Zed Series Release Notes

18.0.0.0b1-223

New Features

  • Add support for encryption of databases. This is disabled by default and can be enabled by setting galera_mariadb_encryption_enabled to true. For now only the file_key_management encryption plugin is supported. You can override enryption options with galera_encryption_overrides. The role creates galera_db_encryption_keys for you, if they’re not specified. To specify your on encryption keys, provide them like this.

    galera_db_encryption_keys: |
   1;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36fbdc80333e3
   2;5bbc03648be8db3d2087815717eabdec9fbc310f2b7fd53705b36ebdc80333e3

  • Additional user-specified username and password pairs can now be set up during the Galera installation process by defining them in the ‘galera_additional_users’ list.

  • Added variables galera_backups_full_init_overrides and galera_backups_increment_init_overrides that can be leveraged to override default set of systemd unit file for mariadb backups. Similar to change I7b3b0f4da047f82a49266ef57fba2fbaa24cebdc .

  • The galera_server role now includes the functionality from the galera_client role, and can optionally install the client and server components. This is controlled using two booleans, galera_install_server and galera_install_client, both of which default to false.

  • Implemented variable galera_data_dir that control datadir for MariaDB databases. Defaults to /var/lib/mysql.

  • Galera role now leverages PKI role for creation and distribution of the certificates and certificate authorities. This introduces bunch of new variables which controls CA and certificates generation details. If user SSL certificates are provided - they would be used instead of the generated ones.

    The following new variables were introduced:

    • galera_ssl_verify

    • galera_pki_dir

    • galera_pki_create_ca

    • galera_pki_regen_ca

    • galera_pki_certificates

    • galera_pki_regen_cert

    • galera_pki_authorities

    • galera_pki_install_ca

    • galera_pki_keys_path

    • galera_pki_certs_path

    • galera_pki_intermediate_cert_name

    • galera_pki_intermediate_cert_path

    • galera_pki_install_certificates

  • New variables galera_tmp_dir and galera_ignore_db_dirs were implemented to control path to tmp dir and what directories should be ignored when listing databases.

  • Adds optional compression for backups created with mariabackup. Adds two new CLI parameters to the mariabackup script that are used to enable compression and to choose a compression tool.

    • --compress=True|False

    • --compressor=<compressor>

    Also introduces new Ansible variables that control the above mentioned parameters.

    • galera_mariadb_backups_compress

    • galera_mariadb_backups_compressor

    Each backup archive is stored in a dedicated directory, alongside the backup metadata.

  • Added variable galera_init_overrides that can be leveraged to override default set of systemd unit file for mariadb. This also brings requirement of systemd_service role.

  • It is now possible for deployers to enable or disable the mysqlcheck capability. The Boolean option galera_monitoring_check_enabled has been added which has a default value of true.

  • It is now possible to change the port used by mysqlcheck. The integer option galera_monitoring_check_port has been added with the default value of 9200.

  • Add parameters galera_mariadb_backups_full_randomized_delay_sec and galera_mariadb_backups_incremental_randomized_delay_sec to run the systemd timers for mariabackup with a randomized delay. This is useful if backups are done of more than one node to avoid running it at the exact same time.

  • The MariaDB version has been bumped to 10.2

  • The galera_server role now uses mariabackup in order to complete SST operations due to the fact that this is the recommended choice from MariaDB.

  • The galera_server role now ships with the latest MariaDB release of 10.3.13.

Upgrade Notes

  • The galera_server role now includes the functionality from the galera_client role, and as a result a number of the variables from the galera_client defaults are now available to override in the galera_server role defaults. In addition, a number of default variables have been generalised, removing the specific _client_ or _server_ parts of the names. Users of this role should check that any overrides they are using have the correct variables names for the new combined role.

  • Galera will now additionally listen on port 3307 by default, with this port being used by the monitoring user to check cluster status. Ensure that any firewall rules permit access to this port before upgrading. If an ‘extra_port’ was already configured, ensure that any conflicting configuration is removed and set your preferred values via ‘galera_monitoring_port’ and ‘galera_monitoring_max_connections’.

  • The data structure for galera_gpg_keys has been changed to be a dict passed directly to the applicable apt_key/rpm_key module. As such any overrides would need to be reviewed to ensure that they do not pass any key/value pairs which would cause the module to fail.

  • The default values for galera_gpg_keys have been changed for all supported platforms will use vendored keys. This means that the task execution will no longer reach out to the internet to add the keys, making offline or proxy-based installations easier and more reliable.

  • If you have database named as #tmp you should change galera_tmp_dir path and adjust galera_ignore_db_dirs or rename database.

  • MariaDB version 10.5.9 is know to have bug which results in broken root permissions after upgrade. We have implemented a workarond for it which will be triggered automatically. This note is informative only.

  • Backup compression is disabled by default, so no changes need to be made for existing deployments. Should compression be desired, set galera_mariadb_backups_compress to True. Choose a compression tool with galera_mariadb_backups_compressor, default is gzip.

  • The xinetd script and configuration to run the ‘clustercheck’ script is replaced with a systemd socket activated service.

Deprecation Notes

  • The compression option in the galera_server role has been removed due to the fact that it is not recommended by MariaDB anymore. This means that all the dependencies from Percona such as QPress are no longer necessary.

  • The following variables have been removed because they are no longer used. * galera_percona_xtrabackup_repo * use_percona_upstream * galera_xtrabackup_compression * galera_server_percona_distro_packages

  • The variable galera_xtrabackup_threads has been renamed to galera_mariabackup_threads to reflect the change in the SST provider.

  • Following variables were removed in favor of PKI ones and have no effect anymore:

    • galera_ssl_self_signed_regen

    • galera_ssl_self_signed_subject

    • galera_ssl_ca_self_signed_subject

Other Notes

  • Set a new default value for galera_wait_timeout which is inherited from global openstack_db_connection_recycle_time.