Merge "Update MariaDB container image to 10.6"

softwarefactory-project · Jun 5, 2024 · 1d824db · 1d824db
2 parents 53f50cf + 4199dda
commit 1d824db
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 10 deletions.
diff --git a/controllers/libs/base/static/images.yaml b/controllers/libs/base/static/images.yaml
@@ -44,8 +44,8 @@ images:
       source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/purgelogs.container?id=6dea4a90864e62e4c7c9e1b85397b6545b421e39
     - name: mariadb
       container: quay.io/software-factory/mariadb
-      version: 10.5.16-4
-      source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/mariadb.container?id=6dea4a90864e62e4c7c9e1b85397b6545b421e39
+      version: 10.6-ubi9-1
+      source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/mariadb.container?id=475c0603059886c4fcfa172a81899bb1ca517d1c
     - name: busybox
       container: quay.io/software-factory/sf-op-busybox
       version: 1.5-3

diff --git a/controllers/mariadb.go b/controllers/mariadb.go
@@ -85,14 +85,14 @@ func createLogForwarderSidecar(r *SFController, annotations map[string]string) (
 }
 
 func (r *SFController) CreateDBInitContainer(username string, password string, dbname string) apiv1.Container {
-	c := "CREATE DATABASE IF NOT EXISTS " + dbname + " CHARACTER SET utf8 COLLATE utf8_general_ci; "
-	g := "GRANT ALL PRIVILEGES ON " + dbname + ".* TO '" + username + "'@'%' IDENTIFIED BY '${USER_PASSWORD}' WITH GRANT OPTION; FLUSH PRIVILEGES;"
+	c := fmt.Sprintf("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8 COLLATE utf8_general_ci;", dbname)
+	g := fmt.Sprintf("GRANT ALL PRIVILEGES ON %s.* TO '%s'@'%%' IDENTIFIED BY '${USER_PASSWORD}' WITH GRANT OPTION; FLUSH PRIVILEGES;", dbname, username)
 	container := base.MkContainer("mariadb-client", base.MariaDBImage())
 	base.SetContainerLimitsLowProfile(&container)
 	container.Command = []string{"sh", "-c", `
-	echo 'Running: mysql --host=" ` + MariaDBIdent + `" --user=root --password="$MYSQL_ROOT_PASSWORD" -e "` + c + g + `"'
+	echo 'Running: mysql --host="` + MariaDBIdent + `" --user=root --password="$MARIADB_ROOT_PASSWORD" -e "` + c + g + `"'
 	ATTEMPT=0
-	while ! mysql --host=mariadb --user=root --password="$MYSQL_ROOT_PASSWORD" -e "` + c + g + `"; do
+	while ! mysql --host=mariadb --user=root --password="$MARIADB_ROOT_PASSWORD" -e "` + c + g + `"; do
 		ATTEMPT=$[ $ATTEMPT + 1 ]
 		if test $ATTEMPT -eq 10; then
 			echo "Failed after $ATTEMPT attempt";
@@ -102,7 +102,7 @@ func (r *SFController) CreateDBInitContainer(username string, password string, d
 	done
 	`}
 	container.Env = []apiv1.EnvVar{
-		base.MkSecretEnvVar("MYSQL_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkSecretEnvVar("MARIADB_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
 		{
 			Name:  "USER_PASSWORD",
 			Value: password,
@@ -180,6 +180,18 @@ func (r *SFController) DeployMariadb() bool {
 			MYSQLRootPassword string
 		}{MYSQLRootPassword: string(adminPassSecret.Data["mariadb-root-password"])})
 
+	initfileSQL := fmt.Sprintf(
+		`CREATE USER IF NOT EXISTS root@localhost IDENTIFIED BY '%s';
+SET PASSWORD FOR root@localhost = PASSWORD('%s');
+GRANT ALL ON *.* TO root@localhost WITH GRANT OPTION;
+CREATE USER IF NOT EXISTS root@'%%' IDENTIFIED BY '%s';
+SET PASSWORD FOR root@'%%' = PASSWORD('%s');
+GRANT ALL ON *.* TO root@'%%' WITH GRANT OPTION;`,
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"])
+
 	configSecret := apiv1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "mariadb-config-secrets",
@@ -189,7 +201,17 @@ func (r *SFController) DeployMariadb() bool {
 			"my.cnf": []byte(myCNF),
 		},
 	}
+	initDBSecret := apiv1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "mariadb-initdb-secrets",
+			Namespace: r.ns,
+		},
+		Data: map[string][]byte{
+			"initfile.sql": []byte(initfileSQL),
+		},
+	}
 	r.EnsureSecret(&configSecret)
+	r.EnsureSecret(&initDBSecret)
 
 	sts := r.mkStatefulSet(MariaDBIdent, base.MariaDBImage(), r.getStorageConfOrDefault(r.cr.Spec.MariaDB.DBStorage), apiv1.ReadWriteOnce)
 
@@ -223,10 +245,18 @@ func (r *SFController) DeployMariadb() bool {
 			MountPath: "/var/lib/mysql/.my.cnf",
 			ReadOnly:  true,
 		},
+		{
+			Name:      "mariadb-initdb-secrets",
+			SubPath:   "initfile.sql",
+			MountPath: "/docker-entrypoint-initdb.d/initfile.sql",
+			ReadOnly:  true,
+		},
 	}, volumeMountsStatsExporter...)
 	sts.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{
 		base.MkEnvVar("HOME", "/var/lib/mysql"),
-		base.MkSecretEnvVar("MYSQL_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkSecretEnvVar("MARIADB_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkEnvVar("MARIADB_DISABLE_UPGRADE_BACKUP", "1"),
+		base.MkEnvVar("MARIADB_AUTO_UPGRADE", "1"),
 	}
 	sts.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{
 		base.MkContainerPort(mariadbPort, mariaDBPortName),
@@ -237,6 +267,7 @@ func (r *SFController) DeployMariadb() bool {
 	sts.Spec.Template.Spec.Volumes = []apiv1.Volume{
 		base.MkEmptyDirVolume("mariadb-run"),
 		base.MkVolumeSecret("mariadb-config-secrets", "mariadb-config-secrets"),
+		base.MkVolumeSecret("mariadb-initdb-secrets", "mariadb-initdb-secrets"),
 	}
 
 	annotations := map[string]string{

diff --git a/controllers/static/mariadb/my.cnf.tmpl b/controllers/static/mariadb/my.cnf.tmpl
@@ -1,4 +1,12 @@
 [client]
 user=root
 host=localhost
-password={{ .MYSQLRootPassword }}
+password={{ .MYSQLRootPassword }}
+
+[mysqld]
+init-file=/docker-entrypoint-initdb.d/initfile.sql
+innodb_file_per_table=on
+
+[mariadb]
+general_log
+general_log_file=/var/log/mariadb/mariadb.log
diff --git a/roles/post/get-loki-logs/tasks/main.yaml b/roles/post/get-loki-logs/tasks/main.yaml
@@ -28,7 +28,7 @@
 
 - name: Get aggregated logs prefixed by service
   ansible.builtin.shell: >
-    ~/bin/logcli query --forward --since=6h --parallel-duration 15m --parallel-max-workers 4 --part-path-prefix=/tmp/all-query --merge-parts --no-labels --quiet '{namespace="sf"} | json | {{ line_format_query }}' > {{ _output_dir_realpath.stdout }}/all.log
+    ~/bin/logcli query  --batch 200 --limit 1000 --tail --forward --since=6h --parallel-duration 15m --parallel-max-workers 4 --part-path-prefix=/tmp/all-query --merge-parts --no-labels --quiet '{namespace="sf"} | json | {{ line_format_query }}' > {{ _output_dir_realpath.stdout }}/all.log
 
 - name: Change owner and group for the log dir
   ansible.builtin.command: chown -R {{ ansible_user }}:{{ ansible_user }} {{ _output_dir_realpath.stdout }}