From 75e0cf106aaf7a5973ef7f5f05b9cfcbcf0a7986 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 3 Aug 2021 09:09:41 -0700
Subject: [PATCH] Remove the mysql support from our gerrit role and image

We are now using the mariadb jdbc connector in production and no longer
need to include the mysql legacy connector in our images. We also don't
need support for h2 or mysql as testing and prod are all using the
mariadb connector and local database.

Note this is a separate change to ensure everything is happy with the
mariadb connector before we remove the fallback mysql connector from our
images.

Change-Id: I982d3c3c026a5351bff567ce7fbb32798718ec1b
---
 docker/gerrit/base/Dockerfile                 |  5 +--
 .../host_vars/review02.opendev.org.yaml       |  1 -
 playbooks/roles/gerrit/README.rst             | 23 ++++--------
 playbooks/roles/gerrit/defaults/main.yaml     |  1 -
 playbooks/roles/gerrit/tasks/backup.yaml      | 36 ++++---------------
 playbooks/roles/gerrit/tasks/main.yaml        | 30 ++++++----------
 .../gerrit/templates/docker-compose.yaml.j2   |  4 ---
 .../roles/gerrit/templates/secure.config.j2   |  6 ----
 .../zuul/templates/group_vars/review.yaml.j2  |  1 -
 9 files changed, 25 insertions(+), 82 deletions(-)

diff --git a/docker/gerrit/base/Dockerfile b/docker/gerrit/base/Dockerfile
index aadee0b46a..60236b625b 100644
--- a/docker/gerrit/base/Dockerfile
+++ b/docker/gerrit/base/Dockerfile
@@ -58,9 +58,10 @@ RUN mkdir /var/gerrit/bin \
   && mkdir /var/gerrit/hooks \
   && mkdir /var/gerrit/static
 
-# Download mysql-connector so that gerrit doens't download it during init.
+# Download mariadb java client.
+# Modern gerrit stopped downloading missing libs during init which means we
+# need to do the downland and install ourselves.
 RUN mkdir /var/gerrit/lib && \
-  wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.43/mysql-connector-java-5.1.43.jar -O /var/gerrit/lib/mysql-connector-java.jar && \
   wget https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.2/mariadb-java-client-2.7.2.jar -O /var/gerrit/lib/mariadb-java-client.jar
 
 # Allow incoming traffic
diff --git a/inventory/service/host_vars/review02.opendev.org.yaml b/inventory/service/host_vars/review02.opendev.org.yaml
index b7f6c0dd05..2cd9dca1f4 100644
--- a/inventory/service/host_vars/review02.opendev.org.yaml
+++ b/inventory/service/host_vars/review02.opendev.org.yaml
@@ -60,7 +60,6 @@ gerrit_vhost_name: review.opendev.org
 gerrit_serverid: 4a232e18-c5a9-48ee-94c0-e04e7cca6543
 gerrit_redirect_vhost: review.openstack.org
 gerrit_heap_limit: 96g
-gerrit_reviewdb_database_type: mariadb_container
 letsencrypt_certs:
   review02-opendev-org-main:
     - review.opendev.org
diff --git a/playbooks/roles/gerrit/README.rst b/playbooks/roles/gerrit/README.rst
index a415076d2d..6bd0ea7ae1 100644
--- a/playbooks/roles/gerrit/README.rst
+++ b/playbooks/roles/gerrit/README.rst
@@ -1,32 +1,21 @@
 Run Gerrit.
 
+This role assumes it will have a local MariaDB running adjacent to the
+Gerrit service. Variables below configure MariaDB connection details.
+
 **Role Variables**
 
-.. zuul:rolevar:: gerrit_reviewdb_database_type
-   :default: h2
-
-   Database to use for the reviewdb
-
-   One of
-
-    * h2 : use local h2 database, not for production
-    * mysql : connect to existing mysql instance
-    * mariadb_container : run a sibling mariadb container
-
 .. zuul:rolevar:: gerrit_reviewdb_mariadb_dbname
    :default: gerrit
 
-   When ``gerrit_reviewdb_database_type`` is ``mariadb_container``; the default
-   database to make and connect to.
+   The database to make and connect to.
 
 .. zuul:rolevar:: gerrit_reviewdb_mariadb_username
    :default: gerrit
 
-   When ``gerrit_reviewdb_database_type`` is ``mariadb_container``; the default
-   user to make and connect with.
+   The user to make and connect with.
 
 .. zuul:rolevar:: gerrit_reviewdb_mariadb_password
    :default: <unset>
 
-   When ``gerrit_reviewdb_database_type`` is ``mariadb_container``; the default
-   password to set for ``gerrit_reviewdb_mariadb_username``
+   The password to set for ``gerrit_reviewdb_mariadb_username``
diff --git a/playbooks/roles/gerrit/defaults/main.yaml b/playbooks/roles/gerrit/defaults/main.yaml
index ad8d166380..359aefbc79 100644
--- a/playbooks/roles/gerrit/defaults/main.yaml
+++ b/playbooks/roles/gerrit/defaults/main.yaml
@@ -24,6 +24,5 @@ gerrit_container_volumes:
 gerrit_project_creator_user: openstack-project-creator
 gerrit_manage_projects_args: "-v"
 gerrit_track_upstream: true
-gerrit_reviewdb_database_type: h2
 gerrit_reviewdb_mariadb_username: gerrit
 gerrit_reviewdb_mariadb_dbname: accountPatchReviewDb
diff --git a/playbooks/roles/gerrit/tasks/backup.yaml b/playbooks/roles/gerrit/tasks/backup.yaml
index db74b9441c..5bd2d14774 100644
--- a/playbooks/roles/gerrit/tasks/backup.yaml
+++ b/playbooks/roles/gerrit/tasks/backup.yaml
@@ -3,27 +3,6 @@
     path: /etc/borg-streams
     state: directory
 
-- name: Setup remote mysql backup jobs
-  when: gerrit_reviewdb_database_type == 'mysql'
-  block:
-    # NOTE(ianw) 2021-02-19 We are explicitly backing up just
-    # accountPatchReviewDb because "--all-databases" doesn't work with
-    # our trove instance
-    #  https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1914695
-    - name: Create accountPatchReviewDb streaming file
-      copy:
-        content: >-
-            /usr/bin/mysqldump --defaults-file=/root/.gerrit_db.cnf --skip-extended-insert --ignore-table mysql.event --single-transaction --databases accountPatchReviewDb
-        dest: /etc/borg-streams/mysql-accountPatchReviewDb
-
-    - name: Set up cron job to back up gerrit db to disk
-      cron:
-        name: gerrit-backup
-        user: root
-        hour: 0
-        minute: 0
-        job: '/usr/bin/mysqldump --defaults-file=/root/.gerrit_db.cnf --opt --ignore-table mysql.event --single-transaction --databases accountPatchReviewDb | gzip -9 > /home/gerrit2/mysql_backups/gerrit.sql.gz'
-
 # NOTE(ianw) 2021-06-09 : we don't also keep an on-disk backup as we
 # did for the old mysql instance above because it's easy to restore
 # from borg now (in the past with bup it was a real pain to extract
@@ -32,12 +11,9 @@
 #  # borg-mount <backup-server>
 # the dump file will be under
 #  /opt/backups/review02-mariadb-<date>T<time>/mariadb
-- name: Setup container mariadb backup jobs
-  when: gerrit_reviewdb_database_type == 'mariadb_container'
-  block:
-    - name: Create mariadb streaming file
-      copy:
-        content: >-
-            /usr/local/bin/docker-compose -f /etc/gerrit-compose/docker-compose.yaml exec -T mariadb
-            bash -c '/usr/bin/mysqldump --all-databases --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"'
-        dest: /etc/borg-streams/mariadb
+- name: Create mariadb streaming file to setup mariadb backup jobs
+  copy:
+    content: >-
+        /usr/local/bin/docker-compose -f /etc/gerrit-compose/docker-compose.yaml exec -T mariadb
+        bash -c '/usr/bin/mysqldump --all-databases --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"'
+    dest: /etc/borg-streams/mariadb
diff --git a/playbooks/roles/gerrit/tasks/main.yaml b/playbooks/roles/gerrit/tasks/main.yaml
index f5444f5b1a..f06eeffe2e 100644
--- a/playbooks/roles/gerrit/tasks/main.yaml
+++ b/playbooks/roles/gerrit/tasks/main.yaml
@@ -284,30 +284,20 @@
 - name: Start gerrit
   include_tasks: start.yaml
 
-- name: Set up root mysql conf file
-  when: gerrit_reviewdb_database_type == 'mysql'
+- name: Setup reviewdb directory for mariadb
+  file:
+    state: directory
+    path: /home/gerrit2/reviewdb
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Set up root mariadb conf file
   template:
-    src: root.my.cnf.mysql.j2
+    src: root.my.cnf.mariadb_container.j2
     dest: /root/.gerrit_db.cnf
     mode: 0400
 
-- name: Setup mariadb container
-  when: gerrit_reviewdb_database_type == 'mariadb_container'
-  block:
-    - name: Setup reviewdb directory
-      file:
-        state: directory
-        path: /home/gerrit2/reviewdb
-        owner: root
-        group: root
-        mode: 0755
-
-    - name: Set up root mariadb conf file
-      template:
-        src: root.my.cnf.mariadb_container.j2
-        dest: /root/.gerrit_db.cnf
-        mode: 0400
-
 - name: Set up cron job to optmize git repos
   cron:
     name: optmize-git-repos
diff --git a/playbooks/roles/gerrit/templates/docker-compose.yaml.j2 b/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
index 99ff14f14b..98ef98b41f 100644
--- a/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/gerrit/templates/docker-compose.yaml.j2
@@ -1,6 +1,5 @@
 version: '2'
 services:
-{% if gerrit_reviewdb_database_type == 'mariadb_container' %}
   mariadb:
     image: docker.io/library/mariadb:10.4
     network_mode: host
@@ -18,14 +17,11 @@ services:
       driver: syslog
       options:
         tag: "docker-mariadb"
-{% endif %}
   gerrit:
     image: {{ gerrit_container_image }}
-{% if gerrit_reviewdb_database_type == 'mariadb_container' %}
     depends_on:
       - mariadb
     command: ["/wait-for-it.sh", "127.0.0.1:3306", "--", "/run-gerrit.sh"]
-{% endif %}
     network_mode: host
     user: gerrit
     stop_signal: SIGHUP
diff --git a/playbooks/roles/gerrit/templates/secure.config.j2 b/playbooks/roles/gerrit/templates/secure.config.j2
index dc0ed39b94..ce80b29345 100644
--- a/playbooks/roles/gerrit/templates/secure.config.j2
+++ b/playbooks/roles/gerrit/templates/secure.config.j2
@@ -1,11 +1,5 @@
-{% if gerrit_reviewdb_database_type == 'mysql' %}
-[accountPatchReviewDb]
-	url = jdbc:mysql://{{ gerrit_mysql_host }}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password={{ gerrit_mysql_password }}
-{% endif %}
-{% if gerrit_reviewdb_database_type == 'mariadb_container' %}
 [accountPatchReviewDb]
 	url = jdbc:mariadb://127.0.0.1:3306/{{ gerrit_reviewdb_mariadb_dbname }}?sessionVariables=character_set_client=utf8,character_set_results=utf8,character_set_connection=utf8,collation_connection=utf8_unicode_ci,collation_database=utf8_unicode_ci,collation_server=utf8_unicode_ci&user={{ gerrit_reviewdb_mariadb_username }}&password={{ gerrit_reviewdb_mariadb_password }}
-{% endif %}
 [auth]
 	registerEmailPrivateKey = {{ gerrit_email_private_key }}
 {% if gerrit_rest_token_private_key is defined %}
diff --git a/playbooks/zuul/templates/group_vars/review.yaml.j2 b/playbooks/zuul/templates/group_vars/review.yaml.j2
index ec83d5f4e3..8b84b71fc2 100644
--- a/playbooks/zuul/templates/group_vars/review.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/review.yaml.j2
@@ -84,7 +84,6 @@ gerrit_replication_ssh_rsa_key_contents: |
   edHQJDKx5PktPWsAAAAgbW9yZHJlZEBNb250eXMtTWFjQm9vay1BaXIubG9jYWwBAgM=
   -----END OPENSSH PRIVATE KEY-----
 gerrit_replication_ssh_rsa_pubkey_contents: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQhZQ0z+RVPmOzY2f56N9/PrqDeHftvnagPJyOOXnCd/9N0j+stFWNmavvb8y4dRZ+y6lOJpzPYEahwUUXZHAanz5l5as+VihWq7ldcMxSPnmkC9zr65Z8eNDcM2Bzk8gx5e4DE6OgpWkc6ke9MpwI5dmfW7o53gQZkdSc94TuLr+ZCYUKo7fScsVeE+F9dT0PLyW0zU7c23PzYnkKcrB9ihpQfSfbJj9EAtsA3aA8ZdHt78i5r7+0u0JZxaWoKjkCfYqC8ofbTU61YuUO8TTgNgMC6ZzBmTRdRRRKdGun+m1fqtgIqPSi+iZpKnERgg/hPwY+gqcKh+svW6pgCDhJ gerrit-code-review-replication
-gerrit_reviewdb_database_type: mariadb_container
 gerrit_reviewdb_mariadb_password: password
 gerrit_run_compose_up: true
 gerrit_run_init: true