In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: I5f7e27158a4bf8f4bf14d4a5e32cc9204441da02
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
Once we've removed network.target from wanted targets for
mariadbcheck.socket, it started to fail to startup intermitently in LXC
deployments, since it was trying to bind on IP address that is not
brought up yet. At the same time we can't wait for IP being up, as
OVS while providing network, waits for socket.target as it needs
to have ovsdb started up, so waiting for network.target does
create circular dependency.
To avoid that we're allowing socket to bind on IP even when IP is not
UP yet. Other possible solution would be to bind on 0.0.0.0.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/872896
Change-Id: Ia4cde2153813e68419d261cd94e3017523177142
Closes-Bug: #2003631
Related-Bug: #2002653
As of today bare metal scenarion does contain systemd ordering cycle [1]
due to mariadbcheck.socket waiting for network.target while being
part of that target. Removing that dependency solves the cycle.
[1] https://paste.openstack.org/show/bE9UlN6dK8awqZl3uwrQ/
Closes-Bug: #2002653
Change-Id: If4729eca992a0e647e2f15b3d77ad6300bbf9c12
We used to overwrite /etc/mysql/debian.cnf file that is provided by
package when we were resetting root password for mariadb. That was
required as otherwise systemd couldn't manage service properly.
Now, when galera_root_user can be different then root, we don't need to
do this and can rely on defaults.
Change-Id: Ia8305121900d28aca28a80c6c9d6a664aec40214
Closes-Bug: #1979726
Keystone role was never migrated to usage of haproxy-endpoints role
and included task was used instead the whole time.
With that to reduce complexity and to have unified approach, all mention
of the role and handler are removed from the code.
Change-Id: I2a83e31a9de998cd10dd95fc0cffc1ad68061da5
Control mysql datadir with variable. Decrease code dublication since path
is heavily used in different places. If path needs to be changed
overriding config won't be enough.
Change-Id: I6fcefe216236ffea60da5fee42aad47c6f7da133
During upgrades or cluster repairments, temporary directories are created
inside /var/lib/mysql and treated as databases. This results in errors
during mysqlcheck like:
`Got error: 1102: Incorrect database name '#mysql50#tmp.stLr46FBlt'`
Path outside of datadir is not choosen since it could be separate mount
point and it's important for replication
to survive reboots.
Change-Id: Ia110dd9ed09b04f6bb7a0a3adf5a808966558507
Once upgrade is done and release is branched, we can cleanup
task that was added for upgrade purposes only
Change-Id: Ibe1bc6f5cee30ab0682078dfe3ce5464336cf822
Since we still use ceph-ansible that has their own implementation of
config_template module it's worth to use mentioned module as a collection
explicitly.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819814
Change-Id: I97990584dfe72bec3173595a3ba04f2651d9e7df
Supports two scenarios:
1) variables defined in defaults/main.yml are sufficient to create
a root/intermediate CA certificate for mariadb when this role
is used outside openstack-ansible.
2) when:
openstack_pki_dir
openstack_pki_setup_host
openstack_pki_authorities
openstack_pki_service_intermediate_cert_name
are defined, an external CA already created on the deploy host
with a previous run of ansible-role-pki will be used as the CA.
Server certificates for the galera instances are created from the
data in galera_pki_certificates in both situations
Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/807771
Change-Id: I72738e4f8bd2233dedbed4428baafd4436de84b5
Instead of placing bunch of templates, we can use our systemd_role
that is capable of placing just overrides file, that will have same
functionality but also provide ability to easily add required data into
systemd overrides.
Change-Id: I7b3b0f4da047f82a49266ef57fba2fbaa24cebdc
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I50bb0f00658e292f39269c3980109e56319a00ca
When galera_root_user is set to non-root user current behaviour is
to place my.cnf file as a part of the server setup, however
this non-root user is not created yet. User creation is handled
after server proper bootstrap and handlers flush. Having my.cnf
file in place makes bootstrap script fail, since it tries to use
credentials from this file which are not valid yet.
Instead we allow client part of the role to configure my.cnf
on metal deployments and set galera_root_user credentials
in it once user is properly created
Change-Id: I88edfe87fd134bdbcf199a48443fc063740a8604
The configuration of mariadb is done mostly in handlers and previously
the code would install the xinetd clustercheck script before calling
flush_handlers to bootstrap and initialise the database. This leads
to a situation where the clustercheck may be attempting to interact
with the database during bootstrapping and before the monitoring user
has been created.
This change moves the setup tasks for the clustercheck service until
after the database has been bootstrapped and the users created. This
means that any healthchecks from the loadbalancer will not be seen by
the database until after the setup is completed during the initial
deployment.
Change-Id: Ibd55306a5c17bc0a4333e43725f1637420a2c9d9
After bumping version to mariadb 10.4 upgrade path has been broken
as service name and packages have new naming patterns
for a while.
We also temporary disable ubuntu upgrade jobs to be able
to merge patch.
Change-Id: I3696b3131de424a4b30ff016da714aef22af4e59
Patch aims to use next stable release of MariaDB
Remove no_log from functional tests, the only credentials used here
are for the purposes of the test and debug output is valuable.
Change-Id: Ic4cdc26ddf1cb0591f0a2218355b7cca7af0b0fb
