Jcrespo has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/382672 )
Change subject: Remove dbstore2 role, make dbstore default to the new socket
location
......................................................................
Remove dbstore2 role, make dbstore default to the new socket location
We will keep socket location for now of dbstore1001 (which is going
to be converted into dbstore_multiinstance anyway), but we change
dbstore1002 one, which is about to be restarted.
Move firewall to the role.
Bug: T168303
Change-Id: Iae6ac71fe66a1f40c63461b00a430ac820f0ec86
---
M manifests/site.pp
M modules/role/manifests/mariadb/dbstore.pp
D modules/role/manifests/mariadb/dbstore2.pp
M modules/role/templates/mariadb/mysqld_config/dbstore.my.cnf.erb
D modules/role/templates/mariadb/mysqld_config/dbstore2.my.cnf.erb
5 files changed, 8 insertions(+), 231 deletions(-)
Approvals:
Marostegui: Looks good to me, but someone else must approve
Elukey: Looks good to me, but someone else must approve
jenkins-bot: Verified
Jcrespo: Looks good to me, approved
diff --git a/manifests/site.pp b/manifests/site.pp
index d064e17..7fecde2 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -671,14 +671,13 @@
# Delayed slaves legitimately and cleanly (errno = 0) stop the SQL
thread, so
# don't spam Icinga with warnings. This will not block properly
critical alerts.
warn_stopped => false,
+ socket => '/tmp/mysql.sock',
}
- include ::base::firewall
}
node 'dbstore1002.eqiad.wmnet' {
# this slave has an m4 custom replication protocol
role(mariadb::dbstore, mariadb::analytics::custom_repl_slave)
- include ::base::firewall
}
node 'dbstore2001.codfw.wmnet' {
diff --git a/modules/role/manifests/mariadb/dbstore.pp
b/modules/role/manifests/mariadb/dbstore.pp
index b9791c7..22d5a1c 100644
--- a/modules/role/manifests/mariadb/dbstore.pp
+++ b/modules/role/manifests/mariadb/dbstore.pp
@@ -3,6 +3,7 @@
$lag_warn = 300,
$lag_crit = 600,
$warn_stopped = true,
+ $socket = '/run/mysqld.sock',
) {
system::role { 'mariadb::dbstore':
@@ -13,6 +14,7 @@
include mariadb::service
include ::standard
+ include ::base::firewall
include passwords::misc::scripts
class { 'role::mariadb::grants::production':
@@ -27,13 +29,14 @@
class {'role::mariadb::groups':
mysql_group => 'dbstore',
mysql_role => 'slave',
- socket => '/tmp/mysql.sock',
+ socket => $socket,
}
class { 'mariadb::config':
config => 'role/mariadb/mysqld_config/dbstore.my.cnf.erb',
datadir => '/srv/sqldata',
tmpdir => '/srv/tmp',
+ socket => $socket,
ssl => 'puppet-cert',
p_s => 'off',
}
@@ -45,7 +48,7 @@
lag_warn => $lag_warn,
lag_crit => $lag_crit,
warn_stopped => $warn_stopped,
- socket => '/tmp/mysql.sock',
+ socket => $socket,
multisource => true,
}
}
diff --git a/modules/role/manifests/mariadb/dbstore2.pp
b/modules/role/manifests/mariadb/dbstore2.pp
deleted file mode 100644
index a1239f1..0000000
--- a/modules/role/manifests/mariadb/dbstore2.pp
+++ /dev/null
@@ -1,51 +0,0 @@
-# MariaDB 10 slaves replicating all shards and running InnoDB
-class role::mariadb::dbstore2(
- $lag_warn = 300,
- $lag_crit = 600,
- $warn_stopped = true,
- ) {
-
- system::role { 'mariadb::dbstore2':
- description => 'Delayed Slave',
- }
-
- include mariadb::packages_wmf
- include mariadb::service
-
- include ::standard
- include passwords::misc::scripts
-
- class { 'role::mariadb::grants::production':
- password => $passwords::misc::scripts::mysql_root_pass,
- prompt => 'DBSTORE',
- }
-
- include role::mariadb::monitor::dba
- include passwords::misc::scripts
- include role::mariadb::ferm
-
- class {'role::mariadb::groups':
- mysql_group => 'dbstore',
- mysql_role => 'slave',
- socket => '/tmp/mysql.sock',
- }
-
- class { 'mariadb::config':
- config => 'role/mariadb/mysqld_config/dbstore2.my.cnf.erb',
- datadir => '/srv/sqldata',
- tmpdir => '/srv/tmp',
- ssl => 'puppet-cert',
- p_s => 'off',
- }
-
- mariadb::monitor_replication {
- ['s1','s2','s3','s4','s5','s6','s7','m2','m3','x1']:
- is_critical => false,
- contact_group => 'admins', # only show on nagios/irc
- lag_warn => $lag_warn,
- lag_crit => $lag_crit,
- warn_stopped => $warn_stopped,
- socket => '/tmp/mysql.sock',
- multisource => true,
- }
-}
diff --git a/modules/role/templates/mariadb/mysqld_config/dbstore.my.cnf.erb
b/modules/role/templates/mariadb/mysqld_config/dbstore.my.cnf.erb
index be52d4e..2e58105 100644
--- a/modules/role/templates/mariadb/mysqld_config/dbstore.my.cnf.erb
+++ b/modules/role/templates/mariadb/mysqld_config/dbstore.my.cnf.erb
@@ -3,8 +3,7 @@
# Please use separate .cnf templates for each type of server.
[client]
-port = 3306
-socket = /tmp/mysql.sock
+socket = <%= @socket %>
<% if @ssl == 'on' or @ssl == 'puppet-cert' %>
# ssl
ssl-ca=/etc/ssl/certs/Puppet_Internal_CA.pem
@@ -21,7 +20,7 @@
temp-pool
user = mysql
-socket = /tmp/mysql.sock
+socket = <%= @socket %>
port = 3306
basedir = <%= @basedir %>
datadir = <%= @datadir %>
diff --git a/modules/role/templates/mariadb/mysqld_config/dbstore2.my.cnf.erb
b/modules/role/templates/mariadb/mysqld_config/dbstore2.my.cnf.erb
deleted file mode 100644
index 1a09367..0000000
--- a/modules/role/templates/mariadb/mysqld_config/dbstore2.my.cnf.erb
+++ /dev/null
@@ -1,173 +0,0 @@
-# dbstore delayed and analytic slaves
-
-# Please use separate .cnf templates for each type of server.
-
-[client]
-port = 3306
-socket = /tmp/mysql.sock
-<% if @ssl == 'on' %>
-# ssl
-ssl-ca=/etc/mysql/ssl/cacert.pem
-ssl-cert=/etc/mysql/ssl/server-cert.pem
-ssl-key=/etc/mysql/ssl/server-key.pem
-# skip server cert validation until we generate one cert per server
-# it would check the cert's common name against the host
-# ssl-verify-server-cert
-<% elsif @ssl == 'puppet-cert' %>
-# ssl
-ssl-ca=/etc/ssl/certs/Puppet_Internal_CA.pem
-ssl-cert=/etc/mysql/ssl/cert.pem
-ssl-key=/etc/mysql/ssl/server.key
-ssl-verify-server-cert
-<% end %>
-
-[mysqld]
-
-skip-external-locking
-skip-name-resolve
-skip-slave-start
-temp-pool
-
-user = mysql
-socket = /tmp/mysql.sock
-port = 3306
-basedir = <%= @basedir %>
-datadir = <%= @datadir %>
-tmpdir = <%= @tmpdir %>
-server_id = <%= @server_id %>
-# gtid_domain_id flag is needed for multisource replication and GTID.
-# Strictly it is only needed on masters or servers that can potentially be
-# masters but for consistency it should be set in all of them.
-# https://mariadb.com/kb/en/mariadb/gtid/
-gtid_domain_id = <%= @gtid_domain_id %>
-
-
-read_only = 0
-
-# enable socket authentication
-plugin-load = unix_socket=auth_socket.so
-
-secure_file_priv = /dev/null
-max_connections = 250
-max_allowed_packet = 32M
-connect_timeout = 3
-query_cache_size = 0
-query_cache_type = 0
-event_scheduler = 1
-
-table_open_cache = 50000
-table_definition_cache = 50000
-default-storage-engine = InnoDB
-
-# InnoDB file-per-table + TokuDB love those file descriptors
-open-files-limit = 400000
-
-character_set_server = binary
-character_set_filesystem = binary
-collation_server = binary
-
-innodb_file_per_table = 1
-innodb_buffer_pool_size = 100G
-innodb_log_file_size = 4G
-innodb_flush_log_at_trx_commit = 0
-innodb_flush_method = O_DIRECT
-innodb_thread_concurrency = 0
-innodb_io_capacity = 1000
-innodb_stats_sample_pages = 16
-innodb_stats_method = nulls_unequal
-innodb_locks_unsafe_for_binlog = 1
-aria_pagecache_buffer_size = 16G
-
-# dump and load innodb buffer at start and stop
-innodb_buffer_pool_load_at_startup = 1
-innodb_buffer_pool_dump_at_shutdown = 1
-
-optimizer_switch='engine_condition_pushdown=on,optimize_join_buffer_size=on'
-join_cache_level = 8
-
-#plugin-load = ha_tokudb
-#tokudb_cache_size = 24G
-# Tokudb will stop working when there is less than 1% of free disk space
-# (5% by default)
-#tokudb_fs_reserve_percent = 1
-
-skip-slave-start
-slave_transaction_retries = 4294967295
-
-s1.replicate-wild-do-table = %wik%.%
-s1.replicate-wild-do-table = heartbeat.%
-s2.replicate-wild-do-table = %wik%.%
-s2.replicate-wild-do-table = heartbeat.%
-s3.replicate-wild-do-table = %wik%.%
-s3.replicate-wild-do-table = heartbeat.%
-s4.replicate-wild-do-table = %wik%.%
-s4.replicate-wild-do-table = heartbeat.%
-s5.replicate-wild-do-table = %wik%.%
-s5.replicate-wild-do-table = heartbeat.%
-s6.replicate-wild-do-table = %wik%.%
-s6.replicate-wild-do-table = heartbeat.%
-s7.replicate-wild-do-table = %wik%.%
-s7.replicate-wild-do-table = centralauth.%
-s7.replicate-wild-do-table = heartbeat.%
-m3.replicate-wild-do-table = phab%.%
-m3.replicate-wild-do-table = phlegal%.%
-m3.replicate-wild-do-table = heartbeat.%
-m4.replicate-wild-do-table = log.%
-m4.replicate-wild-do-table = heartbeat.%
-x1.replicate-wild-ignore-table = mysql.%
-x1.replicate-wild-ignore-table = ops.%
-x1.replicate-wild-ignore-table = trash.%
-x1.replicate-wild-ignore-table = sys.%
-x1.replicate-wild-ignore-table = percona.%
-
-<% if @kernelversion < "3.19" %>
-# Until kernel 3.16 http://www.spinics.net/lists/stable/msg61873.html
-# At least, I think so. For now we need to avoid the an assertion failure on
Trusty w/ 3.13
-innodb_use_native_aio = 0
-innodb_read_io_threads = 16
-innodb_write_io_threads = 8
-<% end %>
-<% if @ssl == 'on' %>
-# ssl
-ssl-ca=/etc/mysql/ssl/cacert.pem
-ssl-cert=/etc/mysql/ssl/server-cert.pem
-ssl-key=/etc/mysql/ssl/server-key.pem
-ssl-cipher=TLSv1.2
-<% elsif @ssl == 'puppet-cert' %>
-# ssl
-ssl-ca=/etc/ssl/certs/Puppet_Internal_CA.pem
-ssl-cert=/etc/mysql/ssl/cert.pem
-ssl-key=/etc/mysql/ssl/server.key
-ssl-cipher=TLSv1.2
-<% end %>
-<% if @p_s == 'on' %>
-# Enabling performance_schema (disabled by default in MariaDB10)
-performance_schema = 1
-# downsizing performance schema memory usage: T99485
-performance_schema_digests_size = -1
-performance_schema_max_thread_instances = 500
-performance_schema_max_cond_instances = 1000
-performance_schema_accounts_size = 300
-performance_schema_hosts_size = 300
-performance_schema_events_statements_history_size = 10
-performance_schema_events_statements_history_long_size = 1000
-performance_schema_events_waits_history_size = 10
-performance_schema_events_waits_history_long_size = 1000
-performance_schema_events_stages_history_size = 10
-performance_schema_events_stages_history_long_size = 1000
-performance_schema_max_mutex_instances = 5000
-performance_schema_max_rwlock_instances = 2000
-performance_schema_max_socket_instances = 500
-performance_schema_max_table_instances = 1000
-<% else %>
-# only enable userstat if p_s is disabled
-performance_schema = 0
-userstat = 1
-<% end %>
-
-[mysqldump]
-
-quick
-max_allowed_packet = 32M
-
-#!includedir /etc/mysql/conf.d/
--
To view, visit https://gerrit.wikimedia.org/r/382672
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iae6ac71fe66a1f40c63461b00a430ac820f0ec86
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <[email protected]>
Gerrit-Reviewer: Elukey <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Jcrespo <[email protected]>
Gerrit-Reviewer: Marostegui <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
