tripleo-heat-templates/docker/services/pacemaker/database/mysql.yaml
Carlos Camacho 1e318b569e Ensure logs folder is created in prep hosts tasks.
We have non fatal errors in the upgrade
jobs execution if the logs folder is not
created when adding the readme.txt file
to clarify the possible locations of
the logs.

Closes-Bug: 1811708
Change-Id: Ibc0a266bdc6630eaf34bfadeff21f7bd72fa75ad
2019-01-18 09:28:56 +01:00

525 lines
22 KiB
YAML

heat_template_version: rocky
description: >
MySQL service deployment with pacemaker bundle
parameters:
DockerMysqlImage:
description: image
type: string
DockerMysqlConfigImage:
description: The container image to use for the mysql config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
MysqlRootPassword:
type: string
hidden: true
default: ''
MysqlClustercheckPassword:
type: string
hidden: true
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
PcmkConfigRestartTimeout:
default: 600
description: Time in seconds to wait for a pcmk resource to restart when
a config change is detected and the resource is being restarted
type: number
ContainerCli:
type: string
default: 'docker'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
resources:
ContainersCommon:
type: ../../containers-common.yaml
MysqlPuppetBase:
type: ../../../../puppet/services/pacemaker/database/mysql.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Containerized service MySQL using composable services.
value:
service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
list_join:
- ':'
- - yaql:
data: {get_param: DockerMysqlImage}
expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
- 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo::profile::pacemaker::database::mysql_bundle::container_backend: {get_param: ContainerCli}
tripleo::mysql::firewall_rules:
'104 mysql galera-bundle':
dport:
- 873
- 3123
- 3306
- 4444
- 4567
- 4568
- 9200
tripleo::profile::pacemaker::database::mysql_bundle::bind_address:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-
if:
- internal_tls_enabled
-
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
get_param: InternalTLSCAFile
- {}
# BEGIN DOCKER SETTINGS #
puppet_config:
config_volume: mysql
puppet_tags: file # set this even though file is the default
step_config:
list_join:
- "\n"
- - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
- "exec {'wait-for-settle': command => '/bin/true' }"
- "include ::tripleo::profile::pacemaker::database::mysql_bundle"
config_image: {get_param: DockerMysqlConfigImage}
kolla_config:
/var/lib/kolla/config_files/mysql.json:
command: /usr/sbin/pacemaker_remoted
config_files:
- dest: /etc/libqb/force-filesystem-sockets
source: /dev/null
owner: root
perm: '0644'
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
optional: true
preserve_properties: true
permissions:
- path: /var/log/mysql
owner: mysql:mysql
recurse: true
- path: /etc/pki/tls/certs/mysql.crt
owner: mysql:mysql
perm: '0600'
optional: true
- path: /etc/pki/tls/private/mysql.key
owner: mysql:mysql
perm: '0600'
optional: true
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
docker_config:
step_1:
mysql_data_ownership:
start_order: 0
detach: false
image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
volumes:
- /var/lib/mysql:/var/lib/mysql:z
mysql_bootstrap:
start_order: 1
detach: false
image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
- '-ec'
-
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
- 'kolla_set_configs'
- 'sudo -u mysql -E kolla_extend_start'
- 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
- 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
volumes: &mysql_volumes
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- /var/lib/mysql:/var/lib/mysql
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
- DB_MAX_TIMEOUT=60
-
list_join:
- '='
- - 'DB_CLUSTERCHECK_PASSWORD'
- {get_param: MysqlClustercheckPassword}
-
list_join:
- '='
- - 'DB_ROOT_PASSWORD'
-
yaql:
expression: $.data.passwords.where($ != '').first()
data:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
step_2:
mysql_restart_bundle:
start_order: 0
config_volume: mysql
detach: false
net: host
ipc: host
user: root
command:
- '/usr/bin/bootstrap_host_exec'
- 'mysql'
- str_replace:
template:
'if /usr/sbin/pcs resource show galera-bundle; then /usr/sbin/pcs resource restart --wait=PCMKTIMEOUT galera-bundle; echo "galera-bundle restart invoked"; fi'
params:
PCMKTIMEOUT: {get_param: PcmkConfigRestartTimeout}
image: {get_param: DockerMysqlImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
mysql_init_bundle:
start_order: 1
detach: false
net: host
ipc: host
user: root
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
- - '/docker_puppet_apply.sh'
- '2'
- 'file,file_line,concat,augeas,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
- 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
- if:
- puppet_debug_enabled
- - '--debug'
- - ''
image: {get_param: DockerMysqlImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /var/lib/mysql:/var/lib/mysql:rw,z
- /var/lib/config-data/puppet-generated/mysql/root:/root:rw
environment:
# NOTE: this should force this container to re-run on each
# update (scale-out, etc.)
- list_join:
- ''
- - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier}
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'}
- name: mysql logs readme
copy:
dest: /var/log/mariadb/readme.txt
content: |
Log files from mysql containers can be found under
/var/log/containers/mysql.
ignore_errors: true
metadata_settings:
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
deploy_steps_tasks:
- name: MySQL tag container image for pacemaker
when: step|int == 1
import_role:
name: tripleo-container-tag
vars:
container_image: {get_param: DockerMysqlImage}
container_image_latest: *mysql_image_pcmklatest
update_tasks:
- name: Mariadb fetch and retag container image for pacemaker
when: step|int == 2
block: &mysql_fetch_retag_container_tasks
- name: Get docker Mariadb image
set_fact:
docker_image: {get_param: DockerMysqlImage}
docker_image_latest: *mysql_image_pcmklatest
- name: Get previous Mariadb image id
shell: "{{container_cli}} images | awk '/mariadb.* pcmklatest/{print $3}' | uniq"
register: mariadb_image_id
- block:
- name: Get a list of container using Mariadb image
shell: "{{container_cli}} ps -a -q -f 'ancestor={{mariadb_image_id.stdout}}'"
register: mariadb_containers_to_destroy
# It will be recreated with the delpoy step.
- name: Remove any container using the same Mariadb image
shell: "{{container_cli}} rm -fv {{item}}"
with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}"
- name: Remove previous Mariadb images
shell: "{{container_cli}} rmi -f {{mariadb_image_id.stdout}}"
when:
- mariadb_image_id.stdout != ''
- name: Pull latest Mariadb images
command: "docker pull {{docker_image}}"
- name: Retag pcmklatest to latest Mariadb image
import_role:
name: tripleo-container-tag
vars:
container_image: "{{docker_image}}"
container_image_latest: "{{docker_image_latest}}"
# Got to check that pacemaker_is_active is working fine with bundle.
# TODO: pacemaker_is_active resource doesn't support bundle.
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Get docker Mysql image
set_fact:
mysql_docker_image_latest: *mysql_image_pcmklatest
- name: Check for Mysql Kolla configuration
stat:
path: /var/lib/config-data/puppet-generated/mysql
register: mysql_kolla_config
- name: Check if Mysql is already containerized
set_fact:
mysql_containerized: "{{mysql_kolla_config.stat.isdir | default(false)}}"
- name: set is_mysql_bootstrap_node fact
set_fact: is_mysql_bootstrap_node={{mysql_short_bootstrap_node_name|lower == ansible_hostname|lower}}
- name: Prepare the switch to new galera container image name in pacemaker
when: mysql_containerized|bool
block:
- name: Get galera image id currently used by pacemaker
shell: "{{container_cli}} images | awk '/mariadb.* pcmklatest/{print $3}' | uniq"
register: galera_current_pcmklatest_id
- name: Temporarily tag the current galera image id with the upgraded image name
import_role:
name: tripleo-container-tag
vars:
container_image: "{{galera_current_pcmklatest_id.stdout}}"
container_image_latest: "{{mysql_docker_image_latest}}"
when: galera_current_pcmklatest_id.stdout != ''
- name: Check galera cluster resource status
pacemaker_resource:
resource: galera
state: show
check_mode: false
ignore_errors: true
register: galera_pcs_res_result
- name: Set fact galera_pcs_res
set_fact:
galera_pcs_res: "{{galera_pcs_res_result|succeeded}}"
- name: Mysql baremetal to container upgrade tasks
when:
- step|int == 1
- not mysql_containerized|bool
block:
- name: Check cluster resource status
pacemaker_resource:
resource: galera
state: master
check_mode: true
ignore_errors: true
register: galera_res
- when: (is_mysql_bootstrap_node) and (galera_res|succeeded)
block:
- name: Disable the galera cluster resource
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: Delete the stopped galera cluster resource.
pacemaker_resource:
resource: galera
state: delete
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: Disable mysql service
service: name=mariadb enabled=no
- name: Remove clustercheck service from xinetd
file: state=absent path=/etc/xinetd.d/galera-monitor
- name: Restart xinetd service after clustercheck removal
service: name=xinetd state=restarted
- name: Update galera pcs resource bundle for new container image
when:
- step|int == 1
- mysql_containerized|bool
- is_mysql_bootstrap_node
- galera_pcs_res|bool
block:
- name: Disable the galera cluster resource before container upgrade
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: Move Mysql logging to /var/log/containers
block:
- name: Check Mysql logging configuration in pacemaker
command: cibadmin --query --xpath "//storage-mapping[@id='mysql-log']"
ignore_errors: true
register: mysql_logs_moved
- name: Change Mysql logging configuration in pacemaker
# rc == 6 means the configuration doesn't exist in the CIB
when: mysql_logs_moved.rc == 6
block:
- name: Add a bind mount for logging in the galera bundle
command: pcs resource bundle update galera-bundle storage-map add id=mysql-log source-dir=/var/log/containers/mysql target-dir=/var/log/mysql options=rw
- name: Reconfigure Mysql log file in the galera resource agent
command: pcs resource update galera log=/var/log/mysql/mysqld.log
- name: Update the galera bundle to use the new container image name
command: "pcs resource bundle update galera-bundle container image={{mysql_docker_image_latest}}"
- name: Enable the galera cluster resource
pacemaker_resource:
resource: galera
state: enable
wait_for_resource: true
register: output
retries: 5
until: output.rc == 0
- name: Retag the pacemaker image if containerized
when:
- step|int == 3
- mysql_containerized|bool
block: *mysql_fetch_retag_container_tasks
- name: Check and upgrade Mysql database after major version upgrade
when: step|int == 3
block:
# mariadb package changes ownership of /var/lib/mysql on package
# update, so update here rather than in tripleo-package, to
# guarantee that ownership is fixed at the end of step 3
- name: Update host mariadb packages
when: step|int == 3
package: name=mariadb-server-galera state=latest
- name: Mysql upgrade script
set_fact:
mysql_upgrade_script:
# idempotency: mysql_upgrade leaves a marker file
# in datadir, it does nothing if it has already been
# executed for the current version of MariaDB.
list_join:
- ' '
- - '{% if mysql_containerized %}kolla_set_configs; {% endif %}'
- 'chown -R mysql:mysql /var/lib/mysql;'
- 'mysqld_safe --user=mysql --wsrep-provider=none --skip-networking --wsrep-on=off &'
- 'timeout 60 sh -c ''while ! mysqladmin ping --silent; do sleep 1; done'';'
- 'mysql_upgrade;'
- 'mysqladmin shutdown'
- name: Bind mounts for temporary container
set_fact:
mysql_upgrade_db_bind_mounts: *mysql_volumes
- name: Upgrade Mysql database from a temporary container
shell:
str_replace:
template:
'/usr/bin/docker run --rm --log-driver=syslog -u root --net=host UPGRADE_ENV UPGRADE_VOLUMES "UPGRADE_IMAGE" /bin/bash -ecx "UPGRADE_SCRIPT"'
params:
UPGRADE_ENV: '-e "KOLLA_CONFIG_STRATEGY=COPY_ALWAYS"'
UPGRADE_IMAGE: *mysql_image_pcmklatest
UPGRADE_VOLUMES: "-v {{ mysql_upgrade_db_bind_mounts | union(['/tmp/mariadb-upgrade:/var/log/mariadb:rw']) | join(' -v ')}}"
UPGRADE_SCRIPT: "{{mysql_upgrade_script}}"
when: mysql_containerized|bool
- name: Upgrade Mysql database from the host
shell: /bin/bash -ecx "{{mysql_upgrade_script}}"
when: not mysql_containerized|bool
fast_forward_upgrade_tasks:
- when:
- step|int == 6
- release == 'ocata'
- is_bootstrap_node|bool
block:
- name: Create cell0 db
mysql_db:
name: nova_cell0
state: present
- name: Grant access to cell0 db
mysql_user:
name: nova
host_all: yes
state: present
priv: '*.*:ALL'