summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-03-23 06:51:23 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-03-23 06:51:23 +0100
commitc163108c0c0c7b7a4f05da411e98ac0f503e31e0 (patch)
tree4934d1b2e98b0e8a94816848e44496e009e6755f
parentcba41110aa086553192ed5a309a6b8031812c221 (diff)
downloadands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.gz
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.bz2
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.xz
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.zip
Fix critical bug in docker provisioner, improve mysql performance, provision system users/groups to enable NFS group mapping, various minor fixes
-rw-r--r--.gitmodules6
-rwxr-xr-xanslib/patches/archive/gluster_paths.sh (renamed from anslib/archive/gluster_paths.sh)0
-rw-r--r--docs/consistency.txt2
-rw-r--r--docs/databases.txt8
-rw-r--r--docs/kickstart.txt1
-rw-r--r--docs/troubleshooting.txt11
-rw-r--r--group_vars/ands.yml2
-rw-r--r--group_vars/baremetal.yml1
-rw-r--r--opts.sh1
-rw-r--r--playbooks/ands-gluster-ganesha.yml8
-rw-r--r--playbooks/openshift-setup-project-groups.yml9
-rw-r--r--playbooks/openshift-setup-project.yml2
-rw-r--r--roles/ands_common/tasks/software.yml12
-rw-r--r--roles/ands_kaas/tasks/do_storage.yml6
-rw-r--r--roles/ands_kaas/tasks/do_sysgroups.yml12
-rw-r--r--roles/ands_kaas/tasks/sysgroup.yml14
-rw-r--r--roles/ands_kaas/tasks/sysuser.yml15
-rw-r--r--roles/docker/defaults/main.yml2
-rw-r--r--roles/docker/tasks/configure.yml30
-rw-r--r--roles/docker/tasks/storage.yml3
-rw-r--r--roles/glusterfs/templates/export.openshift.conf.j21
-rwxr-xr-xsetup.sh8
-rw-r--r--setup/configs/openshift.yml10
-rw-r--r--setup/projects/adei/vars/globals.yml2
-rw-r--r--setup/projects/adei/vars/mysql.yml32
-rw-r--r--setup/projects/adei/vars/mysql_galera.yml2
-rw-r--r--setup/projects/adei/vars/phpmyadmin.yml4
-rw-r--r--setup/projects/adei/vars/script.yml2
-rw-r--r--setup/projects/adei/vars/volumes.yml3
29 files changed, 172 insertions, 37 deletions
diff --git a/.gitmodules b/.gitmodules
index 1185e39..ea94509 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +1,9 @@
[submodule "anslib/openshift-ansible"]
path = anslib/openshift-ansible
- url = https://github.com/openshift/openshift-ansible.git
+ url = http://darksoft.org/git/csa/devops/ansible-patches/openshift.git
[submodule "anslib/ansible-ghetto-json"]
path = anslib/ansible-ghetto-json
- url = https://github.com/FauxFaux/ansible-ghetto-json.git
+ url = http://darksoft.org/git/csa/devops/ansible-patches/ghetto-json.git
[submodule "anslib/ansible-role-ntp"]
path = anslib/ansible-role-ntp
- url = https://github.com/geerlingguy/ansible-role-ntp.git
+ url = http://darksoft.org/git/csa/devops/ansible-patches/ntp.git
diff --git a/anslib/archive/gluster_paths.sh b/anslib/patches/archive/gluster_paths.sh
index 4c3ca0b..4c3ca0b 100755
--- a/anslib/archive/gluster_paths.sh
+++ b/anslib/patches/archive/gluster_paths.sh
diff --git a/docs/consistency.txt b/docs/consistency.txt
index c648a9a..090f0a3 100644
--- a/docs/consistency.txt
+++ b/docs/consistency.txt
@@ -19,6 +19,8 @@ Storage
./gluster.sh info all_heketi
- Check available storage space on system partition and LVM volumes (docker, heketi, ands)
Run 'df -h' and 'lvdisplay' on each node
+ - Check status of hardware raids
+ /opt/MegaRAID/storcli/storcli64 /c0/v0 show all
Networking
==========
diff --git a/docs/databases.txt b/docs/databases.txt
index 7f8468e..aa58a2e 100644
--- a/docs/databases.txt
+++ b/docs/databases.txt
@@ -9,8 +9,16 @@
Galera INNODB 3.5 MB/s fast 3 x 200% - Should be perfect, but I am not sure about automatic recovery...
Galera/Hostnet INNODB 4.6 MB/s fast 3 x 200% -
MySQL Slaves INNODB 5-6 MB/s fast 2 x 250% - Available data is HA, but caching is not. We can easily turn the slave to master.
+ MySQL S.+Zlib INNODB + ZLib 2-4 MB/s normal 2 x 300% - At about 35% compression level.
DRBD MyISAM (no logs) 4-6 exp. ? I expect it as an faster option, but does not fit the OpenShift concept that well.
+
+Optimized (Large buffers, transactions in ADEI, etc.)
+ Method Database Perf (Mst/Slv) Clnt/Cache MySQL Gluster HA
+ MySQL Slaves INNODB 12 / 14 MB/s fast 600-800% -
+
+
+
Gluster is a way too slow for anything. If node crashes, MyISAM tables may be left in corrupted state. The recovery will take ages to complete.
The Gluster/Block is faster, but HA suffers. The volume is attached to the pod running on crashed node. It seems not detached automatically until
diff --git a/docs/kickstart.txt b/docs/kickstart.txt
index fb2b5da..1331542 100644
--- a/docs/kickstart.txt
+++ b/docs/kickstart.txt
@@ -8,6 +8,7 @@ Troubleshooting
vgdestroy <vgname>
* Destroy rogue device mapper devices
dmsetup info -C
+ dmsetup remove_all
dmsetup remove <name>
\ No newline at end of file
diff --git a/docs/troubleshooting.txt b/docs/troubleshooting.txt
index ef3c206..ae43c52 100644
--- a/docs/troubleshooting.txt
+++ b/docs/troubleshooting.txt
@@ -244,6 +244,17 @@ Storage
or again we can compare lvm volumes which are used by Gluster bricks and which are not. The later
ones should be cleaned up. Again there is the script.
+MySQL
+=====
+ - MySQL may stop replicating from the master. There is some kind of deadlock in multi-threaded SLAVE SQL.
+ This can be seen by exexuting (which should show a lot of slave threads waiting on coordinator to provide
+ load).
+ SHOW PROCESSLIST;
+ The remedy is to restart slave MySQL with 'slave_parallel_workers=0', give it a time to go, and then
+ restart back in the standard multithreading mode.
+
+
+
Performance
===========
- To find if OpenShift restricts the usage of system resources, we can 'rsh' to container and check
diff --git a/group_vars/ands.yml b/group_vars/ands.yml
index bd2f066..6fe77ae 100644
--- a/group_vars/ands.yml
+++ b/group_vars/ands.yml
@@ -4,3 +4,5 @@ ands_repo_url: http://ufo.kit.edu/ands/repos
ands_repositories:
- name: ands-updates
url: "{{ ands_repo_url }}/centos74/"
+ - name: ands-hardware
+ url: "{{ ands_repo_url }}/hardware/"
diff --git a/group_vars/baremetal.yml b/group_vars/baremetal.yml
index be03d80..294cd9d 100644
--- a/group_vars/baremetal.yml
+++ b/group_vars/baremetal.yml
@@ -25,3 +25,4 @@ ands_inner_interface: "ib1"
#ands_public_interface: "eth0"
ands_host_id: "{{ ansible_hostname | regex_replace('^ipekatrin(\\d+)(\\.|$)', '\\1') }}"
+
diff --git a/opts.sh b/opts.sh
index 5e77848..d9f95a7 100644
--- a/opts.sh
+++ b/opts.sh
@@ -48,6 +48,7 @@ Actions:
storage - reconfigures Gluster and OpenShift volumes
projects - reconfigures OpenShift resources if necessary
project <name> - reconfigures a single OpenShift namespace
+ project_groups <n> - reconfigures fs groups for a single OpenShift namespace (required for Ganesha)
apps <prj> [app] - only re-generates templates for the specific namespaces (or even only specific application)
vpn - reconfigure VPN tunnels
certs - re-generate OpenShift x509 certificates
diff --git a/playbooks/ands-gluster-ganesha.yml b/playbooks/ands-gluster-ganesha.yml
index cbdf72c..d3a9c71 100644
--- a/playbooks/ands-gluster-ganesha.yml
+++ b/playbooks/ands-gluster-ganesha.yml
@@ -11,3 +11,11 @@
glusterfs_servers: "{{ ands_storage_servers }}"
glusterfs_bricks_path: "{{ ands_data_path }}/glusterfs"
glusterfs_domains: "{{ ands_storage_domains }}"
+ kaas_projects: "{{ ands_openshift_projects.keys() }}"
+
+- name: Configure GlusterFS cluster
+ hosts: ands_storage_servers, new_ands_storage_servers
+ roles:
+ - { role: ands_kaas, subrole: sysgroups }
+ vars:
+ kaas_projects: "{{ ands_openshift_projects.keys() }}"
diff --git a/playbooks/openshift-setup-project-groups.yml b/playbooks/openshift-setup-project-groups.yml
new file mode 100644
index 0000000..c7668ee
--- /dev/null
+++ b/playbooks/openshift-setup-project-groups.yml
@@ -0,0 +1,9 @@
+- import_playbook: maintain.yml
+
+- name: "Configure groups for {{ kaas_single_project }}"
+ hosts: ands_storage_servers, new_ands_storage_servers
+ roles:
+ - { role: ands_kaas, subrole: sysgroups }
+ vars:
+ kaas_projects: "{{ ands_openshift_projects.keys() }}"
+ kaas_single_project: "{{ ands_configure_project }}"
diff --git a/playbooks/openshift-setup-project.yml b/playbooks/openshift-setup-project.yml
index 8a8c49a..070cee7 100644
--- a/playbooks/openshift-setup-project.yml
+++ b/playbooks/openshift-setup-project.yml
@@ -1,7 +1,7 @@
- import_playbook: maintain.yml
- name: Configure per-node {{ kaas_single_project }} project storage
- hosts: ands_storage_servers
+ hosts: ands_storage_servers, ands_new_storage_servers
roles:
- { role: ands_kaas, subrole: storage }
vars:
diff --git a/roles/ands_common/tasks/software.yml b/roles/ands_common/tasks/software.yml
index ea37b51..4c0f491 100644
--- a/roles/ands_common/tasks/software.yml
+++ b/roles/ands_common/tasks/software.yml
@@ -6,11 +6,13 @@
- lsof
- strace
-# We also can install something conditionally
-#- name: Install various administrative tools
-# package: name={{item}} state=present
-# when: 'ands_storage_servers' in group_names
-# with_items:
+- name: Install storage management tools
+ package: name={{item}} state=present
+ when: "'baremetal' in group_names"
+ with_items:
+ - storcli
+
+
- name: Ensure all extra packages are installed
diff --git a/roles/ands_kaas/tasks/do_storage.yml b/roles/ands_kaas/tasks/do_storage.yml
index 8a6a880..d6f1cc5 100644
--- a/roles/ands_kaas/tasks/do_storage.yml
+++ b/roles/ands_kaas/tasks/do_storage.yml
@@ -5,7 +5,8 @@
loop_var: osv
vars:
vt_query: "[*].volumes.{{osv.value.volume}}.type"
- voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltype: "{{ voltypes[0] | default(ands_none) }}"
mp_query: "[*].volumes.{{osv.value.volume}}.mount"
mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}"
rp_query: "[*].volumes.{{osv.value.volume}}.path"
@@ -39,7 +40,8 @@
vars:
osv: "{{ kaas_project_volumes[file.osv] }}"
vt_query: "[*].volumes.{{osv.volume}}.type"
- voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltype: "{{ voltypes[0] | default(ands_none) }}"
mp_query: "[*].volumes.{{osv.volume}}.mount"
mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}"
rp_query: "[*].volumes.{{osv.volume}}.path"
diff --git a/roles/ands_kaas/tasks/do_sysgroups.yml b/roles/ands_kaas/tasks/do_sysgroups.yml
new file mode 100644
index 0000000..3ed03b9
--- /dev/null
+++ b/roles/ands_kaas/tasks/do_sysgroups.yml
@@ -0,0 +1,12 @@
+- name: Populate system users and groups
+ include_tasks: sysgroup.yml
+ with_dict: "{{ kaas_project_gids }}"
+ loop_control:
+ loop_var: group
+ when:
+ - group.value.users is defined
+ - (gid | int) >= 2000
+ vars:
+ gid: "{{ group.value.id }}"
+ users: "{{ group.value.users }}"
+ name: "{{ group.value.name | default('kaas_' ~ group.key) }}"
diff --git a/roles/ands_kaas/tasks/sysgroup.yml b/roles/ands_kaas/tasks/sysgroup.yml
new file mode 100644
index 0000000..18bd9a6
--- /dev/null
+++ b/roles/ands_kaas/tasks/sysgroup.yml
@@ -0,0 +1,14 @@
+- name: "Ensure system group {{ name }} with gid {{ gid }} is existing"
+ group: name="{{ name }}" gid="{{ gid }}" state="present"
+
+- name: "Process users registered for group {{ name }}"
+ include_tasks: sysuser.yml
+ with_list: "{{ users }}"
+ when:
+ - ands_openshift_users[user] is defined
+ - spec.name is defined
+ vars:
+ spec: "{{ ands_openshift_users[user] | default({}) }}"
+ new_group: "{{ name }}"
+ loop_control:
+ loop_var: user
diff --git a/roles/ands_kaas/tasks/sysuser.yml b/roles/ands_kaas/tasks/sysuser.yml
new file mode 100644
index 0000000..4e213fe
--- /dev/null
+++ b/roles/ands_kaas/tasks/sysuser.yml
@@ -0,0 +1,15 @@
+- name: Ensure user is existing on the system
+ user:
+ name: "{{ user }}"
+ uid: "{{ spec.uid | default(omit) }}"
+ group: "{{ spec.group | default(omit) }}"
+ comment: "{{ spec.name | default(omit) }}"
+ password: "{{ spec.password | default(omit) }}"
+ shell: "{{ spec.shell | default('/bin/false') }}"
+ home: "{{ spec.home | default(omit) }}"
+ state: present
+
+# Configure ssh keys if specified
+
+- name: Add group
+ user: name="{{ user }}" groups="{{ new_group }}" append="yes"
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index def846d..5189a8e 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -2,6 +2,8 @@ docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], []
docker_lv: "docker-pool"
docker_root_lv: "docker-root-lv"
docker_setup_root: "{{ docker_root_volume_size is defined }}"
+docker_reconfigure: false
+
docker_min_size: 100
docker_max_log_size: "2m"
diff --git a/roles/docker/tasks/configure.yml b/roles/docker/tasks/configure.yml
index 5d29291..fa31b1d 100644
--- a/roles/docker/tasks/configure.yml
+++ b/roles/docker/tasks/configure.yml
@@ -4,10 +4,13 @@
# with_items: [ docker, docker-client, docker-common ]
- name: install docker
+ register: docker_install_result
include_tasks: install.yml
- name: start docker
+ register: docker_start_result
service: name="docker" state="started"
+ when: not docker_reconfigure
- name: Configure bridge-nf-call-iptables with sysctl
sysctl: name="net.bridge.bridge-nf-call-iptables" value=1 state=present sysctl_set=yes
@@ -20,17 +23,34 @@
register: loop_device_check
failed_when: false
changed_when: loop_device_check.rc == 0
+ when: not docker_reconfigure
-- set_fact: docker_reinit="{{ (loop_device_check.rc == 0) or (vg == '') or (docker_setup_root and ((root_vg == '') or (vg != root_vg))) or (docker_storage_vg is defined and (docker_storage_vg != vg)) }}"
+- set_fact: docker_reinit=false
+
+- set_fact: docker_reinit=true
vars:
+ check: "{{ loop_device_check | default({}) }}"
+ lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}"
+ vg: "{{ lv['vg'] | default('') }}"
+ when:
+ - docker_install_result | changed
+ - docker_start_result | changed
+ - ansible_lvm['lvs'][docker_lv] is not defined
+
+# Pass option docker_reconfigure to run this...
+- set_fact: docker_reinit="{{ loop_back or wrong_root_vg or wrong_docker_vg }}"
+ vars:
+ check: "{{ loop_device_check | default({}) }}"
lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}"
vg: "{{ lv['vg'] | default('') }}"
root_lv: "{{ ansible_lvm['lvs'][docker_root_lv] | default({}) }}"
root_vg: "{{ root_lv['vg'] | default('') }}"
-
-- debug: msg="Re-initializing - {{ docker_reinit }}, Loopback check - {{ loop_device_check.stderr }}"
- when: loop_device_check.stderr
-
+ loop_back: "{{ check.rc | default(9) == 0 }}"
+ wrong_root_vg: "{{ docker_setup_root and ((root_vg == '') or (vg != root_vg)) }}"
+ wrong_docker_vg: "{{ docker_storage_vg is defined and (docker_storage_vg != vg) }}"
+ when:
+ - docker_reconfigure | default(false)
+
- import_tasks: storage.yml
when: docker_reinit
diff --git a/roles/docker/tasks/storage.yml b/roles/docker/tasks/storage.yml
index e431030..d6d531a 100644
--- a/roles/docker/tasks/storage.yml
+++ b/roles/docker/tasks/storage.yml
@@ -29,6 +29,9 @@
- name: stop docker
service: name="docker" state="stopped"
+- name: unmount /var/lib/docker
+ mount: path="/var/lib/docker" state="unmounted"
+
- name: delete /var/lib/docker
file: path="/var/lib/docker" state=absent
diff --git a/roles/glusterfs/templates/export.openshift.conf.j2 b/roles/glusterfs/templates/export.openshift.conf.j2
index b2c547f..85132cb 100644
--- a/roles/glusterfs/templates/export.openshift.conf.j2
+++ b/roles/glusterfs/templates/export.openshift.conf.j2
@@ -19,6 +19,7 @@ EXPORT {
Protocols = "3", "4" ;
Transports = "UDP","TCP";
SecType = "sys";
+ Manage_gids = true;
{% if nfs.rw is defined %}
{% for net in nfs.rw %}
diff --git a/setup.sh b/setup.sh
index ec862d6..1965c33 100755
--- a/setup.sh
+++ b/setup.sh
@@ -55,7 +55,13 @@ case "$action" in
[ -n "$project" ] || { usage 'project name should be specified...' ; exit 1; }
apply playbooks/openshift-setup-project.yml --extra-vars "ands_configure_project=$project" "$@" || exit 1
;;
- apps)
+ project_groups)
+ project=$1
+ shift
+ [ -n "$project" ] || { usage 'project name should be specified...' ; exit 1; }
+ apply playbooks/openshift-setup-project-groups.yml --extra-vars "ands_configure_project=$project" "$@" || exit 1
+ ;;
+ apps|project_apps)
[ -n "$1" ] || { usage 'project name should be specified...' ; exit 1; }
vars="ands_configure_project=$1"
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index e6e4c75..10146e8 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -9,11 +9,11 @@ ands_openshift_projects:
test: Namespace for testing and prototyping
ands_openshift_users:
- pdv: IPE Administation Account
- katrin: KATRIN Project
- csa: Suren A. Chilingaryan <csa@suren.me>
- kopmann: Andreas Kopmann <kopmann@kit.edu>
- ntj: Nicholas Tan Jerome <nicholas.jerome@kit.edu>
+ pdv: { name: "IPE Administation Account" }
+ katrin: { name: "KATRIN Project" }
+ csa: { name: "Suren A. Chilingaryan", email: "csa@suren.me", uid: "1001", shell: "/bin/bash" }
+ kopmann: { name: "Andreas Kopmann", email: "kopmann@kit.edu" }
+ ntj: { name: "Nicholas Tan Jerome", email: "nicholas.jerome@kit.edu" }
ands_openshift_roles:
cluster-admin: csa
diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml
index fef5a5b..1784b61 100644
--- a/setup/projects/adei/vars/globals.yml
+++ b/setup/projects/adei/vars/globals.yml
@@ -26,6 +26,8 @@ adei_pod_env:
value: "/adei/src"
- name: "ADEI_CACHE_ENGINE"
value: "INNODB"
+ - name: "ADEI_TRANSACTION_SIZE"
+ value: "1000"
- name: "ADEI_REPOSITORY"
valueFrom:
secretKeyRef:
diff --git a/setup/projects/adei/vars/mysql.yml b/setup/projects/adei/vars/mysql.yml
index cf72c90..072d946 100644
--- a/setup/projects/adei/vars/mysql.yml
+++ b/setup/projects/adei/vars/mysql.yml
@@ -26,17 +26,22 @@ mysql:
- { name: "MYSQL_MASTER_PASSWORD", value: "secret@adei/service-password" }
- { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" }
- { name: "MYSQL_MAX_CONNECTIONS", value: "500" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "32G" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "32" }
+ - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "2G" }
+ - { name: "MYSQL_INNODB_LOG_BUFFER_SIZE", value: "16M" }
- { name: "MYSQL_SYNC_BINLOG", value: "0" }
- { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" }
- { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" }
- - { name: "MYSQL_FLUSH_LOG_TYPE", value: "2" }
- - { name: "MYSQL_FLUSH_LOG_TIMEOUT", value: "300" }
- - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" }
-# - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" }
+ - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" }
+# - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" }
+ - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" }
# - { name: "MYSQL_BINLOG_FORMAT", value: "STATEMENT" }
mappings:
- { name: "adei_master", mount: "/var/lib/mysql/data" }
- resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } }
+ resources: { request: { cpu: 2000m, mem: 16Gi } }
probes:
- { type: "liveness", port: 3306 }
- { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" }
@@ -75,22 +80,27 @@ mysql:
- { name: "MYSQL_MASTER_USER", value: "replication" }
- { name: "MYSQL_MASTER_SERVICE_NAME", value: "mysql-master" }
- { name: "MYSQL_MASTER_PASSWORD", value: "secret@adei/service-password" }
+ - { name: "MYSQL_SUPER_READ_ONLY", value: "1" }
- { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" }
- { name: "MYSQL_MAX_CONNECTIONS", value: "500" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "16G" }
+ - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "8" }
+ - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "1G" }
- { name: "MYSQL_LOG_BIN", value: "1" }
- { name: "MYSQL_SYNC_BINLOG", value: "0" }
- { name: "MYSQL_LOG_SLAVE_UPDATES", value: "0" }
- - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" }
- - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" }
- - { name: "MYSQL_FLUSH_LOG_TYPE", value: "2" }
- - { name: "MYSQL_FLUSH_LOG_TIMEOUT", value: "300" }
+ - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "100000" }
+ - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "128" }
+ - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" }
+ - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" }
- { name: "MYSQL_SLAVE_WORKERS", value: "16" }
- { name: "MYSQL_SLAVE_SKIP_ERRORS", value: "1007,1008,1050,1051,1054,1060,1061,1068,1094,1146,1304,1359,1476,1537" }
- - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" }
+ - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" }
mappings:
- { name: "adei_slave", mount: "/var/lib/mysql/data" }
# - { name: "adei_init", mount: "/var/lib/init" }
- resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } }
+ resources: { request: { cpu: 2000m, mem: 16Gi } }
probes:
- { type: "liveness", port: 3306 }
- { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" }
diff --git a/setup/projects/adei/vars/mysql_galera.yml b/setup/projects/adei/vars/mysql_galera.yml
index a927e5c..a1b4e87 100644
--- a/setup/projects/adei/vars/mysql_galera.yml
+++ b/setup/projects/adei/vars/mysql_galera.yml
@@ -40,7 +40,7 @@ galera:
- { name: "MYSQL_GALERA_CLUSTER", value: "galera-ss" }
mappings:
- { name: "adei_galera", mount: "/var/lib/mysql/data" }
- resources: { request: { cpu: 2000m, mem: 4Gi }, limit: { cpu: 6000m, mem: 32Gi } }
+ resources: { request: { cpu: 2000m, mem: 4Gi } }
probes:
- { type: "liveness", port: 3306 }
- { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" }
diff --git a/setup/projects/adei/vars/phpmyadmin.yml b/setup/projects/adei/vars/phpmyadmin.yml
index 63bd5d8..7a2bc40 100644
--- a/setup/projects/adei/vars/phpmyadmin.yml
+++ b/setup/projects/adei/vars/phpmyadmin.yml
@@ -6,9 +6,9 @@ phpmyadmin:
images:
- image: "chsa/phpmyadmin-centos:4"
env:
- - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" }
+ - { name: "DB_SERVICE_HOST", value: "mysql-master.adei.svc.cluster.local" }
- { name: "DB_SERVICE_PORT", value: "3306" }
- - { name: "DB_EXTRA_HOSTS", value: "mysql-master.adei.svc.cluster.local,mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" }
+ - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" }
# - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
# - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
probes:
diff --git a/setup/projects/adei/vars/script.yml b/setup/projects/adei/vars/script.yml
index cbd01ba..a767369 100644
--- a/setup/projects/adei/vars/script.yml
+++ b/setup/projects/adei/vars/script.yml
@@ -6,3 +6,5 @@ oc:
- oc: "{{ ands_hostnet_db | default(false) | ternary('adm policy add-scc-to-user hostnetwork -z adeidb', 'adm policy remove-scc-from-user hostnetwork -z adeidb') }}"
- templates: "*"
- apps: ".*"
+ - oc: "expose svc/mysql-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name mysql-ingress"
+ resource: "svc/mysql-ingress"
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 15795b3..f86e2a2 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -1,5 +1,5 @@
gids:
- adei: { id: 6001 }
+ adei: { id: 6001, users: [ 'csa' ] }
adei_db: { id: 6002 }
volumes:
@@ -24,6 +24,7 @@ files:
- { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "02775" }
- { osv: "adei_src", path: "/prod", state: "directory", group: "adei", mode: "02775" }
- { osv: "adei_src", path: "/dbg", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_sys", path: "/", state: "directory", group: "adei", mode: "02775" }
- { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "02775" }
- { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "02775" }
- { osv: "adei_data",path: "/", state: "directory", group: "adei", mode: "02775" }