- in inspec >= 3.0.0 there are changes in schema
which require to have tests/integration dir
to contain tests, otherwise fails
- this is temporary workaround until we decide
proper fix
Change-Id: Idd84c0d997a6fc590ae1855f3304cdf309982ebb
- changed default logging to log file
- parametrized log file path
- added fluentd configuration
- introduced fluentd multi_format parser plugin
Currently error logs sent to syslog are represented
with severity ERROR, which is misleading for Notice
and Warning messages during service startup/shutdown.
Change-Id: I55106775fa54b412b50ecc10c12930445da15d03
Related-bug: PROD-21904 (PROD:21904)
During Galera bootstrap stage the following help scripts are created:
/usr/local/sbin/galera_init.sh
/usr/local/sbin/galera_bootstrap.sh
Both contain mysql root password in a plain text.
Set file permissions to 750
Change-Id: Ie0d5fa7f81ef7ccbd6b9def7a4f2141c32dcc4ee
Relaited-prod: https://mirantis.jira.com/browse/PROD-15487
Issue:
During bootstrap, formula creates file in: /var/lib/mysql
If galera replica has been broken for any reason, wsrep process
calls xtrabackup to recover replica and wipes away everything in
/var/lib/mysql with bootstrap flag as well.
Now this node is not marked as deployed and galera state rerun
would try to reprovision it and fail.
Fix:
Create and check flag in: /etc/mysql/.galera_bootstrap
Prod-Related: PROD-22715
Closes-Bug: PROD-22715
Change-Id: I27db65e1161e22a462dfd273647de4edbe450373
Issue:
1) Multiple pipelines failure due to ssl class include:
Once service.galera.ssl class being included,
galera:
master:
pillar appears on slave nodes, which results to deploy failures.
2) Test pillars lacks of ssl hashes
Fix:
1) Split class into two separate classes.
Now it is possible to include them separately in infra/conf.yml:
openstack_database_node01:
params:
linux_system_codename: xenial
classes:
- cluster.${_param:cluster_name}.openstack.database_init
- cluster.${_param:cluster_name}.openstack.database.ssl.master
openstack_database_node02:
params:
linux_system_codename: xenial
classes:
- cluster.${_param:cluster_name}.openstack.database.ssl.slave
Further usage of service.galera.ssl class should be deprecated.
2) Adding ssl hashes to test pillars
Change-Id: I2df8b3c0da018e53cf7e97e24d3b1b9b49d3f75e
In case of mysql failed it shows different values for different nodes.
After this fix it ll show actual cluster size
Change-Id: I2fcb23418d6de3e03108a1c66a6ebb6ee5b64008
Closes-Bug: PROD-17416
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: Idbbf869dfafb39d3bf90cdcb05e626cd563ce8e2
Related-Prod: 17056
There is wrong assumption that when server pillar is
defined the node is galera master, we need to check
actually that it is enabled.
Change-Id: I594c3fbdb1dfc829e7750c2fb1a6d4f5593074b2
There is no guarntee that pillars are loaded before pillars-from-file
as result we cant assume variables defined via pillars: are available
when pillars-from-file is loaded. Move 'source' definitions of repos to
.kitchen.yml as it uses ENV variable
Change-Id: Id94edd2351f17f5ac130db41a97d3be9cd5f3be4
When SSL enabled, /etc/mysq directory is created by salt.minion
state with 700 permissions. It prohibits mysql from reading config
file as normal mode is 755. This patch ensures that mode for
/etc/mysql and /etc/mysql/ssl have correct rights.
Change-Id: Icc2a43e7a56c60d30a716f29f0a9ec28c6549429
Related-Prod: ROD-16782
This patch removes separate state galera.ssl as it was previously
wrongly introduced. Instead include ssl tasks to master/slave when
ssl is enabled.
This fixes missing requirements when applying separate states.
Ensure that mysql package is installed before changing group
ownership for ssl files to mysql, as group will be added by mysql
packages.
Fix ssl inital configuration. SSL settings are not applied during
service reload, we have to add them during initial galera cluster
start.
Change-Id: Iff9a268000c3e5e722cc6e197cfd223ec1015f73
Related-Prod: PROD-16695
Mitaka staging test repository for test-kitchen was
missing KEY_ID which prevented apt-get update to
run successfuly.
Signed-off-by: Ondrej Vasko <ondrej.vaskoo@gmail.com>