Merge pull request 'refs #8414 - modify maribackup config files and templates' (!56) from 8414_MariaDBBackup_custom_environment into main

Reviewed-on: #56 Reviewed-by: Juan Ferrer <juan@verdnatura.es>
2025-01-30 07:05:01 +00:00 · 2025-01-30 07:05:01 +00:00 · d02bf2a5e3
parent edc2876a84 0d5a6d96ca
commit d02bf2a5e3
10 changed files with 155 additions and 53 deletions
--- a/roles/services/defaults/main.yaml
+++ b/roles/services/defaults/main.yaml
@ -23,8 +23,9 @@ mariadb_requeriments:
  - curl
  - apt-transport-https
 certificates:
-  - { content: '{{ ca_mysql }}', dest: '/etc/mysql/ca.pem', mode: 'u=rw,g=r,o=r' }
+  - { content: '{{ ca_company_deprecated }}', dest: '/etc/mysql/ca.pem', mode: 'u=rw,g=r,o=r' }
  - { content: '{{ cert_mysql }}', dest: '/etc/mysql/cert.pem', mode: 'u=rw,g=r,o=r' }
+  - { content: '{{ cert_mysql_key }}', dest: '/etc/mysql/key.pem', mode: 'u=rw,g=,o=' }
 required_directories:
  - { path: /mnt/local-backup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
  - { path: /mnt/mysqlbin, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
@ -32,13 +33,15 @@ required_directories:
  - { path: /mnt/mysqlbin/binlog, owner: mysql, group: mysql, mode: 'u=rwx,g=,o=' }
  - { path: /root/scripts, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
  - { path: /root/mariabackup, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }
+  - { path: /mnt/mysqldata/mysql, owner: mysql, group: mysql, mode: 'u=rwx,g=rx,o=rx' }
+  - { path: /etc/systemd/system/mariadb.service.d, owner: root, group: root, mode: 'u=rwx,g=rx,o=rx' }  
+
 required_files_and_mariabackup_files_and_root_scripts:
  - { src: "mariadb_override.conf", dest: "/etc/systemd/system/mariadb.service.d/override.conf", mode: "u=rw,g=r,o=r" }
-  - { src: "mysql-flush.sh", dest: "/etc/qemu/fsfreeze-hook.d/mysql-flush.sh", mode: "u=rwx,g=rx,o=rx" }
+  - { src: "mysql-flush.sh", dest: "/etc/qemu/fsfreeze-hook.d/mysql-flush.sh", mode: "u=rwx,g=rx,o=rx" }  
  - { src: "files/mariabackup/bacula-before.sh", dest: "/root/mariabackup/bacula-before.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/mariabackup/config.sh", dest: "/root/mariabackup/config.sh", mode: "u=rwx,g=rx,o=x" }
  - { src: "files/mariabackup/inc-backup.sh", dest: "/root/mariabackup/inc-backup.sh", mode: "u=rwx,g=rx,o=rx" }
-  - { src: "files/mariabackup/my.cnf", dest: "/root/mariabackup/my.cnf", mode: "u=rw,g=,o=" }
  - { src: "files/mariabackup/restore-backup.sh", dest: "/root/mariabackup/restore-backup.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/scripts/check-memory.sh", dest: "/root/scripts/check-memory.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/scripts/export-privs.sh", dest: "/root/scripts/export-privs.sh", mode: "u=rwx,g=rx,o=rx" }
@ -46,8 +49,7 @@ required_files_and_mariabackup_files_and_root_scripts:
  - { src: "files/scripts/promote-master.sh", dest: "/root/scripts/promote-master.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/scripts/promote-slave.sh", dest: "/root/scripts/promote-slave.sh", mode: "u=rwx,g=rx,o=rx" }
  - { src: "files/scripts/README.md", dest: "/root/scripts/README.md", mode: "u=rw,g=r,o=r" }
-  - { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" }
-  - { src: "files/scripts/sync-conf.sh", dest: "/root/scripts/sync-conf.sh", mode: "u=rwx,g=rx,o=rx" }
+  - { src: "files/scripts/scheduler-log.sh", dest: "/root/scripts/scheduler-log.sh", mode: "u=rwx,g=rx,o=rx" }  
 downloads:
  - { url: "https://r.mariadb.com/downloads/mariadb_repo_setup", dest: "/tmp/mariadb_repo_setup", mode: "u=rwx,g=rx,o=rx" }
  - { url: "https://repo.percona.com/apt/percona-release_latest.generic_all.deb", dest: "/tmp/percona-release_latest.generic_all.deb", mode: "u=rw,g=r,o=r" }
--- a/roles/services/files/mariabackup/my.cnf
+++ b/roles/services/files/mariabackup/my.cnf
@ -1,7 +0,0 @@
-[mariabackup]
-host = localhost
-user = {{ user_mariabackup }}
-password = {{ password_user_mariabackup }}
-use-memory = 1G
-parallel = 2
-stream = mbstream
--- a/roles/services/files/mariabackuptest_dev/apply.sql
+++ b/roles/services/files/mariabackuptest_dev/apply.sql
@ -0,0 +1,6 @@
+UPDATE vn2008.tblContadores
+	SET dbproduccion = FALSE;
+
+DELETE FROM util.binlogQueue;
+
+UPDATE `account`.`user` SET `active` = TRUE WHERE `name` = 'mindshore';
--- a/roles/services/files/mariabackuptest_dev/bacula-after.sh
+++ b/roles/services/files/mariabackuptest_dev/bacula-after.sh
@ -0,0 +1,51 @@
+#!/bin/bash
+set -e
+
+myDir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "$myDir/config.sh"
+. "$myDir/apply.config.sh"
+
+todayDir=$(date +%Y-%m-%d)
+pattern="$baculaDir/mnt/local-backup/${todayDir}_??-??_full.gz"
+files=($pattern)
+backupFile="${files[0]}"
+
+"$myDir/restore-backup.sh" "$backupFile"
+rm -r "$baculaDir"
+
+if [[ "${#dbClusterSiblings[@]}" -gt "0" ]]; then
+	for node in "${dbClusterSiblings[@]}"; do
+		ssh root@$node service mysql stop
+		ssh root@$node "if pgrep mariadbd; then pkill -9 mariadbd; fi"
+	done
+	
+	galera_new_cluster
+else
+	service mariadb start
+fi
+
+echo "Applying custom script."
+mysql -e "UPDATE util.config SET environment = '$dbEnvironment', lastDump = NOW()"
+mysql < "$myDir/apply.sql"
+
+echo "Upgrading tables."
+mysql_upgrade
+
+echo "Applying repository changes."
+curl --silent --request POST --location --user "$jenkinsAuth" "$jenkinsUrl/build?delay=0sec"
+
+echo "Waiting for Jenkins job to end."
+jobResult=null
+while [ "$jobResult" = "null" ]; do
+	sleep 10
+	jobResult=$(curl --silent --location --user "$jenkinsAuth" "$jenkinsUrl/lastBuild/api/json" | jq --raw-output ".result")
+done
+echo "Job result: $jobResult"
+
+echo "Promoting to master."
+"/root/scripts/promote-master.sh"
+
+for node in "${dbClusterSiblings[@]}"; do
+	ssh root@$node service mysql start
+done
+
--- a/roles/services/files/mariaconfigfiles/z92-testing_dev.cnf
+++ b/roles/services/files/mariaconfigfiles/z92-testing_dev.cnf
--- a/roles/services/files/scripts/sync-conf.sh
+++ b/roles/services/files/scripts/sync-conf.sh
@ -1,21 +0,0 @@
-#!/bin/bash
-
-partner=root@db2.static.verdnatura.es
-confDir=/etc/mysql/mariadb.conf.d
-files=(
-	z90-vn.cnf
-	z95-production.cnf
-)
-
-#echo "Reloading service."
-#service mariadb reload
-
-if [ $? -eq "0" ]; then
-	echo "Synchronizing partner configuration."
-	for file in "${files[@]}"; do 
-        	scp "$confDir/$file" $partner:$confDir
-	done
-
-	#echo "Reloading partner service."
-	#ssh $partner service mariadb reload
-fi
--- a/roles/services/handlers/main.yml
+++ b/roles/services/handlers/main.yml
@ -2,7 +2,7 @@
  systemd:
    name: chrony
    state: restarted
- name: reload systemd
+- name: reload-systemd
  command:
    cmd: systemctl daemon-reload
 - name: restart-mariadb
--- a/roles/services/tasks/mariadb.yml
+++ b/roles/services/tasks/mariadb.yml
@ -48,14 +48,14 @@
    group: root
    mode: "{{ item.mode }}"
  loop: "{{ required_files_and_mariabackup_files_and_root_scripts }}"
-  notify: reload systemd
+  notify: reload-systemd

 - name: Add tmpfs in /etc/fstab
  blockinfile:
    path: /etc/fstab
    marker: "# {mark} ANSIBLE-MANAGED TMPFS ENTRY"
    block: |
-      tmpfs /mnt/mysqltmp         tmpfs rw,size=6144M         0 0
+      tmpfs /mnt/mysqltmp         tmpfs rw,size={{ mysqltmpsize }}         0 0
  register: fstab

 - name: Mount all filesystems from /etc/fstab
@ -71,6 +71,7 @@
    mode: u=rw,g=r,o=r

 - name: Insert MySQL certificates
+  no_log: true
  copy:
    content: "{{ item.content }}"
    dest: "{{ item.dest }}"
@ -80,14 +81,6 @@
  loop: "{{ certificates }}"
  notify: restart-mariadb

- name: Configure MySQL master cert
-  copy:
-    content: "{{ lookup(passbolt, 'private_mysql', folder_parent_id=passbolt_folder).description }}"
-    dest: /etc/mysql/key.pem
-    owner: mysql
-    group: mysql
-    mode: u=rw,g=,o=
-
 - when: production is true
  block:
  - name: Set MariaDB custom configuration Production
@ -98,8 +91,8 @@
      group: root
      mode: u=rw,g=r,o=r
    with_items:
-      - "files/mariaconfigfiles/z90-vn.cnf"
-      - "files/mariaconfigfiles/z95-production"
+      - "mariaconfigfiles/z90-vn.cnf"
+      - "mariaconfigfiles/z95-production.cnf"
    notify: restart-mariadb
  
  - name: Reminder to check mount points
@ -111,9 +104,10 @@
        - /mnt/local-backup
        Make sure they are correctly configured and accessible.

- when: testdb is true
+- when: production is false or production is not defined
+
  block:
-  - name: Set MariaDB custom configuration Test
+  - name: Set MariaDB custom configuration Test-DB-DEV
    copy:
      src: "{{ item }}"
      dest: /etc/mysql/mariadb.conf.d/
@ -122,20 +116,70 @@
      mode: u=rw,g=r,o=r
    with_items:
      - "files/mariaconfigfiles/z90-vn.cnf"
-      - "files/mariaconfigfiles/z92-testing.cnf"
+      - "files/mariaconfigfiles/z92-testing_dev.cnf"
    notify: restart-mariadb
+
+  - name: Set MariaBackup custom template configuration Test-DB-DEV
+    template:
+      src: test-db_dev/apply.config.sh
+      dest: /root/mariabackup/
+      owner: root
+      group: root
+      mode: u=rw,g=,o=
+
+  - name: Set MariaDB local configuration file for Test-DB-DEV
+    copy:
+      src: "{{ item }}"
+      dest: /root/mariabackup/
+      owner: root
+      group: root
+      mode: u=rw,g=r,o=r
+    with_items:
+      - "mariabackuptest_dev/apply.sql"
+      - "mariabackuptest_dev/bacula-after.sh"
  
-  - name: Reminder to check mount points
+  - name: Reminder to check mount points environment Test-DB-DEV
    debug:
      msg: |
        Remember to check the following mount points:
        - /mnt/mysqltmp
        Make sure they are correctly configured and accessible.

- name: Set MariaDB local configuration file
+- name: Set Custom Configuration local template all Environment
  template:
-    src: templates/z99-local.cnf
+    src: z99-local.cnf
    dest: /etc/mysql/mariadb.conf.d/
    owner: root
    group: root
-    mode: u=rw,g=r,o=r
+    mode: u=rw,g=r,o=r
+
+- name: Set MariaBackup custom template configuration all Environment
+  template:
+    src: "my.cnf"
+    dest: /root/mariabackup/
+    owner: root
+    group: root
+    mode: u=rw,g=,o=
+
+- name: Check if /var/lib/mysql/ exists
+  stat:
+    path: /var/lib/mysql/
+  register: mysql_dir
+
+
+- when: mysql_dir.stat.exists
+  block:
+
+  - name: Sync MySQL data directory
+    synchronize:
+      src: /var/lib/mysql/
+      dest: /mnt/mysqldata/mysql/
+      archive: true
+      compress: true
+      recursive: true
+    delegate_to: "{{ inventory_hostname }}"
+  
+  - name: Remove old MySQL data after sync
+    file:
+      path: /var/lib/mysql/
+      state: absent
--- a/roles/services/templates/my.cnf
+++ b/roles/services/templates/my.cnf
@ -0,0 +1,7 @@
+[mariabackup]
+host = localhost
+user = mariabackup
+password = {{ lookup(passbolt, 'mariabackup', folder_parent_id=passbolt_folder).password }}
+use-memory = 1G
+parallel = 2
+stream = mbstream
--- a/roles/services/templates/test-db_dev/apply.config.sh
+++ b/roles/services/templates/test-db_dev/apply.config.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Bacula directory for restore
+baculaDir=/mnt/mysqldata/bacula-restore
+
+# Database branch name
+dbBranch={{ dbBranch  }}
+
+# Database environment
+dbEnvironment={{ dbEnvironment }}
+
+# MariaDB cluster sibling node hostnames
+dbClusterSiblings=()
+
+# Jenkins authentication string
+jenkinsAuth=jenkins:{{ lookup(passbolt, 'jenkinsAuth', folder_parent_id=passbolt_folder).password }}
+
+# Jenkins job URL
+jenkinsUrl=https://jenkins.verdnatura.es/job/Scheduler/job/db-apply-changes-{{ dbBranch }}
+