galera: support mariabackup SST method

Make the SST method configurable in the galera custom resource, and
allow both rsync and mariabackup methods.
Mariabackup requires a database user's credentials to operate, so
reuse the root db user for the time being.

Jira: OSPRH-10195

Author: dciabrin

api/bases/mariadb.openstack.org_galeras.yaml

@@ -78,6 +78,13 @@ spec:
               secret:
                 description: Name of the secret to look for password keys
                 type: string
+              sst:
+                default: rsync
+                description: Snapshot State Transfer method to use for full node synchronization
+                enum:
+                - rsync
+                - mariabackup
+                type: string
               storageClass:
                 description: Storage class to host the mariadb databases
                 type: string

api/v1beta1/galera_types.go

@@ -80,8 +80,21 @@ type GaleraSpecCore struct {
 	// +kubebuilder:validation:Optional
 	// Log Galera pod's output to disk
 	LogToDisk bool `json:"logToDisk"`
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=rsync
+	// +kubebuilder:validation:Enum=rsync;mariabackup
+	// Snapshot State Transfer method to use for full node synchronization
+	SST GaleraSST `json:"sst"`
 }
 
+// Supported SST type
+type GaleraSST string
+
+const (
+	RSync       GaleraSST = "rsync"
+	MariaBackup GaleraSST = "mariabackup"
+)
+
 // GaleraAttributes holds startup information for a Galera host
 type GaleraAttributes struct {
 	// Last recorded replication sequence number in the DB

config/crd/bases/mariadb.openstack.org_galeras.yaml

@@ -78,6 +78,13 @@ spec:
               secret:
                 description: Name of the secret to look for password keys
                 type: string
+              sst:
+                default: rsync
+                description: Snapshot State Transfer method to use for full node synchronization
+                enum:
+                - rsync
+                - mariabackup
+                type: string
               storageClass:
                 description: Storage class to host the mariadb databases
                 type: string

config/samples/mariadb_v1beta1_galera_sst.yaml

@@ -0,0 +1,10 @@
+apiVersion: mariadb.openstack.org/v1beta1
+kind: Galera
+metadata:
+  name: openstack
+spec:
+  secret: osp-secret
+  storageClass: local-storage
+  storageRequest: 500M
+  replicas: 3
+  sst: mariabackup

pkg/mariadb/volumes.go

@@ -229,3 +229,183 @@ func getGaleraLogMount() corev1.VolumeMount {
 		SubPath:   "log",
 	}
 }
+
+func getGaleraVolumes(g *mariadbv1.Galera) []corev1.Volume {
+	configTemplates := []corev1.KeyToPath{
+		{
+			Key:  "my.cnf.in",
+			Path: ".my.cnf.in",
+		},
+		{
+			Key:  "galera.cnf.in",
+			Path: "galera.cnf.in",
+		},
+		{
+			Key:  mariadbv1.CustomServiceConfigFile,
+			Path: mariadbv1.CustomServiceConfigFile,
+		},
+	}
+
+	if g.Spec.SST == mariadbv1.MariaBackup {
+		configTemplates = append(configTemplates, corev1.KeyToPath{
+			Key:  "galera_sst_mariabackup.cnf.in",
+			Path: "galera_sst_mariabackup.cnf.in",
+		})
+	}
+
+	volumes := []corev1.Volume{
+		{
+			Name: "secrets",
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: g.Spec.Secret,
+					Items: []corev1.KeyToPath{
+						{
+							Key:  "DbRootPassword",
+							Path: "dbpassword",
+						},
+					},
+				},
+			},
+		},
+		{
+			Name: "kolla-config",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: g.Name + "-config-data",
+					},
+					Items: []corev1.KeyToPath{
+						{
+							Key:  "config.json",
+							Path: "config.json",
+						},
+					},
+				},
+			},
+		},
+		{
+			Name: "kolla-config-init",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: g.Name + "-config-data",
+					},
+					Items: []corev1.KeyToPath{
+						{
+							Key:  "init_config.json",
+							Path: "config.json",
+						},
+					},
+				},
+			},
+		},
+		{
+			Name: "pod-config-data",
+			VolumeSource: corev1.VolumeSource{
+				EmptyDir: &corev1.EmptyDirVolumeSource{},
+			},
+		},
+		{
+			Name: "config-data",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: g.Name + "-config-data",
+					},
+					Items: configTemplates,
+				},
+			},
+		},
+		{
+			Name: "operator-scripts",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: g.Name + "-scripts",
+					},
+					Items: []corev1.KeyToPath{
+						{
+							Key:  "mysql_bootstrap.sh",
+							Path: "mysql_bootstrap.sh",
+						},
+						{
+							Key:  "mysql_probe.sh",
+							Path: "mysql_probe.sh",
+						},
+						{
+							Key:  "detect_last_commit.sh",
+							Path: "detect_last_commit.sh",
+						},
+						{
+							Key:  "detect_gcomm_and_start.sh",
+							Path: "detect_gcomm_and_start.sh",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	return volumes
+}
+
+func getGaleraVolumeMounts(g *mariadbv1.Galera) []corev1.VolumeMount {
+	volumeMounts := []corev1.VolumeMount{
+		{
+			MountPath: "/var/lib/mysql",
+			Name:      "mysql-db",
+		}, {
+			MountPath: "/var/lib/config-data",
+			ReadOnly:  true,
+			Name:      "config-data",
+		}, {
+			MountPath: "/var/lib/pod-config-data",
+			Name:      "pod-config-data",
+		}, {
+			MountPath: "/var/lib/secrets",
+			ReadOnly:  true,
+			Name:      "secrets",
+		}, {
+			MountPath: "/var/lib/operator-scripts",
+			ReadOnly:  true,
+			Name:      "operator-scripts",
+		}, {
+			MountPath: "/var/lib/kolla/config_files",
+			ReadOnly:  true,
+			Name:      "kolla-config",
+		},
+	}
+
+	return volumeMounts
+}
+
+func getGaleraInitVolumeMounts(g *mariadbv1.Galera) []corev1.VolumeMount {
+	volumeMounts := []corev1.VolumeMount{
+		{
+			MountPath: "/var/lib/mysql",
+			Name:      "mysql-db",
+		}, {
+			MountPath: "/var/lib/config-data",
+			ReadOnly:  true,
+			Name:      "config-data",
+		}, {
+			MountPath: "/var/lib/pod-config-data",
+			Name:      "pod-config-data",
+		}, {
+			MountPath: "/var/lib/secrets",
+			ReadOnly:  true,
+			Name:      "secrets",
+		}, {
+			MountPath: "/var/lib/operator-scripts",
+			ReadOnly:  true,
+			Name:      "operator-scripts",
+		}, {
+			MountPath: "/var/lib/kolla/config_files",
+			ReadOnly:  true,
+			Name:      "kolla-config-init",
+		},
+	}
+
+	return volumeMounts
+}

templates/galera/bin/mysql_bootstrap.sh

@@ -1,5 +1,10 @@
 #!/bin/bash
-set +eux
+set -eu
+
+init_error() {
+    echo "Container initialization failed at $(caller)." >&2
+}
+trap init_error ERR
 
 if [ -e /var/lib/mysql/mysql ]; then
     echo -e "Database already exists. Reuse it."
@@ -31,20 +36,26 @@ fi
 PODNAME=$(hostname -f | cut -d. -f1,2)
 PODIPV4=$(grep "${PODNAME}" /etc/hosts | grep -v ':' | cut -d$'\t' -f1)
 PODIPV6=$(grep "${PODNAME}" /etc/hosts | grep ':' | cut -d$'\t' -f1)
+if [[ "" = "${PODIPV6}" ]]; then
+    PODIP="${PODIPV4}"
+    IPSTACK="IPV4"
+else
+    PODIP="[::]"
+    IPSTACK="IPV6"
+fi
+
+# mariabackup: default credentials if no configuration was provided
+: ${MARIABACKUP_USER=root}
+: ${MARIABACKUP_PASSWORD=$DB_ROOT_PASSWORD}
 
 cd /var/lib/config-data/default
 for cfg in *.cnf.in; do
     if [ -s "${cfg}" ]; then
-
-        if [[ "" = "${PODIPV6}" ]]; then
-            PODIP="${PODIPV4}"
-            IPSTACK="IPV4"
-        else
-            PODIP="[::]"
-            IPSTACK="IPV6"
-        fi
-
         echo "Generating config file from template ${cfg}, will use ${IPSTACK} listen address of ${PODIP}"
-        sed -e "s/{ PODNAME }/${PODNAME}/" -e "s/{ PODIP }/${PODIP}/" -e "s/{ SSL_CIPHER }/${SSL_CIPHER}/" "/var/lib/config-data/default/${cfg}" > "/var/lib/config-data/generated/${cfg%.in}"
+        # replace all occurrences of "{ xxx }" with their value from environment
+        awk '{
+patsplit($0,markers,/{ (PODNAME|PODIP|SSL_CIPHER|MARIABACKUP_USER|MARIABACKUP_PASSWORD) }/);
+for(i in markers){ m=markers[i]; gsub(/\W/,"",m); gsub(markers[i], ENVIRON[m])};
+}' "/var/lib/config-data/default/${cfg}" > "/var/lib/config-data/generated/${cfg%.in}"
     fi
 done

templates/galera/bin/mysql_probe.sh

@@ -2,7 +2,7 @@
 set -u
 
 # This secret is mounted by k8s and always up to date
-read -s -u 3 3< /var/lib/secrets/dbpassword MYSQL_PWD || true
+read -s -u 3 3< <(cat /var/lib/secrets/dbpassword; echo) MYSQL_PWD
 export MYSQL_PWD
 
 PROBE_USER=root

templates/galera/config/config.json

@@ -28,6 +28,13 @@
             "perm": "0644",
             "optional": true
         },
+        {
+            "source": "/var/lib/pod-config-data/galera_sst_mariabackup.cnf",
+            "dest": "/etc/my.cnf.d/galera_mariabackup.cnf",
+            "owner": "root",
+            "perm": "0644",
+            "optional": true
+        },
         {
             "source": "/var/lib/operator-scripts",
             "dest": "/usr/local/bin",

templates/galera/config/galera_sst_mariabackup.cnf.in

@@ -0,0 +1,3 @@
+[mysqld]
+wsrep_sst_method = mariabackup
+wsrep_sst_auth = root:{ MARIABACKUP_PASSWORD }

templates/galera/config/init_config.json

@@ -0,0 +1,10 @@
+{
+    "command": "/usr/bin/true",
+    "permissions": [
+        {
+            "path": "/var/lib/mysql",
+            "owner": "mysql:mysql",
+            "recurse": "true"
+        }
+    ]
+}