From c163108c0c0c7b7a4f05da411e98ac0f503e31e0 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Fri, 23 Mar 2018 06:51:23 +0100 Subject: Fix critical bug in docker provisioner, improve mysql performance, provision system users/groups to enable NFS group mapping, various minor fixes --- .gitmodules | 6 ++-- anslib/archive/gluster_paths.sh | 9 ------ anslib/patches/archive/gluster_paths.sh | 9 ++++++ docs/consistency.txt | 2 ++ docs/databases.txt | 8 ++++++ docs/kickstart.txt | 1 + docs/troubleshooting.txt | 11 ++++++++ group_vars/ands.yml | 2 ++ group_vars/baremetal.yml | 1 + opts.sh | 1 + playbooks/ands-gluster-ganesha.yml | 8 ++++++ playbooks/openshift-setup-project-groups.yml | 9 ++++++ playbooks/openshift-setup-project.yml | 2 +- roles/ands_common/tasks/software.yml | 12 ++++---- roles/ands_kaas/tasks/do_storage.yml | 6 ++-- roles/ands_kaas/tasks/do_sysgroups.yml | 12 ++++++++ roles/ands_kaas/tasks/sysgroup.yml | 14 ++++++++++ roles/ands_kaas/tasks/sysuser.yml | 15 ++++++++++ roles/docker/defaults/main.yml | 2 ++ roles/docker/tasks/configure.yml | 30 ++++++++++++++++---- roles/docker/tasks/storage.yml | 3 ++ roles/glusterfs/templates/export.openshift.conf.j2 | 1 + setup.sh | 8 +++++- setup/configs/openshift.yml | 10 +++---- setup/projects/adei/vars/globals.yml | 2 ++ setup/projects/adei/vars/mysql.yml | 32 ++++++++++++++-------- setup/projects/adei/vars/mysql_galera.yml | 2 +- setup/projects/adei/vars/phpmyadmin.yml | 4 +-- setup/projects/adei/vars/script.yml | 2 ++ setup/projects/adei/vars/volumes.yml | 3 +- 30 files changed, 181 insertions(+), 46 deletions(-) delete mode 100755 anslib/archive/gluster_paths.sh create mode 100755 anslib/patches/archive/gluster_paths.sh create mode 100644 playbooks/openshift-setup-project-groups.yml create mode 100644 roles/ands_kaas/tasks/do_sysgroups.yml create mode 100644 roles/ands_kaas/tasks/sysgroup.yml create mode 100644 roles/ands_kaas/tasks/sysuser.yml diff --git a/.gitmodules b/.gitmodules index 1185e39..ea94509 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,9 +1,9 @@ [submodule "anslib/openshift-ansible"] path = anslib/openshift-ansible - url = https://github.com/openshift/openshift-ansible.git + url = http://darksoft.org/git/csa/devops/ansible-patches/openshift.git [submodule "anslib/ansible-ghetto-json"] path = anslib/ansible-ghetto-json - url = https://github.com/FauxFaux/ansible-ghetto-json.git + url = http://darksoft.org/git/csa/devops/ansible-patches/ghetto-json.git [submodule "anslib/ansible-role-ntp"] path = anslib/ansible-role-ntp - url = https://github.com/geerlingguy/ansible-role-ntp.git + url = http://darksoft.org/git/csa/devops/ansible-patches/ntp.git diff --git a/anslib/archive/gluster_paths.sh b/anslib/archive/gluster_paths.sh deleted file mode 100755 index 4c3ca0b..0000000 --- a/anslib/archive/gluster_paths.sh +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/bash - -# This is not enough. We also need to separate /dev otherwise port clashes (may be cgroups). Not sure about the side effects. -function fixpath_func { - sed -i.orig -e "/ path: \"\/\(var\|etc\|run\)/ s/\//_/g ; s/\"_/\"\/var\/lib\/heketi\//" $1 -} - -export -f fixpath_func -find openshift-ansible/roles/openshift_storage_glusterfs/files/v3.7 -name glusterfs-template.yml -print0 | xargs -0 -L 1 -I {} bash -c 'fixpath_func "$@"' _ {} diff --git a/anslib/patches/archive/gluster_paths.sh b/anslib/patches/archive/gluster_paths.sh new file mode 100755 index 0000000..4c3ca0b --- /dev/null +++ b/anslib/patches/archive/gluster_paths.sh @@ -0,0 +1,9 @@ +#! /bin/bash + +# This is not enough. We also need to separate /dev otherwise port clashes (may be cgroups). Not sure about the side effects. +function fixpath_func { + sed -i.orig -e "/ path: \"\/\(var\|etc\|run\)/ s/\//_/g ; s/\"_/\"\/var\/lib\/heketi\//" $1 +} + +export -f fixpath_func +find openshift-ansible/roles/openshift_storage_glusterfs/files/v3.7 -name glusterfs-template.yml -print0 | xargs -0 -L 1 -I {} bash -c 'fixpath_func "$@"' _ {} diff --git a/docs/consistency.txt b/docs/consistency.txt index c648a9a..090f0a3 100644 --- a/docs/consistency.txt +++ b/docs/consistency.txt @@ -19,6 +19,8 @@ Storage ./gluster.sh info all_heketi - Check available storage space on system partition and LVM volumes (docker, heketi, ands) Run 'df -h' and 'lvdisplay' on each node + - Check status of hardware raids + /opt/MegaRAID/storcli/storcli64 /c0/v0 show all Networking ========== diff --git a/docs/databases.txt b/docs/databases.txt index 7f8468e..aa58a2e 100644 --- a/docs/databases.txt +++ b/docs/databases.txt @@ -9,8 +9,16 @@ Galera INNODB 3.5 MB/s fast 3 x 200% - Should be perfect, but I am not sure about automatic recovery... Galera/Hostnet INNODB 4.6 MB/s fast 3 x 200% - MySQL Slaves INNODB 5-6 MB/s fast 2 x 250% - Available data is HA, but caching is not. We can easily turn the slave to master. + MySQL S.+Zlib INNODB + ZLib 2-4 MB/s normal 2 x 300% - At about 35% compression level. DRBD MyISAM (no logs) 4-6 exp. ? I expect it as an faster option, but does not fit the OpenShift concept that well. + +Optimized (Large buffers, transactions in ADEI, etc.) + Method Database Perf (Mst/Slv) Clnt/Cache MySQL Gluster HA + MySQL Slaves INNODB 12 / 14 MB/s fast 600-800% - + + + Gluster is a way too slow for anything. If node crashes, MyISAM tables may be left in corrupted state. The recovery will take ages to complete. The Gluster/Block is faster, but HA suffers. The volume is attached to the pod running on crashed node. It seems not detached automatically until diff --git a/docs/kickstart.txt b/docs/kickstart.txt index fb2b5da..1331542 100644 --- a/docs/kickstart.txt +++ b/docs/kickstart.txt @@ -8,6 +8,7 @@ Troubleshooting vgdestroy * Destroy rogue device mapper devices dmsetup info -C + dmsetup remove_all dmsetup remove \ No newline at end of file diff --git a/docs/troubleshooting.txt b/docs/troubleshooting.txt index ef3c206..ae43c52 100644 --- a/docs/troubleshooting.txt +++ b/docs/troubleshooting.txt @@ -244,6 +244,17 @@ Storage or again we can compare lvm volumes which are used by Gluster bricks and which are not. The later ones should be cleaned up. Again there is the script. +MySQL +===== + - MySQL may stop replicating from the master. There is some kind of deadlock in multi-threaded SLAVE SQL. + This can be seen by exexuting (which should show a lot of slave threads waiting on coordinator to provide + load). + SHOW PROCESSLIST; + The remedy is to restart slave MySQL with 'slave_parallel_workers=0', give it a time to go, and then + restart back in the standard multithreading mode. + + + Performance =========== - To find if OpenShift restricts the usage of system resources, we can 'rsh' to container and check diff --git a/group_vars/ands.yml b/group_vars/ands.yml index bd2f066..6fe77ae 100644 --- a/group_vars/ands.yml +++ b/group_vars/ands.yml @@ -4,3 +4,5 @@ ands_repo_url: http://ufo.kit.edu/ands/repos ands_repositories: - name: ands-updates url: "{{ ands_repo_url }}/centos74/" + - name: ands-hardware + url: "{{ ands_repo_url }}/hardware/" diff --git a/group_vars/baremetal.yml b/group_vars/baremetal.yml index be03d80..294cd9d 100644 --- a/group_vars/baremetal.yml +++ b/group_vars/baremetal.yml @@ -25,3 +25,4 @@ ands_inner_interface: "ib1" #ands_public_interface: "eth0" ands_host_id: "{{ ansible_hostname | regex_replace('^ipekatrin(\\d+)(\\.|$)', '\\1') }}" + diff --git a/opts.sh b/opts.sh index 5e77848..d9f95a7 100644 --- a/opts.sh +++ b/opts.sh @@ -48,6 +48,7 @@ Actions: storage - reconfigures Gluster and OpenShift volumes projects - reconfigures OpenShift resources if necessary project - reconfigures a single OpenShift namespace + project_groups - reconfigures fs groups for a single OpenShift namespace (required for Ganesha) apps [app] - only re-generates templates for the specific namespaces (or even only specific application) vpn - reconfigure VPN tunnels certs - re-generate OpenShift x509 certificates diff --git a/playbooks/ands-gluster-ganesha.yml b/playbooks/ands-gluster-ganesha.yml index cbdf72c..d3a9c71 100644 --- a/playbooks/ands-gluster-ganesha.yml +++ b/playbooks/ands-gluster-ganesha.yml @@ -11,3 +11,11 @@ glusterfs_servers: "{{ ands_storage_servers }}" glusterfs_bricks_path: "{{ ands_data_path }}/glusterfs" glusterfs_domains: "{{ ands_storage_domains }}" + kaas_projects: "{{ ands_openshift_projects.keys() }}" + +- name: Configure GlusterFS cluster + hosts: ands_storage_servers, new_ands_storage_servers + roles: + - { role: ands_kaas, subrole: sysgroups } + vars: + kaas_projects: "{{ ands_openshift_projects.keys() }}" diff --git a/playbooks/openshift-setup-project-groups.yml b/playbooks/openshift-setup-project-groups.yml new file mode 100644 index 0000000..c7668ee --- /dev/null +++ b/playbooks/openshift-setup-project-groups.yml @@ -0,0 +1,9 @@ +- import_playbook: maintain.yml + +- name: "Configure groups for {{ kaas_single_project }}" + hosts: ands_storage_servers, new_ands_storage_servers + roles: + - { role: ands_kaas, subrole: sysgroups } + vars: + kaas_projects: "{{ ands_openshift_projects.keys() }}" + kaas_single_project: "{{ ands_configure_project }}" diff --git a/playbooks/openshift-setup-project.yml b/playbooks/openshift-setup-project.yml index 8a8c49a..070cee7 100644 --- a/playbooks/openshift-setup-project.yml +++ b/playbooks/openshift-setup-project.yml @@ -1,7 +1,7 @@ - import_playbook: maintain.yml - name: Configure per-node {{ kaas_single_project }} project storage - hosts: ands_storage_servers + hosts: ands_storage_servers, ands_new_storage_servers roles: - { role: ands_kaas, subrole: storage } vars: diff --git a/roles/ands_common/tasks/software.yml b/roles/ands_common/tasks/software.yml index ea37b51..4c0f491 100644 --- a/roles/ands_common/tasks/software.yml +++ b/roles/ands_common/tasks/software.yml @@ -6,11 +6,13 @@ - lsof - strace -# We also can install something conditionally -#- name: Install various administrative tools -# package: name={{item}} state=present -# when: 'ands_storage_servers' in group_names -# with_items: +- name: Install storage management tools + package: name={{item}} state=present + when: "'baremetal' in group_names" + with_items: + - storcli + + - name: Ensure all extra packages are installed diff --git a/roles/ands_kaas/tasks/do_storage.yml b/roles/ands_kaas/tasks/do_storage.yml index 8a6a880..d6f1cc5 100644 --- a/roles/ands_kaas/tasks/do_storage.yml +++ b/roles/ands_kaas/tasks/do_storage.yml @@ -5,7 +5,8 @@ loop_var: osv vars: vt_query: "[*].volumes.{{osv.value.volume}}.type" - voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltype: "{{ voltypes[0] | default(ands_none) }}" mp_query: "[*].volumes.{{osv.value.volume}}.mount" mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}" rp_query: "[*].volumes.{{osv.value.volume}}.path" @@ -39,7 +40,8 @@ vars: osv: "{{ kaas_project_volumes[file.osv] }}" vt_query: "[*].volumes.{{osv.volume}}.type" - voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltype: "{{ voltypes[0] | default(ands_none) }}" mp_query: "[*].volumes.{{osv.volume}}.mount" mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}" rp_query: "[*].volumes.{{osv.volume}}.path" diff --git a/roles/ands_kaas/tasks/do_sysgroups.yml b/roles/ands_kaas/tasks/do_sysgroups.yml new file mode 100644 index 0000000..3ed03b9 --- /dev/null +++ b/roles/ands_kaas/tasks/do_sysgroups.yml @@ -0,0 +1,12 @@ +- name: Populate system users and groups + include_tasks: sysgroup.yml + with_dict: "{{ kaas_project_gids }}" + loop_control: + loop_var: group + when: + - group.value.users is defined + - (gid | int) >= 2000 + vars: + gid: "{{ group.value.id }}" + users: "{{ group.value.users }}" + name: "{{ group.value.name | default('kaas_' ~ group.key) }}" diff --git a/roles/ands_kaas/tasks/sysgroup.yml b/roles/ands_kaas/tasks/sysgroup.yml new file mode 100644 index 0000000..18bd9a6 --- /dev/null +++ b/roles/ands_kaas/tasks/sysgroup.yml @@ -0,0 +1,14 @@ +- name: "Ensure system group {{ name }} with gid {{ gid }} is existing" + group: name="{{ name }}" gid="{{ gid }}" state="present" + +- name: "Process users registered for group {{ name }}" + include_tasks: sysuser.yml + with_list: "{{ users }}" + when: + - ands_openshift_users[user] is defined + - spec.name is defined + vars: + spec: "{{ ands_openshift_users[user] | default({}) }}" + new_group: "{{ name }}" + loop_control: + loop_var: user diff --git a/roles/ands_kaas/tasks/sysuser.yml b/roles/ands_kaas/tasks/sysuser.yml new file mode 100644 index 0000000..4e213fe --- /dev/null +++ b/roles/ands_kaas/tasks/sysuser.yml @@ -0,0 +1,15 @@ +- name: Ensure user is existing on the system + user: + name: "{{ user }}" + uid: "{{ spec.uid | default(omit) }}" + group: "{{ spec.group | default(omit) }}" + comment: "{{ spec.name | default(omit) }}" + password: "{{ spec.password | default(omit) }}" + shell: "{{ spec.shell | default('/bin/false') }}" + home: "{{ spec.home | default(omit) }}" + state: present + +# Configure ssh keys if specified + +- name: Add group + user: name="{{ user }}" groups="{{ new_group }}" append="yes" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index def846d..5189a8e 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -2,6 +2,8 @@ docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] docker_lv: "docker-pool" docker_root_lv: "docker-root-lv" docker_setup_root: "{{ docker_root_volume_size is defined }}" +docker_reconfigure: false + docker_min_size: 100 docker_max_log_size: "2m" diff --git a/roles/docker/tasks/configure.yml b/roles/docker/tasks/configure.yml index 5d29291..fa31b1d 100644 --- a/roles/docker/tasks/configure.yml +++ b/roles/docker/tasks/configure.yml @@ -4,10 +4,13 @@ # with_items: [ docker, docker-client, docker-common ] - name: install docker + register: docker_install_result include_tasks: install.yml - name: start docker + register: docker_start_result service: name="docker" state="started" + when: not docker_reconfigure - name: Configure bridge-nf-call-iptables with sysctl sysctl: name="net.bridge.bridge-nf-call-iptables" value=1 state=present sysctl_set=yes @@ -20,17 +23,34 @@ register: loop_device_check failed_when: false changed_when: loop_device_check.rc == 0 + when: not docker_reconfigure -- set_fact: docker_reinit="{{ (loop_device_check.rc == 0) or (vg == '') or (docker_setup_root and ((root_vg == '') or (vg != root_vg))) or (docker_storage_vg is defined and (docker_storage_vg != vg)) }}" +- set_fact: docker_reinit=false + +- set_fact: docker_reinit=true vars: + check: "{{ loop_device_check | default({}) }}" + lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}" + vg: "{{ lv['vg'] | default('') }}" + when: + - docker_install_result | changed + - docker_start_result | changed + - ansible_lvm['lvs'][docker_lv] is not defined + +# Pass option docker_reconfigure to run this... +- set_fact: docker_reinit="{{ loop_back or wrong_root_vg or wrong_docker_vg }}" + vars: + check: "{{ loop_device_check | default({}) }}" lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}" vg: "{{ lv['vg'] | default('') }}" root_lv: "{{ ansible_lvm['lvs'][docker_root_lv] | default({}) }}" root_vg: "{{ root_lv['vg'] | default('') }}" - -- debug: msg="Re-initializing - {{ docker_reinit }}, Loopback check - {{ loop_device_check.stderr }}" - when: loop_device_check.stderr - + loop_back: "{{ check.rc | default(9) == 0 }}" + wrong_root_vg: "{{ docker_setup_root and ((root_vg == '') or (vg != root_vg)) }}" + wrong_docker_vg: "{{ docker_storage_vg is defined and (docker_storage_vg != vg) }}" + when: + - docker_reconfigure | default(false) + - import_tasks: storage.yml when: docker_reinit diff --git a/roles/docker/tasks/storage.yml b/roles/docker/tasks/storage.yml index e431030..d6d531a 100644 --- a/roles/docker/tasks/storage.yml +++ b/roles/docker/tasks/storage.yml @@ -29,6 +29,9 @@ - name: stop docker service: name="docker" state="stopped" +- name: unmount /var/lib/docker + mount: path="/var/lib/docker" state="unmounted" + - name: delete /var/lib/docker file: path="/var/lib/docker" state=absent diff --git a/roles/glusterfs/templates/export.openshift.conf.j2 b/roles/glusterfs/templates/export.openshift.conf.j2 index b2c547f..85132cb 100644 --- a/roles/glusterfs/templates/export.openshift.conf.j2 +++ b/roles/glusterfs/templates/export.openshift.conf.j2 @@ -19,6 +19,7 @@ EXPORT { Protocols = "3", "4" ; Transports = "UDP","TCP"; SecType = "sys"; + Manage_gids = true; {% if nfs.rw is defined %} {% for net in nfs.rw %} diff --git a/setup.sh b/setup.sh index ec862d6..1965c33 100755 --- a/setup.sh +++ b/setup.sh @@ -55,7 +55,13 @@ case "$action" in [ -n "$project" ] || { usage 'project name should be specified...' ; exit 1; } apply playbooks/openshift-setup-project.yml --extra-vars "ands_configure_project=$project" "$@" || exit 1 ;; - apps) + project_groups) + project=$1 + shift + [ -n "$project" ] || { usage 'project name should be specified...' ; exit 1; } + apply playbooks/openshift-setup-project-groups.yml --extra-vars "ands_configure_project=$project" "$@" || exit 1 + ;; + apps|project_apps) [ -n "$1" ] || { usage 'project name should be specified...' ; exit 1; } vars="ands_configure_project=$1" diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml index e6e4c75..10146e8 100644 --- a/setup/configs/openshift.yml +++ b/setup/configs/openshift.yml @@ -9,11 +9,11 @@ ands_openshift_projects: test: Namespace for testing and prototyping ands_openshift_users: - pdv: IPE Administation Account - katrin: KATRIN Project - csa: Suren A. Chilingaryan - kopmann: Andreas Kopmann - ntj: Nicholas Tan Jerome + pdv: { name: "IPE Administation Account" } + katrin: { name: "KATRIN Project" } + csa: { name: "Suren A. Chilingaryan", email: "csa@suren.me", uid: "1001", shell: "/bin/bash" } + kopmann: { name: "Andreas Kopmann", email: "kopmann@kit.edu" } + ntj: { name: "Nicholas Tan Jerome", email: "nicholas.jerome@kit.edu" } ands_openshift_roles: cluster-admin: csa diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml index fef5a5b..1784b61 100644 --- a/setup/projects/adei/vars/globals.yml +++ b/setup/projects/adei/vars/globals.yml @@ -26,6 +26,8 @@ adei_pod_env: value: "/adei/src" - name: "ADEI_CACHE_ENGINE" value: "INNODB" + - name: "ADEI_TRANSACTION_SIZE" + value: "1000" - name: "ADEI_REPOSITORY" valueFrom: secretKeyRef: diff --git a/setup/projects/adei/vars/mysql.yml b/setup/projects/adei/vars/mysql.yml index cf72c90..072d946 100644 --- a/setup/projects/adei/vars/mysql.yml +++ b/setup/projects/adei/vars/mysql.yml @@ -26,17 +26,22 @@ mysql: - { name: "MYSQL_MASTER_PASSWORD", value: "secret@adei/service-password" } - { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" } - { name: "MYSQL_MAX_CONNECTIONS", value: "500" } + - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "32G" } + - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "32" } + - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "2G" } + - { name: "MYSQL_INNODB_LOG_BUFFER_SIZE", value: "16M" } - { name: "MYSQL_SYNC_BINLOG", value: "0" } - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" } - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" } - - { name: "MYSQL_FLUSH_LOG_TYPE", value: "2" } - - { name: "MYSQL_FLUSH_LOG_TIMEOUT", value: "300" } - - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" } -# - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" } + - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" } +# - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" } + - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" } # - { name: "MYSQL_BINLOG_FORMAT", value: "STATEMENT" } mappings: - { name: "adei_master", mount: "/var/lib/mysql/data" } - resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } } + resources: { request: { cpu: 2000m, mem: 16Gi } } probes: - { type: "liveness", port: 3306 } - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" } @@ -75,22 +80,27 @@ mysql: - { name: "MYSQL_MASTER_USER", value: "replication" } - { name: "MYSQL_MASTER_SERVICE_NAME", value: "mysql-master" } - { name: "MYSQL_MASTER_PASSWORD", value: "secret@adei/service-password" } + - { name: "MYSQL_SUPER_READ_ONLY", value: "1" } - { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" } - { name: "MYSQL_MAX_CONNECTIONS", value: "500" } + - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "16G" } + - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "8" } + - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "1G" } - { name: "MYSQL_LOG_BIN", value: "1" } - { name: "MYSQL_SYNC_BINLOG", value: "0" } - { name: "MYSQL_LOG_SLAVE_UPDATES", value: "0" } - - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" } - - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" } - - { name: "MYSQL_FLUSH_LOG_TYPE", value: "2" } - - { name: "MYSQL_FLUSH_LOG_TIMEOUT", value: "300" } + - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "100000" } + - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "128" } + - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" } - { name: "MYSQL_SLAVE_WORKERS", value: "16" } - { name: "MYSQL_SLAVE_SKIP_ERRORS", value: "1007,1008,1050,1051,1054,1060,1061,1068,1094,1146,1304,1359,1476,1537" } - - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" } + - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" } mappings: - { name: "adei_slave", mount: "/var/lib/mysql/data" } # - { name: "adei_init", mount: "/var/lib/init" } - resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } } + resources: { request: { cpu: 2000m, mem: 16Gi } } probes: - { type: "liveness", port: 3306 } - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" } diff --git a/setup/projects/adei/vars/mysql_galera.yml b/setup/projects/adei/vars/mysql_galera.yml index a927e5c..a1b4e87 100644 --- a/setup/projects/adei/vars/mysql_galera.yml +++ b/setup/projects/adei/vars/mysql_galera.yml @@ -40,7 +40,7 @@ galera: - { name: "MYSQL_GALERA_CLUSTER", value: "galera-ss" } mappings: - { name: "adei_galera", mount: "/var/lib/mysql/data" } - resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } } + resources: { request: { cpu: 2000m, mem: 4Gi } } probes: - { type: "liveness", port: 3306 } - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" } diff --git a/setup/projects/adei/vars/phpmyadmin.yml b/setup/projects/adei/vars/phpmyadmin.yml index 63bd5d8..7a2bc40 100644 --- a/setup/projects/adei/vars/phpmyadmin.yml +++ b/setup/projects/adei/vars/phpmyadmin.yml @@ -6,9 +6,9 @@ phpmyadmin: images: - image: "chsa/phpmyadmin-centos:4" env: - - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" } + - { name: "DB_SERVICE_HOST", value: "mysql-master.adei.svc.cluster.local" } - { name: "DB_SERVICE_PORT", value: "3306" } - - { name: "DB_EXTRA_HOSTS", value: "mysql-master.adei.svc.cluster.local,mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" } + - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" } # - { name: "DB_SERVICE_CONTROL_USER", value: "pma" } # - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" } probes: diff --git a/setup/projects/adei/vars/script.yml b/setup/projects/adei/vars/script.yml index cbd01ba..a767369 100644 --- a/setup/projects/adei/vars/script.yml +++ b/setup/projects/adei/vars/script.yml @@ -6,3 +6,5 @@ oc: - oc: "{{ ands_hostnet_db | default(false) | ternary('adm policy add-scc-to-user hostnetwork -z adeidb', 'adm policy remove-scc-from-user hostnetwork -z adeidb') }}" - templates: "*" - apps: ".*" + - oc: "expose svc/mysql-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name mysql-ingress" + resource: "svc/mysql-ingress" diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index 15795b3..f86e2a2 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -1,5 +1,5 @@ gids: - adei: { id: 6001 } + adei: { id: 6001, users: [ 'csa' ] } adei_db: { id: 6002 } volumes: @@ -24,6 +24,7 @@ files: - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "02775" } - { osv: "adei_src", path: "/prod", state: "directory", group: "adei", mode: "02775" } - { osv: "adei_src", path: "/dbg", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_sys", path: "/", state: "directory", group: "adei", mode: "02775" } - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "02775" } - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "02775" } - { osv: "adei_data",path: "/", state: "directory", group: "adei", mode: "02775" } -- cgit v1.2.3