Zed Series Release Notes

18.0.0.0b1-224

New Features

  • Add support for encryption of databases. This is disabled by default and can be enabled by setting galera_mariadb_encryption_enabled to true. For now only the file_key_management encryption plugin is supported. You can override enryption options with galera_encryption_overrides. The role creates galera_db_encryption_keys for you, if they’re not specified. To specify your on encryption keys, provide them like this.

    galera_db_encryption_keys: |
       1;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36fbdc80333e3
       2;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36ebdc80333e3
    
  • Additional user-specified username and password pairs can now be set up during the Galera installation process by defining them in the ‘galera_additional_users’ list.

  • Added variables galera_backups_full_init_overrides and galera_backups_increment_init_overrides that can be leveraged to override default set of systemd unit file for mariadb backups. Similar to change I7b3b0f4da047f82a49266ef57fba2fbaa24cebdc .

  • The galera_server role now includes the functionality from the galera_client role, and can optionally install the client and server components. This is controlled using two booleans, galera_install_server and galera_install_client, both of which default to false.

  • Implemented variable galera_data_dir that control datadir for MariaDB databases. Defaults to /var/lib/mysql.

  • Galera role now leverages PKI role for creation and distribution of the certificates and certificate authorities. This introduces bunch of new variables which controls CA and certificates generation details. If user SSL certificates are provided - they would be used instead of the generated ones.

    The following new variables were introduced:

    • galera_ssl_verify

    • galera_pki_dir

    • galera_pki_create_ca

    • galera_pki_regen_ca

    • galera_pki_certificates

    • galera_pki_regen_cert

    • galera_pki_authorities

    • galera_pki_install_ca

    • galera_pki_keys_path

    • galera_pki_certs_path

    • galera_pki_intermediate_cert_name

    • galera_pki_intermediate_cert_path

    • galera_pki_install_certificates

  • New variables galera_tmp_dir and galera_ignore_db_dirs were implemented to control path to tmp dir and what directories should be ignored when listing databases.

  • Adds optional compression for backups created with mariabackup. Adds two new CLI parameters to the mariabackup script that are used to enable compression and to choose a compression tool.

    • --compress=True|False

    • --compressor=<compressor>

    Also introduces new Ansible variables that control the above mentioned parameters.

    • galera_mariadb_backups_compress

    • galera_mariadb_backups_compressor

    Each backup archive is stored in a dedicated directory, alongside the backup metadata.

  • Added variable galera_init_overrides that can be leveraged to override default set of systemd unit file for mariadb. This also brings requirement of systemd_service role.

  • It is now possible for deployers to enable or disable the mysqlcheck capability. The Boolean option galera_monitoring_check_enabled has been added which has a default value of true.

  • It is now possible to change the port used by mysqlcheck. The integer option galera_monitoring_check_port has been added with the default value of 9200.

  • Add parameters galera_mariadb_backups_full_randomized_delay_sec and galera_mariadb_backups_incremental_randomized_delay_sec to run the systemd timers for mariabackup with a randomized delay. This is useful if backups are done of more than one node to avoid running it at the exact same time.

  • The MariaDB version has been bumped to 10.2

  • The galera_server role now uses mariabackup in order to complete SST operations due to the fact that this is the recommended choice from MariaDB.

  • The galera_server role now ships with the latest MariaDB release of 10.3.13.

Upgrade Notes

  • The galera_server role now includes the functionality from the galera_client role, and as a result a number of the variables from the galera_client defaults are now available to override in the galera_server role defaults. In addition, a number of default variables have been generalised, removing the specific _client_ or _server_ parts of the names. Users of this role should check that any overrides they are using have the correct variables names for the new combined role.

  • Galera will now additionally listen on port 3307 by default, with this port being used by the monitoring user to check cluster status. Ensure that any firewall rules permit access to this port before upgrading. If an ‘extra_port’ was already configured, ensure that any conflicting configuration is removed and set your preferred values via ‘galera_monitoring_port’ and ‘galera_monitoring_max_connections’.

  • The data structure for galera_gpg_keys has been changed to be a dict passed directly to the applicable apt_key/rpm_key module. As such any overrides would need to be reviewed to ensure that they do not pass any key/value pairs which would cause the module to fail.

  • The default values for galera_gpg_keys have been changed for all supported platforms will use vendored keys. This means that the task execution will no longer reach out to the internet to add the keys, making offline or proxy-based installations easier and more reliable.

  • If you have database named as #tmp you should change galera_tmp_dir path and adjust galera_ignore_db_dirs or rename database.

  • MariaDB version 10.5.9 is know to have bug which results in broken root permissions after upgrade. We have implemented a workarond for it which will be triggered automatically. This note is informative only.

  • Backup compression is disabled by default, so no changes need to be made for existing deployments. Should compression be desired, set galera_mariadb_backups_compress to True. Choose a compression tool with galera_mariadb_backups_compressor, default is gzip.

  • The xinetd script and configuration to run the ‘clustercheck’ script is replaced with a systemd socket activated service.

Deprecation Notes

  • The compression option in the galera_server role has been removed due to the fact that it is not recommended by MariaDB anymore. This means that all the dependencies from Percona such as QPress are no longer necessary.

  • The following variables have been removed because they are no longer used. * galera_percona_xtrabackup_repo * use_percona_upstream * galera_xtrabackup_compression * galera_server_percona_distro_packages

  • The variable galera_xtrabackup_threads has been renamed to galera_mariabackup_threads to reflect the change in the SST provider.

  • Following variables were removed in favor of PKI ones and have no effect anymore:

    • galera_ssl_self_signed_regen

    • galera_ssl_self_signed_subject

    • galera_ssl_ca_self_signed_subject

Other Notes

  • Set a new default value for galera_wait_timeout which is inherited from global openstack_db_connection_recycle_time.

18.0.0.0b1

New Features

  • The extra packages percona packages used by the ppc64le are now downloaded by the Ansible deployment host by default, as opposed to the target hosts. Once downloaded the packages are pushed up to the target hosts. This behaviour may be adjusted by setting galera_server_extra_package_downloader to target-host. The packages are downloaded to the path set in galera_server_extra_package_path.

Deprecation Notes

  • The following variables have been removed as they no longer serve any purpose.

    • galera_package_arch

    • percona_package_download_validate_certs

    • percona_package_url

    • percona_package_fallback_url

    • percona_package_sha256

    • percona_package_path

    • qpress_package_download_validate_certs

    • qpress_package_url

    • qpress_package_fallback_url

    • qpress_package_sha256

    • qpress_package_path

    The functionality previously using these variables has been transitioned to using a simpler data structure.

17.0.0.0b3

Deprecation Notes

  • The galera_percona_xtrabackup_repo_url variable which was used on Ubuntu distributions to select the upstream Percona repository has been dropped and the default upstream repository is always used from now on.

17.0.0.0b2

New Features

  • The galera cluster now supports cluster health checks over HTTP using port 9200. The new cluster check ensures a node is healthy by running a simple query against the wsrep sync status using monitoring user. This change will provide for a more robust cluster check ensuring we have the most fault tolerant galera cluster possible.

  • Galera healthcheck has been improved, and relies on an xinetd service. By default, the service is unaccessible (filtered with the no_access directive). You can override the directive by setting any xinetd valid value to galera_monitoring_allowed_source.

16.0.0.0b3

Known Issues

  • MariaDB 10.1+ includes PrivateDevices=true in its systemd unit files to add extra security around mount namespaces for MariaDB. While this is useful when running MariaDB on a bare metal host with other services, it is less useful when MariaDB is already in a container with its own namespaces. In addition, LXC 2.0.8 presents /dev/ptmx as a bind mount within the container and systemd 219 (on CentOS 7) cannot make an additional bind mount of /dev/ptmx when PrivateDevices is enabled.

    Deployers can galera_disable_privatedevices to yes to set PrivateDevices=false in the systemd unit file for MariaDB on CentOS 7. The default is no, which keeps the default systemd unit file settings from the MariaDB package.

    For additional information, refer to the following bugs:

Bug Fixes

  • Mysql cnf files can now be properly overridden. The config_template module has been extended to support valueless options, such as those that are found in the my.cnf file(i.e. quick under the mysqldump section). To use valueless options, use the ignore_none_type attribute of the config_template module.

16.0.0.0b1

New Features

  • Implements SSL connection ability to MySQL. galera_use_ssl option has to be set to true (default), in this case playbooks create self-signed SSL bundle and sets up MySQL configs to use it or distributes user-provided bundle throughout Galera nodes.

15.0.0.0b3

New Features

  • The filename of the apt source can now be defined with the variable filename inside the dicts galera_repo and galera_percona_xtrabackup_repo.

  • You can specify the galera_package_arch variable to force a specific architecture when installing percona and qpress packages. This will be automatically calculated based on the architecture of the galera_server host. Acceptable values are x86_64 for Ubuntu-16.04 and RHEL 7, and ppc64le for Ubuntu-16.04.

Bug Fixes

  • Systems using systemd (like Ubuntu Xenial) were incorrectly limited to a low amount of open files. This was causing issues when restarting galera. A deployer can still define the maximum number of open files with the variable galera_file_limits (Defaults to 65536).

  • The percona repository stayed in placed even after a change of the variable use_percona_upstream. From now on, the percona repository will not be present unless the deployer decides to use_percona_upstream. This also fixes a bug of the presence of this apt repository after an upgdrade from Mitaka.

Other Notes

  • XtraBackup is currently on version 2.4.5 for ppc64le architecture when pulling deb packages from the repos.

  • XtraBackup is currently on version 2.4.5 for amd64 architecture when pulling rpm/deb packages from the repos. To pull the latest available 2.4 branch version from the yum/apt repository set the use_percona_upstream variable to True. The default behavior using deb packages is unchanged.

15.0.0.0b2

Upgrade Notes

  • The galera_server role now installs MariaDB server version 10.1.

  • For systems using the APT package manager, the sources files for the MariaDB and Percona repos now have consistent names, ‘MariaDB.list’ and ‘Percona.list’.

  • The galera_mariadb_apt_server_package and galera_mariadb_yum_server_package variables have been renamed to galera_mariadb_server_package.

  • The galera_apt_repo_url and galera_yum_repo_url variables have been renamed to galera_repo_url.

14.0.0.0rc1

New Features

  • The openstack-ansible-galera_server role will now prevent deployers from changing the galera_cluster_name variable on clusters that already have a value set in a running galera cluster. You can set the new galera_force_change_cluster_name variable to True to force the galera_cluster_name variable to be changed. We recommend setting this by running the galera-install.yml playbook with -e galera_force_change_cluster_name=True, to avoid changing the galera_cluster_name variable unintentionally. Use with caution, changing the galera_cluster_name value can cause your cluster to fail, as the nodes won’t join if restarted sequentially.

Known Issues

  • Deployments on ppc64le are limited to Ubuntu 16.04 for the Newton release of OpenStack-Ansible.

Bug Fixes

  • Add architecture-specific locations for percona-xtrabackup and qpress, with alternate locations provided for ppc64el due to package inavailability from the current provider.

14.0.0.0b3

New Features

  • The galera_server role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting galera_server_package_state to present.

Upgrade Notes

  • The variable galera_pre_packages has been renamed to galera_server_required_distro_packages.

  • The variable galera_packages has been renamed to galera_server_mariadb_distro_packages.

  • The galera_server role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option galera_server_package_state should be set to present.

Bug Fixes

  • The --compact flag has been removed from xtrabackup options. This had been shown to cause crashes in some SST situations

14.0.0.0b2

Upgrade Notes

  • The default database collation has changed from utf8_unicode_ci to utf8_general_ci. Existing databases and tables will need to be converted.

14.0.0.0b1

New Features

  • CentOS 7 support has been added to the galera_server role.

  • Implemented support for Ubuntu 16.04 Xenial. percona-xtrabackup packages will be installed from distro repositories, instead of upstream percona repositories due to lack of available packages upstream at the time of implementing this feature.

Upgrade Notes

  • The MariaDB wait_timeout setting is decreased to 1h to match the SQL Alchemy pool recycle timeout, in order to prevent unnecessary database session buildups.

Deprecation Notes

  • galera_package_url changed to percona_package_url for clarity

  • galera_package_sha256 changed to percona_package_sha256 for clarity

  • galera_package_path changed to percona_package_path for clarity

  • galera_package_download_validate_certs changed to percona_package_download_validate_certs for clarity

Other Notes

  • Mariadb version upgrade gate checks removed.