From 458541560675af2518885d46149467c1e56b4326 Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 17:40:13 +0300 Subject: [PATCH 1/6] Add init_db.sql Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/config/init_db.sql | 77 +++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 examples/compose/config/init_db.sql diff --git a/examples/compose/config/init_db.sql b/examples/compose/config/init_db.sql new file mode 100644 index 00000000000..2ed71e2fbf4 --- /dev/null +++ b/examples/compose/config/init_db.sql @@ -0,0 +1,77 @@ +# This file is executed immediately after mysql_install_db, +# to initialize a fresh data directory. +############################################################################### +# Equivalent of mysql_secure_installation +############################################################################### +# Changes during the init db should not make it to the binlog. +# They could potentially create errant transactions on replicas. +SET sql_log_bin = 0; +# Remove anonymous users. +DELETE FROM mysql.user WHERE User = ''; +# Disable remote root access (only allow UNIX socket). +DELETE FROM mysql.user WHERE User = 'root' AND Host != 'localhost'; +# Remove test database. +DROP DATABASE IF EXISTS test; +############################################################################### +# Vitess defaults +############################################################################### +# Vitess-internal database. +CREATE DATABASE IF NOT EXISTS _vt; +# Note that definitions of local_metadata and shard_metadata should be the same +# as in production which is defined in go/vt/mysqlctl/metadata_tables.go. +CREATE TABLE IF NOT EXISTS _vt.local_metadata ( + name VARCHAR(255) NOT NULL, + value VARCHAR(255) NOT NULL, + db_name VARBINARY(255) NOT NULL, + PRIMARY KEY (db_name, name) + ) ENGINE=InnoDB; +CREATE TABLE IF NOT EXISTS _vt.shard_metadata ( + name VARCHAR(255) NOT NULL, + value MEDIUMBLOB NOT NULL, + db_name VARBINARY(255) NOT NULL, + PRIMARY KEY (db_name, name) + ) ENGINE=InnoDB; +# Admin user with all privileges. +CREATE USER 'vt_dba'@'localhost'; +GRANT ALL ON *.* TO 'vt_dba'@'localhost'; +GRANT GRANT OPTION ON *.* TO 'vt_dba'@'localhost'; +# User for app traffic, with global read-write access. +CREATE USER 'vt_app'@'localhost'; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE, + REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, + LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, + SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER + ON *.* TO 'vt_app'@'localhost'; +# User for app debug traffic, with global read access. +CREATE USER 'vt_appdebug'@'localhost'; +GRANT SELECT, SHOW DATABASES, PROCESS ON *.* TO 'vt_appdebug'@'localhost'; +# User for administrative operations that need to be executed as non-SUPER. +# Same permissions as vt_app here. +CREATE USER 'vt_allprivs'@'localhost'; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE, + REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, + LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, + SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER + ON *.* TO 'vt_allprivs'@'localhost'; +# User for slave replication connections. +# TODO: Should we set a password on this since it allows remote connections? +CREATE USER 'vt_repl'@'%'; +GRANT REPLICATION SLAVE ON *.* TO 'vt_repl'@'%'; +# User for Vitess filtered replication (binlog player). +# Same permissions as vt_app. +CREATE USER 'vt_filtered'@'localhost'; +GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE, + REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, + LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, + SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER + ON *.* TO 'vt_filtered'@'localhost'; +# User for Orchestrator (https://github.com/openark/orchestrator). +# TODO: Reenable when the password is randomly generated. +CREATE USER 'orc_client_user'@'%' IDENTIFIED BY 'orc_client_user_password'; +GRANT SUPER, PROCESS, REPLICATION SLAVE, RELOAD + ON *.* TO 'orc_client_user'@'%'; +GRANT SELECT + ON _vt.* TO 'orc_client_user'@'%'; +FLUSH PRIVILEGES; +RESET SLAVE ALL; +RESET MASTER; From e626b22b901915732e36dd8a6ac3cdc76fb1ca9b Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 17:44:33 +0300 Subject: [PATCH 2/6] Switch docker image from vitess:base to vitess:lite Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/docker-compose.beginners.yml | 32 +++++++++---------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/examples/compose/docker-compose.beginners.yml b/examples/compose/docker-compose.beginners.yml index 4555cc397c8..73a16a32f6d 100644 --- a/examples/compose/docker-compose.beginners.yml +++ b/examples/compose/docker-compose.beginners.yml @@ -30,22 +30,21 @@ services: - consul1 vtctld: - image: vitess/base + image: vitess/lite ports: - "15000:$WEB_PORT" - "$GRPC_PORT" - command: ["sh", "-c", " $$VTROOT/bin/vtctld \ + command: ["sh", "-c", " /vt/bin/vtctld \ $TOPOLOGY_FLAGS \ -cell $CELL \ -workflow_manager_init \ -workflow_manager_use_election \ -service_map 'grpc-vtctl' \ -backup_storage_implementation file \ - -file_backup_storage_root $$VTDATAROOT/backups \ + -file_backup_storage_root /vt/backups \ -logtostderr=true \ -port $WEB_PORT \ - -grpc_port $GRPC_PORT \ - -pid_file $$VTDATAROOT/tmp/vtctld.pid + -grpc_port $GRPC_PORT "] depends_on: - consul1 @@ -53,12 +52,12 @@ services: - consul3 vtgate: - image: vitess/base + image: vitess/lite ports: - "15099:$WEB_PORT" - "$GRPC_PORT" - "15306:$MYSQL_PORT" - command: ["sh", "-c", "$$VTROOT/bin/vtgate \ + command: ["sh", "-c", "/vt/bin/vtgate \ $TOPOLOGY_FLAGS \ -logtostderr=true \ -port $WEB_PORT \ @@ -68,9 +67,8 @@ services: -cell $CELL \ -cells_to_watch $CELL \ -tablet_types_to_wait MASTER,REPLICA \ - -gateway_implementation discoverygateway \ -service_map 'grpc-vtgateservice' \ - -pid_file $$VTDATAROOT/tmp/vtgate.pid \ + -enable_system_settings=true \ "] volumes: - ".:/script" @@ -84,7 +82,7 @@ services: condition: service_healthy schemaload: - image: vitess/base + image: vitess/lite command: - sh - -c @@ -108,7 +106,7 @@ services: condition: service_healthy vttablet101: - image: vitess/base + image: vitess/lite ports: - "15101:$WEB_PORT" - "$GRPC_PORT" @@ -134,13 +132,13 @@ services: depends_on: - vtctld healthcheck: - test: ["CMD-SHELL","curl localhost:$$WEB_PORT/debug/health"] + test: ["CMD-SHELL","curl -s --fail --show-error localhost:$$WEB_PORT/debug/health"] interval: 30s timeout: 10s retries: 15 vttablet102: - image: vitess/base + image: vitess/lite ports: - "15102:$WEB_PORT" - "$GRPC_PORT" @@ -164,13 +162,13 @@ services: - vtctld - vttablet101 healthcheck: - test: ["CMD-SHELL","curl localhost:$$WEB_PORT/debug/health"] + test: ["CMD-SHELL","curl -s --fail --show-error localhost:$$WEB_PORT/debug/health"] interval: 30s timeout: 10s retries: 15 vttablet103: - image: vitess/base + image: vitess/lite ports: - "15103:$WEB_PORT" - "$GRPC_PORT" @@ -194,7 +192,7 @@ services: - vtctld - vttablet101 healthcheck: - test: ["CMD-SHELL","curl localhost:$$WEB_PORT/debug/health"] + test: ["CMD-SHELL","curl -s --fail --show-error localhost:$$WEB_PORT/debug/health"] interval: 30s timeout: 10s - retries: 15 \ No newline at end of file + retries: 15 From f91798037b9fe3c3a958213c4fdc1efd134e57a6 Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 17:55:46 +0300 Subject: [PATCH 3/6] make available init_db.sql as well as VT env variables Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/vttablet-up.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/examples/compose/vttablet-up.sh b/examples/compose/vttablet-up.sh index cfc9b89b44d..08d4bb83786 100755 --- a/examples/compose/vttablet-up.sh +++ b/examples/compose/vttablet-up.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2019 The Vitess Authors. +# Copyright 2020 The Vitess Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,8 @@ # limitations under the License. set -u +export VTROOT=/vt +export VTDATAROOT=/vt/vtdataroot keyspace=${KEYSPACE:-'test_keyspace'} shard=${SHARD:-'0'} @@ -46,8 +48,13 @@ if (( $uid % 100 % 3 == 0 )) ; then tablet_type='rdonly' fi +# Copy config directory +cp -R /script/config $VTROOT init_db_sql_file="$VTROOT/config/init_db.sql" +# Clear in-place edits of init_db_sql_file if any exist +sed -i '/##\[CUSTOM_SQL/{:a;N;/END\]##/!ba};//d' $init_db_sql_file +echo "##[CUSTOM_SQL_START]##" >> $init_db_sql_file # Create database on master if [ $tablet_role = "master" ]; then echo "CREATE DATABASE IF NOT EXISTS $db_name;" >> $init_db_sql_file @@ -67,6 +74,7 @@ if [ $tablet_role != "master" ]; then echo "CREATE DATABASE IF NOT EXISTS $db_name;" >> $init_db_sql_file fi fi +echo "##[CUSTOM_SQL_END]##" >> $init_db_sql_file mkdir -p $VTDATAROOT/backups From cecc976c70a479c8baa33878fb99d77585c43c10 Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 17:58:14 +0300 Subject: [PATCH 4/6] rewrite to use available binaries and allowed paths in lite image Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/schemaload.sh | 9 ++++++--- examples/compose/vttablet-up.sh | 25 +++++++++++++++---------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/examples/compose/schemaload.sh b/examples/compose/schemaload.sh index d547647c951..85cb1650b88 100755 --- a/examples/compose/schemaload.sh +++ b/examples/compose/schemaload.sh @@ -1,6 +1,6 @@ #!/bin/bash -e -# Copyright 2019 The Vitess Authors. +# Copyright 2020 The Vitess Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ schema_files=${SCHEMA_FILES:-'create_messages.sql create_tokens.sql'} vschema_file=${VSCHEMA_FILE:-'default_vschema.json'} load_file=${POST_LOAD_FILE:-''} external_db=${EXTERNAL_DB:-'0'} +export PATH=/vt/bin:$PATH sleep $sleeptime @@ -40,6 +41,8 @@ if [ ! -f schema_run ]; then vtctlclient -server vtctld:$GRPC_PORT ApplyVSchema -vschema_file /script/${vschema_file} $KEYSPACE || \ vtctlclient -server vtctld:$GRPC_PORT ApplyVSchema -vschema "$(cat /script/${vschema_file})" $KEYSPACE + echo "List All Tablets" + vtctlclient -server vtctld:$GRPC_PORT ListAllTablets echo "Get Master Tablets" master_tablets=$(vtctlclient -server vtctld:$GRPC_PORT ListAllTablets | awk '$4 == "master" { print $1 }') for master_tablet in $master_tablets; do @@ -53,7 +56,7 @@ if [ ! -f schema_run ]; then mysql --port=15306 --host=vtgate < /script/$load_file fi - touch schema_run - echo "Time: $(date). SchemaLoad completed at $(date "+%FT%T") " >> schema_run + touch /vt/schema_run + echo "Time: $(date). SchemaLoad completed at $(date "+%FT%T") " >> /vt/schema_run echo "Done Loading Schema at $(date "+%FT%T")" fi diff --git a/examples/compose/vttablet-up.sh b/examples/compose/vttablet-up.sh index 08d4bb83786..38096a20753 100755 --- a/examples/compose/vttablet-up.sh +++ b/examples/compose/vttablet-up.sh @@ -96,17 +96,21 @@ export DB_PORT=${DB_PORT:-3306} export DB_HOST=${DB_HOST:-""} export DB_NAME=$db_name +# Delete socket files before running mysqlctld if exists. +# This is the primary reason for unhealthy state on restart. +# https://github.com/vitessio/vitess/pull/5115/files +echo "Removing $VTDATAROOT/$tablet_dir/{mysql.sock,mysql.sock.lock}..." +rm -rf $VTDATAROOT/$tablet_dir/{mysql.sock,mysql.sock.lock} + # Create mysql instances # Do not create mysql instance for master if connecting to external mysql database if [[ $role != "master" || $external = 0 ]]; then echo "Initing mysql for tablet: $uid.. " - $VTROOT/bin/mysqlctl \ - -log_dir $VTDATAROOT/tmp \ - -tablet_uid $uid \ - -mysql_port 3306 \ - $action & - - wait + $VTROOT/bin/mysqlctld \ + --init_db_sql_file=$init_db_sql_file \ + --logtostderr=true \ + --tablet_uid=$uid \ + & fi sleep $sleeptime @@ -123,10 +127,11 @@ sleep $sleeptime # fi -$VTROOT/bin/vtctl $TOPOLOGY_FLAGS AddCellInfo -root vitess/$CELL -server_address consul1:8500 $CELL || true +$VTROOT/bin/vtctlclient -server vtctld:$GRPC_PORT AddCellInfo -root vitess/$CELL -server_address consul1:8500 $CELL || true +$VTROOT/bin/vtctlclient -server vtctld:$GRPC_PORT CreateKeyspace $keyspace || true +$VTROOT/bin/vtctlclient -server vtctld:$GRPC_PORT CreateShard $keyspace/$shard || true +$VTROOT/bin/vtctlclient -server vtctld:$GRPC_PORT InitTablet -parent -shard $shard -keyspace $keyspace -grpc_port $grpc_port -port $web_port -allow_master_override $alias $tablet_role -$VTROOT/bin/vtctl $TOPOLOGY_FLAGS CreateKeyspace $keyspace || true -$VTROOT/bin/vtctl $TOPOLOGY_FLAGS CreateShard $keyspace/$shard || true #Populate external db conditional args if [ "$external" = "1" ]; then From d01770af5cebdc2962b72ff1fdb8e7cb10b64893 Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 18:46:43 +0300 Subject: [PATCH 5/6] fix vtctld backup_storage_root path Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/docker-compose.beginners.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/compose/docker-compose.beginners.yml b/examples/compose/docker-compose.beginners.yml index 73a16a32f6d..adcfddd82b2 100644 --- a/examples/compose/docker-compose.beginners.yml +++ b/examples/compose/docker-compose.beginners.yml @@ -41,7 +41,7 @@ services: -workflow_manager_use_election \ -service_map 'grpc-vtctl' \ -backup_storage_implementation file \ - -file_backup_storage_root /vt/backups \ + -file_backup_storage_root /vt/vtdataroot/backups \ -logtostderr=true \ -port $WEB_PORT \ -grpc_port $GRPC_PORT From 32f8376d2a041f4b899abd048e05b504347d1fd2 Mon Sep 17 00:00:00 2001 From: jawabuu <49921621+jawabuu@users.noreply.github.com> Date: Sat, 7 Nov 2020 21:03:51 +0300 Subject: [PATCH 6/6] update vtcompose to use vites:lite image Signed-off-by: jawabuu <49921621+jawabuu@users.noreply.github.com> --- examples/compose/vtcompose/vtcompose.go | 30 +++++++++++-------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/examples/compose/vtcompose/vtcompose.go b/examples/compose/vtcompose/vtcompose.go index 5337d87b2f9..db91194b582 100644 --- a/examples/compose/vtcompose/vtcompose.go +++ b/examples/compose/vtcompose/vtcompose.go @@ -1,5 +1,5 @@ /* - * Copyright 2019 The Vitess Authors. + * Copyright 2020 The Vitess Authors. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -504,8 +504,8 @@ func generateDefaultShard(tabAlias int, shard string, keyspaceData keyspaceInfo, - op: add path: /services/init_shard_master%[2]d value: - image: vitess/base - command: ["sh", "-c", "$$VTROOT/bin/vtctl %[5]s InitShardMaster -force %[4]s/%[3]s %[6]s-%[2]d "] + image: vitess/lite + command: ["sh", "-c", "/vt/bin/vtctlclient %[5]s InitShardMaster -force %[4]s/%[3]s %[6]s-%[2]d "] %[1]s `, dependsOn, aliases[0], shard, keyspaceData.keyspace, opts.topologyFlags, opts.cell) } @@ -539,7 +539,7 @@ func generateDefaultTablet(tabAlias int, shard, role, keyspace string, dbInfo ex - op: add path: /services/vttablet%[1]d value: - image: vitess/base + image: vitess/lite ports: - "15%[1]d:%[4]d" - "%[5]d" @@ -565,7 +565,7 @@ func generateDefaultTablet(tabAlias int, shard, role, keyspace string, dbInfo ex depends_on: - vtctld healthcheck: - test: ["CMD-SHELL","curl localhost:%[4]d/debug/health"] + test: ["CMD-SHELL","curl -s --fail --show-error localhost:%[4]d/debug/health"] interval: 30s timeout: 10s retries: 15 @@ -577,22 +577,21 @@ func generateVtctld(opts vtOptions) string { - op: add path: /services/vtctld value: - image: vitess/base + image: vitess/lite ports: - "15000:%[1]d" - "%[2]d" - command: ["sh", "-c", " $$VTROOT/bin/vtctld \ + command: ["sh", "-c", " /vt/bin/vtctld \ %[3]s \ -cell %[4]s \ -workflow_manager_init \ -workflow_manager_use_election \ -service_map 'grpc-vtctl' \ -backup_storage_implementation file \ - -file_backup_storage_root $$VTDATAROOT/backups \ + -file_backup_storage_root /vt/vtdataroot/backups \ -logtostderr=true \ -port %[1]d \ -grpc_port %[2]d \ - -pid_file $$VTDATAROOT/tmp/vtctld.pid "] volumes: - .:/script @@ -608,12 +607,12 @@ func generateVtgate(opts vtOptions) string { - op: add path: /services/vtgate value: - image: vitess/base + image: vitess/lite ports: - "15099:%[1]d" - "%[2]d" - "15306:%[3]d" - command: ["sh", "-c", "/script/run-forever.sh $$VTROOT/bin/vtgate \ + command: ["sh", "-c", "/script/run-forever.sh /vt/bin/vtgate \ %[4]s \ -logtostderr=true \ -port %[1]d \ @@ -623,9 +622,7 @@ func generateVtgate(opts vtOptions) string { -cell %[5]s \ -cells_to_watch %[5]s \ -tablet_types_to_wait MASTER,REPLICA,RDONLY \ - -gateway_implementation discoverygateway \ -service_map 'grpc-vtgateservice' \ - -pid_file $$VTDATAROOT/tmp/vtgate.pid \ -normalize_queries=true \ "] volumes: @@ -640,11 +637,11 @@ func generateVtwork(opts vtOptions) string { - op: add path: /services/vtwork value: - image: vitess/base + image: vitess/lite ports: - "15100:%[1]d" - "%[2]d" - command: ["sh", "-c", "$$VTROOT/bin/vtworker \ + command: ["sh", "-c", "/vt/bin/vtworker \ %[3]s \ -cell %[4]s \ -logtostderr=true \ @@ -652,7 +649,6 @@ func generateVtwork(opts vtOptions) string { -port %[1]d \ -grpc_port %[2]d \ -use_v3_resharding_mode=true \ - -pid_file $$VTDATAROOT/tmp/vtwork.pid \ "] depends_on: - vtctld @@ -685,7 +681,7 @@ func generateSchemaload( - op: add path: /services/schemaload_%[7]s value: - image: vitess/base + image: vitess/lite volumes: - ".:/script" environment: