openstack/openstack-ansible-galera_server
Code Issues Proposed changes

Convert xinetd clustercheck to systemd socket service

Browse Source 
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/826602
Change-Id: I76e7498b1676a2b4c550fda049f332aa209ce53d
This commit is contained in:
Jonathan Rosser 2022-01-10 12:57:19 -05:00
parent 18d8de22dc
commit 41553dfa7a
9 changed files with 50 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -66,7 +66,7 @@ galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}"
galera_monitoring_user: monitoring
galera_monitoring_user_password: ""
# WARNING: Set this to open xinetd rules for galera monitoring.
# WARNING: Set this to open IP rules for galera monitoring.
# This is REQUIRED to run a working openstack-ansible deployment.
# If it's undefined the galera cluster state can't be reported,
# and haproxy would fail to do proper load balancing on the cluster.
@ -74,6 +74,7 @@ galera_monitoring_user_password: ""
# should be restricted, which we do in the integrated build.
# Please override accordingly to your use case.
# This can be replaced with other hostnames, cidr, ips, and ips + wildcards.
# See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
#
#galera_monitoring_allowed_source: "0.0.0.0/0"

6
handlers/main.yml
View File

@ -99,12 +99,6 @@
listen: Manage LB
when: false
- name: Restart xinetd
service:
name: xinetd
state: "{{ (galera_monitoring_check_enabled | bool) | ternary('restarted', 'stopped') }}"
enabled: "{{ galera_monitoring_check_enabled | bool }}"
- name: Delete encryption keyfile after starting Galera
file:
path: "/tmp/.keyfile.key"

5
releasenotes/notes/remove_xinetd-1970838891f570cc.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- |
The xinetd script and configuration to run the 'clustercheck' script is
replaced with a systemd socket activated service.

10
tasks/galera_server_main.yml
View File

@ -108,16 +108,6 @@
tags:
- always
- include_tasks: tasks/galera_server_xinetd.yml
when:
- galera_monitoring_check_enabled | bool
args:
apply:
tags:
- galera_server-config
tags:
- always
- include_tasks: galera_server_backups.yml
when:
- galera_mariadb_backups_enabled | bool

43
tasks/galera_server_post_install.yml
View File

@ -28,6 +28,28 @@
when: galera_upgrade | bool
notify: Reload the systemd daemon
# TODO (jrosser) Remove all of these xinetd cleanup tasks in the Z release
- name: Clean up legacy xinetd config
file:
path: "/etc/xinetd.d/mysqlchk"
state: absent
register: legacy_xinetd
- name: Remove legacy galera service check from /etc/services
lineinfile:
dest: /etc/services
state: absent
regexp: '^mysqlchk'
line: 'mysqlchk 9200/tcp # MySQL check'
backup: yes
register: legacy_services
- name: Restart xinetd service
service:
name: xinetd
state: restarted
when: (legacy_xinetd is changed or legacy_services is changed)
- name: Run the systemd service role
import_role:
name: systemd_service
@ -37,6 +59,21 @@
- service_name: "{{ galera_mariadb_service_name }}"
systemd_overrides_only: True
systemd_overrides: "{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}"
- service_name: "mariadbcheck@"
service_type: "oneshot"
execstarts: "-/usr/local/bin/clustercheck"
enabled: False
load: False
standard_output: "socket"
sockets:
- socket_name: "mariadbcheck"
enabled: "{{ galera_monitoring_check_enabled }}"
state: "restarted"
options:
ListenStream: "{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}"
IPAddressDeny: any
IPAddressAllow: "{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}"
Accept: "yes"
tags:
- galera-service
@ -164,3 +201,9 @@
src: "galera_new_cluster.j2"
dest: "/usr/local/bin/galera_new_cluster"
mode: "0750"
- name: Create clustercheck script
template:
src: "clustercheck.j2"
dest: "/usr/local/bin/clustercheck"
mode: "0755"

36
tasks/galera_server_xinetd.yml
View File

@ -1,36 +0,0 @@
---
# Copyright 2021, BBC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create clustercheck script
template:
src: "clustercheck.j2"
dest: "/usr/local/bin/clustercheck"
mode: "0755"
- name: Create mysqlchk config
template:
src: "mysqlchk.j2"
dest: "/etc/xinetd.d/mysqlchk"
mode: "0644"
notify:
- Restart xinetd
- name: Add galera service check to services
lineinfile:
dest: /etc/services
state: present
regexp: '^mysqlchk'
line: 'mysqlchk 9200/tcp # MySQL check'
backup: yes

20
templates/mysqlchk.j2
View File

@ -1,20 +0,0 @@
# default: on
# description: mysqlchk
# {{ ansible_managed }}
service mysqlchk
{
disable = no
flags = REUSE
socket_type = stream
port = {{ galera_monitoring_check_port }}
wait = no
user = nobody
server = /usr/local/bin/clustercheck
log_on_failure += USERID
{% if galera_monitoring_allowed_source is defined %}
only_from = {{ galera_monitoring_allowed_source }}
{% else %}
no_access
{% endif %}
per_source = UNLIMITED
}

1
vars/debian.yml
View File

@ -35,7 +35,6 @@ galera_server_required_distro_packages:
- libstdc++6
- python3-pymysql # needed by mysql_user
- software-properties-common
- xinetd
galera_etc_conf_file: "/etc/mysql/my.cnf"
galera_etc_include_dir: "/etc/mysql/conf.d"

1
vars/redhat.yml
View File

@ -33,7 +33,6 @@ galera_server_required_distro_packages:
- MariaDB-client
- MariaDB-devel
- python3-PyMySQL
- xinetd
galera_etc_conf_file: "/etc/mysql/my.cnf"
galera_etc_include_dir: "/etc/mysql/conf.d"