314 lines
10 KiB
YAML
314 lines
10 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: openstack-mariadb
|
|
labels:
|
|
name: openstack-mariadb-global
|
|
component: mariadb
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.osh.mariadb
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.osh.mariadb
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# Endpoints
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.oslo_db
|
|
dest:
|
|
path: .values.endpoints.oslo_db
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.prometheus_mysql_exporter
|
|
dest:
|
|
path: .values.endpoints.prometheus_mysql_exporter
|
|
|
|
# Accounts
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.oslo_db.admin
|
|
dest:
|
|
path: .values.endpoints.oslo_db.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.oslo_db.sst
|
|
dest:
|
|
path: .values.endpoints.oslo_db.auth.sst
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.oslo_db.audit
|
|
dest:
|
|
path: .values.endpoints.oslo_db.auth.audit
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.prometheus_mysql_exporter.user
|
|
dest:
|
|
path: .values.endpoints.oslo_db.auth.exporter
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.prometheus_mysql_exporter.user
|
|
dest:
|
|
path: .values.endpoints.prometheus_mysql_exporter.auth.user
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.sst.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_sst_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.audit.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_audit_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.exporter.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_exporter_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.prometheus_mysql_exporter.auth.user.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_exporter_password
|
|
path: .
|
|
|
|
data:
|
|
chart_name: openstack-mariadb
|
|
release: openstack-mariadb
|
|
namespace: openstack
|
|
wait:
|
|
timeout: 1800
|
|
labels:
|
|
release_group: clcp-openstack-mariadb
|
|
resources:
|
|
- type: job
|
|
- type: statefulset
|
|
min_ready: 66%
|
|
native:
|
|
enabled: false
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
options:
|
|
force: true
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: clcp-openstack-mariadb
|
|
values:
|
|
volume:
|
|
size: 30Gi
|
|
backup:
|
|
size: 50Gi
|
|
conf:
|
|
database:
|
|
00_base: |
|
|
[mysqld]
|
|
# Charset
|
|
character_set_server=utf8
|
|
collation_server=utf8_general_ci
|
|
skip-character-set-client-handshake
|
|
# Logging
|
|
slow_query_log=off
|
|
slow_query_log_file=/var/log/mysql/mariadb-slow.log
|
|
log_warnings=2
|
|
# General logging has huge performance penalty therefore is disabled by default
|
|
general_log=off
|
|
general_log_file=/var/log/mysql/mariadb-error.log
|
|
long_query_time=3
|
|
log_queries_not_using_indexes=on
|
|
# Networking
|
|
bind_address=0.0.0.0
|
|
port={{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
# When a client connects, the server will perform hostname resolution,
|
|
# and when DNS is slow, establishing the connection will become slow as well.
|
|
# It is therefore recommended to start the server with skip-name-resolve to
|
|
# disable all DNS lookups. The only limitation is that the GRANT statements
|
|
# must then use IP addresses only.
|
|
skip_name_resolve
|
|
# Tuning
|
|
user=mysql
|
|
max_allowed_packet=256M
|
|
open_files_limit=10240
|
|
max_connections=8192
|
|
max-connect-errors=1000000
|
|
# General security settings
|
|
# Reference link below:
|
|
# https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/general-security-issues.html
|
|
# secure_file_priv is set to '/home' because it is read-only, which will
|
|
# disable this feature completely.
|
|
secure_file_priv=/home
|
|
local_infile=0
|
|
symbolic_links=0
|
|
sql_mode="STRICT_ALL_TABLES,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
|
|
## Generally, it is unwise to set the query cache to be larger than 64-128M
|
|
## as the costs associated with maintaining the cache outweigh the performance
|
|
## gains.
|
|
## The query cache is a well known bottleneck that can be seen even when
|
|
## concurrency is moderate. The best option is to disable it from day 1
|
|
## by setting query_cache_size=0 (now the default on MySQL 5.6)
|
|
## and to use other ways to speed up read queries: good indexing, adding
|
|
## replicas to spread the read load or using an external cache.
|
|
query_cache_size=0
|
|
query_cache_type=0
|
|
sync_binlog=0
|
|
thread_cache_size=16
|
|
table_open_cache=2048
|
|
table_definition_cache=1024
|
|
#
|
|
# InnoDB
|
|
#
|
|
# The buffer pool is where data and indexes are cached: having it as large as possible
|
|
# will ensure you use memory and not disks for most read operations.
|
|
# Typical values are 50..75% of available RAM.
|
|
# TODO(tomasz.paszkowski): This needs to by dynamic based on available RAM.
|
|
innodb_buffer_pool_size=1024M
|
|
innodb_doublewrite=0
|
|
innodb_file_format=Barracuda
|
|
innodb_file_per_table=1
|
|
innodb_flush_method=O_DIRECT
|
|
innodb_io_capacity=500
|
|
innodb_locks_unsafe_for_binlog=1
|
|
innodb_log_file_size=128M
|
|
innodb_old_blocks_time=1000
|
|
innodb_read_io_threads=8
|
|
innodb_write_io_threads=8
|
|
# Clustering
|
|
binlog_format=ROW
|
|
default-storage-engine=InnoDB
|
|
innodb_autoinc_lock_mode=2
|
|
innodb_flush_log_at_trx_commit=2
|
|
wsrep_cluster_name={{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" | replace "." "_" }}
|
|
wsrep_on=1
|
|
wsrep_provider=/usr/lib/galera/libgalera_smm.so
|
|
wsrep_provider_options="evs.suspect_timeout=PT30S; gmcast.peer_timeout=PT15S; gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
|
|
wsrep_slave_threads=12
|
|
wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.sst.username }}:{{ .Values.endpoints.oslo_db.auth.sst.password }}
|
|
wsrep_sst_method=mariabackup
|
|
{{ if .Values.manifests.certificates }}
|
|
# TLS
|
|
ssl_ca=/etc/mysql/certs/ca.crt
|
|
ssl_key=/etc/mysql/certs/tls.key
|
|
ssl_cert=/etc/mysql/certs/tls.crt
|
|
# tls_version = TLSv1.2,TLSv1.3
|
|
{{ end }}
|
|
[mysqldump]
|
|
max-allowed-packet=16M
|
|
[client]
|
|
default_character_set=utf8
|
|
protocol=tcp
|
|
port={{ tuple "oslo_db" "direct" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
{{ if .Values.manifests.certificates }}
|
|
# TLS
|
|
ssl_ca=/etc/mysql/certs/ca.crt
|
|
ssl_key=/etc/mysql/certs/tls.key
|
|
ssl_cert=/etc/mysql/certs/tls.crt
|
|
# tls_version = TLSv1.2,TLSv1.3
|
|
ssl-verify-server-cert=false
|
|
{{ end }}
|
|
backup:
|
|
enabled: true
|
|
days_to_keep: 3
|
|
remote_backup:
|
|
enabled: true
|
|
container_name: DOMAIN
|
|
days_to_keep: 14
|
|
storage_policy: ncbackup_pt
|
|
monitoring:
|
|
prometheus:
|
|
enabled: true
|
|
pod:
|
|
replicas:
|
|
error_page: 2
|
|
affinity:
|
|
anti:
|
|
type:
|
|
server: requiredDuringSchedulingIgnoredDuringExecution
|
|
ingress: requiredDuringSchedulingIgnoredDuringExecution
|
|
ingress-error-pages: requiredDuringSchedulingIgnoredDuringExecution
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 50%
|
|
labels:
|
|
server:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
prometheus_mysql_exporter:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
jobs:
|
|
backup_mariadb:
|
|
cron: "0 */6 * * *"
|
|
manifests:
|
|
cron_job_mariadb_backup: true
|
|
pvc_backup: true
|
|
dependencies:
|
|
- os-mariadb-htk
|
|
...
|
|
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: os-mariadb-htk
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
substitutions:
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.osh.mariadb-htk
|
|
dest:
|
|
path: .source
|
|
storagePolicy: cleartext
|
|
data:
|
|
chart_name: os-mariadb-htk
|
|
release: os-mariadb-htk
|
|
namespace: os-mariadb-htk
|
|
timeout: 600
|
|
wait:
|
|
timeout: 600
|
|
upgrade:
|
|
no_hooks: true
|
|
values: {}
|
|
dependencies: []
|
|
...
|