From f5cc0871e67c766dd2f03164475d60d1416c5f53 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Wed, 8 Apr 2015 12:11:57 +0200 Subject: [PATCH 1/5] Do not recreate Galera cluster Currently if the Galera master node is rebooted after installation process a new Galera cluster is build because of the --wsrep-new-cluster present in the systemd.service file. This commit aims to update this behavior accordingly. Closes-bug: #1439197 Change-Id: I3e4c339ea073bd18177bd0625d694ddd0151b14c (cherry picked from commit 735a760c4031e0b32a9aac2f5bcf7af634be7176) --- lib/facter/galera_bootstrapped.rb | 22 ++++++++++++++++++++++ manifests/database/sql/mysql.pp | 12 +++++++++++- templates/database/etc_initd_mysql_RedHat | 2 +- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 lib/facter/galera_bootstrapped.rb diff --git a/lib/facter/galera_bootstrapped.rb b/lib/facter/galera_bootstrapped.rb new file mode 100644 index 00000000..6a786304 --- /dev/null +++ b/lib/facter/galera_bootstrapped.rb @@ -0,0 +1,22 @@ +# +# Copyright (C) 2014 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Fact: galera_bootstrapped +# +Facter.add('galera_bootstrapped') do + setcode do + FileTest.exists?('/var/lib/mysql/grastate.dat') + end +end diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index f729b1c7..ebb852b0 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -320,6 +320,11 @@ if $::hostname == $galera_master_name { $mysql_service_name = 'mysql-bootstrap' + if !str2bool($::galera_bootstrapped) { + $wsrep_new_cluster = '--wsrep-new-cluster' + } else { + $wsrep_new_cluster = '' + } } else { $mysql_service_name = 'mariadb' } @@ -387,12 +392,17 @@ # To check that the mysqld support the options you can : # strings `which mysqld` | grep wsrep-new-cluster # TODO: to be remove as soon as the API 25 is packaged, ie galera 3 ... + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease >= 7 { + $mysql_service_notify = Exec['mariadb-sysctl-daemon-reload'] + } else { + $mysql_service_notify = Service['mysqld'] + } file { $mysql_init_file : content => template("cloud/database/etc_initd_mysql_${::osfamily}"), owner => 'root', mode => '0755', group => 'root', - notify => Service['mysqld'], + notify => $mysql_service_notify, before => Package[$mysql_server_package_name], } diff --git a/templates/database/etc_initd_mysql_RedHat b/templates/database/etc_initd_mysql_RedHat index ec2a168a..79a8b36e 100755 --- a/templates/database/etc_initd_mysql_RedHat +++ b/templates/database/etc_initd_mysql_RedHat @@ -32,7 +32,7 @@ Group=mysql ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n # Note: we set --basedir to prevent probes that might trigger SELinux alarms, # per bug #547485 -ExecStart=/usr/bin/mysqld_safe --wsrep-new-cluster --basedir=/usr +ExecStart=/usr/bin/mysqld_safe <%= @wsrep_new_cluster %> --basedir=/usr ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID # Give a reasonable amount of time for the server to start up/shut down From 5e9a299e86e856414c993c51f4cd1c5e7ef549b1 Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Tue, 14 Apr 2015 09:29:14 -0400 Subject: [PATCH 2/5] Changing who is affected by the sysctl tunning Only the swift-nodes need to be tuned according to https://bugs.launchpad.net/swift/+bug/1075606. And enlarge the local port range on the controller can overlap with the listening services. Changing the local range port We must don't overlap the local range port and the listening ports. Listening port on swift nodes are around 6800. With a bad ordering or a restart we can face a already used port problem. Co-Authored-By: Emilien Macchi Change-Id: I5e875403946a22ec8c5848af259d3afa84db4e35 (cherry picked from commit 9267538fc81b73ffa574cf873b9e5fc96b629bc1) --- manifests/object.pp | 2 -- manifests/object/storage.pp | 2 ++ manifests/object/tweaking.pp | 2 +- spec/classes/cloud_object_storage_spec.rb | 4 ++++ 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/manifests/object.pp b/manifests/object.pp index 0ad00e70..d7d9e917 100644 --- a/manifests/object.pp +++ b/manifests/object.pp @@ -30,6 +30,4 @@ swift_hash_suffix => $swift_hash_suffix, } - class {'cloud::object::tweaking': } - } diff --git a/manifests/object/storage.pp b/manifests/object/storage.pp index 5d755943..ae19ef7a 100644 --- a/manifests/object/storage.pp +++ b/manifests/object/storage.pp @@ -75,6 +75,8 @@ include 'cloud::object' + include 'cloud::object::tweaking' + class { 'swift::storage': storage_local_net_ip => $storage_eth, } diff --git a/manifests/object/tweaking.pp b/manifests/object/tweaking.pp index 17f54f42..ff5e552b 100644 --- a/manifests/object/tweaking.pp +++ b/manifests/object/tweaking.pp @@ -22,7 +22,7 @@ 'net.ipv4.tcp_tw_recycle' => { value => 1 }, 'net.ipv4.tcp_tw_reuse' => { value => 1 }, 'net.ipv4.tcp_syncookies' => { value => 0 }, - 'net.ipv4.ip_local_port_range' => { value => "1024\t65000" }, + 'net.ipv4.ip_local_port_range' => { value => "10000\t65000" }, 'net.core.netdev_max_backlog' => { value => 300000 }, 'net.ipv4.tcp_sack' => { value => 0 }, } diff --git a/spec/classes/cloud_object_storage_spec.rb b/spec/classes/cloud_object_storage_spec.rb index 766e2121..f62605ac 100644 --- a/spec/classes/cloud_object_storage_spec.rb +++ b/spec/classes/cloud_object_storage_spec.rb @@ -39,6 +39,10 @@ 'storage_local_net_ip' => '127.0.0.1', }) + is_expected.to contain_sysctl('net.ipv4.ip_local_port_range').with( + :val => "10000\t65000", + ) + is_expected.to contain_swift__storage__server('6000').with({ 'type' => 'object', 'config_file_path' => 'object-server.conf', From 5f6fa04b1d95f0141d93fcca37a27741d894b8ff Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Tue, 17 Feb 2015 13:52:47 -0500 Subject: [PATCH 3/5] mysql: Enable deployer to set Limits This commits aims to enable a deployer to override unit default parameters, including limits (LimitNOFILE, etc...), TimeoutSec and more. Closes-Bug: 1410863 Change-Id: If712d35fa2ac6a530e6da923b610e33eae11208b (cherry picked from commit c3220b9d2d7814c4ad03d1a877f2dc12457a59b5) --- manifests/database/sql/mysql.pp | 115 ++++++++++++------ spec/classes/cloud_database_sql_mysql_spec.rb | 31 ++++- templates/database/mysql.conf.erb | 4 +- templates/database/systemd-custom.conf.erb | 4 + 4 files changed, 112 insertions(+), 42 deletions(-) create mode 100644 templates/database/systemd-custom.conf.erb diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index ebb852b0..aa41c1a0 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -169,54 +169,73 @@ # (optional) The name or ip address of host running monitoring database (clustercheck) # Defaults to '127.0.0.1' # +# [*open_files_limit*] +# (optional) An integer that specifies the open_files_limit for MySQL +# Defaults to 65535 +# +# [*mysql_systemd_override_settings*] +# (optional) An hash of setting to override for MariaDB unit file. +# Defaults to {} +# Example : { 'LimitNOFILE' => 'infinity', 'LimitNPROC' => 4, 'TimeoutSec' => '30' } +# # [*firewall_settings*] # (optional) Allow to add custom parameters to firewall rules # Should be an hash. # Default to {} # class cloud::database::sql::mysql ( - $api_eth = '127.0.0.1', - $galera_master_name = 'mgmt001', - $galera_internal_ips = ['127.0.0.1'], - $galera_gcache = '1G', - $keystone_db_host = '127.0.0.1', - $keystone_db_user = 'keystone', - $keystone_db_password = 'keystonepassword', - $keystone_db_allowed_hosts = ['127.0.0.1'], - $cinder_db_host = '127.0.0.1', - $cinder_db_user = 'cinder', - $cinder_db_password = 'cinderpassword', - $cinder_db_allowed_hosts = ['127.0.0.1'], - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_allowed_hosts = ['127.0.0.1'], - $heat_db_host = '127.0.0.1', - $heat_db_user = 'heat', - $heat_db_password = 'heatpassword', - $heat_db_allowed_hosts = ['127.0.0.1'], - $nova_db_host = '127.0.0.1', - $nova_db_user = 'nova', - $nova_db_password = 'novapassword', - $nova_db_allowed_hosts = ['127.0.0.1'], - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_allowed_hosts = ['127.0.0.1'], - $trove_db_host = '127.0.0.1', - $trove_db_user = 'trove', - $trove_db_password = 'trovepassword', - $trove_db_allowed_hosts = ['127.0.0.1'], - $mysql_root_password = 'rootpassword', - $mysql_sys_maint_password = 'sys_maint', - $galera_clustercheck_dbuser = 'clustercheckdbuser', - $galera_clustercheck_dbpassword = 'clustercheckpassword', - $galera_clustercheck_ipaddress = '127.0.0.1', - $firewall_settings = {}, + $api_eth = '127.0.0.1', + $galera_master_name = 'mgmt001', + $galera_internal_ips = ['127.0.0.1'], + $galera_gcache = '1G', + $keystone_db_host = '127.0.0.1', + $keystone_db_user = 'keystone', + $keystone_db_password = 'keystonepassword', + $keystone_db_allowed_hosts = ['127.0.0.1'], + $cinder_db_host = '127.0.0.1', + $cinder_db_user = 'cinder', + $cinder_db_password = 'cinderpassword', + $cinder_db_allowed_hosts = ['127.0.0.1'], + $glance_db_host = '127.0.0.1', + $glance_db_user = 'glance', + $glance_db_password = 'glancepassword', + $glance_db_allowed_hosts = ['127.0.0.1'], + $heat_db_host = '127.0.0.1', + $heat_db_user = 'heat', + $heat_db_password = 'heatpassword', + $heat_db_allowed_hosts = ['127.0.0.1'], + $nova_db_host = '127.0.0.1', + $nova_db_user = 'nova', + $nova_db_password = 'novapassword', + $nova_db_allowed_hosts = ['127.0.0.1'], + $neutron_db_host = '127.0.0.1', + $neutron_db_user = 'neutron', + $neutron_db_password = 'neutronpassword', + $neutron_db_allowed_hosts = ['127.0.0.1'], + $trove_db_host = '127.0.0.1', + $trove_db_user = 'trove', + $trove_db_password = 'trovepassword', + $trove_db_allowed_hosts = ['127.0.0.1'], + $mysql_root_password = 'rootpassword', + $mysql_sys_maint_password = 'sys_maint', + $galera_clustercheck_dbuser = 'clustercheckdbuser', + $galera_clustercheck_dbpassword = 'clustercheckpassword', + $galera_clustercheck_ipaddress = '127.0.0.1', + $open_files_limit = 65535, + $mysql_systemd_override_settings = {}, + $firewall_settings = {}, ) { include 'xinetd' + if $mysql_systemd_override_settings['LimitNOFILE'] { + $open_files_limit_real = $mysql_systemd_override_settings['LimitNOFILE'] + $mysql_systemd_override_settings_real = $mysql_systemd_override_settings + } else { + $open_files_limit_real = $open_files_limit + $mysql_systemd_override_settings_real = merge($mysql_systemd_override_settings, { 'LimitNOFILE' => $open_files_limit}) + } + $gcomm_definition = inline_template('<%= @galera_internal_ips.join(",") + "?pc.wait_prim=no" -%>') # Specific to the Galera master node @@ -349,6 +368,24 @@ require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]] } + if $::operatingsystemrelease >= 7 { + file { "/etc/systemd/system/${mysql_service_name}.service.d" : + ensure => directory, + } + file { "/etc/systemd/system/${mysql_service_name}.service.d/custom.conf" : + content => template('cloud/database/systemd-custom.conf.erb'), + owner => 'root', + mode => '0755', + group => 'root', + notify => [Service['mysqld'], Exec['mariadb-sysctl-daemon-reload']], + } + exec { 'mariadb-sysctl-daemon-reload' : + command => '/usr/bin/systemctl daemon-reload', + refreshonly => true, + notify => Service['mysqld'], + } + } + } # RedHat 'Debian': { # Specific to Debian / Ubuntu @@ -406,7 +443,7 @@ before => Package[$mysql_server_package_name], } - if($::osfamily == 'Debian'){ + if $::osfamily == 'Debian' { # The startup time can be longer than the default 30s so we take # care of it there. Until this bug is not resolved # https://mariadb.atlassian.net/browse/MDEV-5540, we have to do it diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb index 631a90a3..09ed68c2 100644 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ b/spec/classes/cloud_database_sql_mysql_spec.rb @@ -94,6 +94,34 @@ end # configure mysqlchk http replication + context 'configure override of systemd defaults' do + before :each do + facts.merge!( :hostname => 'os-ci-test1', + :osfamily => 'RedHat', + :operatingsystemrelease => 7 ) + end + before :each do + params.merge!(:mysql_systemd_override_settings => { 'LimitNOFILE' => 666 }) + end + + it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/[Service]/) } + it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/LimitNOFILE=666/) } + it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } + end + + context 'configure open_file_limits' do + before :each do + facts.merge!( :hostname => 'os-ci-test1', + :osfamily => 'RedHat', + :operatingsystemrelease => 7 ) + end + before :each do + params.merge!(:open_files_limit => 666) + end + + it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } + end + context 'configure databases on the galera master server' do before :each do @@ -271,7 +299,8 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + { :osfamily => 'RedHat', + :operatingsystemrelease => 7 } end let :platform_params do diff --git a/templates/database/mysql.conf.erb b/templates/database/mysql.conf.erb index 1696c903..cba4d7d4 100644 --- a/templates/database/mysql.conf.erb +++ b/templates/database/mysql.conf.erb @@ -20,7 +20,7 @@ max_heap_table_size = 128M query_cache_type = 0 myisam_recover = BACKUP key_buffer_size = 16M -open_files_limit = 65535 +open_files_limit = <%= @open_files_limit_real %> table_open_cache = 1024 table_definition_cache = 500 myisam_sort_buffer_size = 512M @@ -37,7 +37,7 @@ innodb_flush_log_at_trx_commit = 1 innodb_lock_wait_timeout = 50 innodb_thread_concurrency = 48 innodb_file_per_table = 1 -innodb_open_files = 65535 +innodb_open_files = <%= @open_files_limit_real %> innodb_io_capacity = 1000 innodb_file_format = Barracuda innodb_file_format_max = Barracuda diff --git a/templates/database/systemd-custom.conf.erb b/templates/database/systemd-custom.conf.erb new file mode 100644 index 00000000..3e88a5de --- /dev/null +++ b/templates/database/systemd-custom.conf.erb @@ -0,0 +1,4 @@ +[Service] +<% @mysql_systemd_override_settings_real.each do |key, value| -%> +<%= key -%>=<%= value %> +<% end -%> From e8c90ddcb53ef5ada2d1224047cae49605ac8833 Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Thu, 23 Apr 2015 08:36:57 -0400 Subject: [PATCH 4/5] Fix ceph keyring permissions When ceph osd are not on same nodes than cinder a keyring permissions problem appear. With this ordering the problem doesn't appear anymore and all node get the right permissions for the ceph keyring file. Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa (cherry picked from commit a29ff731533b45ca65d6a82b90d90f376fa468af) --- manifests/compute/hypervisor.pp | 22 +++++++++---------- manifests/volume/backend/rbd.pp | 14 +++++------- spec/classes/cloud_compute_hypervisor_spec.rb | 5 +++++ spec/classes/cloud_volume_storage_spec.rb | 5 +++++ 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 241375a7..fe6fc088 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -359,18 +359,16 @@ # Configure Ceph keyring Ceph::Key <<| title == $cinder_rbd_user |>> - if defined(Ceph::Key[$cinder_rbd_user]) { - ensure_resource( - 'file', - "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$cinder_rbd_user], - notify => Service['nova-compute'], - } - ) - } + ensure_resource( + 'file', + "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$cinder_rbd_user], + notify => Service['nova-compute'], + } + ) Concat::Fragment <<| title == 'ceph-client-os' |>> } else { diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp index cf33d08b..c6115003 100644 --- a/manifests/volume/backend/rbd.pp +++ b/manifests/volume/backend/rbd.pp @@ -84,14 +84,12 @@ # Configure Ceph keyring Ceph::Key <<| title == $rbd_user |>> - if defined(Ceph::Key[$rbd_user]) { - ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$rbd_user], - }) - } + ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$rbd_user], + }) Concat::Fragment <<| title == 'ceph-client-os' |>> diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index c415682f..c035eb3c 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -383,6 +383,11 @@ class { 'cloud::network': :command => 'usermod -a -G cephkeyring nova', :unless => 'groups nova | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end it 'configure libvirt driver' do diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb index f2c1d77e..79ffac63 100644 --- a/spec/classes/cloud_volume_storage_spec.rb +++ b/spec/classes/cloud_volume_storage_spec.rb @@ -154,6 +154,11 @@ :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], :unless => 'groups cinder | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end end From dad82f55770632f71bce77e6230cc7582db776ac Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Sat, 25 Apr 2015 13:39:14 -0400 Subject: [PATCH 5/5] Fix errors in puppet-syntax-future puppet-syntax-future job is failing because of a syntax error in the manifests. This patch aims to fix it. Change-Id: Ib471e862bb7a9f735c5c6f045f4c627723dd6c3a (cherry picked from commit 5e07f511b4dbe979745751ac30b4347209467d2d) (cherry picked from commit 736587a8781f5b286548cdfbf4a399423f1a1e71) --- manifests/database/sql/mysql.pp | 2 +- manifests/network.pp | 2 +- manifests/network/controller.pp | 2 +- manifests/network/vswitch.pp | 2 +- spec/classes/cloud_network_vswitch_spec.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index aa41c1a0..2e59f894 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -417,7 +417,7 @@ } } # Debian default: { - err "${::osfamily} not supported yet" + fail("${::osfamily} not supported yet") } } diff --git a/manifests/network.pp b/manifests/network.pp index 0b16f7bc..b4873ab7 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -89,7 +89,7 @@ $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp index 092b960c..340d5ff2 100644 --- a/manifests/network/controller.pp +++ b/manifests/network/controller.pp @@ -254,7 +254,7 @@ } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp index 10d663d6..0a00ce6c 100644 --- a/manifests/network/vswitch.pp +++ b/manifests/network/vswitch.pp @@ -215,7 +215,7 @@ } default: { - err "${driver} driver is not supported." + fail("${driver} driver is not supported.") } } diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb index 6078ad50..d101b76e 100644 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ b/spec/classes/cloud_network_vswitch_spec.rb @@ -133,7 +133,7 @@ before :each do params.merge!(:driver => 'Something') end - it { should compile.and_raise_error(/Something plugin is not supported./) } + it_raises 'a Puppet::Error', /Something driver is not supported./ end context 'with default firewall enabled' do