017-07-21 10:41:41 +02:00
|
|
|
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
|
2018-11-13 21:03:47 +01:00
|
|
|
tripleo::profile::pacemaker::database::mysql_bundle::container_backend: {get_param: ContainerCli}
|
2018-11-12 21:06:31 -07:00
|
|
|
tripleo::mysql::firewall_rules:
|
2017-07-21 10:41:41 +02:00
|
|
|
'104 mysql galera-bundle':
|
|
|
|
dport:
|
|
|
|
- 873
|
|
|
|
- 3123
|
|
|
|
- 3306
|
|
|
|
- 4444
|
|
|
|
- 4567
|
|
|
|
- 4568
|
|
|
|
- 9200
|
2017-09-26 15:23:11 +02:00
|
|
|
tripleo::profile::pacemaker::database::mysql_bundle::bind_address:
|
|
|
|
str_replace:
|
|
|
|
template:
|
|
|
|
"%{hiera('fqdn_$NETWORK')}"
|
|
|
|
params:
|
|
|
|
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
2017-08-02 06:13:48 -04:00
|
|
|
-
|
|
|
|
if:
|
|
|
|
- internal_tls_enabled
|
|
|
|
-
|
|
|
|
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
|
|
|
|
get_param: InternalTLSCAFile
|
|
|
|
- {}
|
2017-04-10 14:43:09 +00:00
|
|
|
# BEGIN DOCKER SETTINGS #
|
|
|
|
puppet_config:
|
|
|
|
config_volume: mysql
|
|
|
|
puppet_tags: file # set this even though file is the default
|
|
|
|
step_config:
|
|
|
|
list_join:
|
|
|
|
- "\n"
|
|
|
|
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
|
|
|
|
- "exec {'wait-for-settle': command => '/bin/true' }"
|
|
|
|
- "include ::tripleo::profile::pacemaker::database::mysql_bundle"
|
2017-07-12 11:41:57 +12:00
|
|
|
config_image: {get_param: DockerMysqlConfigImage}
|
2017-04-10 14:43:09 +00:00
|
|
|
kolla_config:
|
|
|
|
/var/lib/kolla/config_files/mysql.json:
|
|
|
|
command: /usr/sbin/pacemaker_remoted
|
|
|
|
config_files:
|
2017-06-21 16:02:55 +02:00
|
|
|
- dest: /etc/libqb/force-filesystem-sockets
|
|
|
|
source: /dev/null
|
|
|
|
owner: root
|
|
|
|
perm: '0644'
|
|
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
|
|
dest: "/"
|
|
|
|
merge: true
|
|
|
|
preserve_properties: true
|
2017-08-02 06:13:48 -04:00
|
|
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
|
|
|
dest: "/"
|
|
|
|
merge: true
|
|
|
|
optional: true
|
|
|
|
preserve_properties: true
|
|
|
|
permissions:
|
2018-03-15 14:15:37 +00:00
|
|
|
- path: /var/log/mysql
|
|
|
|
owner: mysql:mysql
|
|
|
|
recurse: true
|
2017-08-02 06:13:48 -04:00
|
|
|
- path: /etc/pki/tls/certs/mysql.crt
|
|
|
|
owner: mysql:mysql
|
|
|
|
perm: '0600'
|
|
|
|
optional: true
|
|
|
|
- path: /etc/pki/tls/private/mysql.key
|
|
|
|
owner: mysql:mysql
|
|
|
|
perm: '0600'
|
|
|
|
optional: true
|
2019-03-05 19:22:34 -05:00
|
|
|
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
|
2017-04-10 14:43:09 +00:00
|
|
|
docker_config:
|
|
|
|
step_1:
|
|
|
|
mysql_data_ownership:
|
|
|
|
start_order: 0
|
|
|
|
detach: false
|
2017-08-08 09:46:26 +02:00
|
|
|
image: {get_param: DockerMysqlImage}
|
2017-04-10 14:43:09 +00:00
|
|
|
net: host
|
|
|
|
user: root
|
|
|
|
# Kolla does only non-recursive chown
|
|
|
|
command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
|
|
|
|
volumes:
|
2018-09-05 17:28:06 +02:00
|
|
|
- /var/lib/mysql:/var/lib/mysql:z
|
2017-04-10 14:43:09 +00:00
|
|
|
mysql_bootstrap:
|
|
|
|
start_order: 1
|
|
|
|
detach: false
|
2017-08-08 09:46:26 +02:00
|
|
|
image: {get_param: DockerMysqlImage}
|
2017-04-10 14:43:09 +00:00
|
|
|
net: host
|
2017-09-14 14:49:04 +02:00
|
|
|
user: root
|
2017-04-10 14:43:09 +00:00
|
|
|
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
|
2017-07-28 12:13:53 -04:00
|
|
|
command:
|
|
|
|
- 'bash'
|
2018-04-19 19:00:32 +00:00
|
|
|
- '-ec'
|
2017-07-28 12:13:53 -04:00
|
|
|
-
|
|
|
|
list_join:
|
|
|
|
- "\n"
|
|
|
|
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
|
2017-09-14 14:49:04 +02:00
|
|
|
- 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
|
2018-04-19 19:00:32 +00:00
|
|
|
- 'kolla_set_configs'
|
|
|
|
- 'sudo -u mysql -E kolla_extend_start'
|
2017-09-14 14:49:04 +02:00
|
|
|
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
|
2017-07-28 12:13:53 -04:00
|
|
|
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
|
|
|
|
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
|
|
|
|
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
|
|
|
|
- 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
|
2017-04-10 14:43:09 +00:00
|
|
|
volumes: &mysql_volumes
|
|
|
|
list_concat:
|
|
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
|
|
-
|
|
|
|
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
|
2017-06-21 16:02:55 +02:00
|
|
|
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
|
2017-04-10 14:43:09 +00:00
|
|
|
- /var/lib/mysql:/var/lib/mysql
|
|
|
|
environment:
|
|
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
|
|
- KOLLA_BOOTSTRAP=True
|
2017-07-28 12:13:53 -04:00
|
|
|
- DB_MAX_TIMEOUT=60
|
|
|
|
-
|
|
|
|
list_join:
|
|
|
|
- '='
|
|
|
|
- - 'DB_CLUSTERCHECK_PASSWORD'
|
|
|
|
- {get_param: MysqlClustercheckPassword}
|
2017-04-10 14:43:09 +00:00
|
|
|
-
|
|
|
|
list_join:
|
|
|
|
- '='
|
|
|
|
- - 'DB_ROOT_PASSWORD'
|
|
|
|
-
|
|
|
|
yaql:
|
|
|
|
expression: $.data.passwords.where($ != '').first()
|
|
|
|
data:
|
|
|
|
passwords:
|
|
|
|
- {get_param: MysqlRootPassword}
|
|
|
|
- {get_param: [DefaultPasswords, mysql_root_password]}
|
|
|
|
step_2:
|
2018-06-05 14:19:24 +00:00
|
|
|
mysql_restart_bundle:
|
|
|
|
start_order: 0
|
|
|
|
config_volume: mysql
|
|
|
|
detach: false
|
|
|
|
net: host
|
2018-11-13 09:58:36 +01:00
|
|
|
ipc: host
|
2018-06-05 14:19:24 +00:00
|
|
|
user: root
|
2019-02-08 10:56:53 +01:00
|
|
|
environment:
|
|
|
|
- TRIPLEO_MINOR_UPDATE
|
2018-06-05 14:19:24 +00:00
|
|
|
command:
|
|
|
|
- '/usr/bin/bootstrap_host_exec'
|
|
|
|
- 'mysql'
|
|
|
|
- str_replace:
|
|
|
|
template:
|
2019-02-08 10:56:53 +01:00
|
|
|
'if [ x"${TRIPLEO_MINOR_UPDATE,,}" != x"true" ] && /usr/sbin/pcs resource show galera-bundle; then /usr/sbin/pcs resource restart --wait=PCMKTIMEOUT galera-bundle; echo "galera-bundle restart invoked"; fi'
|
2018-06-05 14:19:24 +00:00
|
|
|
params:
|
|
|
|
PCMKTIMEOUT: {get_param: PcmkConfigRestartTimeout}
|
|
|
|
image: {get_param: DockerMysqlImage}
|
|
|
|
volumes:
|
|
|
|
list_concat:
|
|
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
|
|
-
|
|
|
|
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
|
|
|
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
|
2017-04-10 14:43:09 +00:00
|
|
|
mysql_init_bundle:
|
|
|
|
start_order: 1
|
|
|
|
detach: false
|
|
|
|
net: host
|
2018-11-13 09:58:36 +01:00
|
|
|
ipc: host
|
2017-04-10 14:43:09 +00:00
|
|
|
user: root
|
2019-03-08 10:11:35 -05:00
|
|
|
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
2018-01-04 16:23:37 -07:00
|
|
|
list_concat:
|
2019-03-08 10:11:35 -05:00
|
|
|
- - '/container_puppet_apply.sh'
|
2018-01-04 16:23:37 -07:00
|
|
|
- '2'
|
|
|
|
- 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
|
|
|
|
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
|
|
|
|
- if:
|
|
|
|
- puppet_debug_enabled
|
|
|
|
- - '--debug'
|
|
|
|
- - ''
|
2017-08-08 09:46:26 +02:00
|
|
|
image: {get_param: DockerMysqlImage}
|
2017-04-10 14:43:09 +00:00
|
|
|
volumes:
|
2018-01-04 16:23:37 -07:00
|
|
|
list_concat:
|
2019-03-08 10:11:35 -05:00
|
|
|
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
2018-01-04 16:23:37 -07:00
|
|
|
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
2018-09-05 17:28:06 +02:00
|
|
|
- /var/lib/mysql:/var/lib/mysql:rw,z
|
2018-09-16 07:38:35 -04:00
|
|
|
- /var/lib/config-data/puppet-generated/mysql/root:/root:rw
|
2018-04-11 10:36:55 +00:00
|
|
|
environment:
|
|
|
|
# NOTE: this should force this container to re-run on each
|
|
|
|
# update (scale-out, etc.)
|
|
|
|
- list_join:
|
|
|
|
- ''
|
|
|
|
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
|
|
|
|
- {get_param: DeployIdentifier}
|
2017-04-10 14:43:09 +00:00
|
|
|
host_prep_tasks:
|
2018-03-15 14:15:37 +00:00
|
|
|
- name: create persistent directories
|
2017-04-10 14:43:09 +00:00
|
|
|
file:
|
2018-09-05 17:28:06 +02:00
|
|
|
path: "{{ item.path }}"
|
2017-04-10 14:43:09 +00:00
|
|
|
state: directory
|
2018-09-05 17:28:06 +02:00
|
|
|
setype: "{{ item.setype }}"
|
2018-03-15 14:15:37 +00:00
|
|
|
with_items:
|
2019-01-14 16:06:21 +01:00
|
|
|
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
|
2018-09-05 17:28:06 +02:00
|
|
|
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
|
2019-01-14 16:06:21 +01:00
|
|
|
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'}
|
2018-03-15 14:15:37 +00:00
|
|
|
- name: mysql logs readme
|
|
|
|
copy:
|
|
|
|
dest: /var/log/mariadb/readme.txt
|
|
|
|
content: |
|
|
|
|
Log files from mysql containers can be found under
|
|
|
|
/var/log/containers/mysql.
|
|
|
|
ignore_errors: true
|
2017-08-02 06:13:48 -04:00
|
|
|
metadata_settings:
|
2019-01-30 10:38:15 -05:00
|
|
|
get_attr: [MysqlBase, role_data, metadata_settings]
|
2018-11-01 14:27:39 -04:00
|
|
|
deploy_steps_tasks:
|
|
|
|
- name: MySQL tag container image for pacemaker
|
2018-11-29 12:02:21 +01:00
|
|
|
when: step|int == 1
|
2018-11-01 14:27:39 -04:00
|
|
|
import_role:
|
|
|
|
name: tripleo-container-tag
|
|
|
|
vars:
|
|
|
|
container_image: {get_param: DockerMysqlImage}
|
|
|
|
container_image_latest: *mysql_image_pcmklatest
|
2018-01-30 18:23:47 +02:00
|
|
|
update_tasks:
|
|
|
|
- name: Mariadb fetch and retag container image for pacemaker
|
2017-10-11 09:51:08 +03:00
|
|
|
when: step|int == 2
|
2018-01-30 18:23:47 +02:00
|
|
|
block: &mysql_fetch_retag_container_tasks
|
|
|
|
- name: Get docker Mariadb image
|
|
|
|
set_fact:
|
|
|
|
docker_image: {get_param: DockerMysqlImage}
|
|
|
|
docker_image_latest: *mysql_image_pcmklatest
|
|
|
|
- name: Get previous Mariadb image id
|
2018-11-01 14:41:43 -04:00
|
|
|
shell: "{{container_cli}} images | awk '/mariadb.* pcmklatest/{print $3}' | uniq"
|
2018-01-30 18:23:47 +02:00
|
|
|
register: mariadb_image_id
|
|
|
|
- block:
|
|
|
|
- name: Get a list of container using Mariadb image
|
2018-11-01 14:41:43 -04:00
|
|
|
shell: "{{container_cli}} ps -a -q -f 'ancestor={{mariadb_image_id.stdout}}'"
|
2018-01-30 18:23:47 +02:00
|
|
|
register: mariadb_containers_to_destroy
|
|
|
|
# It will be recreated with the delpoy step.
|
|
|
|
- name: Remove any container using the same Mariadb image
|
2018-11-01 14:41:43 -04:00
|
|
|
shell: "{{container_cli}} rm -fv {{item}}"
|
2018-01-30 18:23:47 +02:00
|
|
|
with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}"
|
|
|
|
- name: Remove previous Mariadb images
|
2018-11-01 14:41:43 -04:00
|
|
|
shell: "{{container_cli}} rmi -f {{mariadb_image_id.stdout}}"
|
2018-01-30 18:23:47 +02:00
|
|
|
when:
|
|
|
|
- mariadb_image_id.stdout != ''
|
|
|
|
- name: Pull latest Mariadb images
|
2019-03-21 11:03:03 +01:00
|
|
|
command: "{{container_cli}} pull {{docker_image}}"
|
2018-01-30 18:23:47 +02:00
|
|
|
- name: Retag pcmklatest to latest Mariadb image
|
2018-11-01 14:27:39 -04:00
|
|
|
import_role:
|
|
|
|
name: tripleo-container-tag
|
|
|
|
vars:
|
|
|
|
container_image: "{{docker_image}}"
|
|
|
|
container_image_latest: "{{docker_image_latest}}"
|
2018-01-30 18:23:47 +02:00
|
|
|
# Got to check that pacemaker_is_active is working fine with bundle.
|
|
|
|
# TODO: pacemaker_is_active resource doesn't support bundle.
|
|
|
|
upgrade_tasks:
|
2019-01-16 11:48:06 +01:00
|
|
|
- vars:
|
|
|
|
mysql_upgrade_persist: {get_param: MysqlUpgradePersist}
|
|
|
|
when:
|
|
|
|
- step|int == 1
|
|
|
|
- mysql_upgrade_persist
|
|
|
|
tags:
|
|
|
|
- never
|
|
|
|
- system_upgrade_prepare
|
|
|
|
block:
|
|
|
|
- name: Ban galera from local node
|
|
|
|
command: /usr/sbin/pcs resource ban galera-bundle {{ansible_hostname}} --wait
|
|
|
|
- name: Persist mysql data
|
|
|
|
include_role:
|
|
|
|
name: tripleo-persist
|
|
|
|
tasks_from: persist.yml
|
|
|
|
vars:
|
|
|
|
tripleo_persist_dir: /var/lib/mysql
|
|
|
|
- vars:
|
|
|
|
mysql_upgrade_persist: {get_param: MysqlUpgradePersist}
|
|
|
|
when:
|
|
|
|
- step|int == 1
|
|
|
|
- mysql_upgrade_persist
|
|
|
|
tags:
|
|
|
|
- never
|
|
|
|
- system_upgrade_run
|
|
|
|
block:
|
|
|
|
- name: Restore mysql data
|
|
|
|
include_role:
|
|
|
|
name: tripleo-persist
|
|
|
|
tasks_from: restore.yml
|
|
|
|
vars:
|
|
|
|
tripleo_persist_dir: /var/lib/mysql
|
2018-04-17 13:44:18 +02:00
|
|
|
- when: step|int == 0
|
2018-03-15 14:15:37 +00:00
|
|
|
tags: common
|
2018-04-17 13:44:18 +02:00
|
|
|
block:
|
|
|
|
- name: Get docker Mysql image
|
|
|
|
set_fact:
|
|
|
|
mysql_docker_image_latest: *mysql_image_pcmklatest
|
|
|
|
- name: Check for Mysql Kolla configuration
|
|
|
|
stat:
|
|
|
|
path: /var/lib/config-data/puppet-generated/mysql
|
|
|
|
register: mysql_kolla_config
|
|
|
|
- name: Check if Mysql is already containerized
|
|
|
|
set_fact:
|
|
|
|
mysql_containerized: "{{mysql_kolla_config.stat.isdir | default(false)}}"
|
2019-01-03 13:50:09 +01:00
|
|
|
- name: set is_mysql_bootstrap_node fact
|
|
|
|
set_fact: is_mysql_bootstrap_node={{mysql_short_bootstrap_node_name|lower == ansible_hostname|lower}}
|
2018-04-17 13:44:18 +02:00
|
|
|
- name: Prepare the switch to new galera container image name in pacemaker
|
|
|
|
when: mysql_containerized|bool
|
|
|
|
block:
|
|
|
|
- name: Get galera image id currently used by pacemaker
|
2018-11-01 14:41:43 -04:00
|
|
|
shell: "{{container_cli}} images | awk '/mariadb.* pcmklatest/{print $3}' | uniq"
|
2018-04-17 13:44:18 +02:00
|
|
|
register: galera_current_pcmklatest_id
|
|
|
|
- name: Temporarily tag the current galera image id with the upgraded image name
|
2018-11-01 14:27:39 -04:00
|
|
|
import_role:
|
|
|
|
name: tripleo-container-tag
|
|
|
|
vars:
|
|
|
|
container_image: "{{galera_current_pcmklatest_id.stdout}}"
|
|
|
|
container_image_latest: "{{mysql_docker_image_latest}}"
|
2019-01-31 15:23:18 +01:00
|
|
|
pull_image: false
|
2018-04-17 13:44:18 +02:00
|
|
|
when: galera_current_pcmklatest_id.stdout != ''
|
|
|
|
- name: Check galera cluster resource status
|
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
|
|
|
state: show
|
|
|
|
check_mode: false
|
|
|
|
ignore_errors: true
|
|
|
|
register: galera_pcs_res_result
|
|
|
|
- name: Set fact galera_pcs_res
|
|
|
|
set_fact:
|
|
|
|
galera_pcs_res: "{{galera_pcs_res_result|succeeded}}"
|
2018-01-30 18:23:47 +02:00
|
|
|
- name: Mysql baremetal to container upgrade tasks
|
|
|
|
when:
|
2018-02-23 14:53:08 +00:00
|
|
|
- step|int == 1
|
|
|
|
- not mysql_containerized|bool
|
2017-10-11 09:51:08 +03:00
|
|
|
block:
|
2018-01-30 18:23:47 +02:00
|
|
|
- name: Check cluster resource status
|
2017-10-11 09:51:08 +03:00
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
2018-01-30 18:23:47 +02:00
|
|
|
state: master
|
|
|
|
check_mode: true
|
|
|
|
ignore_errors: true
|
|
|
|
register: galera_res
|
2019-01-03 13:50:09 +01:00
|
|
|
- when: (is_mysql_bootstrap_node) and (galera_res|succeeded)
|
2018-01-30 18:23:47 +02:00
|
|
|
block:
|
|
|
|
- name: Disable the galera cluster resource
|
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
|
|
|
state: disable
|
|
|
|
wait_for_resource: true
|
|
|
|
register: output
|
|
|
|
retries: 5
|
|
|
|
until: output.rc == 0
|
|
|
|
- name: Delete the stopped galera cluster resource.
|
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
|
|
|
state: delete
|
|
|
|
wait_for_resource: true
|
|
|
|
register: output
|
|
|
|
retries: 5
|
|
|
|
until: output.rc == 0
|
|
|
|
- name: Disable mysql service
|
|
|
|
service: name=mariadb enabled=no
|
|
|
|
- name: Remove clustercheck service from xinetd
|
|
|
|
file: state=absent path=/etc/xinetd.d/galera-monitor
|
|
|
|
- name: Restart xinetd service after clustercheck removal
|
|
|
|
service: name=xinetd state=restarted
|
2018-04-20 13:39:56 +03:00
|
|
|
- name: Update galera pcs resource bundle for new container image
|
2018-03-15 14:15:37 +00:00
|
|
|
when:
|
|
|
|
- step|int == 1
|
|
|
|
- mysql_containerized|bool
|
2019-01-03 13:50:09 +01:00
|
|
|
- is_mysql_bootstrap_node
|
2018-04-17 13:44:18 +02:00
|
|
|
- galera_pcs_res|bool
|
2018-03-15 14:15:37 +00:00
|
|
|
block:
|
2018-04-20 13:39:56 +03:00
|
|
|
- name: Disable the galera cluster resource before container upgrade
|
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
|
|
|
state: disable
|
|
|
|
wait_for_resource: true
|
|
|
|
register: output
|
|
|
|
retries: 5
|
|
|
|
until: output.rc == 0
|
|
|
|
- name: Move Mysql logging to /var/log/containers
|
2018-03-15 14:15:37 +00:00
|
|
|
block:
|
2018-04-20 13:39:56 +03:00
|
|
|
- name: Check Mysql logging configuration in pacemaker
|
|
|
|
command: cibadmin --query --xpath "//storage-mapping[@id='mysql-log']"
|
|
|
|
ignore_errors: true
|
|
|
|
register: mysql_logs_moved
|
|
|
|
- name: Change Mysql logging configuration in pacemaker
|
|
|
|
# rc == 6 means the configuration doesn't exist in the CIB
|
|
|
|
when: mysql_logs_moved.rc == 6
|
|
|
|
block:
|
|
|
|
- name: Add a bind mount for logging in the galera bundle
|
|
|
|
command: pcs resource bundle update galera-bundle storage-map add id=mysql-log source-dir=/var/log/containers/mysql target-dir=/var/log/mysql options=rw
|
|
|
|
- name: Reconfigure Mysql log file in the galera resource agent
|
|
|
|
command: pcs resource update galera log=/var/log/mysql/mysqld.log
|
|
|
|
- name: Update the galera bundle to use the new container image name
|
|
|
|
command: "pcs resource bundle update galera-bundle container image={{mysql_docker_image_latest}}"
|
|
|
|
- name: Enable the galera cluster resource
|
|
|
|
pacemaker_resource:
|
|
|
|
resource: galera
|
|
|
|
state: enable
|
|
|
|
wait_for_resource: true
|
|
|
|
register: output
|
|
|
|
retries: 5
|
|
|
|
until: output.rc == 0
|
2018-02-23 14:53:08 +00:00
|
|
|
- name: Retag the pacemaker image if containerized
|
|
|
|
when:
|
|
|
|
- step|int == 3
|
|
|
|
- mysql_containerized|bool
|
|
|
|
block: *mysql_fetch_retag_container_tasks
|
2018-02-21 15:23:22 +00:00
|
|
|
- name: Check and upgrade Mysql database after major version upgrade
|
Upgrade: make bundles use new container image name after upgrade
The major_upgrade tasks for HA services only allows to change the container
image tag used by bundles. It doesn't work when the image name changes.
Fix this unwanted behaviour by updating the bundle's attribute in pacemaker
to use container image <NEW>:pcmklatest instead of <CURRENT>:pcmklatest
We are constrained by the steps at when we can modify the bundle:
. Image update must stay at step 3 when pacemaker is stopped.
. image name used by the bundle must be available in docker when the
bundle is updated
So we re-use the double tagging idiom to perform the image update:
. At step 0, we tag the image pointed to by <CURRENT>:pcmklatest
with an additional temporary tag <NEW>:pcmklatest.
=> this ensures that at step1, the new tag is available on all
controller nodes.
. At step 1, we update the resource bundle to use the new image
name <NEW>:pcmklatest.
=> at the end of step1, the bundle will be configured with the
new name, and be able to start even if the real container
image hasn't be pulled yet.
. At step 3, the existing code will download the real image
<NEW>:<NEWTAG> and make tag <NEW>:pcmklatest point to it.
Since the bundle is always modified, we now stop and restart the
bundle resources unconditionally.
Also, move the mariadb upgrade task to step 3, when pacemaker is
guaranteed to be stopped, because the task assumes that no mysql
is running while it runs. Fix the mysql permission after rpm
upgrade on the host.
Change-Id: Ic87a66753b104b9f15db70fdccbd66d88cef94df
Closes-Bug: #1763001
2018-04-11 11:57:59 +00:00
|
|
|
when: step|int == 3
|
2018-02-21 15:23:22 +00:00
|
|
|
block:
|
Upgrade: make bundles use new container image name after upgrade
The major_upgrade tasks for HA services only allows to change the container
image tag used by bundles. It doesn't work when the image name changes.
Fix this unwanted behaviour by updating the bundle's attribute in pacemaker
to use container image <NEW>:pcmklatest instead of <CURRENT>:pcmklatest
We are constrained by the steps at when we can modify the bundle:
. Image update must stay at step 3 when pacemaker is stopped.
. image name used by the bundle must be available in docker when the
bundle is updated
So we re-use the double tagging idiom to perform the image update:
. At step 0, we tag the image pointed to by <CURRENT>:pcmklatest
with an additional temporary tag <NEW>:pcmklatest.
=> this ensures that at step1, the new tag is available on all
controller nodes.
. At step 1, we update the resource bundle to use the new image
name <NEW>:pcmklatest.
=> at the end of step1, the bundle will be configured with the
new name, and be able to start even if the real container
image hasn't be pulled yet.
. At step 3, the existing code will download the real image
<NEW>:<NEWTAG> and make tag <NEW>:pcmklatest point to it.
Since the bundle is always modified, we now stop and restart the
bundle resources unconditionally.
Also, move the mariadb upgrade task to step 3, when pacemaker is
guaranteed to be stopped, because the task assumes that no mysql
is running while it runs. Fix the mysql permission after rpm
upgrade on the host.
Change-Id: Ic87a66753b104b9f15db70fdccbd66d88cef94df
Closes-Bug: #1763001
2018-04-11 11:57:59 +00:00
|
|
|
# mariadb package changes ownership of /var/lib/mysql on package
|
|
|
|
# update, so update here rather than in tripleo-package, to
|
|
|
|
# guarantee that ownership is fixed at the end of step 3
|
|
|
|
- name: Update host mariadb packages
|
|
|
|
when: step|int == 3
|
2018-07-20 14:03:57 -04:00
|
|
|
package: name=mariadb-server-galera state=latest
|
2018-02-21 15:23:22 +00:00
|
|
|
- name: Mysql upgrade script
|
|
|
|
set_fact:
|
|
|
|
mysql_upgrade_script:
|
|
|
|
# idempotency: mysql_upgrade leaves a marker file
|
|
|
|
# in datadir, it does nothing if it has already been
|
|
|
|
# executed for the current version of MariaDB.
|
|
|
|
list_join:
|
|
|
|
- ' '
|
Upgrade: make bundles use new container image name after upgrade
The major_upgrade tasks for HA services only allows to change the container
image tag used by bundles. It doesn't work when the image name changes.
Fix this unwanted behaviour by updating the bundle's attribute in pacemaker
to use container image <NEW>:pcmklatest instead of <CURRENT>:pcmklatest
We are constrained by the steps at when we can modify the bundle:
. Image update must stay at step 3 when pacemaker is stopped.
. image name used by the bundle must be available in docker when the
bundle is updated
So we re-use the double tagging idiom to perform the image update:
. At step 0, we tag the image pointed to by <CURRENT>:pcmklatest
with an additional temporary tag <NEW>:pcmklatest.
=> this ensures that at step1, the new tag is available on all
controller nodes.
. At step 1, we update the resource bundle to use the new image
name <NEW>:pcmklatest.
=> at the end of step1, the bundle will be configured with the
new name, and be able to start even if the real container
image hasn't be pulled yet.
. At step 3, the existing code will download the real image
<NEW>:<NEWTAG> and make tag <NEW>:pcmklatest point to it.
Since the bundle is always modified, we now stop and restart the
bundle resources unconditionally.
Also, move the mariadb upgrade task to step 3, when pacemaker is
guaranteed to be stopped, because the task assumes that no mysql
is running while it runs. Fix the mysql permission after rpm
upgrade on the host.
Change-Id: Ic87a66753b104b9f15db70fdccbd66d88cef94df
Closes-Bug: #1763001
2018-04-11 11:57:59 +00:00
|
|
|
- - '{% if mysql_containerized %}kolla_set_configs; {% endif %}'
|
|
|
|
- 'chown -R mysql:mysql /var/lib/mysql;'
|
2018-02-21 15:23:22 +00:00
|
|
|
- 'mysqld_safe --user=mysql --wsrep-provider=none --skip-networking --wsrep-on=off &'
|
|
|
|
- 'timeout 60 sh -c ''while ! mysqladmin ping --silent; do sleep 1; done'';'
|
|
|
|
- 'mysql_upgrade;'
|
|
|
|
- 'mysqladmin shutdown'
|
|
|
|
- name: Bind mounts for temporary container
|
|
|
|
set_fact:
|
|
|
|
mysql_upgrade_db_bind_mounts: *mysql_volumes
|
|
|
|
- name: Upgrade Mysql database from a temporary container
|
|
|
|
shell:
|
|
|
|
str_replace:
|
|
|
|
template:
|
2019-03-13 11:17:10 +01:00
|
|
|
'CONTAINER_CLI run --rm --log-driver=syslog -u root --net=host UPGRADE_ENV UPGRADE_VOLUMES "UPGRADE_IMAGE" /bin/bash -ecx "UPGRADE_SCRIPT"'
|
2018-02-21 15:23:22 +00:00
|
|
|
params:
|
|
|
|
UPGRADE_ENV: '-e "KOLLA_CONFIG_STRATEGY=COPY_ALWAYS"'
|
|
|
|
UPGRADE_IMAGE: *mysql_image_pcmklatest
|
|
|
|
UPGRADE_VOLUMES: "-v {{ mysql_upgrade_db_bind_mounts | union(['/tmp/mariadb-upgrade:/var/log/mariadb:rw']) | join(' -v ')}}"
|
|
|
|
UPGRADE_SCRIPT: "{{mysql_upgrade_script}}"
|
2019-03-13 11:17:10 +01:00
|
|
|
CONTAINER_CLI: "{{ container_cli }}"
|
2018-02-21 15:23:22 +00:00
|
|
|
when: mysql_containerized|bool
|
|
|
|
- name: Upgrade Mysql database from the host
|
|
|
|
shell: /bin/bash -ecx "{{mysql_upgrade_script}}"
|
|
|
|
when: not mysql_containerized|bool
|
2019-01-17 13:21:18 +01:00
|
|
|
external_upgrade_tasks:
|
|
|
|
- vars:
|
|
|
|
mysql_upgrade_transfer: {get_param: MysqlUpgradeTransfer}
|
|
|
|
when:
|
|
|
|
- step|int == 1
|
|
|
|
- mysql_upgrade_transfer
|
|
|
|
tags:
|
|
|
|
- never
|
|
|
|
- system_upgrade_transfer_data
|
|
|
|
block:
|
|
|
|
- name: Disable mysql
|
2019-03-07 15:09:30 +01:00
|
|
|
become: true
|
2019-01-17 13:21:18 +01:00
|
|
|
command: /usr/sbin/pcs resource disable galera-bundle --wait
|
|
|
|
delegate_to: "{{hostvars[groups['overcloud'][0]]['mysql_short_node_names'][1]}}"
|
|
|
|
- name: Transfer mysql data
|
|
|
|
include_role:
|
|
|
|
name: tripleo-transfer
|
|
|
|
vars:
|
|
|
|
tripleo_transfer_src_dir: /var/lib/mysql
|
|
|
|
tripleo_transfer_src_host: "{{hostvars[groups['overcloud'][0]]['mysql_short_node_names'][1]}}"
|
|
|
|
tripleo_transfer_dest_dir: /var/lib/mysql
|
|
|
|
tripleo_transfer_dest_host: "{{hostvars[groups['overcloud'][0]]['mysql_short_bootstrap_node_name']}}"
|
2018-07-05 16:16:56 +02:00
|
|
|
fast_forward_upgrade_tasks:
|
|
|
|
- when:
|
|
|
|
- step|int == 6
|
|
|
|
- release == 'ocata'
|
|
|
|
- is_bootstrap_node|bool
|
|
|
|
block:
|
2019-02-25 19:18:09 +01:00
|
|
|
- name: Remove whitespaces in .my.cnf
|
|
|
|
replace:
|
|
|
|
path: /root/.my.cnf
|
|
|
|
regexp: '^ +'
|
|
|
|
replace: ''
|
2018-07-05 16:16:56 +02:00
|
|
|
- name: Create cell0 db
|
|
|
|
mysql_db:
|
|
|
|
name: nova_cell0
|
|
|
|
state: present
|
2019-02-25 19:18:09 +01:00
|
|
|
login_unix_socket: '/var/lib/mysql/mysql.sock'
|
2018-07-05 16:16:56 +02:00
|
|
|
- name: Grant access to cell0 db
|
|
|
|
mysql_user:
|
|
|
|
name: nova
|
|
|
|
host_all: yes
|
|
|
|
state: present
|
|
|
|
priv: '*.*:ALL'
|
2019-02-25 19:18:09 +01:00
|
|
|
login_unix_socket: '/var/lib/mysql/mysql.sock'
|