From 7b66bcbf73f3e6922475ae6609df4ae13d8738fd Mon Sep 17 00:00:00 2001 From: Vadim Yalovets Date: Wed, 27 Nov 2024 14:57:53 +0200 Subject: [PATCH 1/6] PKG-242 Create packages for PS 5.7 EOL (#1061) --- percona-server-5.7/Dockerfile-pro | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/percona-server-5.7/Dockerfile-pro b/percona-server-5.7/Dockerfile-pro index 5f113f72..a26537eb 100644 --- a/percona-server-5.7/Dockerfile-pro +++ b/percona-server-5.7/Dockerfile-pro @@ -33,10 +33,10 @@ RUN set -ex; \ rpm -i /tmp/numactl-libs.rpm; \ rm -rf /tmp/numactl-libs.rpm -ENV PS_VERSION 5.7.44-51.1 +ENV PS_VERSION 5.7.44-52.1 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PS_VERSION.$OS_VER" -ENV PS_TELEMETRY_VERSION 5.7.44-51-1 +ENV PS_TELEMETRY_VERSION 5.7.44-52-1 ENV CALL_HOME_DOWNLOAD_SHA256 5e84d2f1a5d57f44c46e6a1f16794d649d3de09fe8021f0294bc321c89e51068 ENV CALL_HOME_VERSION 0.1 @@ -73,6 +73,7 @@ RUN set -ex; \ policycoreutils; \ microdnf -y update \ python3-setuptools-wheel \ + pam \ platform-python-setuptools; \ \ #repoquery -a --location \ From 0e2c19c6340de859a46fb39755df894f48b7f8ec Mon Sep 17 00:00:00 2001 From: Sandra Date: Wed, 27 Nov 2024 12:28:28 +0200 Subject: [PATCH 2/6] PSMDB-1554. Update psmdb-7.0 version --- percona-server-mongodb-7.0/Dockerfile | 2 +- percona-server-mongodb-7.0/Dockerfile.aarch64 | 2 +- percona-server-mongodb-7.0/Dockerfile.k8s | 2 +- percona-server-mongodb-7.0/Dockerfile.ubi8 | 2 +- percona-server-mongodb-7.0/Dockerfile.ubi9 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/percona-server-mongodb-7.0/Dockerfile b/percona-server-mongodb-7.0/Dockerfile index 819b526d..7c6b4a15 100644 --- a/percona-server-mongodb-7.0/Dockerfile +++ b/percona-server-mongodb-7.0/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -ENV PSMDB_VERSION 7.0.14-8 +ENV PSMDB_VERSION 7.0.15-9 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-7.0/Dockerfile.aarch64 b/percona-server-mongodb-7.0/Dockerfile.aarch64 index b7b9ddc7..46ecbcfd 100644 --- a/percona-server-mongodb-7.0/Dockerfile.aarch64 +++ b/percona-server-mongodb-7.0/Dockerfile.aarch64 @@ -16,7 +16,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -ENV PSMDB_VERSION 7.0.14-8 +ENV PSMDB_VERSION 7.0.15-9 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-7.0/Dockerfile.k8s b/percona-server-mongodb-7.0/Dockerfile.k8s index bd3ade30..fcc23ac2 100644 --- a/percona-server-mongodb-7.0/Dockerfile.k8s +++ b/percona-server-mongodb-7.0/Dockerfile.k8s @@ -18,7 +18,7 @@ plus additional enterprise-grade functionality." LABEL org.opencontainers.image.license="SSPLv1" LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 7.0.14-8 +ENV PSMDB_VERSION 7.0.15-9 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-7.0/Dockerfile.ubi8 b/percona-server-mongodb-7.0/Dockerfile.ubi8 index c8be589a..b6a1b2ae 100644 --- a/percona-server-mongodb-7.0/Dockerfile.ubi8 +++ b/percona-server-mongodb-7.0/Dockerfile.ubi8 @@ -2,7 +2,7 @@ FROM redhat/ubi8-minimal LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 7.0.14-8 +ENV PSMDB_VERSION 7.0.15-9 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-7.0/Dockerfile.ubi9 b/percona-server-mongodb-7.0/Dockerfile.ubi9 index a7a891d1..1680a23b 100644 --- a/percona-server-mongodb-7.0/Dockerfile.ubi9 +++ b/percona-server-mongodb-7.0/Dockerfile.ubi9 @@ -2,7 +2,7 @@ FROM redhat/ubi9-minimal LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 7.0.14-8 +ENV PSMDB_VERSION 7.0.15-9 ENV OS_VER el9 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" From 4563061e6dc09d024dc425b67468bc0dc5842255 Mon Sep 17 00:00:00 2001 From: Muhammad Aqeel Date: Wed, 27 Nov 2024 19:34:23 +0500 Subject: [PATCH 3/6] Adds pgvector in docker images --- percona-distribution-postgresql-13/Dockerfile | 1 + percona-distribution-postgresql-13/Dockerfile.aarch64 | 1 + percona-distribution-postgresql-14/Dockerfile | 1 + percona-distribution-postgresql-14/Dockerfile.aarch64 | 1 + percona-distribution-postgresql-15/Dockerfile | 1 + percona-distribution-postgresql-15/Dockerfile-ol8 | 1 + percona-distribution-postgresql-15/Dockerfile-ol9 | 1 + percona-distribution-postgresql-15/Dockerfile.aarch64 | 1 + percona-distribution-postgresql-16/Dockerfile | 1 + percona-distribution-postgresql-16/Dockerfile-ol9 | 1 + percona-distribution-postgresql-16/Dockerfile.aarch64 | 1 + percona-distribution-postgresql-16/Dockerfile_back | 1 + percona-distribution-postgresql-17/Dockerfile | 1 + percona-distribution-postgresql-17/Dockerfile-ol9 | 1 + percona-distribution-postgresql-17/Dockerfile.aarch64 | 1 + percona-distribution-postgresql-17/Dockerfile_back | 1 + 16 files changed, 16 insertions(+) diff --git a/percona-distribution-postgresql-13/Dockerfile b/percona-distribution-postgresql-13/Dockerfile index ffaa2b67..0215fa9d 100644 --- a/percona-distribution-postgresql-13/Dockerfile +++ b/percona-distribution-postgresql-13/Dockerfile @@ -76,6 +76,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-13/Dockerfile.aarch64 b/percona-distribution-postgresql-13/Dockerfile.aarch64 index 71728950..3c5761a5 100644 --- a/percona-distribution-postgresql-13/Dockerfile.aarch64 +++ b/percona-distribution-postgresql-13/Dockerfile.aarch64 @@ -70,6 +70,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-14/Dockerfile b/percona-distribution-postgresql-14/Dockerfile index 7cb5e7b0..539ab1f0 100644 --- a/percona-distribution-postgresql-14/Dockerfile +++ b/percona-distribution-postgresql-14/Dockerfile @@ -76,6 +76,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-14/Dockerfile.aarch64 b/percona-distribution-postgresql-14/Dockerfile.aarch64 index 41490398..7595de83 100644 --- a/percona-distribution-postgresql-14/Dockerfile.aarch64 +++ b/percona-distribution-postgresql-14/Dockerfile.aarch64 @@ -70,6 +70,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-15/Dockerfile b/percona-distribution-postgresql-15/Dockerfile index 66afa5ec..46d6cbf3 100644 --- a/percona-distribution-postgresql-15/Dockerfile +++ b/percona-distribution-postgresql-15/Dockerfile @@ -70,6 +70,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-15/Dockerfile-ol8 b/percona-distribution-postgresql-15/Dockerfile-ol8 index deeb8458..178d4db7 100644 --- a/percona-distribution-postgresql-15/Dockerfile-ol8 +++ b/percona-distribution-postgresql-15/Dockerfile-ol8 @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack15 \ percona-pgaudit15 \ percona-pgaudit15_set_user \ + percona-pgvector_15 \ percona-wal2json15; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-15/Dockerfile-ol9 b/percona-distribution-postgresql-15/Dockerfile-ol9 index 345ab987..faddf0dc 100644 --- a/percona-distribution-postgresql-15/Dockerfile-ol9 +++ b/percona-distribution-postgresql-15/Dockerfile-ol9 @@ -65,6 +65,7 @@ RUN set -ex; \ percona-pg_repack15 \ percona-pgaudit15 \ percona-pgaudit15_set_user \ + percona-pgvector_15 \ percona-wal2json15; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-15/Dockerfile.aarch64 b/percona-distribution-postgresql-15/Dockerfile.aarch64 index d60b95dd..15038568 100644 --- a/percona-distribution-postgresql-15/Dockerfile.aarch64 +++ b/percona-distribution-postgresql-15/Dockerfile.aarch64 @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-16/Dockerfile b/percona-distribution-postgresql-16/Dockerfile index a1a30f4f..a6743d9c 100644 --- a/percona-distribution-postgresql-16/Dockerfile +++ b/percona-distribution-postgresql-16/Dockerfile @@ -70,6 +70,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-16/Dockerfile-ol9 b/percona-distribution-postgresql-16/Dockerfile-ol9 index def68077..cd5754e4 100644 --- a/percona-distribution-postgresql-16/Dockerfile-ol9 +++ b/percona-distribution-postgresql-16/Dockerfile-ol9 @@ -65,6 +65,7 @@ RUN set -ex; \ percona-pg_repack16 \ percona-pgaudit \ percona-pgaudit16_set_user \ + percona-pgvector_16 \ percona-wal2json16; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-16/Dockerfile.aarch64 b/percona-distribution-postgresql-16/Dockerfile.aarch64 index be8e068c..a104a455 100644 --- a/percona-distribution-postgresql-16/Dockerfile.aarch64 +++ b/percona-distribution-postgresql-16/Dockerfile.aarch64 @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-16/Dockerfile_back b/percona-distribution-postgresql-16/Dockerfile_back index 6c0608a7..d85ee954 100644 --- a/percona-distribution-postgresql-16/Dockerfile_back +++ b/percona-distribution-postgresql-16/Dockerfile_back @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack16 \ percona-pgaudit16 \ percona-pgaudit16_set_user \ + percona-pgvector_16 \ percona-wal2json16; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-17/Dockerfile b/percona-distribution-postgresql-17/Dockerfile index bed65292..f6e54407 100644 --- a/percona-distribution-postgresql-17/Dockerfile +++ b/percona-distribution-postgresql-17/Dockerfile @@ -70,6 +70,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-17/Dockerfile-ol9 b/percona-distribution-postgresql-17/Dockerfile-ol9 index 0d8ed047..9290e353 100644 --- a/percona-distribution-postgresql-17/Dockerfile-ol9 +++ b/percona-distribution-postgresql-17/Dockerfile-ol9 @@ -65,6 +65,7 @@ RUN set -ex; \ percona-pg_repack17 \ percona-pgaudit \ percona-pgaudit17_set_user \ + percona-pgvector_17 \ percona-wal2json17; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-17/Dockerfile.aarch64 b/percona-distribution-postgresql-17/Dockerfile.aarch64 index 8b3c4fbc..1acf8dbc 100644 --- a/percona-distribution-postgresql-17/Dockerfile.aarch64 +++ b/percona-distribution-postgresql-17/Dockerfile.aarch64 @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION} \ percona-pgaudit${PPG_MAJOR_VERSION}_set_user \ + percona-pgvector_${PPG_MAJOR_VERSION} \ percona-wal2json${PPG_MAJOR_VERSION}; \ dnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db /docker-entrypoint-initdb.d; \ diff --git a/percona-distribution-postgresql-17/Dockerfile_back b/percona-distribution-postgresql-17/Dockerfile_back index 99b7cdab..239863a1 100644 --- a/percona-distribution-postgresql-17/Dockerfile_back +++ b/percona-distribution-postgresql-17/Dockerfile_back @@ -71,6 +71,7 @@ RUN set -ex; \ percona-pg_repack17 \ percona-pgaudit17 \ percona-pgaudit17_set_user \ + percona-pgvector_17 \ percona-wal2json17; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum $PGDATA && mkdir -p $PGDATA /docker-entrypoint-initdb.d; \ From 5fc0c0251db202430b16abb102e6e41916e73688 Mon Sep 17 00:00:00 2001 From: Sandra Date: Thu, 28 Nov 2024 10:05:28 +0200 Subject: [PATCH 4/6] PSMDB-1555. Update psmdb-6.0 version --- percona-server-mongodb-6.0/Dockerfile | 2 +- percona-server-mongodb-6.0/Dockerfile.aarch64 | 2 +- percona-server-mongodb-6.0/Dockerfile.k8s | 2 +- percona-server-mongodb-6.0/Dockerfile.ubi8 | 2 +- percona-server-mongodb-6.0/Dockerfile.ubi9 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/percona-server-mongodb-6.0/Dockerfile b/percona-server-mongodb-6.0/Dockerfile index 3e4aab3f..bacf4dda 100644 --- a/percona-server-mongodb-6.0/Dockerfile +++ b/percona-server-mongodb-6.0/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -ENV PSMDB_VERSION 6.0.18-15 +ENV PSMDB_VERSION 6.0.19-16 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-6.0/Dockerfile.aarch64 b/percona-server-mongodb-6.0/Dockerfile.aarch64 index 4a8fd710..9fa20899 100644 --- a/percona-server-mongodb-6.0/Dockerfile.aarch64 +++ b/percona-server-mongodb-6.0/Dockerfile.aarch64 @@ -16,7 +16,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -ENV PSMDB_VERSION 6.0.18-15 +ENV PSMDB_VERSION 6.0.19-16 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-6.0/Dockerfile.k8s b/percona-server-mongodb-6.0/Dockerfile.k8s index cd302122..52b6e172 100644 --- a/percona-server-mongodb-6.0/Dockerfile.k8s +++ b/percona-server-mongodb-6.0/Dockerfile.k8s @@ -18,7 +18,7 @@ plus additional enterprise-grade functionality." LABEL org.opencontainers.image.license="SSPLv1" LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 6.0.18-15 +ENV PSMDB_VERSION 6.0.19-16 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-6.0/Dockerfile.ubi8 b/percona-server-mongodb-6.0/Dockerfile.ubi8 index c498b9e8..9d12f309 100644 --- a/percona-server-mongodb-6.0/Dockerfile.ubi8 +++ b/percona-server-mongodb-6.0/Dockerfile.ubi8 @@ -2,7 +2,7 @@ FROM redhat/ubi8-minimal LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 6.0.18-15 +ENV PSMDB_VERSION 6.0.19-16 ENV OS_VER el8 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" diff --git a/percona-server-mongodb-6.0/Dockerfile.ubi9 b/percona-server-mongodb-6.0/Dockerfile.ubi9 index 16fa2771..0ead9b9a 100644 --- a/percona-server-mongodb-6.0/Dockerfile.ubi9 +++ b/percona-server-mongodb-6.0/Dockerfile.ubi9 @@ -2,7 +2,7 @@ FROM redhat/ubi9-minimal LABEL org.opencontainers.image.authors="info@percona.com" -ENV PSMDB_VERSION 6.0.18-15 +ENV PSMDB_VERSION 6.0.19-16 ENV OS_VER el9 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER" ENV K8S_TOOLS_VERSION "0.5.0" From f57f448c4aa50674a29f791d8577ed61daa33882 Mon Sep 17 00:00:00 2001 From: Viacheslav Sarzhan Date: Mon, 2 Dec 2024 18:19:48 +0200 Subject: [PATCH 5/6] K8SPXC-1410 add PXC 8.4 backup image (#1059) * K8SPXC-1410 add PXC 8.4 backup image * fix Dockerfile --- percona-xtradb-cluster-8.4-backup/Dockerfile | 121 +++++++++++ percona-xtradb-cluster-8.4-backup/LICENSE | 201 ++++++++++++++++++ percona-xtradb-cluster-8.4-backup/backup.sh | 107 ++++++++++ .../get-pxc-state | 36 ++++ .../lib/pxc/backup.sh | 84 ++++++++ .../lib/pxc/check-version.sh | 44 ++++ .../lib/pxc/vault.sh | 77 +++++++ .../post_backup.sh | 54 +++++ .../recovery-cloud.sh | 72 +++++++ .../recovery-pvc-donor.sh | 36 ++++ .../recovery-pvc-joiner.sh | 69 ++++++ .../run_backup.sh | 169 +++++++++++++++ 12 files changed, 1070 insertions(+) create mode 100644 percona-xtradb-cluster-8.4-backup/Dockerfile create mode 100644 percona-xtradb-cluster-8.4-backup/LICENSE create mode 100755 percona-xtradb-cluster-8.4-backup/backup.sh create mode 100755 percona-xtradb-cluster-8.4-backup/get-pxc-state create mode 100755 percona-xtradb-cluster-8.4-backup/lib/pxc/backup.sh create mode 100755 percona-xtradb-cluster-8.4-backup/lib/pxc/check-version.sh create mode 100755 percona-xtradb-cluster-8.4-backup/lib/pxc/vault.sh create mode 100755 percona-xtradb-cluster-8.4-backup/post_backup.sh create mode 100755 percona-xtradb-cluster-8.4-backup/recovery-cloud.sh create mode 100755 percona-xtradb-cluster-8.4-backup/recovery-pvc-donor.sh create mode 100755 percona-xtradb-cluster-8.4-backup/recovery-pvc-joiner.sh create mode 100755 percona-xtradb-cluster-8.4-backup/run_backup.sh diff --git a/percona-xtradb-cluster-8.4-backup/Dockerfile b/percona-xtradb-cluster-8.4-backup/Dockerfile new file mode 100644 index 00000000..ede14e1f --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/Dockerfile @@ -0,0 +1,121 @@ +FROM redhat/ubi9-minimal + +# Please don't remove old-style LABEL since it's needed for RedHat certification +LABEL name="Percona XtraBackup" \ + release="8.4" \ + vendor="Percona" \ + summary="Percona XtraBackup is an open-source hot backup utility for MySQL - based servers that doesn’t lock your database during the backup" \ + description="Percona XtraBackup works with MySQL, MariaDB, and Percona Server. It supports completely non-blocking backups of InnoDB, XtraDB, and HailDB storage engines. In addition, it can back up the following storage engines by briefly pausing writes at the end of the backup: MyISAM, Merge, and Archive, including partitioned tables, triggers, and database options." \ + maintainer="Percona Development " + +LABEL org.opencontainers.image.title="Percona XtraDB Cluster" +LABEL org.opencontainers.image.vendor="Percona" +LABEL org.opencontainers.image.description="Percona XtraDB Cluster is a high availability solution that \ + helps enterprises avoid downtime and outages and meet expected customer experience." +LABEL org.opencontainers.image.license="GPL" + +ENV PXB_VERSION=8.4.0-1.1 +ENV PS_VERSION=8.4.0-1.1 + +ENV PXC_VERSION=8.4.0-1.1 +ENV PXC_REPO=release + +ENV KUBECTL_VERSION=v1.30.2 +ENV KUBECTL_SHA512SUM=0e1c51cf19254d8615abb0c2cbc6ed980ee41d0874a90ef47705ee0f2cc787b476fd32d56a926564334f4a01aa34ec480a4edcf60cd1b7fe1d734b2cc805774b +ENV OS_VER=el9 +ENV FULL_PERCONA_VERSION="$PS_VERSION.$OS_VER" +ENV FULL_PERCONA_XTRABACKUP_VERSION="$PXB_VERSION.$OS_VER" +ENV FULL_PERCONA_XTRADBCLUSTER_VERSION="$PXC_VERSION.$OS_VER" +LABEL org.label-schema.schema-version=${PXC_VERSION} +LABEL org.opencontainers.image.version=${PXC_VERSION} + +# check repository package signature in secure way +RUN set -ex; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 4D1BB29D63D98E422B2113B19334A25F8507EFA5 3E6D826D3FBAB389C2F38E34BC4D06A08D8B756F; \ + gpg --batch --export --armor 4D1BB29D63D98E422B2113B19334A25F8507EFA5 > ${GNUPGHOME}/PERCONA-PACKAGING-KEY; \ + gpg --batch --export --armor 3E6D826D3FBAB389C2F38E34BC4D06A08D8B756F > ${GNUPGHOME}/RPM-GPG-KEY-oracle; \ + rpmkeys --import ${GNUPGHOME}/PERCONA-PACKAGING-KEY ${GNUPGHOME}/RPM-GPG-KEY-oracle; \ + microdnf install -y findutils; \ + curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \ + rpmkeys --checksig /tmp/percona-release.rpm; \ + rpm -i /tmp/percona-release.rpm; \ + rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \ + rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY + +RUN set -ex; \ + curl -Lf -o /tmp/libev.rpm https://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/x86_64/getPackage/libev-4.33-5.el9.x86_64.rpm; \ + curl -Lf -o /tmp/pv.rpm https://yum.oracle.com/repo/OracleLinux/OL9/developer/EPEL/x86_64/getPackage/pv-1.6.20-1.el9.x86_64.rpm; \ + curl -Lf -o /tmp/boost-program-options.rpm https://yum.oracle.com/repo/OracleLinux/OL9/appstream/x86_64/getPackage/boost-program-options-1.75.0-8.el9.x86_64.rpm; \ + rpmkeys --checksig /tmp/libev.rpm /tmp/pv.rpm /tmp/boost-program-options.rpm; \ + rpm -i /tmp/libev.rpm /tmp/pv.rpm /tmp/boost-program-options.rpm; \ + rm -rf /tmp/libev.rpm /tmp/pv.rpm /tmp/boost-program-options.rpm + +RUN set -ex; \ + microdnf install -y \ + shadow-utils \ + hostname \ + libaio \ + iproute \ + tar \ + cracklib-dicts \ + openssl \ + numactl-libs \ + jq \ + socat \ + iputils \ + procps-ng \ + util-linux \ + findutils; \ + microdnf clean all; \ + rm -rf /var/cache/dnf /var/cache/yum + +# create mysql user/group before mysql installation +RUN groupadd -g 1001 mysql; \ + useradd -u 1001 -r -g 1001 -s /sbin/nologin \ + -c "Default Application User" mysql + +# we need licenses from docs +RUN set -ex; \ + curl -Lf -o /tmp/percona-xtrabackup.rpm https://repo.percona.com/pxb-84-lts/yum/release/9/RPMS/x86_64/percona-xtrabackup-84-${FULL_PERCONA_XTRABACKUP_VERSION}.x86_64.rpm; \ + curl -Lf -o /tmp/percona-server-shared.rpm https://repo.percona.com/ps-84-lts/yum/release/9/RPMS/x86_64/percona-server-shared-${FULL_PERCONA_VERSION}.x86_64.rpm; \ + curl -Lf -o /tmp/percona-xtradb-cluster-garbd.rpm https://repo.percona.com/pxc-84-lts/yum/release/9/RPMS/x86_64/percona-xtradb-cluster-garbd-${FULL_PERCONA_XTRADBCLUSTER_VERSION}.x86_64.rpm; \ + curl -Lf -o /tmp/percona-xtradb-cluster-client.rpm https://repo.percona.com/pxc-84-lts/yum/release/9/RPMS/x86_64/percona-xtradb-cluster-client-${FULL_PERCONA_XTRADBCLUSTER_VERSION}.x86_64.rpm; \ + rpmkeys --checksig /tmp/percona-xtradb-cluster-garbd.rpm /tmp/percona-xtrabackup.rpm /tmp/percona-xtradb-cluster-client.rpm /tmp/percona-server-shared.rpm; \ + rpm -iv /tmp/percona-xtradb-cluster-garbd.rpm /tmp/percona-xtrabackup.rpm /tmp/percona-xtradb-cluster-client.rpm /tmp/percona-server-shared.rpm --nodeps; \ + rm -rf /tmp/percona-xtradb-cluster-garbd.rpm /tmp/percona-xtrabackup.rpm /tmp/percona-xtradb-cluster-client.rpm /tmp/percona-server-shared.rpm; \ + rpm -ql percona-xtradb-cluster-client | egrep -v "mysql$|mysqldump$|mysqlbinlog$" | xargs rm -rf; \ + microdnf clean all; \ + rm -rf /var/cache/dnf /var/cache/yum /var/lib/mysql + +COPY LICENSE /licenses/LICENSE.Dockerfile +RUN cp /usr/share/doc/percona-xtrabackup-84/LICENSE /licenses/LICENSE.xtrabackup; \ + cp /usr/share/doc/percona-xtradb-cluster-garbd-3/COPYING /licenses/LICENSE.garbd + +RUN set -ex; \ + curl -o /usr/bin/kubectl -LO \ + https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl; \ + echo "${KUBECTL_SHA512SUM} /usr/bin/kubectl" | sha512sum -c -; \ + chmod +x /usr/bin/kubectl; \ + curl -o /licenses/LICENSE.kubectl \ + https://raw.githubusercontent.com/kubernetes/kubectl/master/LICENSE + +RUN install -d -o 1001 -g 0 -m 0775 /backup; \ + mkdir /usr/lib/pxc + +ENV MC_VERSION=RELEASE.2024-07-08T20-59-24Z +ENV MC_SHA256SUM=e111d2b4bea05aadbffaa3fc8d2436a3fefedf030cd1318568bccb72810024f0 +RUN set -ex; \ + curl -o /usr/bin/mc -O https://dl.minio.io/client/mc/release/linux-amd64/archive/mc.${MC_VERSION} \ + && chmod +x /usr/bin/mc \ + && echo "${MC_SHA256SUM} /usr/bin/mc" | sha256sum -c - \ + && curl -o /licenses/LICENSE.mc \ + https://raw.githubusercontent.com/minio/mc/${MC_VERSION}/LICENSE + +COPY lib/pxc /usr/lib/pxc +COPY recovery-*.sh run_backup.sh backup.sh post_backup.sh get-pxc-state /usr/bin/ + +VOLUME ["/backup"] +USER 1001 + +CMD ["sleep","infinity"] diff --git a/percona-xtradb-cluster-8.4-backup/LICENSE b/percona-xtradb-cluster-8.4-backup/LICENSE new file mode 100644 index 00000000..2399231f --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018 Percona, LLC + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/percona-xtradb-cluster-8.4-backup/backup.sh b/percona-xtradb-cluster-8.4-backup/backup.sh new file mode 100755 index 00000000..3e59c99d --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/backup.sh @@ -0,0 +1,107 @@ +#!/bin/bash + +set -o errexit +set -o xtrace + +LIB_PATH='/usr/lib/pxc' +. ${LIB_PATH}/backup.sh + +GARBD_OPTS="" + +function get_backup_source() { + CLUSTER_SIZE=$(/opt/percona/peer-list -on-start=/usr/bin/get-pxc-state -service=$PXC_SERVICE 2>&1 \ + | grep wsrep_cluster_size \ + | sort \ + | tail -1 \ + | cut -d : -f 12) + + if [ -z "${CLUSTER_SIZE}" ]; then + exit 1 + fi + + FIRST_NODE=$(/opt/percona/peer-list -on-start=/usr/bin/get-pxc-state -service=$PXC_SERVICE 2>&1 \ + | grep wsrep_ready:ON:wsrep_connected:ON:wsrep_local_state_comment:Synced:wsrep_cluster_status:Primary \ + | sort -r \ + | tail -1 \ + | cut -d : -f 2 \ + | cut -d . -f 1) + + SKIP_FIRST_POD='|' + if (( ${CLUSTER_SIZE:-0} > 1 )); then + SKIP_FIRST_POD="$FIRST_NODE" + fi + /opt/percona/peer-list -on-start=/usr/bin/get-pxc-state -service=$PXC_SERVICE 2>&1 \ + | grep wsrep_ready:ON:wsrep_connected:ON:wsrep_local_state_comment:Synced:wsrep_cluster_status:Primary \ + | grep -v $SKIP_FIRST_POD \ + | sort \ + | tail -1 \ + | cut -d : -f 2 \ + | cut -d . -f 1 +} + +function check_ssl() { + CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + if [ -f /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt ]; then + CA=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + fi + SSL_DIR=${SSL_DIR:-/etc/mysql/ssl} + if [ -f ${SSL_DIR}/ca.crt ]; then + CA=${SSL_DIR}/ca.crt + fi + SSL_INTERNAL_DIR=${SSL_INTERNAL_DIR:-/etc/mysql/ssl-internal} + if [ -f ${SSL_INTERNAL_DIR}/ca.crt ]; then + CA=${SSL_INTERNAL_DIR}/ca.crt + fi + + KEY=${SSL_DIR}/tls.key + CERT=${SSL_DIR}/tls.crt + if [ -f ${SSL_INTERNAL_DIR}/tls.key -a -f ${SSL_INTERNAL_DIR}/tls.crt ]; then + KEY=${SSL_INTERNAL_DIR}/tls.key + CERT=${SSL_INTERNAL_DIR}/tls.crt + fi + + if [ -f "$CA" -a -f "$KEY" -a -f "$CERT" ]; then + GARBD_OPTS="socket.ssl_ca=${CA};socket.ssl_cert=${CERT};socket.ssl_key=${KEY};socket.ssl_cipher=;pc.weight=0;${GARBD_OPTS}" + fi +} + +function request_streaming() { + local LOCAL_IP=$(hostname -i | sed -E 's/.*\b([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\b.*/\1/') + local NODE_NAME=$(get_backup_source) + + if [ -z "$NODE_NAME" ]; then + /opt/percona/peer-list -on-start=/usr/bin/get-pxc-state -service=$PXC_SERVICE + log 'ERROR' 'Cannot find node for backup' + log 'ERROR' 'Backup was finished unsuccessfull' + exit 1 + fi + + set +o errexit + log 'INFO' 'Garbd was started' + garbd \ + --address "gcomm://$NODE_NAME.$PXC_SERVICE?gmcast.listen_addr=tcp://0.0.0.0:4567" \ + --donor "$NODE_NAME" \ + --group "$PXC_SERVICE" \ + --options "$GARBD_OPTS" \ + --sst "xtrabackup-v2:$LOCAL_IP:4444/xtrabackup_sst//1" \ + --recv-script="/usr/bin/run_backup.sh" \ + --post-recv-script="/usr/bin/post_backup.sh" + EXID_CODE=$? + + if [ -f '/tmp/backup-is-completed' ]; then + log 'INFO' 'Backup was finished successfully' + exit 0 + fi + + log 'ERROR' 'Backup was finished unsuccessfull' + + exit $EXID_CODE +} + +check_ssl +if [ -n "${S3_BUCKET}" ]; then + clean_backup_s3 +fi +request_streaming + +exit 0 diff --git a/percona-xtradb-cluster-8.4-backup/get-pxc-state b/percona-xtradb-cluster-8.4-backup/get-pxc-state new file mode 100755 index 00000000..72bf1818 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/get-pxc-state @@ -0,0 +1,36 @@ +#!/bin/bash + +function mysql_exec() { + local server="$1" + local query="$2" + + mysql_pass=$(cat /etc/mysql/mysql-users-secret/xtrabackup 2>/dev/null || :) + MYSQL_PASSWORD="${mysql_pass:-$PXC_PASS}" + + MYSQL_PWD=${MYSQL_PASSWORD} timeout 600 mysql -P33062 -h${server} -uxtrabackup -s -NB -e "${query}" + +} + +function wait_for_mysql() { + local h="$1" + for i in {1..10}; do + if [ "$(mysql_exec "$h" 'select 1')" == "1" ]; then + return + fi + echo "MySQL is not up yet... sleeping ..." + sleep 1 + done +} + +echo +while read -ra LINE; do + wait_for_mysql $LINE + STATUS=$(mysql_exec "$LINE" "SHOW GLOBAL STATUS LIKE 'wsrep_%';") + READY=$(echo "$STATUS" | grep wsrep_ready | awk '{print$2}') + ONLINE=$(echo "$STATUS" | grep wsrep_connected | awk '{print$2}') + STATE=$(echo "$STATUS" | grep wsrep_local_state_comment | awk '{print$2}') + CLUSTER_STATUS=$(echo "$STATUS" | grep wsrep_cluster_status | awk '{print$2}') + CLUSTER_SIZE=$(echo "$STATUS" | grep wsrep_cluster_size | awk '{print$2}') + + echo node:$LINE:wsrep_ready:$READY:wsrep_connected:$ONLINE:wsrep_local_state_comment:$STATE:wsrep_cluster_status:$CLUSTER_STATUS:wsrep_cluster_size:$CLUSTER_SIZE +done diff --git a/percona-xtradb-cluster-8.4-backup/lib/pxc/backup.sh b/percona-xtradb-cluster-8.4-backup/lib/pxc/backup.sh new file mode 100755 index 00000000..a68c904d --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/lib/pxc/backup.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +set -o errexit + +SST_INFO_NAME=sst_info +XBCLOUD_ARGS="--curl-retriable-errors=7 $XBCLOUD_EXTRA_ARGS" + +INSECURE_ARG="" +if [ -n "$VERIFY_TLS" ] && [[ $VERIFY_TLS == "false" ]]; then + INSECURE_ARG="--insecure" + XBCLOUD_ARGS="${INSECURE_ARG} ${XBCLOUD_ARGS}" +fi + +S3_BUCKET_PATH=${S3_BUCKET_PATH:-$PXC_SERVICE-$(date +%F-%H-%M)-xtrabackup.stream} +BACKUP_PATH=${BACKUP_PATH:-$PXC_SERVICE-$(date +%F-%H-%M)-xtrabackup.stream} + +log() { + { set +x; } 2>/dev/null + local level=$1 + local message=$2 + local now=$(date '+%F %H:%M:%S') + + echo "${now} [${level}] ${message}" + set -x +} + +is_object_exist() { + local bucket="$1" + local object="$2" + + if [[ -n "$(mc -C /tmp/mc ${INSECURE_ARG} --json ls "dest/$bucket/$object" | jq '.status')" ]]; then + return 1 + fi +} + +mc_add_bucket_dest() { + echo "+ mc -C /tmp/mc ${INSECURE_ARG} config host add dest ${ENDPOINT:-https://s3.amazonaws.com} ACCESS_KEY_ID SECRET_ACCESS_KEY " + { set +x; } 2>/dev/null + mc -C /tmp/mc ${INSECURE_ARG} config host add dest "${ENDPOINT:-https://s3.amazonaws.com}" "$ACCESS_KEY_ID" "$SECRET_ACCESS_KEY" + set -x +} + +clean_backup_s3() { + mc_add_bucket_dest + + is_object_exist "$S3_BUCKET" "$S3_BUCKET_PATH.$SST_INFO_NAME" || xbcloud delete ${XBCLOUD_ARGS} --storage=s3 --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH.$SST_INFO_NAME" + is_object_exist "$S3_BUCKET" "$S3_BUCKET_PATH/" || xbcloud delete ${XBCLOUD_ARGS} --storage=s3 --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH" +} + +azure_auth_header_file() { + hex_tmp=$(mktemp) + signature_tmp=$(mktemp) + auth_header_tmp=$(mktemp) + + params="$1" + request_date="$2" + + { set +x; } 2>/dev/null + echo -n "$AZURE_ACCESS_KEY" | base64 -d -w0 | hexdump -ve '1/1 "%02x"' >"$hex_tmp" + headers="x-ms-date:$request_date\nx-ms-version:2021-06-08" + resource="/$AZURE_STORAGE_ACCOUNT/$AZURE_CONTAINER_NAME" + string_to_sign="GET\n\n\n\n\n\n\n\n\n\n\n\n${headers}\n${resource}\n${params}" + printf '%s' "$string_to_sign" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$(cat "$hex_tmp")" -binary | base64 -w0 >"$signature_tmp" + echo -n "Authorization: SharedKey $AZURE_STORAGE_ACCOUNT:$(cat "$signature_tmp")" >"$auth_header_tmp" + set -x + echo "$auth_header_tmp" +} + +is_object_exist_azure() { + object="$1" + { set +x; } 2>/dev/null + connection_string="$ENDPOINT/$AZURE_CONTAINER_NAME?comp=list&restype=container" + request_date=$(LC_ALL=en_US.utf8 TZ=GMT date "+%a, %d %h %Y %H:%M:%S %Z") + header_version="x-ms-version: 2021-06-08" + header_date="x-ms-date: $request_date" + header_auth_file=$(azure_auth_header_file "comp:list\nrestype:container" "$request_date") + + res=$(curl -s -H "$header_version" -H "$header_date" -H "@$header_auth_file" "${connection_string}" | grep "$object") + set -x + + if [[ ${#res} -ne 0 ]]; then + return 1 + fi +} diff --git a/percona-xtradb-cluster-8.4-backup/lib/pxc/check-version.sh b/percona-xtradb-cluster-8.4-backup/lib/pxc/check-version.sh new file mode 100755 index 00000000..3cc81699 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/lib/pxc/check-version.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +function normalize_version() { + local major=0 + local minor=0 + local patch=0 + + # Only parses purely numeric version numbers, 1.2.3 + # Everything after the first three values are ignored + if [[ $1 =~ ^([0-9]+)\.([0-9]+)\.?([0-9]*)([^ ])* ]]; then + major=${BASH_REMATCH[1]} + minor=${BASH_REMATCH[2]} + patch=${BASH_REMATCH[3]} + fi + + printf %02d%02d%02d $major $minor $patch +} + +function compare_versions() { + local version_1="$1" + local op=$2 + local version_2="$3" + + if [[ -z $version_1 || -z $version_2 ]]; then + return 1 + fi + + version_1="$( normalize_version "$version_1" )" + version_2="$( normalize_version "$version_2" )" + + if [[ ! " = == > >= < <= != " =~ " $op " ]]; then + return 1 + fi + + [[ $op == "<" && $version_1 < $version_2 ]] && return 0 + [[ $op == "<=" && ! $version_1 > $version_2 ]] && return 0 + [[ $op == "=" && $version_1 == $version_2 ]] && return 0 + [[ $op == "==" && $version_1 == $version_2 ]] && return 0 + [[ $op == ">" && $version_1 > $version_2 ]] && return 0 + [[ $op == ">=" && ! $version_1 < $version_2 ]] && return 0 + [[ $op == "!=" && $version_1 != $version_2 ]] && return 0 + + return 1 +} diff --git a/percona-xtradb-cluster-8.4-backup/lib/pxc/vault.sh b/percona-xtradb-cluster-8.4-backup/lib/pxc/vault.sh new file mode 100755 index 00000000..1e002679 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/lib/pxc/vault.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +set -o errexit + +keyring_vault=/etc/mysql/vault-keyring-secret/keyring_vault.conf + +function parse_ini() { + local key=$1 + local file_path=$2 + + awk -F "=[ ]*" "/${key}[ ]*=/ {print \$2}" "$file_path" +} + +function vault_get() { + local sst_info=$1 + + if [ ! -f "${keyring_vault}" ]; then + echo "vault configuration not found" >&2 + return 0 + fi + + if [ ! -f "${sst_info}" ]; then + echo "SST info not found" >&2 + exit 1 + fi + + export VAULT_TOKEN=$(parse_ini "token" "${keyring_vault}") + export VAULT_ADDR=$(parse_ini "vault_url" "${keyring_vault}") + local vault_root=$(parse_ini "secret_mount_point" "${keyring_vault}")/backup + local gtid=$(parse_ini "galera-gtid" "${sst_info}") + local ca_path=$(parse_ini "vault_ca" "${keyring_vault}") + + curl ${ca_path:+--cacert $ca_path} \ + -H "X-Vault-Request: true" \ + -H "X-Vault-Token: ${VAULT_TOKEN}" \ + -H "Content-Type: application/json" \ + "${VAULT_ADDR}/v1/${vault_root}/${gtid}" \ + | jq -r '.data.transition_key' +} + +function vault_store() { + local sst_info=$1 + + if [ ! -f "${keyring_vault}" ]; then + echo "vault configuration not found" >&2 + return 0 + fi + + if [ ! -f "${sst_info}" ]; then + echo "SST info not found" >&2 + exit 1 + fi + + set +o xtrace # hide sensitive information + local transition_key=$(parse_ini "transition-key" "${sst_info}") + if [ -z "${transition_key}" ]; then + echo "no transition key in the SST info: backup is an unencrypted, or it was already processed" + return 0 + fi + + export VAULT_TOKEN=$(parse_ini "token" "${keyring_vault}") + export VAULT_ADDR=$(parse_ini "vault_url" "${keyring_vault}") + local vault_root=$(parse_ini "secret_mount_point" "${keyring_vault}")/backup + local gtid=$(parse_ini "galera-gtid" "${sst_info}") + local ca_path=$(parse_ini "vault_ca" "${keyring_vault}") + + curl ${ca_path:+--cacert $ca_path} \ + -X PUT \ + -H "X-Vault-Request: true" \ + -H "X-Vault-Token: ${VAULT_TOKEN}" \ + -H "Content-Type: application/json" \ + -d "{\"transition_key\":\"${transition_key}\"}" \ + "${VAULT_ADDR}/v1/${vault_root}/${gtid}" + + set -o xtrace + sed -i '/transition-key/d' $sst_info >/dev/null +} diff --git a/percona-xtradb-cluster-8.4-backup/post_backup.sh b/percona-xtradb-cluster-8.4-backup/post_backup.sh new file mode 100755 index 00000000..ff5174a4 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/post_backup.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +set -o errexit +set -o xtrace +set -m + +LIB_PATH='/usr/lib/pxc' +. ${LIB_PATH}/vault.sh +. ${LIB_PATH}/backup.sh + +handle_sigterm() { + log 'INFO' 'Post recv script was finished' + exit 0 +} + +backup_volume() { + log 'INFO' 'Checking backup in PVC' + cd "$BACKUP_DIR" + + stat xtrabackup.stream + if (($(stat -c%s xtrabackup.stream) < 5000000)); then + log 'ERROR' 'Backup is empty' + log 'ERROR' 'Backup was finished unsuccessfully' + exit 1 + fi + md5sum xtrabackup.stream | tee md5sum.txt +} + +backup_s3() { + log 'INFO' 'Checking backup in S3' + mc -C /tmp/mc stat ${INSECURE_ARG} "dest/$S3_BUCKET/$S3_BUCKET_PATH.md5" + md5_size=$(mc -C /tmp/mc stat ${INSECURE_ARG} --json "dest/$S3_BUCKET/$S3_BUCKET_PATH.md5" | sed -e 's/.*"size":\([0-9]*\).*/\1/') + if [[ $md5_size =~ "Object does not exist" ]] || ((md5_size < 23000)); then + log 'ERROR' 'Backup is empty' + log 'ERROR' 'Backup was finished unsuccessfull' + exit 1 + fi +} + +backup_azure() { + log 'INFO' 'Checking backup in Azure' +} + +trap 'handle_sigterm' 15 + +if [ -n "$S3_BUCKET" ]; then + backup_s3 +elif [ -n "$AZURE_CONTAINER_NAME" ]; then + backup_azure +else + backup_volume +fi + +exit 0 diff --git a/percona-xtradb-cluster-8.4-backup/recovery-cloud.sh b/percona-xtradb-cluster-8.4-backup/recovery-cloud.sh new file mode 100755 index 00000000..c63caab7 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/recovery-cloud.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +set -o errexit +set -o xtrace + +LIB_PATH='/usr/lib/pxc' +. ${LIB_PATH}/check-version.sh +. ${LIB_PATH}/vault.sh + +# temporary fix for PXB-2784 +XBCLOUD_ARGS="--curl-retriable-errors=7 $XBCLOUD_EXTRA_ARGS" + +MC_ARGS='-C /tmp/mc' + +if [ -n "$VERIFY_TLS" ] && [[ $VERIFY_TLS == "false" ]]; then + XBCLOUD_ARGS="--insecure ${XBCLOUD_ARGS}" + MC_ARGS="${MC_ARGS} --insecure" +fi + +if [ -n "$S3_BUCKET_URL" ]; then + { set +x; } 2>/dev/null + echo "+ mc ${MC_ARGS} config host add dest ${ENDPOINT:-https://s3.amazonaws.com} ACCESS_KEY_ID SECRET_ACCESS_KEY" + mc ${MC_ARGS} config host add dest "${ENDPOINT:-https://s3.amazonaws.com}" "$ACCESS_KEY_ID" "$SECRET_ACCESS_KEY" + set -x + mc ${MC_ARGS} ls "dest/${S3_BUCKET_URL}" +elif [ -n "${BACKUP_PATH}" ]; then + XBCLOUD_ARGS="${XBCLOUD_ARGS} --storage=azure" +fi + +if [ -n "${AZURE_CONTAINER_NAME}" ]; then + XBCLOUD_ARGS="${XBCLOUD_ARGS} --azure-container-name=${AZURE_CONTAINER_NAME}" +fi + +rm -rf /datadir/* +tmp=$(mktemp --directory /datadir/pxc_sst_XXXX) + +destination() { + if [ -n "${S3_BUCKET_URL}" ]; then + echo -n "s3://${S3_BUCKET_URL}" + elif [ -n "${BACKUP_PATH}" ]; then + echo -n "${BACKUP_PATH}" + fi +} + +xbcloud get --parallel="$(grep -c processor /proc/cpuinfo)" ${XBCLOUD_ARGS} "$(destination).sst_info" | xbstream -x -C "${tmp}" --parallel="$(grep -c processor /proc/cpuinfo)" $XBSTREAM_EXTRA_ARGS +xbcloud get --parallel="$(grep -c processor /proc/cpuinfo)" ${XBCLOUD_ARGS} "$(destination)" | xbstream --decompress -x -C "${tmp}" --parallel="$(grep -c processor /proc/cpuinfo)" $XBSTREAM_EXTRA_ARGS + +set +o xtrace +transition_key=$(vault_get "$tmp/sst_info") +if [[ -n $transition_key && $transition_key != null ]]; then + transition_option="--transition-key=$transition_key" + master_key_options="--generate-new-master-key" + echo transition-key exists +fi + +echo "+ xtrabackup ${XB_USE_MEMORY+--use-memory=$XB_USE_MEMORY} --prepare ${XB_EXTRA_ARGS} --rollback-prepared-trx \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp" + +xtrabackup ${XB_USE_MEMORY+--use-memory=$XB_USE_MEMORY} --prepare ${transition_option:+"$transition_option"} ${XB_EXTRA_ARGS} --rollback-prepared-trx \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin "--target-dir=$tmp" + +echo "+ xtrabackup --defaults-group=mysqld --datadir=/datadir --move-back ${XB_EXTRA_ARGS} \ + --force-non-empty-directories $master_key_options \ + --keyring-vault-config=/etc/mysql/vault-keyring-secret/keyring_vault.conf --early-plugin-load=keyring_vault.so \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp" + +xtrabackup --defaults-group=mysqld --datadir=/datadir --move-back ${XB_EXTRA_ARGS} \ + --force-non-empty-directories ${transition_option:+"$transition_option"} $master_key_options \ + --keyring-vault-config=/etc/mysql/vault-keyring-secret/keyring_vault.conf --early-plugin-load=keyring_vault.so \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin "--target-dir=$tmp" + +rm -rf "$tmp" diff --git a/percona-xtradb-cluster-8.4-backup/recovery-pvc-donor.sh b/percona-xtradb-cluster-8.4-backup/recovery-pvc-donor.sh new file mode 100755 index 00000000..f56a2593 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/recovery-pvc-donor.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -o xtrace +set -o errexit + +SOCAT_OPTS="TCP-LISTEN:3307,reuseaddr,retry=30" + +function check_ssl() { + CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + if [ -f /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt ]; then + CA=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + fi + SSL_DIR=${SSL_DIR:-/etc/mysql/ssl} + if [ -f ${SSL_DIR}/ca.crt ]; then + CA=${SSL_DIR}/ca.crt + fi + SSL_INTERNAL_DIR=${SSL_INTERNAL_DIR:-/etc/mysql/ssl-internal} + if [ -f ${SSL_INTERNAL_DIR}/ca.crt ]; then + CA=${SSL_INTERNAL_DIR}/ca.crt + fi + + KEY=${SSL_DIR}/tls.key + CERT=${SSL_DIR}/tls.crt + if [ -f ${SSL_INTERNAL_DIR}/tls.key -a -f ${SSL_INTERNAL_DIR}/tls.crt ]; then + KEY=${SSL_INTERNAL_DIR}/tls.key + CERT=${SSL_INTERNAL_DIR}/tls.crt + fi + + if [ -f "$CA" -a -f "$KEY" -a -f "$CERT" ]; then + SOCAT_OPTS="openssl-listen:3307,reuseaddr,cert=${CERT},key=${KEY},cafile=${CA},verify=1,retry=30" + fi +} + +check_ssl +cat /backup/sst_info | socat -u stdio "$SOCAT_OPTS" +cat /backup/xtrabackup.stream | socat -u stdio "$SOCAT_OPTS" diff --git a/percona-xtradb-cluster-8.4-backup/recovery-pvc-joiner.sh b/percona-xtradb-cluster-8.4-backup/recovery-pvc-joiner.sh new file mode 100755 index 00000000..b24f9cf7 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/recovery-pvc-joiner.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +set -o errexit +set -o xtrace + +LIB_PATH='/usr/lib/pxc' +. ${LIB_PATH}/check-version.sh +. ${LIB_PATH}/vault.sh + +SOCAT_OPTS="TCP:${RESTORE_SRC_SERVICE}:3307,retry=30" +function check_ssl() { + CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + if [ -f /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt ]; then + CA=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + fi + SSL_DIR=${SSL_DIR:-/etc/mysql/ssl} + if [ -f ${SSL_DIR}/ca.crt ]; then + CA=${SSL_DIR}/ca.crt + fi + SSL_INTERNAL_DIR=${SSL_INTERNAL_DIR:-/etc/mysql/ssl-internal} + if [ -f ${SSL_INTERNAL_DIR}/ca.crt ]; then + CA=${SSL_INTERNAL_DIR}/ca.crt + fi + + KEY=${SSL_DIR}/tls.key + CERT=${SSL_DIR}/tls.crt + if [ -f ${SSL_INTERNAL_DIR}/tls.key -a -f ${SSL_INTERNAL_DIR}/tls.crt ]; then + KEY=${SSL_INTERNAL_DIR}/tls.key + CERT=${SSL_INTERNAL_DIR}/tls.crt + fi + + if [ -f "$CA" -a -f "$KEY" -a -f "$CERT" ]; then + SOCAT_OPTS="openssl-connect:${RESTORE_SRC_SERVICE}:3307,reuseaddr,cert=${CERT},key=${KEY},cafile=${CA},verify=1,commonname='',retry=30,no-sni=1" + fi +} + +check_ssl +ping -c1 $RESTORE_SRC_SERVICE || : +rm -rf /datadir/* +tmp=$(mktemp --directory /datadir/pxc_sst_XXXX) + +socat -u "$SOCAT_OPTS" stdio >$tmp/sst_info +socat -u "$SOCAT_OPTS" stdio | xbstream --decompress -x -C $tmp --parallel=$(grep -c processor /proc/cpuinfo) $XBSTREAM_EXTRA_ARGS + +set +o xtrace +transition_key=$(vault_get $tmp/sst_info) +if [[ -n $transition_key && $transition_key != null ]]; then + transition_option="--transition-key=$transition_key" + master_key_options="--generate-new-master-key" + echo transition-key exists +fi + +echo "+ xtrabackup ${XB_USE_MEMORY+--use-memory=$XB_USE_MEMORY} --prepare ${XB_EXTRA_ARGS} --rollback-prepared-trx \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp" + +xtrabackup ${XB_USE_MEMORY+--use-memory=$XB_USE_MEMORY} --prepare ${XB_EXTRA_ARGS} $transition_option --rollback-prepared-trx \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp + +echo "+ xtrabackup --defaults-group=mysqld --datadir=/datadir --move-back ${XB_EXTRA_ARGS} \ + --force-non-empty-directories $master_key_options \ + --keyring-vault-config=/etc/mysql/vault-keyring-secret/keyring_vault.conf --early-plugin-load=keyring_vault.so \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp" + +xtrabackup --defaults-group=mysqld --datadir=/datadir --move-back ${XB_EXTRA_ARGS} \ + --force-non-empty-directories $transition_option $master_key_options \ + --keyring-vault-config=/etc/mysql/vault-keyring-secret/keyring_vault.conf --early-plugin-load=keyring_vault.so \ + --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=$tmp + +rm -rf $tmp diff --git a/percona-xtradb-cluster-8.4-backup/run_backup.sh b/percona-xtradb-cluster-8.4-backup/run_backup.sh new file mode 100755 index 00000000..396931b7 --- /dev/null +++ b/percona-xtradb-cluster-8.4-backup/run_backup.sh @@ -0,0 +1,169 @@ +#!/bin/bash + +set -o errexit +set -o xtrace +set -m + +LIB_PATH='/usr/lib/pxc' +. ${LIB_PATH}/vault.sh +. ${LIB_PATH}/backup.sh + +SOCAT_OPTS="TCP-LISTEN:4444,reuseaddr,retry=30" + +check_ssl() { + CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt + if [ -f /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt ]; then + CA=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + fi + SSL_DIR=${SSL_DIR:-/etc/mysql/ssl} + if [ -f ${SSL_DIR}/ca.crt ]; then + CA=${SSL_DIR}/ca.crt + fi + SSL_INTERNAL_DIR=${SSL_INTERNAL_DIR:-/etc/mysql/ssl-internal} + if [ -f ${SSL_INTERNAL_DIR}/ca.crt ]; then + CA=${SSL_INTERNAL_DIR}/ca.crt + fi + + KEY=${SSL_DIR}/tls.key + CERT=${SSL_DIR}/tls.crt + if [ -f ${SSL_INTERNAL_DIR}/tls.key -a -f ${SSL_INTERNAL_DIR}/tls.crt ]; then + KEY=${SSL_INTERNAL_DIR}/tls.key + CERT=${SSL_INTERNAL_DIR}/tls.crt + fi + + if [ -f "$CA" -a -f "$KEY" -a -f "$CERT" ]; then + SOCAT_OPTS="openssl-listen:4444,reuseaddr,cert=${CERT},key=${KEY},cafile=${CA},verify=1,retry=30" + fi +} + +FIRST_RECEIVED=0 +SST_FAILED=0 +handle_sigterm() { + if (($FIRST_RECEIVED == 0)); then + pid_s=$(ps -C socat -o pid= || true) + if [ -n "${pid_s}" ]; then + log 'ERROR' 'SST request failed' + SST_FAILED=1 + kill $pid_s + exit 1 + else + log 'INFO' 'SST request was finished' + fi + fi +} + +backup_volume() { + BACKUP_DIR=${BACKUP_DIR:-/backup/$PXC_SERVICE-$(date +%F-%H-%M)} + if [ -d "$BACKUP_DIR" ]; then + rm -rf $BACKUP_DIR/{xtrabackup.*,sst_info} + fi + + mkdir -p "$BACKUP_DIR" + cd "$BACKUP_DIR" || exit + + log 'INFO' "Backup to $BACKUP_DIR was started" + + socat -u "$SOCAT_OPTS" stdio | xbstream -x $XBSTREAM_EXTRA_ARGS & + wait $! + + log 'INFO' 'Socat was started' + + FIRST_RECEIVED=1 + if [[ $? -ne 0 ]]; then + log 'ERROR' 'Socat(1) failed' + log 'ERROR' 'Backup was finished unsuccessfully' + exit 1 + fi + echo "[IINFO] Socat(1) returned $?" + vault_store $BACKUP_DIR/${SST_INFO_NAME} + + if (($SST_FAILED == 0)); then + FIRST_RECEIVED=0 + socat -u "$SOCAT_OPTS" stdio >xtrabackup.stream + FIRST_RECEIVED=1 + if [[ $? -ne 0 ]]; then + log 'ERROR' 'Socat(2) failed' + log 'ERROR' 'Backup was finished unsuccessfully' + exit 1 + fi + log 'INFO' "Socat(2) returned $?" + fi +} + +backup_s3() { + mc_add_bucket_dest + + socat -u "$SOCAT_OPTS" stdio | xbstream -x -C /tmp $XBSTREAM_EXTRA_ARGS & + wait $! + log 'INFO' 'Socat was started' + + FIRST_RECEIVED=1 + if [[ $? -ne 0 ]]; then + log 'ERROR' 'Socat(1) failed' + log 'ERROR' 'Backup was finished unsuccessfully' + exit 1 + fi + vault_store /tmp/${SST_INFO_NAME} + + xbstream -C /tmp -c ${SST_INFO_NAME} $XBSTREAM_EXTRA_ARGS \ + | xbcloud put --parallel="$(grep -c processor /proc/cpuinfo)" --storage=s3 --md5 $XBCLOUD_ARGS --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH.$SST_INFO_NAME" 2>&1 \ + | (grep -v "error: http request failed: Couldn't resolve host name" || exit 1) + + if (($SST_FAILED == 0)); then + FIRST_RECEIVED=0 + socat -u "$SOCAT_OPTS" stdio \ + | xbcloud put --storage=s3 --parallel="$(grep -c processor /proc/cpuinfo)" --md5 $XBCLOUD_ARGS --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH" 2>&1 \ + | (grep -v "error: http request failed: Couldn't resolve host name" || exit 1) + FIRST_RECEIVED=1 + fi +} + +backup_azure() { + ENDPOINT=${AZURE_ENDPOINT:-"https://$AZURE_STORAGE_ACCOUNT.blob.core.windows.net"} + + log 'INFO' "Backup to $ENDPOINT/$AZURE_CONTAINER_NAME/$BACKUP_PATH" + + is_object_exist_azure "$BACKUP_PATH.$SST_INFO_NAME/" || xbcloud delete $XBCLOUD_ARGS --storage=azure "$BACKUP_PATH.$SST_INFO_NAME" + is_object_exist_azure "$BACKUP_PATH/" || xbcloud delete $XBCLOUD_ARGS --storage=azure "$BACKUP_PATH" + + socat -u "$SOCAT_OPTS" stdio | xbstream -x -C /tmp $XBSTREAM_EXTRA_ARGS & + wait $! + log 'INFO' 'Socat was started' + + FIRST_RECEIVED=1 + if [[ $? -ne 0 ]]; then + log 'ERROR' 'Socat(1) failed' + log 'ERROR' 'Backup was finished unsuccessfully' + exit 1 + fi + vault_store /tmp/${SST_INFO_NAME} + + xbstream -C /tmp -c ${SST_INFO_NAME} $XBSTREAM_EXTRA_ARGS \ + | xbcloud put --parallel="$(grep -c processor /proc/cpuinfo)" $XBCLOUD_ARGS --storage=azure "$BACKUP_PATH.$SST_INFO_NAME" 2>&1 \ + | (grep -v "error: http request failed: Couldn't resolve host name" || exit 1) + + if (($SST_FAILED == 0)); then + FIRST_RECEIVED=0 + socat -u "$SOCAT_OPTS" stdio \ + | xbcloud put --parallel="$(grep -c processor /proc/cpuinfo)" $XBCLOUD_ARGS --storage=azure "$BACKUP_PATH" 2>&1 \ + | (grep -v "error: http request failed: Couldn't resolve host name" || exit 1) + FIRST_RECEIVED=1 + fi +} + +check_ssl + +trap 'handle_sigterm' 15 + +if [ -n "$S3_BUCKET" ]; then + backup_s3 +elif [ -n "$AZURE_CONTAINER_NAME" ]; then + backup_azure +else + backup_volume +fi + +if (($SST_FAILED == 0)); then + touch /tmp/backup-is-completed +fi +exit $SST_FAILED From 3a27ca832b6586e72b29bab2ce79668c15e28230 Mon Sep 17 00:00:00 2001 From: Vadim Yalovets Date: Mon, 2 Dec 2024 17:50:33 +0200 Subject: [PATCH 6/6] PXC-4569 Release task ticket for PXC 8.0.39 --- haproxy/Dockerfile | 1 + percona-server-8.0/Dockerfile | 2 ++ percona-xtradb-cluster-8.0/Dockerfile | 14 ++++++++------ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/haproxy/Dockerfile b/haproxy/Dockerfile index 3bbcf009..df0815c4 100644 --- a/haproxy/Dockerfile +++ b/haproxy/Dockerfile @@ -42,6 +42,7 @@ RUN set -ex; \ vim-minimal \ policycoreutils; \ microdnf update -y glibc \ + pam \ krb5-libs; \ \ microdnf clean all; \ diff --git a/percona-server-8.0/Dockerfile b/percona-server-8.0/Dockerfile index 52acf14c..d9b1bad0 100644 --- a/percona-server-8.0/Dockerfile +++ b/percona-server-8.0/Dockerfile @@ -66,6 +66,8 @@ RUN set -ex; \ libnghttp2 \ openssh \ python3-setuptools-wheel \ + krb5-libs \ + pam \ python3; \ \ dnf -y install \ diff --git a/percona-xtradb-cluster-8.0/Dockerfile b/percona-xtradb-cluster-8.0/Dockerfile index b94d28cb..d7f4f290 100644 --- a/percona-xtradb-cluster-8.0/Dockerfile +++ b/percona-xtradb-cluster-8.0/Dockerfile @@ -8,11 +8,11 @@ FROM redhat/ubi8-minimal LABEL org.opencontainers.image.authors="info@percona.com" -ENV PXC_VERSION 8.0.37-29.1 +ENV PXC_VERSION 8.0.39-30.1 ENV PXC_REPO release ENV OS_VER el8 ENV FULL_PERCONA_XTRADBCLUSTER_VERSION "$PXC_VERSION.$OS_VER" -ENV PXC_TELEMETRY_VERSION 8.0.37-29-1 +ENV PXC_TELEMETRY_VERSION 8.0.39-30-1 # Do not report during Docker image creation. # Note that doing so, would create telemetry config file @@ -72,10 +72,12 @@ RUN set -ex; \ percona-telemetry-agent \ libatomic \ tar; \ - microdnf update -y libksba; \ - microdnf update -y krb5-libs; \ - microdnf update -y libnghttp2; \ - microdnf update -y glibc; \ + microdnf update -y \ + libksba \ + krb5-libs \ + libnghttp2 \ + glibc \ + pam; \ microdnf clean all; \ rm -rf /var/cache/dnf /var/cache/yum