Zed Series Release Notes¶
18.0.0.0b1-224¶
New Features¶
Add support for encryption of databases. This is disabled by default and can be enabled by setting
galera_mariadb_encryption_enabled
totrue
. For now only thefile_key_management
encryption plugin is supported. You can override enryption options withgalera_encryption_overrides
. The role createsgalera_db_encryption_keys
for you, if they’re not specified. To specify your on encryption keys, provide them like this.galera_db_encryption_keys: | 1;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36fbdc80333e3 2;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36ebdc80333e3
Additional user-specified username and password pairs can now be set up during the Galera installation process by defining them in the ‘galera_additional_users’ list.
Added variables
galera_backups_full_init_overrides
andgalera_backups_increment_init_overrides
that can be leveraged to override default set of systemd unit file for mariadb backups. Similar to change I7b3b0f4da047f82a49266ef57fba2fbaa24cebdc .
The galera_server role now includes the functionality from the galera_client role, and can optionally install the client and server components. This is controlled using two booleans, galera_install_server and galera_install_client, both of which default to false.
Implemented variable
galera_data_dir
that control datadir for MariaDB databases. Defaults to /var/lib/mysql.
Galera role now leverages PKI role for creation and distribution of the certificates and certificate authorities. This introduces bunch of new variables which controls CA and certificates generation details. If user SSL certificates are provided - they would be used instead of the generated ones.
The following new variables were introduced:
galera_ssl_verify
galera_pki_dir
galera_pki_create_ca
galera_pki_regen_ca
galera_pki_certificates
galera_pki_regen_cert
galera_pki_authorities
galera_pki_install_ca
galera_pki_keys_path
galera_pki_certs_path
galera_pki_intermediate_cert_name
galera_pki_intermediate_cert_path
galera_pki_install_certificates
New variables
galera_tmp_dir
andgalera_ignore_db_dirs
were implemented to control path to tmp dir and what directories should be ignored when listing databases.
Adds optional compression for backups created with mariabackup. Adds two new CLI parameters to the mariabackup script that are used to enable compression and to choose a compression tool.
--compress=True|False
--compressor=<compressor>
Also introduces new Ansible variables that control the above mentioned parameters.
galera_mariadb_backups_compress
galera_mariadb_backups_compressor
Each backup archive is stored in a dedicated directory, alongside the backup metadata.
Added variable
galera_init_overrides
that can be leveraged to override default set of systemd unit file for mariadb. This also brings requirement of systemd_service role.
It is now possible for deployers to enable or disable the mysqlcheck capability. The Boolean option galera_monitoring_check_enabled has been added which has a default value of true.
It is now possible to change the port used by mysqlcheck. The integer option galera_monitoring_check_port has been added with the default value of 9200.
Add parameters
galera_mariadb_backups_full_randomized_delay_sec
andgalera_mariadb_backups_incremental_randomized_delay_sec
to run the systemd timers for mariabackup with a randomized delay. This is useful if backups are done of more than one node to avoid running it at the exact same time.
The MariaDB version has been bumped to 10.2
The
galera_server
role now uses mariabackup in order to complete SST operations due to the fact that this is the recommended choice from MariaDB.
The
galera_server
role now ships with the latest MariaDB release of 10.3.13.
Upgrade Notes¶
The galera_server role now includes the functionality from the galera_client role, and as a result a number of the variables from the galera_client defaults are now available to override in the galera_server role defaults. In addition, a number of default variables have been generalised, removing the specific _client_ or _server_ parts of the names. Users of this role should check that any overrides they are using have the correct variables names for the new combined role.
Galera will now additionally listen on port 3307 by default, with this port being used by the monitoring user to check cluster status. Ensure that any firewall rules permit access to this port before upgrading. If an ‘extra_port’ was already configured, ensure that any conflicting configuration is removed and set your preferred values via ‘galera_monitoring_port’ and ‘galera_monitoring_max_connections’.
The data structure for
galera_gpg_keys
has been changed to be a dict passed directly to the applicable apt_key/rpm_key module. As such any overrides would need to be reviewed to ensure that they do not pass any key/value pairs which would cause the module to fail.
The default values for
galera_gpg_keys
have been changed for all supported platforms will use vendored keys. This means that the task execution will no longer reach out to the internet to add the keys, making offline or proxy-based installations easier and more reliable.
If you have database named as
#tmp
you should changegalera_tmp_dir
path and adjustgalera_ignore_db_dirs
or rename database.
MariaDB version 10.5.9 is know to have bug which results in broken root permissions after upgrade. We have implemented a workarond for it which will be triggered automatically. This note is informative only.
Backup compression is disabled by default, so no changes need to be made for existing deployments. Should compression be desired, set
galera_mariadb_backups_compress
toTrue
. Choose a compression tool withgalera_mariadb_backups_compressor
, default isgzip
.
The xinetd script and configuration to run the ‘clustercheck’ script is replaced with a systemd socket activated service.
Deprecation Notes¶
The compression option in the
galera_server
role has been removed due to the fact that it is not recommended by MariaDB anymore. This means that all the dependencies from Percona such as QPress are no longer necessary.
The following variables have been removed because they are no longer used. *
galera_percona_xtrabackup_repo
*use_percona_upstream
*galera_xtrabackup_compression
*galera_server_percona_distro_packages
The variable
galera_xtrabackup_threads
has been renamed togalera_mariabackup_threads
to reflect the change in the SST provider.
Following variables were removed in favor of PKI ones and have no effect anymore:
galera_ssl_self_signed_regen
galera_ssl_self_signed_subject
galera_ssl_ca_self_signed_subject
Other Notes¶
Set a new default value for
galera_wait_timeout
which is inherited from globalopenstack_db_connection_recycle_time
.
18.0.0.0b1¶
New Features¶
The extra packages percona packages used by the ppc64le are now downloaded by the Ansible deployment host by default, as opposed to the target hosts. Once downloaded the packages are pushed up to the target hosts. This behaviour may be adjusted by setting
galera_server_extra_package_downloader
totarget-host
. The packages are downloaded to the path set ingalera_server_extra_package_path
.
Deprecation Notes¶
The following variables have been removed as they no longer serve any purpose.
galera_package_arch
percona_package_download_validate_certs
percona_package_url
percona_package_fallback_url
percona_package_sha256
percona_package_path
qpress_package_download_validate_certs
qpress_package_url
qpress_package_fallback_url
qpress_package_sha256
qpress_package_path
The functionality previously using these variables has been transitioned to using a simpler data structure.
17.0.0.0b3¶
Deprecation Notes¶
The
galera_percona_xtrabackup_repo_url
variable which was used on Ubuntu distributions to select the upstream Percona repository has been dropped and the default upstream repository is always used from now on.
17.0.0.0b2¶
New Features¶
The galera cluster now supports cluster health checks over HTTP using port 9200. The new cluster check ensures a node is healthy by running a simple query against the wsrep sync status using monitoring user. This change will provide for a more robust cluster check ensuring we have the most fault tolerant galera cluster possible.
Galera healthcheck has been improved, and relies on an xinetd service. By default, the service is unaccessible (filtered with the no_access directive). You can override the directive by setting any xinetd valid value to
galera_monitoring_allowed_source
.
16.0.0.0b3¶
Known Issues¶
MariaDB 10.1+ includes PrivateDevices=true in its systemd unit files to add extra security around mount namespaces for MariaDB. While this is useful when running MariaDB on a bare metal host with other services, it is less useful when MariaDB is already in a container with its own namespaces. In addition, LXC 2.0.8 presents /dev/ptmx as a bind mount within the container and systemd 219 (on CentOS 7) cannot make an additional bind mount of /dev/ptmx when PrivateDevices is enabled.
Deployers can galera_disable_privatedevices to yes to set PrivateDevices=false in the systemd unit file for MariaDB on CentOS 7. The default is no, which keeps the default systemd unit file settings from the MariaDB package.
For additional information, refer to the following bugs:
Bug Fixes¶
Mysql cnf files can now be properly overridden. The config_template module has been extended to support valueless options, such as those that are found in the my.cnf file(i.e. quick under the mysqldump section). To use valueless options, use the ignore_none_type attribute of the config_template module.
16.0.0.0b1¶
New Features¶
Implements SSL connection ability to MySQL.
galera_use_ssl
option has to be set totrue
(default), in this case playbooks create self-signed SSL bundle and sets up MySQL configs to use it or distributes user-provided bundle throughout Galera nodes.
15.0.0.0b3¶
New Features¶
The filename of the apt source can now be defined with the variable
filename
inside the dictsgalera_repo
andgalera_percona_xtrabackup_repo
.
You can specify the
galera_package_arch
variable to force a specific architecture when installing percona and qpress packages. This will be automatically calculated based on the architecture of thegalera_server
host. Acceptable values arex86_64
forUbuntu-16.04
andRHEL 7
, andppc64le
forUbuntu-16.04
.
Bug Fixes¶
Systems using systemd (like Ubuntu Xenial) were incorrectly limited to a low amount of open files. This was causing issues when restarting galera. A deployer can still define the maximum number of open files with the variable
galera_file_limits
(Defaults to 65536).
The percona repository stayed in placed even after a change of the variable
use_percona_upstream
. From now on, the percona repository will not be present unless the deployer decides touse_percona_upstream
. This also fixes a bug of the presence of this apt repository after an upgdrade from Mitaka.
Other Notes¶
XtraBackup is currently on version 2.4.5 for ppc64le architecture when pulling deb packages from the repos.
XtraBackup is currently on version 2.4.5 for amd64 architecture when pulling rpm/deb packages from the repos. To pull the latest available 2.4 branch version from the yum/apt repository set the
use_percona_upstream
variable toTrue
. The default behavior using deb packages is unchanged.
15.0.0.0b2¶
Upgrade Notes¶
The galera_server role now installs MariaDB server version 10.1.
For systems using the APT package manager, the sources files for the MariaDB and Percona repos now have consistent names, ‘MariaDB.list’ and ‘Percona.list’.
The
galera_mariadb_apt_server_package
andgalera_mariadb_yum_server_package
variables have been renamed togalera_mariadb_server_package
.
The
galera_apt_repo_url
andgalera_yum_repo_url
variables have been renamed togalera_repo_url
.
14.0.0.0rc1¶
New Features¶
The
openstack-ansible-galera_server
role will now prevent deployers from changing thegalera_cluster_name
variable on clusters that already have a value set in a running galera cluster. You can set the newgalera_force_change_cluster_name
variable toTrue
to force thegalera_cluster_name
variable to be changed. We recommend setting this by running the galera-install.yml playbook with-e galera_force_change_cluster_name=True
, to avoid changing thegalera_cluster_name
variable unintentionally. Use with caution, changing thegalera_cluster_name
value can cause your cluster to fail, as the nodes won’t join if restarted sequentially.
Known Issues¶
Deployments on ppc64le are limited to Ubuntu 16.04 for the Newton release of OpenStack-Ansible.
Bug Fixes¶
Add architecture-specific locations for percona-xtrabackup and qpress, with alternate locations provided for ppc64el due to package inavailability from the current provider.
14.0.0.0b3¶
New Features¶
The galera_server role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting
galera_server_package_state
topresent
.
Upgrade Notes¶
The variable
galera_pre_packages
has been renamed togalera_server_required_distro_packages
.
The variable
galera_packages
has been renamed togalera_server_mariadb_distro_packages
.
The galera_server role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option
galera_server_package_state
should be set topresent
.
Bug Fixes¶
The
--compact
flag has been removed from xtrabackup options. This had been shown to cause crashes in some SST situations
14.0.0.0b2¶
Upgrade Notes¶
The default database collation has changed from utf8_unicode_ci to utf8_general_ci. Existing databases and tables will need to be converted.
14.0.0.0b1¶
New Features¶
CentOS 7 support has been added to the
galera_server
role.
Implemented support for Ubuntu 16.04 Xenial. percona-xtrabackup packages will be installed from distro repositories, instead of upstream percona repositories due to lack of available packages upstream at the time of implementing this feature.
Upgrade Notes¶
The MariaDB wait_timeout setting is decreased to 1h to match the SQL Alchemy pool recycle timeout, in order to prevent unnecessary database session buildups.
Deprecation Notes¶
galera_package_url changed to percona_package_url for clarity
galera_package_sha256 changed to percona_package_sha256 for clarity
galera_package_path changed to percona_package_path for clarity
galera_package_download_validate_certs changed to percona_package_download_validate_certs for clarity
Other Notes¶
Mariadb version upgrade gate checks removed.