This commit changes the queries to use % instead
of %% in the Host field of CREATE USER and GRANT
ALL statements.
It also uplifts fresh jammy images for mariadb.
Change-Id: I6779f55d962bc9d8efc3b3bfe05b72cbe0b7f863
This is the action item to implement the spec:
doc/source/specs/2025.1/chart_versioning.rst
Also add overrides env variables
- OSH_VALUES_OVERRIDES_PATH
- OSH_INFRA_VALUES_OVERRIDES_PATH
This commit temporarily disables all jobs that involve scripts
in the OSH git repo because they need to be updated to work
with the new values_overrides structure in the OSH-infra repo.
Once this is merged I4974785c904cf7c8730279854e3ad9b6b7c35498
all these disabled test jobs must be enabled.
Depends-On: I327103c18fc0e10e989a17f69b3bff9995c45eb4
Change-Id: I7bfdef3ea2128bbb4e26e3a00161fe30ce29b8e7
When name of storage class is specified as default, do not add
storageClassName option to let kubernetes pick a default
Change-Id: I25c60e49ba770ce10ea2ec68c3555ffea49848fe
Allow to set terminationGracePeriodSeconds for server instace to let
more time to shutdown all clients gracefully.
Increase timeout to 600 seconds by default.
Change-Id: I1f4ba7d5ca50d1282cedfacffbe818af7ccc60f2
It was observed that under certain circumstances
galera instances can use old IP address of the node
after pod restart. This patch changes the value of
wsrep_cluster_address variable - instead of listing
all dns names of the cluster nodes the discovery service
IP address is used. In this case cluster_node_address is set to IP
address instead of DNS name - otherwise SST method will fail.
Co-Authored-By: Oleksii Grudev <ogrudev@mirantis.com>
Change-Id: I8059f28943150785abd48316514c0ffde56dfde5
The method was deprecated and later dropped, switch to is_alive()
Co-Authored-By: dbiletskiy <dbiletskiy@mirantis.com>
Change-Id: Ie259d0e59c68c9884e85025b1e44bcd347f45eff
* Move all probes into single script to reduce code duplication
* Check free disk percent, fail when we consume 99% to avoid
data corruption
* Do not restart container when SST is in progress
Change-Id: I6efc7596753dc988aa9edd7ade4d57107db98bdd
Make 'data too old' timeout dependent on state report interval. Increase
timeout to 5 times of report interval.
Change-Id: I0c350f9e64b65546965002d0d6a1082fd91f6f58
Sometimes "endpoints_dict" var can be evaluated to None
resulting in "TypeError: 'NoneType' object is not iterable"
error. This patch catches the exception while getting
list of endpoints and checks the value of
endpoints_dict. Also the amount of active endpoints is being logged
for debug purposes.
Change-Id: I79f6b0b5ced8129b9a28c120b61e3ee050af4336
The retries were originally added at [0] but they were never working.
We pass fixed revision that we would like to see during patch to avoid
race condition, into the safe_update_configmap. We can't organize retries
inside function as it will require change of the original revision which
may happen only at upper layer. Revert patch partially.
[0] https://review.opendev.org/c/openstack/openstack-helm-infra/+/788886
Change-Id: I81850d5e534a3cfb3c4993275757c244caec8be9
Stop monitor cluster and leader election threads on sigkill.
This allows to terminate all threads from start.py and actually
exit earlier than terminationGracePeriod in statefulset.
Drop preStop hook which is redundant with stop_mysqld() function call.
Change-Id: Ibc4b7604f00b1c5b3a398370dafed4d19929fd7d
During cold start we pick leader node by seqno. When node is running
of finished non gracefully seqno may stay as -1 unless periodic task
update its based on local grastate.dat or will detect latest seqno via
wsrep_recover. This patch adds an unfinite waiter to leader election
function to wait unless all nodes report seqno different that -1 to make
sure we detect leader based on correct data.
Change-Id: Id042f6f4c915b21b905bde4d57d40e159d924772
Add job that waits when initial bootstrapping of cluster is completed
which is required to pause db creation and initialization when cluster
is not fully bootstrapped.
Change-Id: I705df1a1b1a34f464dc36a36dd7964f8a7bf72d9
Ingress deployment is not used for a while and there are
more elegant ways to provide same functionality based on
controller to pick up master service.
Remove ingress deployment completely.
Change-Id: Ica5d778f5122f8a4f0713353aa5e0ef4e21c77f8
Deploy exporter as a sidecar to provide correct mysql metrics.
Co-Authored-By: Oleh Hryhorov <ohryhorov@mirantis.com>
Change-Id: I25cfeaf7f95f772d2b3c07a6a91220d0154b4eea
Switch to namespaced based endpoints to remove requirement
configure kubernetes internal cluster domain name which can't
be get from kubernetes API.
Change-Id: I8808153a83e3cec588765797d66d728bb6133a5c
This patch adds mairadb controller that is responsible to mark one
ready pod as mariadb_role: primary to forward all traffic to it.
This will allow to drop nginx ingress controller which adds extra
hops between client and server and uses heavy customized nginx templates.
Change-Id: I3b29bc2029bfd39754516e73a09e4e14c52ccc99
This PS bumps up ingress-nginx controller version
to v1.11.2 in mariadb chart due to CVE
vulnerability.
nginx.tmpl from mariadb chart has been updated to
match the latest 1.11.2 ingress-controller image.
Change-Id: Ie2fd811f8123515f567afde62bbbb290d58dd1b2
- Add 2024.1 overrides to those charts where
there are overrides for previous releases.
- Update some jobs to use 2024.1 overrides.
- Update default images in grafana, postgresql,
nagios, ceph-rgw, ceph-provisioners,
kubernetes-node-problem-detector
- Install tzdata package on K8s nodes. This
is necessary for kubernetes-node-problem-detector
chart which mounts /etc/localtime from hosts.
Change-Id: I343995c422b8d35fa902d22abf8fdd4d0f6f7334
Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.
Change-Id: I6349a57494ed8b1e3c4b618f5bd82705bef42f7a
This PS switches mariadb to use primary service by
default instead of ingress based deployment. The
primary service that is getting created and
automatically updated based on the leader election
process in start.py entrypoint script.
Mariadb primary service was introduced by this PS:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/905797
Change-Id: I4992276d0902d277a7a81f2730c22635b15794b0
This PS adds mariadb-server-primary service that is getting created
and automatically updated based on the leader election process in
start.py entrypoint script.
Change-Id: I1d8a8db0ce8102e5e23f7efdeedd139726ffff28
Signed-off-by: Sergiy Markin <smarkin@mirantis.com>
The names of a few configuration variables have changed in version 1.9.
EnableRealIp to EnableRealIP
HttpAccessLogPath to HTTPAccessLogPath
whitelist to allowlist
Whitelist to Allowlist
Additionally,
ajp_temp_path
is no longer valid.
Change-Id: I2ebb658bd237216c43306dab6cd7f7a1ca6388ac
This PS adds a possibility to limit (to throttle) the number of
simultaneously uploaded backups while keeping the logic on the client
side using flag files on remote side. The main idea is to have an
ability to limit number of simultaneous remote backups upload sessions.
Change-Id: I5464004d4febfbe20df9cd41ca62ceb9fd6f0c0d
This PS removes mariadb-verify-server sidecar container from
mariadb-backup cronjob in order to make backup process more resilient.
Change-Id: I2517c2de435ead34397ca0483610f511c8035bdf
This PS adds staggered backups possibility by adding anti-affinity rules
to backups cronjobs that can be followed across several namespaces to
decrease load on remote backup destination server making sure that at
every moment in time there is only one backup upload is in progress.
Change-Id: If49791f866a73a08fb98fa0e0b4854042d079c66
This PS adds mariadb-cluster chart based on mariadb-operator. Also for
some backward compartibility this PS adds mariadb-backup chart and
prometheus-mysql-exporter chart as a separate ones.
Change-Id: I3f652375cce2e3b45e095e08d2e6f4ae73b8d8f0
To make it easier to maintain the jobs all experimental
jobs (those which are not run in check and gate pipelines)
are moved to a separate file. They will be revised later
to use the same deploy-env role.
Also many charts use Openstack images for testing this
PR adds 2023.1 Ubuntu Focal overrides for all these charts.
Change-Id: I4a6fb998c7eb1026b3c05ddd69f62531137b6e51
Update liveness probe script to accept pods either sending
or receiving a SST, and avoid killing them.
Change-Id: I4ad95c45a7ab7e5e1cec2b4696671b6055cc10e7
HTK - added verify_databases_backup_in_directory function that is
going to be defined inside mariadb/postgresql/etcd charts.
Mariadb chart - added verify_databases_backup_archives function
implementation.
Added mariadb-verify container to mariadb-backup cronjob to run
verification process.
Added remove backup verification pocess - comparition of local and remote file md5 hashes.
PostgreSQL chart - added empty implementation of verify_databases_backup_archives() function. This is a subject for future realization.
Change-Id: I361cdb92c66b0b27539997d697adfd1e93c9a29d
In an environment with helmv3, it was noticed that the mariadb
helmrelease is failing to render properly due to unsupported map key
type (int).
This change quickly fix this problem by quoting the value, forcing it to
be rendered as a string.
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I2f2be87d0f79ca439e731d07354bcd5f149790d5
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
Readiness probe that we currently have does not help with restarting a
pod that got stuck in a transfer state reported by
wsrep_local_state_comment.
root@mariadb-server-2:/# mysql_status_query wsrep_ready
OFF
root@mariadb-server-2:/# mysql_status_query wsrep_connected
ON
root@mariadb-server-2:/# mysql_status_query wsrep_cluster_status
non-Primary
root@mariadb-server-2:/# mysql_status_query wsrep_local_state_comment
Transfer
So the idea is to add a liveness probe that will take care of this.
Change-Id: I2ccecc75349667fe19c6f7f9dccc2dbbd17d0a5e
This patch adds database sys to the list of databases
to be ignored by backup/restore scripts in mariadb chart.
Change-Id: Ida7965bc583ada2c7ca4800c8ff5d6761fb3913a
This patchset is adding update priviledge to ingress cluster role in order to let it to update mariadb state configmap. The problem appeared after upgrading nginx controller up to v1.1.3 in https://review.opendev.org/c/openstack/openstack-helm-infra/+/840691
Change-Id: I962ac336bf6b3588db88b04e2259de1aa20b1221
