From 168db9abcd9ae20228efb2c658e5c93cc378a3e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Wed, 18 Dec 2024 10:57:39 +0100
Subject: [PATCH] Refs #8140: MariaDB Server Deploy - Role WIP - mysql-flush.sh
 added for snapshots with QEMU Guest Agent.

---
 roles/services/defaults/main.yaml   |  5 +++
 roles/services/files/mysql-flush.sh | 57 +++++++++++++++++++++++++++++
 roles/services/tasks/mariadb.yml    |  5 +--
 3 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100644 roles/services/files/mysql-flush.sh

diff --git a/roles/services/defaults/main.yaml b/roles/services/defaults/main.yaml
index d33e66b..6c51a67 100644
--- a/roles/services/defaults/main.yaml
+++ b/roles/services/defaults/main.yaml
@@ -5,6 +5,10 @@ mariadb_base_packages:
 mariadb_requeriments:
   - curl
   - apt-transport-https
+certificates:
+  - { content: '{{ ca_mysql }}', dest: '/etc/mysql/ca.pem', mode: 'u=rw,g=r,o=r' }
+  - { content: '{{ cert_mysql }}', dest: '/etc/mysql/cert.pem', mode: 'u=rw,g=r,o=r' }
+  - { content: '{{ private_mysql }}', dest: '/etc/mysql/key.pem', mode: 'u=rw,g=,o=' }
 required_directories:
   - { path: /mnt/local-backup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
   - { path: /mnt/mysqlbin, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
@@ -14,6 +18,7 @@ required_directories:
   - { path: /root/mariabackup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
 required_files_and_mariabackup_files_and_root_scripts:
   - { src: "mariadb_override.conf", dest: "/etc/systemd/system/mariadb.service.d/override.conf", mode: "u=rw,g=r,o=r" }
+  - { src: "mysql-flush.sh", dest: "/etc/qemu/fsfreeze-hook.d/mysql-flush.sh", mode: "u=rwx,g=rx,o=rx" }
   - { src: "files/mariabackup/bacula-before.sh", dest: "/root/mariabackup/bacula-before.sh", mode: "u=rwx,g=rx,o=rx" }
   - { src: "files/mariabackup/config.sh", dest: "/root/mariabackup/config.sh", mode: "u=rwx,g=rx,o=x" }
   - { src: "files/mariabackup/inc-backup.sh", dest: "/root/mariabackup/inc-backup.sh", mode: "u=rwx,g=rx,o=rx" }
diff --git a/roles/services/files/mysql-flush.sh b/roles/services/files/mysql-flush.sh
new file mode 100644
index 0000000..88af1b8
--- /dev/null
+++ b/roles/services/files/mysql-flush.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# https://github.com/qemu/qemu/blob/master/scripts/qemu-guest-agent/fsfreeze-hook.d/mysql-flush.sh.sample
+# Flush MySQL tables to the disk before the filesystem is frozen.
+# At the same time, this keeps a read lock in order to avoid write accesses
+# from the other clients until the filesystem is thawed.
+
+MYSQL="/usr/bin/mysql"
+MYSQL_OPTS="-uroot" #"-prootpassword"
+FIFO=/var/run/mysql-flush.fifo
+
+# Check mysql is installed and the server running
+[ -x "$MYSQL" ] && "$MYSQL" $MYSQL_OPTS < /dev/null || exit 0
+
+flush_and_wait() {
+    printf "FLUSH TABLES WITH READ LOCK \\G\n"
+    trap 'printf "$(date): $0 is killed\n">&2' HUP INT QUIT ALRM TERM
+    read < $FIFO
+    printf "UNLOCK TABLES \\G\n"
+    rm -f $FIFO
+}
+
+case "$1" in
+    freeze)
+        mkfifo $FIFO || exit 1
+        flush_and_wait | "$MYSQL" $MYSQL_OPTS &
+        # wait until every block is flushed
+        while [ "$(echo 'SHOW STATUS LIKE "Key_blocks_not_flushed"' |\
+                 "$MYSQL" $MYSQL_OPTS | tail -1 | cut -f 2)" -gt 0 ]; do
+            sleep 1
+        done
+        # for InnoDB, wait until every log is flushed
+        INNODB_STATUS=$(mktemp /tmp/mysql-flush.XXXXXX)
+        [ $? -ne 0 ] && exit 2
+        trap "rm -f $INNODB_STATUS; exit 1" HUP INT QUIT ALRM TERM
+        while :; do
+            printf "SHOW ENGINE INNODB STATUS \\G" |\
+                "$MYSQL" $MYSQL_OPTS > $INNODB_STATUS
+            LOG_CURRENT=$(grep 'Log sequence number' $INNODB_STATUS |\
+                          tr -s ' ' | cut -d' ' -f4)
+            LOG_FLUSHED=$(grep 'Log flushed up to' $INNODB_STATUS |\
+                          tr -s ' ' | cut -d' ' -f5)
+            [ "$LOG_CURRENT" = "$LOG_FLUSHED" ] && break
+            sleep 1
+        done
+        rm -f $INNODB_STATUS
+        ;;
+
+    thaw)
+        [ ! -p $FIFO ] && exit 1
+        echo > $FIFO
+        ;;
+
+    *)
+        exit 1
+        ;;
+esac
\ No newline at end of file
diff --git a/roles/services/tasks/mariadb.yml b/roles/services/tasks/mariadb.yml
index eb923e7..64c4198 100644
--- a/roles/services/tasks/mariadb.yml
+++ b/roles/services/tasks/mariadb.yml
@@ -78,10 +78,7 @@
     owner: mysql
     group: mysql
     mode: "{{ item.mode }}"
-  loop:
-    - { content: '{{ ca_mysql }}', dest: '/etc/mysql/ca.pem', mode: 'u=rw,g=r,o=r' }
-    - { content: '{{ cert_mysql }}', dest: '/etc/mysql/cert.pem', mode: 'u=rw,g=r,o=r' }
-    - { content: '{{ private_mysql }}', dest: '/etc/mysql/key.pem', mode: 'u=rw,g=,o=' }
+  loop: "{{ certificates }}"
   notify: restart-mariadb
 
 - name: Set MariaDB custom configuration