diff --git a/defaults/main.yml b/defaults/main.yml index 0ceff36d..d9d8c28e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -40,11 +40,12 @@ galera_server_proxy_protocol_networks: "" # distro specific variable files found in vars/ galera_debconf_items: [] galera_mariadb_service_name: mariadb +galera_mariadb_client_binary: mariadb galera_mariadb_server_package: "{{ (galera_install_method == 'external_repo') | ternary(_galera_mariadb_external_repo_package, 'mariadb-server') }}" # The major version used to select the repo URL path -galera_major_version: 10.11 -galera_minor_version: 8 +galera_major_version: 11.4 +galera_minor_version: 4 # Set the URL for the MariaDB repository galera_repo_host: "mirror.mariadb.org" @@ -245,7 +246,12 @@ galera_pki_certificates: - name: "galera_{{ ansible_facts['hostname'] }}" provider: ownca cn: "{{ ansible_facts['hostname'] }}" - san: "{{ 'DNS:' ~ ansible_facts['hostname'] ~ ',' ~ ((galera_address | ansible.utils.ipaddr) is string) | ternary('IP', 'DNS') ~ ':' ~ galera_address }}" + san: >- + {{ + 'DNS:' ~ ansible_facts['hostname'] ~ ',' ~ ( + (galera_address | ansible.utils.ipaddr) is string) | ternary('IP', 'DNS') ~ ':' ~ galera_address ~ + ',IP:' ~ management_address + }} signed_by: "{{ galera_pki_intermediate_cert_name }}" galera_use_ssl: false diff --git a/handlers/main.yml b/handlers/main.yml index b8946a01..9ba021e9 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -15,7 +15,7 @@ - name: Check node status command: > - mysql --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' + {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' failed_when: false changed_when: false register: node_status @@ -25,7 +25,7 @@ - name: Check if node is in the cluster command: > - mysql --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_incoming_addresses";' + {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_incoming_addresses";' failed_when: false changed_when: false register: incoming_addresses diff --git a/tasks/galera_server_cluster_state.yml b/tasks/galera_server_cluster_state.yml index 0a2142dd..e6f41c13 100644 --- a/tasks/galera_server_cluster_state.yml +++ b/tasks/galera_server_cluster_state.yml @@ -15,7 +15,7 @@ - name: Check node status command: > - mysql --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' + {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW STATUS LIKE "wsrep_local_state";' failed_when: false changed_when: false register: _node_status @@ -33,7 +33,7 @@ - name: Check cluster name command: > - mysql --silent --skip-column-names --connect-timeout=10 -e 'SHOW VARIABLES LIKE "wsrep_cluster_name";' + {{ galera_mariadb_client_binary }} --silent --skip-column-names --connect-timeout=10 -e 'SHOW VARIABLES LIKE "wsrep_cluster_name";' failed_when: false changed_when: false register: _cluster_name diff --git a/tasks/galera_server_upgrade.yml b/tasks/galera_server_upgrade.yml index ace546ec..e7ebe582 100644 --- a/tasks/galera_server_upgrade.yml +++ b/tasks/galera_server_upgrade.yml @@ -17,8 +17,8 @@ # version. If it is not assume it's nothing is installed. - name: Check mysql version shell: > - if which mysql; then - mysql -e "SHOW VARIABLES LIKE 'version';" --batch --skip-column-names | grep -w "{{ galera_major_version }}" + if which {{ galera_mariadb_client_binary }}; then + {{ galera_mariadb_client_binary }} -e "SHOW VARIABLES LIKE 'version';" --batch --skip-column-names | grep -w "{{ galera_major_version }}" fi register: mysqladmin_version changed_when: false diff --git a/templates/cluster.cnf.j2 b/templates/cluster.cnf.j2 index 0831f6fe..30365f7e 100644 --- a/templates/cluster.cnf.j2 +++ b/templates/cluster.cnf.j2 @@ -48,3 +48,6 @@ wsrep_retry_autocommit = {{ galera_wsrep_retry_autocommit }} [mariabackup] parallel = {{ galera_mariabackup_threads }} +# NOTE(noonedeadpunk): We ignore cert verification due to bug +# https://jira.mariadb.org/browse/MDEV-35368 +skip-ssl-verify-server-cert diff --git a/templates/clustercheck.j2 b/templates/clustercheck.j2 index 8d7ca629..c362dd32 100644 --- a/templates/clustercheck.j2 +++ b/templates/clustercheck.j2 @@ -65,10 +65,10 @@ if [[ -n "$MYSQL_PORT" ]]; then fi if [[ -r $DEFAULTS_EXTRA_FILE ]]; then - MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \ + MYSQL_CMDLINE="{{ galera_mariadb_client_binary }} --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \ ${EXTRA_ARGS}" else - MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT ${EXTRA_ARGS}" + MYSQL_CMDLINE="{{ galera_mariadb_client_binary }} -nNE --connect-timeout=$TIMEOUT ${EXTRA_ARGS}" fi # diff --git a/templates/galera_new_cluster.j2 b/templates/galera_new_cluster.j2 index 96965dfb..3241163d 100644 --- a/templates/galera_new_cluster.j2 +++ b/templates/galera_new_cluster.j2 @@ -26,7 +26,7 @@ function cleanup { } function wait_operational { - WAITCMD="while ! mysql --silent --skip-column-names -e 'SHOW STATUS LIKE \"wsrep_evs_state\"' | grep -wq \"OPERATIONAL\"; do sleep 5; done" + WAITCMD="while ! {{ galera_mariadb_client_binary }} --silent --skip-column-names -e 'SHOW STATUS LIKE \"wsrep_evs_state\"' | grep -wq \"OPERATIONAL\"; do sleep 5; done" if ! timeout 180 sh -c "${WAITCMD}"; then echo "Cluster failed to return an \"OPERATIONAL\" state" return 1 diff --git a/templates/galera_secure_node.j2 b/templates/galera_secure_node.j2 index d9be53d7..0e4edc21 100644 --- a/templates/galera_secure_node.j2 +++ b/templates/galera_secure_node.j2 @@ -25,16 +25,16 @@ if ! systemctl status {{ galera_mariadb_service_name }}; then systemctl status {{ galera_mariadb_service_name }} fi -if mysqladmin --no-defaults --port=3306 --socket=/var/run/mysqld/mysqld.sock --host=127.0.0.1 --user=root password "{{ galera_root_password }}"; then - mysql -u root -h localhost -e "UPDATE mysql.user SET Password=PASSWORD('$rootpass') WHERE User='root';" - mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE user='';" - mysql -u root -h localhost -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('%', 'localhost', '127.0.0.1', '::1');" - mysql -u root -h localhost -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" - mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'localhost' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" - mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'127.0.0.1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" - mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'::1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" - mysql -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'%' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" - mysql -u root -h localhost -e "FLUSH PRIVILEGES;" +if mariadb-admin --no-defaults --port=3306 --socket=/var/run/mysqld/mysqld.sock --host=127.0.0.1 --user=root password "{{ galera_root_password }}"; then + {{ galera_mariadb_client_binary }} -u root -h localhost -e "UPDATE mysql.user SET Password=PASSWORD('$rootpass') WHERE User='root';" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "DELETE FROM mysql.user WHERE user='';" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('%', 'localhost', '127.0.0.1', '::1');" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'localhost' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'127.0.0.1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'::1' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "GRANT ALL PRIVILEGES ON *.* TO '{{ galera_root_user }}'@'%' IDENTIFIED BY '{{ galera_root_password }}' WITH GRANT OPTION;" + {{ galera_mariadb_client_binary }} -u root -h localhost -e "FLUSH PRIVILEGES;" fi if [ "${STOP_MYSQL}" = true ]; then diff --git a/templates/mariabackup_script.py.j2 b/templates/mariabackup_script.py.j2 index 8659700f..483f5f37 100755 --- a/templates/mariabackup_script.py.j2 +++ b/templates/mariabackup_script.py.j2 @@ -125,7 +125,7 @@ def create_full_backup(dest, curtime, full_backup_filename, extra_mariabackup_ar #Creating compressed full backup os.makedirs(dest+"/"+full_backup_filename+curtime, exist_ok=True) mariabackup_run = Popen( - ["/usr/bin/mariabackup"] + extra_mariabackup_args + ["--backup", "--stream=xbstream", "--extra-lsndir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=PIPE, stderr=err + ["/usr/bin/mariadb-backup"] + extra_mariabackup_args + ["--backup", "--stream=xbstream", "--extra-lsndir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=PIPE, stderr=err ) compressed_backup = open(os.path.normpath(dest+"/"+full_backup_filename+curtime+"/"+full_backup_filename+curtime), "wb") run([compressor], stdin=mariabackup_run.stdout, stdout=compressed_backup) @@ -137,7 +137,7 @@ def create_full_backup(dest, curtime, full_backup_filename, extra_mariabackup_ar else: #Creating full backup mariabackup_run = Popen( - ["/usr/bin/mariabackup"] + extra_mariabackup_args + ["--backup", "--target-dir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=None, stderr=err + ["/usr/bin/mariadb-backup"] + extra_mariabackup_args + ["--backup", "--target-dir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=None, stderr=err ) mariabackup_run.wait() mariabackup_res = mariabackup_run.communicate() @@ -146,7 +146,7 @@ def create_full_backup(dest, curtime, full_backup_filename, extra_mariabackup_ar #Preparing full backup err_p = open(os.path.normpath(dest+"/prepare.log"), "w") mariabackup_prep = Popen( - ["/usr/bin/mariabackup"] + extra_mariabackup_args + ["--prepare", "--target-dir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=None, stderr=err_p + ["/usr/bin/mariadb-backup"] + extra_mariabackup_args + ["--prepare", "--target-dir="+os.path.normpath(dest+"/"+full_backup_filename+curtime)], stdout=None, stderr=err_p ) mariabackup_prep.wait() mariabackup_prep_res = mariabackup_prep.communicate() @@ -177,7 +177,7 @@ def create_increment_backup(dest, curtime, increment_backup_filename, extra_mari #Creating compressed incremental backup os.makedirs(dest+"/"+increment_backup_filename+curtime, exist_ok=True) mariabackup_run = Popen( - ["/usr/bin/mariabackup"] + extra_mariabackup_args + ["--backup", "--stream=xbstream", "--incremental-basedir="+basedir, "--extra-lsndir="+os.path.normpath(dest+"/"+increment_backup_filename+curtime)], stdout=PIPE, stderr=err + ["/usr/bin/mariadb-backup"] + extra_mariabackup_args + ["--backup", "--stream=xbstream", "--incremental-basedir="+basedir, "--extra-lsndir="+os.path.normpath(dest+"/"+increment_backup_filename+curtime)], stdout=PIPE, stderr=err ) compressed_backup = open(os.path.normpath(dest+"/"+increment_backup_filename+curtime+"/"+increment_backup_filename+curtime), "wb") run([compressor], stdin=mariabackup_run.stdout, stdout=compressed_backup) @@ -189,7 +189,7 @@ def create_increment_backup(dest, curtime, increment_backup_filename, extra_mari else: #Creating incremental backup mariabackup_run = Popen( - ["/usr/bin/mariabackup"] + extra_mariabackup_args + ["--backup", "--target-dir="+os.path.normpath(dest+"/"+increment_backup_filename+curtime), "--incremental-basedir="+basedir], stdout=None, stderr=err + ["/usr/bin/mariadb-backup"] + extra_mariabackup_args + ["--backup", "--target-dir="+os.path.normpath(dest+"/"+increment_backup_filename+curtime), "--incremental-basedir="+basedir], stdout=None, stderr=err ) mariabackup_run.wait() mariabackup_res = mariabackup_run.communicate()