From 41553dfa7a3ad5b16a4e8d75798bf32c4f83081e Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Mon, 10 Jan 2022 12:57:19 -0500 Subject: [PATCH] Convert xinetd clustercheck to systemd socket service Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/826602 Change-Id: I76e7498b1676a2b4c550fda049f332aa209ce53d --- defaults/main.yml | 3 +- handlers/main.yml | 6 --- .../notes/remove_xinetd-1970838891f570cc.yaml | 5 +++ tasks/galera_server_main.yml | 10 ----- tasks/galera_server_post_install.yml | 43 +++++++++++++++++++ tasks/galera_server_xinetd.yml | 36 ---------------- templates/mysqlchk.j2 | 20 --------- vars/debian.yml | 1 - vars/redhat.yml | 1 - 9 files changed, 50 insertions(+), 75 deletions(-) create mode 100644 releasenotes/notes/remove_xinetd-1970838891f570cc.yaml delete mode 100644 tasks/galera_server_xinetd.yml delete mode 100644 templates/mysqlchk.j2 diff --git a/defaults/main.yml b/defaults/main.yml index f32dfc50..4f70b2a6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -66,7 +66,7 @@ galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}" galera_monitoring_user: monitoring galera_monitoring_user_password: "" -# WARNING: Set this to open xinetd rules for galera monitoring. +# WARNING: Set this to open IP rules for galera monitoring. # This is REQUIRED to run a working openstack-ansible deployment. # If it's undefined the galera cluster state can't be reported, # and haproxy would fail to do proper load balancing on the cluster. @@ -74,6 +74,7 @@ galera_monitoring_user_password: "" # should be restricted, which we do in the integrated build. # Please override accordingly to your use case. # This can be replaced with other hostnames, cidr, ips, and ips + wildcards. +# See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html # #galera_monitoring_allowed_source: "0.0.0.0/0" diff --git a/handlers/main.yml b/handlers/main.yml index 0a1cc9de..c708c82d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -99,12 +99,6 @@ listen: Manage LB when: false -- name: Restart xinetd - service: - name: xinetd - state: "{{ (galera_monitoring_check_enabled | bool) | ternary('restarted', 'stopped') }}" - enabled: "{{ galera_monitoring_check_enabled | bool }}" - - name: Delete encryption keyfile after starting Galera file: path: "/tmp/.keyfile.key" diff --git a/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml b/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml new file mode 100644 index 00000000..35b4a212 --- /dev/null +++ b/releasenotes/notes/remove_xinetd-1970838891f570cc.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The xinetd script and configuration to run the 'clustercheck' script is + replaced with a systemd socket activated service. diff --git a/tasks/galera_server_main.yml b/tasks/galera_server_main.yml index 139c57b9..3e4e6d12 100644 --- a/tasks/galera_server_main.yml +++ b/tasks/galera_server_main.yml @@ -108,16 +108,6 @@ tags: - always -- include_tasks: tasks/galera_server_xinetd.yml - when: - - galera_monitoring_check_enabled | bool - args: - apply: - tags: - - galera_server-config - tags: - - always - - include_tasks: galera_server_backups.yml when: - galera_mariadb_backups_enabled | bool diff --git a/tasks/galera_server_post_install.yml b/tasks/galera_server_post_install.yml index 65b0730f..01470531 100644 --- a/tasks/galera_server_post_install.yml +++ b/tasks/galera_server_post_install.yml @@ -28,6 +28,28 @@ when: galera_upgrade | bool notify: Reload the systemd daemon +# TODO (jrosser) Remove all of these xinetd cleanup tasks in the Z release +- name: Clean up legacy xinetd config + file: + path: "/etc/xinetd.d/mysqlchk" + state: absent + register: legacy_xinetd + +- name: Remove legacy galera service check from /etc/services + lineinfile: + dest: /etc/services + state: absent + regexp: '^mysqlchk' + line: 'mysqlchk 9200/tcp # MySQL check' + backup: yes + register: legacy_services + +- name: Restart xinetd service + service: + name: xinetd + state: restarted + when: (legacy_xinetd is changed or legacy_services is changed) + - name: Run the systemd service role import_role: name: systemd_service @@ -37,6 +59,21 @@ - service_name: "{{ galera_mariadb_service_name }}" systemd_overrides_only: True systemd_overrides: "{{ galera_init_defaults | combine(galera_init_overrides, recursive=True) }}" + - service_name: "mariadbcheck@" + service_type: "oneshot" + execstarts: "-/usr/local/bin/clustercheck" + enabled: False + load: False + standard_output: "socket" + sockets: + - socket_name: "mariadbcheck" + enabled: "{{ galera_monitoring_check_enabled }}" + state: "restarted" + options: + ListenStream: "{{ galera_server_bind_address }}:{{ galera_monitoring_check_port }}" + IPAddressDeny: any + IPAddressAllow: "{{ (galera_monitoring_allowed_source is defined) | ternary(galera_monitoring_allowed_source, 'localhost') }}" + Accept: "yes" tags: - galera-service @@ -164,3 +201,9 @@ src: "galera_new_cluster.j2" dest: "/usr/local/bin/galera_new_cluster" mode: "0750" + +- name: Create clustercheck script + template: + src: "clustercheck.j2" + dest: "/usr/local/bin/clustercheck" + mode: "0755" diff --git a/tasks/galera_server_xinetd.yml b/tasks/galera_server_xinetd.yml deleted file mode 100644 index c9d7fed1..00000000 --- a/tasks/galera_server_xinetd.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Copyright 2021, BBC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create clustercheck script - template: - src: "clustercheck.j2" - dest: "/usr/local/bin/clustercheck" - mode: "0755" - -- name: Create mysqlchk config - template: - src: "mysqlchk.j2" - dest: "/etc/xinetd.d/mysqlchk" - mode: "0644" - notify: - - Restart xinetd - -- name: Add galera service check to services - lineinfile: - dest: /etc/services - state: present - regexp: '^mysqlchk' - line: 'mysqlchk 9200/tcp # MySQL check' - backup: yes diff --git a/templates/mysqlchk.j2 b/templates/mysqlchk.j2 deleted file mode 100644 index ca6348d0..00000000 --- a/templates/mysqlchk.j2 +++ /dev/null @@ -1,20 +0,0 @@ -# default: on -# description: mysqlchk -# {{ ansible_managed }} -service mysqlchk -{ - disable = no - flags = REUSE - socket_type = stream - port = {{ galera_monitoring_check_port }} - wait = no - user = nobody - server = /usr/local/bin/clustercheck - log_on_failure += USERID - {% if galera_monitoring_allowed_source is defined %} - only_from = {{ galera_monitoring_allowed_source }} - {% else %} - no_access - {% endif %} - per_source = UNLIMITED -} diff --git a/vars/debian.yml b/vars/debian.yml index 19397f07..94f4bbd8 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -35,7 +35,6 @@ galera_server_required_distro_packages: - libstdc++6 - python3-pymysql # needed by mysql_user - software-properties-common - - xinetd galera_etc_conf_file: "/etc/mysql/my.cnf" galera_etc_include_dir: "/etc/mysql/conf.d" diff --git a/vars/redhat.yml b/vars/redhat.yml index 5c1f32bd..6aee99d4 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -33,7 +33,6 @@ galera_server_required_distro_packages: - MariaDB-client - MariaDB-devel - python3-PyMySQL - - xinetd galera_etc_conf_file: "/etc/mysql/my.cnf" galera_etc_include_dir: "/etc/mysql/conf.d"