Listen on an additional port for monitoring/diagnostic purposes

If the Galera cluster hits its configured max_connections value
then only the super-users can still connect for debug purposes.
As the monitoring user cannot connect, this can cause a cascading
failure as HAProxy marks the instance as unreachable.

This configuration adds an extra listening port with a limited
number of connections to allow the monitoring user to connect at
all times.

Change-Id: I57187bab2ee35521c275f0f0b99c1ca8fd1830ad
This commit is contained in:
Andrew Bonney
2021-04-15 10:17:57 +01:00
parent 18d8de22dc
commit da6bdafd65
4 changed files with 27 additions and 0 deletions

View File

@@ -65,6 +65,8 @@ galera_gpg_keys: "{{ _galera_gpg_keys | default([]) }}"
galera_monitoring_user: monitoring galera_monitoring_user: monitoring
galera_monitoring_user_password: "" galera_monitoring_user_password: ""
galera_monitoring_port: 3307
galera_monitoring_max_connections: 10
# WARNING: Set this to open xinetd rules for galera monitoring. # WARNING: Set this to open xinetd rules for galera monitoring.
# This is REQUIRED to run a working openstack-ansible deployment. # This is REQUIRED to run a working openstack-ansible deployment.

View File

@@ -0,0 +1,9 @@
---
upgrade:
- |
Galera will now additionally listen on port 3307 by default, with this port
being used by the monitoring user to check cluster status. Ensure that any
firewall rules permit access to this port before upgrading. If an
'extra_port' was already configured, ensure that any conflicting
configuration is removed and set your preferred values via
'galera_monitoring_port' and 'galera_monitoring_max_connections'.

View File

@@ -33,6 +33,8 @@ fi
MYSQL_USERNAME="${1-{{ galera_monitoring_user }}}" MYSQL_USERNAME="${1-{{ galera_monitoring_user }}}"
MYSQL_PASSWORD="${2-{{ galera_monitoring_user_password }}}" MYSQL_PASSWORD="${2-{{ galera_monitoring_user_password }}}"
MYSQL_HOST="{{ galera_server_bind_address }}"
MYSQL_PORT="{{ galera_monitoring_port }}"
AVAILABLE_WHEN_DONOR=${3:-0} AVAILABLE_WHEN_DONOR=${3:-0}
ERR_FILE="${4:-/dev/null}" ERR_FILE="${4:-/dev/null}"
AVAILABLE_WHEN_READONLY=${5:-1} AVAILABLE_WHEN_READONLY=${5:-1}
@@ -52,6 +54,16 @@ else
EXTRA_ARGS="$EXTRA_ARGS --password=" EXTRA_ARGS="$EXTRA_ARGS --password="
fi fi
if [[ -n "$MYSQL_PORT" ]]; then
# Port does not apply unless host is set
if [[ "$MYSQL_HOST" != "0.0.0.0" ]]; then
EXTRA_ARGS="$EXTRA_ARGS --host=${MYSQL_HOST}"
else
EXTRA_ARGS="$EXTRA_ARGS --host=127.0.0.1"
fi
EXTRA_ARGS="$EXTRA_ARGS --port=${MYSQL_PORT}"
fi
if [[ -r $DEFAULTS_EXTRA_FILE ]]; then if [[ -r $DEFAULTS_EXTRA_FILE ]]; then
MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \ MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE --connect-timeout=$TIMEOUT \
${EXTRA_ARGS}" ${EXTRA_ARGS}"

View File

@@ -49,6 +49,10 @@ expire-logs-days = 7
log_slave_updates = 1 log_slave_updates = 1
log_bin_trust_function_creators = 1 log_bin_trust_function_creators = 1
# MONITORING #
extra_port = {{ galera_monitoring_port }}
extra_max_connections = {{ galera_monitoring_max_connections }}
# SAFETY # # SAFETY #
max-allowed-packet = 16M max-allowed-packet = 16M
max-connect-errors = 1000000 max-connect-errors = 1000000