diff --git a/.github/workflows/managed.yml b/.github/workflows/managed.yml index 3e46bb4d39..3e7d2e8ea9 100644 --- a/.github/workflows/managed.yml +++ b/.github/workflows/managed.yml @@ -78,7 +78,15 @@ jobs: run: docker exec -i pmm-server git config --global --add safe.directory /root/go/src/github.com/percona/pmm - name: Update binaries - run: docker exec -i pmm-server make run-managed-ci run-agent run-vmproxy + run: | + # We need to make this directory owned by pmm, since it's currently owned by the grafana user in the devcontainer. + # TODO: remove the line below after this PR is merged to v3. + docker exec -t pmm-server chown -R pmm:pmm /etc/grafana /srv/grafana + docker exec -i pmm-server make run-managed-ci run-agent run-vmproxy + + - name: Check the status of components + run: | + docker exec -t pmm-server supervisorctl status || : - name: Run tests run: docker exec -i pmm-server make -C managed test-cover diff --git a/Makefile b/Makefile index 94c955890f..56c874f910 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ env-update-image: ## Pull latest dev image env-compose-up: env-update-image COMPOSE_PROFILES=$(PROFILES) \ - docker compose up --detach --renew-anon-volumes --remove-orphans + docker compose up --detach --renew-anon-volumes --remove-orphans --wait --wait-timeout 100 env-devcontainer: docker exec -it --workdir=/root/go/src/github.com/percona/pmm pmm-server .devcontainer/setup.py diff --git a/build/ansible/pmm/post-build-actions.yml b/build/ansible/pmm/post-build-actions.yml index 8ad28081ab..72c8c95e4a 100644 --- a/build/ansible/pmm/post-build-actions.yml +++ b/build/ansible/pmm/post-build-actions.yml @@ -71,14 +71,10 @@ --server-address=127.0.0.1:443 --server-insecure-tls - - name: Reread supervisord configuration EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl reread - register: reread_result - changed_when: "'No config updates to processes' not in reread_result.stdout" - - name: Reread supervisord configuration EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' command: /usr/local/bin/supervisorctl reread register: reread_result changed_when: "'No config updates to processes' not in reread_result.stdout" @@ -86,21 +82,14 @@ - name: See what services are running debug: var=reread_result.stdout_lines - - name: Stop pmm-managed before deleting the database EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - supervisorctl: - name: pmm-managed - state: stopped - ignore_errors: True - - name: Stop pmm-managed before deleting the database EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' supervisorctl: name: pmm-managed state: stopped supervisorctl_path: /usr/local/bin/supervisorctl - # become: true - # ignore_errors: True - name: Supervisord stop | Stop supervisord service for AMI/OVF when: ansible_virtualization_type != "docker" @@ -128,16 +117,10 @@ ignore_errors: yes when: ansible_virtualization_type != "docker" - - name: Remove pmm-managed database EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - postgresql_db: - login_user: postgres - name: pmm-managed - state: absent - register: db_check_result - - name: Remove pmm-managed database EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' postgresql_db: login_user: postgres name: pmm-managed @@ -150,7 +133,6 @@ msg: "pmm-managed database was removed" when: db_check_result.changed == True - - name: Remove pmm-managed role from postgres postgresql_user: name: pmm-managed @@ -167,10 +149,6 @@ when: ansible_virtualization_type != "docker" service: name=supervisord state=stopped enabled=yes - - name: Supervisord stop EL7 | Stop supervisord service for docker - when: ansible_virtualization_type == "docker" and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - shell: supervisorctl shutdown - - name: Supervisord stop EL9 | Stop supervisord service for docker when: ansible_virtualization_type == "docker" and (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' shell: /usr/local/bin/supervisorctl shutdown @@ -180,8 +158,10 @@ # "yum clean all" function will only remove cache from configured yum repositories # Details: https://bugzilla.redhat.com/show_bug.cgi?id=1357083 - - name: Remove yum cache | Remove yum cache dir - command: rm -rf /var/cache/yum + - name: Cleanup yum cache + file: + state: absent + path: /var/cache/yum - name: Post-build cleanup | Cleanup build logs and data file: path={{ item }} state=absent @@ -207,7 +187,7 @@ path: /srv/victoriametrics owner: pmm group: pmm - mode: '0775' + mode: 0775 with_items: - absent - directory @@ -218,4 +198,4 @@ state: directory owner: pmm group: pmm - mode: "0775" + mode: 0775 diff --git a/build/ansible/roles/ami-ovf/tasks/main.yml b/build/ansible/roles/ami-ovf/tasks/main.yml index 9aebe59308..d9431f4631 100644 --- a/build/ansible/roles/ami-ovf/tasks/main.yml +++ b/build/ansible/roles/ami-ovf/tasks/main.yml @@ -7,18 +7,6 @@ - name: Packages | Clean up yum metadata command: yum clean metadata -- name: Packages | Add PMM3 Server release repository for EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - yum_repository: - name: pmm-server - description: PMM Server YUM repository - x86_64 - baseurl: https://repo.percona.com/pmm3-components/yum/experimental/7/RPMS/x86_64/ - gpgcheck: yes - enabled: yes - gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY - - name: Packages | Add PMM3 Server release repository for EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -31,14 +19,6 @@ enabled: yes gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -- name: Disable SELinux | EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - selinux: - policy: targeted - state: permissive - - name: Disable SELinux | EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -49,15 +29,6 @@ policy: targeted state: permissive -- name: Add firewalld rule | EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - firewalld: port={{ item }} permanent=true state=enabled immediate=yes - with_items: - - 80/tcp - - 443/tcp - - name: Add firewalld rule | EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -86,12 +57,6 @@ - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' - ansible_distribution_major_version == '9' -- name: PMM | Delete centos EL7 - shell: cd /tmp; nohup sh -c "trap 'userdel -r centos' EXIT; sleep 600" /dev/null 2>&1 & - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - - name: PMM | Delete ec2-user EL9 shell: cd /tmp; nohup sh -c "trap 'userdel -r ec2-user' EXIT; sleep 600" /dev/null 2>&1 & when: diff --git a/build/ansible/roles/cloud-node/tasks/main.yml b/build/ansible/roles/cloud-node/tasks/main.yml index b5fb6bcf6b..0f37c1b556 100644 --- a/build/ansible/roles/cloud-node/tasks/main.yml +++ b/build/ansible/roles/cloud-node/tasks/main.yml @@ -1,13 +1,5 @@ --- # Common things for all cloud images -- name: Packages | Add EPEL repository for EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - yum: - name: https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-14.noarch.rpm - state: installed - - name: Packages | Add EPEL repository for EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -16,19 +8,6 @@ name: epel-release state: installed -- name: Packages | Install OS tools for EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - yum: - name: - - screen - - yum-utils - - cloud-init - - firewalld - - python2-pip - - ansible - - name: Packages | Install OS tools for EL9 when: - (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' @@ -41,16 +20,6 @@ - python3-libselinux - python3-firewall -- name: Firewalld | Start EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - - ansible_os_family == 'RedHat' - service: - name: firewalld - state: started - enabled: yes - - name: Firewalld | Start EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -137,13 +106,6 @@ dest: /etc/sudoers.d/90-admin-user mode: 0440 -- name: change cloud user EL7 | Change cloud user - when: create_admin == "true" and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - replace: - dest: /etc/cloud/cloud.cfg - regexp: "name: centos" - replace: "name: admin" - - name: change cloud user for OVF EL9 | Change cloud user when: - create_admin == "true" diff --git a/build/ansible/roles/pmm-images/files/grafana.ini b/build/ansible/roles/pmm-images/files/grafana.ini index 0e8b05106c..8bc767213d 100644 --- a/build/ansible/roles/pmm-images/files/grafana.ini +++ b/build/ansible/roles/pmm-images/files/grafana.ini @@ -7,7 +7,7 @@ command = /usr/sbin/grafana server --homepath=/usr/share/grafana --config=/etc/grafana/grafana.ini -user = grafana +user = pmm directory = /usr/share/grafana autorestart = true autostart = true diff --git a/build/ansible/roles/pmm-images/tasks/main.yml b/build/ansible/roles/pmm-images/tasks/main.yml index 0dec550a35..9a8a1cdec3 100644 --- a/build/ansible/roles/pmm-images/tasks/main.yml +++ b/build/ansible/roles/pmm-images/tasks/main.yml @@ -4,21 +4,10 @@ state: present key: https://downloads.percona.com/downloads/RPM-GPG-KEY-percona -- name: Packages | Add PMM3 Server YUM repository for EL7 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - yum_repository: - name: pmm-server - description: PMM Server YUM repository - x86_64 - baseurl: https://repo.percona.com/pmm3-components/yum/{{ pmm_server_repo }}/7/RPMS/x86_64/ - gpgcheck: yes - enabled: yes - gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY - - name: Packages | Add PMM3 Server YUM repository for EL9 when: - - (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' yum_repository: name: pmm-server description: PMM Server YUM repository - x86_64 @@ -27,7 +16,7 @@ enabled: yes gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY -# local yum repo for building of pmm server docker image in autobuild jobs +# local yum repo for building pmm server docker image in autobuild jobs - name: PMM | Add local YUM repository when: ansible_virtualization_type == "docker" yum_repository: @@ -47,16 +36,6 @@ state: installed ignore_errors: True -- name: Packages | Update OS EL7 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - yum: - name: "*" - state: latest - exclude: "ansible*" - disablerepo: percona-release-x86_64 - - name: Packages | Update OS EL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -66,18 +45,10 @@ state: latest disablerepo: percona-release-x86_64 -- name: Packages | Install OS tools for EL7 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - yum: - name: - - python2-pip - - rsync - - name: Packages | Install OS tools for EL9 when: - - (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' yum: name: - python3-pip @@ -101,7 +72,6 @@ loop: - { name: pmm, gid: 1000 } - { name: nginx, gid: 999 } - - { name: grafana, gid: 998 } - { name: clickhouse, gid: 997 } - name: Create users | Create users @@ -116,7 +86,6 @@ loop: - { name: pmm, uid: 1000, comment: "PMM Server", shell: "/bin/false", home: "/home/pmm", group: pmm, } - { name: nginx, uid: 999, comment: "nginx user", shell: "/sbin/nologin", home: "/var/cache/nginx", group: nginx, } - - { name: grafana, uid: 998, comment: "Grafana Dashboard", shell: "/sbin/nologin", home: "/etc/grafana", group: grafana, } - { name: clickhouse, uid: 997, comment: "Clickhouse server", shell: "/sbin/nologin", home: "/var/lib/clickhouse", group: clickhouse, } when: ansible_virtualization_type == "docker" @@ -126,6 +95,7 @@ - /srv/prometheus/data - /srv/prometheus/rules - /srv/alertmanager/data + - /etc/grafana - name: Create directories | Create dirs file: @@ -133,7 +103,7 @@ state: directory owner: pmm group: pmm - mode: "0775" + mode: 0775 - name: Create dirs | Create dirs when: ansible_virtualization_type == "docker" @@ -156,7 +126,6 @@ - percona-alertmanager - pmm-managed - pmm-update - - grafana-db-migrator - pmm-dump - vmproxy state: installed @@ -170,6 +139,27 @@ include_role: name: pmm-client +- name: Remove ansible RPM if installed | EL9 + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + yum: + name: ansible + state: absent + ignore_errors: true + +- name: Install ansible-core RPM | EL9 + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + yum: + name: + - ansible-core + - ansible-collection-community-general + - ansible-collection-community-postgresql + - ansible-collection-ansible-posix + state: present + - name: Disable pmm-agent service | Disable pmm-agent when: ansible_virtualization_type != "docker" service: name=pmm-agent state=stopped enabled=no @@ -182,4 +172,4 @@ copy: src: grafana.ini dest: /etc/supervisord.d/grafana.ini - mode: "0644" + mode: 0644 diff --git a/build/ansible/roles/supervisord-init/tasks/main.yml b/build/ansible/roles/supervisord-init/tasks/main.yml index 9dd37bcb05..73df7c6da8 100644 --- a/build/ansible/roles/supervisord-init/tasks/main.yml +++ b/build/ansible/roles/supervisord-init/tasks/main.yml @@ -1,9 +1,4 @@ --- -- name: Install supervisor | EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - pip: - name: supervisor==3.4.0 - - name: Install supervisor | EL9 when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' pip: @@ -13,14 +8,10 @@ when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' shell: if [ ! -e /usr/bin/supervisord ]; then ln -s /usr/local/bin/supervisord /usr/bin/supervisord; fi -- name: Configure supervisor EL7 | Create a default configuration file for supervisord - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - shell: echo_supervisord_conf > /etc/supervisord.conf - - name: Configure supervisor EL9 | Create a default configuration file for supervisord when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' shell: /usr/local/bin/echo_supervisord_conf > /etc/supervisord.conf - ignore_errors: yes + ignore_errors: True - name: Configure supervisor | Modify supervisord.conf ini_file: @@ -66,7 +57,7 @@ - name: Configure supervisor | Create /etc/supervisord.d dir file: path: /etc/supervisord.d - mode: "0755" + mode: 0755 state: directory - name: Configure supervisor | Add /etc/tmpfiles.d/supervisor.conf config @@ -112,4 +103,4 @@ - name: Debug | Print the contents of supervisord.conf debug: msg: - - "{{ lookup('file', '/etc/supervisord.conf') }}" + - "{{ lookup('file', '/etc/supervisord.conf') | split('\n') }}" diff --git a/build/docker/server/create_users.sh b/build/docker/server/create_users.sh index 14aee0f31c..78a9bf35da 100644 --- a/build/docker/server/create_users.sh +++ b/build/docker/server/create_users.sh @@ -3,7 +3,6 @@ users=( "pmm:1000:/bin/false:/home/pmm:pmm" "nginx:999:/sbin/nologin:/var/cache/nginx:nginx" - "grafana:998:/sbin/nologin:/etc/grafana:grafana" "clickhouse:997:/sbin/nologin:/var/lib/clickhouse:clickhouse" ) diff --git a/build/packages/rpm/server/SPECS/grafana.spec b/build/packages/rpm/server/SPECS/grafana.spec index 43f815c837..f3d6e644ee 100644 --- a/build/packages/rpm/server/SPECS/grafana.spec +++ b/build/packages/rpm/server/SPECS/grafana.spec @@ -2,7 +2,7 @@ %global commit 7ff49f34a3998067fa1ea480c07e0c74939ea306 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define build_timestamp %(date -u +"%y%m%d%H%M") -%define release 100 +%define release 102 %define grafana_version 9.2.20 %define full_pmm_version 2.0.0 %define full_version v%{grafana_version}-%{full_pmm_version} @@ -65,25 +65,26 @@ mv conf/ldap.toml %{buildroot}%{_sysconfdir}/grafana/ install -d -p %{buildroot}%{_sharedstatedir}/grafana %files -%defattr(-, grafana, grafana, -) +%defattr(-, pmm, pmm, -) %{_datadir}/grafana %doc CHANGELOG.md README.md %license LICENSE -%attr(0755, root, root) %{_sbindir}/grafana -%attr(0755, root, root) %{_sbindir}/grafana-server -%attr(0755, root, root) %{_bindir}/grafana-cli +%attr(0755, pmm, pmm) %{_sbindir}/grafana +%attr(0755, pmm, pmm) %{_sbindir}/grafana-server +%attr(0755, pmm, pmm) %{_bindir}/grafana-cli %{_sysconfdir}/grafana/grafana.ini %{_sysconfdir}/grafana/ldap.toml %dir %{_sharedstatedir}/grafana %pre -getent group grafana >/dev/null || groupadd -r grafana -getent passwd grafana >/dev/null || \ - useradd -r -g grafana -d /etc/grafana -s /sbin/nologin \ - -c "Grafana Server" grafana +getent group pmm >/dev/null || echo "Group pmm does not exist. Please create it manually." +getent passwd pmm >/dev/null || echo "User pmm does not exist. Please create it manually." exit 0 %changelog +* Mon Nov 27 2023 Alex Demidoff - 9.2.20-2 +- PMM-12693 Run Grafana as non-root user + * Tue Jun 27 2023 Matej Kubinec - 9.2.20-1 - PMM-12254 Grafana 9.2.20 diff --git a/build/packages/rpm/server/SPECS/percona-dashboards.spec b/build/packages/rpm/server/SPECS/percona-dashboards.spec index d5b756cf24..5a1a895ed3 100644 --- a/build/packages/rpm/server/SPECS/percona-dashboards.spec +++ b/build/packages/rpm/server/SPECS/percona-dashboards.spec @@ -7,13 +7,13 @@ %global commit ad4af6808bcd361284e8eb8cd1f36b1e98e32bce %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define build_timestamp %(date -u +"%y%m%d%H%M") -%define release 20 +%define release 21 %define rpm_release %{release}.%{build_timestamp}.%{shortcommit}%{?dist} Name: percona-dashboards Version: %{version} Release: %{rpm_release} -Summary: Grafana dashboards for MySQL and MongoDB monitoring using Prometheus +Summary: Grafana dashboards for monitoring License: AGPLv3 URL: https://%{provider} @@ -53,10 +53,13 @@ echo %{version} > %{buildroot}%{_datadir}/%{name}/VERSION %files %license LICENSE %doc README.md LICENSE -%attr(-,grafana,grafana) %{_datadir}/%{name} +%attr(-,pmm,pmm) %{_datadir}/%{name} %changelog +* Wed Nov 29 2023 Alex Demidoff - 3.0.0-21 +- PMM-12693 Run Grafana as non-root user + * Wed Jul 12 2023 Alex Tymchuk - 2.39.0-20 - PMM-12231 Set grafana user as owner of plugins directory diff --git a/build/scripts/build-server-rpm-all b/build/scripts/build-server-rpm-all index ab21a205ee..7b21335b36 100755 --- a/build/scripts/build-server-rpm-all +++ b/build/scripts/build-server-rpm-all @@ -10,13 +10,11 @@ ${bin_dir}/build-server-rpm pmm-managed pmm ${bin_dir}/build-server-rpm percona-qan-api2 pmm ${bin_dir}/build-server-rpm pmm-update pmm ${bin_dir}/build-server-rpm pmm-dump -${bin_dir}/build-server-rpm grafana-db-migrator ${bin_dir}/build-server-rpm vmproxy pmm # 3rd-party ${bin_dir}/build-server-rpm victoriametrics ${bin_dir}/build-server-rpm alertmanager ${bin_dir}/build-server-rpm grafana -# ${bin_dir}/build-server-rpm grafana-db-migrator # vim: expandtab shiftwidth=4 tabstop=4 diff --git a/managed/services/supervisord/supervisord.go b/managed/services/supervisord/supervisord.go index 94f2019c80..55718c1b07 100644 --- a/managed/services/supervisord/supervisord.go +++ b/managed/services/supervisord/supervisord.go @@ -838,7 +838,7 @@ environment = GF_UNIFIED_ALERTING_HA_ADVERTISE_ADDRESS="{{ .HAAdvertiseAddress }}:{{ .GrafanaGossipPort }}", GF_UNIFIED_ALERTING_HA_PEERS="{{ .HANodes }}" {{- end}} -user = grafana +user = pmm directory = /usr/share/grafana autorestart = true autostart = true diff --git a/managed/testdata/supervisord.d/grafana.ini b/managed/testdata/supervisord.d/grafana.ini index b049c82690..38ca8f1540 100644 --- a/managed/testdata/supervisord.d/grafana.ini +++ b/managed/testdata/supervisord.d/grafana.ini @@ -18,7 +18,7 @@ environment = PERCONA_TEST_PMM_CLICKHOUSE_DATASOURCE_ADDR="127.0.0.1:8123", PERCONA_TEST_PMM_CLICKHOUSE_HOST="127.0.0.1", PERCONA_TEST_PMM_CLICKHOUSE_PORT="9000", -user = grafana +user = pmm directory = /usr/share/grafana autorestart = true autostart = true diff --git a/update/ansible/playbook/tasks/roles/clickhouse/tasks/main.yml b/update/ansible/playbook/tasks/roles/clickhouse/tasks/main.yml index aef5604d30..7b22839c69 100644 --- a/update/ansible/playbook/tasks/roles/clickhouse/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/clickhouse/tasks/main.yml @@ -1,14 +1,4 @@ --- -- name: Stop and remove clickhouse before update | EL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - command: supervisorctl {{ item }} clickhouse - changed_when: True - loop: - - stop - - remove - - name: Find supervisord's socket stat: path: /var/run/supervisor/supervisor.sock @@ -91,7 +81,7 @@ path: "/usr/bin/clickhouse-odbc-bridge" state: absent -- name: Change ownership for clickhouse directory +- name: Change ownership of clickhouse directory file: path: /srv/clickhouse/ owner: root @@ -107,8 +97,3 @@ loop: - present - started - -- name: Start clickhouse EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl add clickhouse - changed_when: True diff --git a/update/ansible/playbook/tasks/roles/dashboards_upgrade/tasks/main.yml b/update/ansible/playbook/tasks/roles/dashboards_upgrade/tasks/main.yml index 6b7b4dbc0c..308cb64d85 100644 --- a/update/ansible/playbook/tasks/roles/dashboards_upgrade/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/dashboards_upgrade/tasks/main.yml @@ -1,37 +1,4 @@ --- -- name: Check that old plugin dir exists - stat: - path: /var/lib/grafana/plugins/ - register: old_plugin_dir_exist - -- name: Copy plugins from old plugin directory - block: - - name: Find custom plugins in old plugin dir - find: - paths: /var/lib/grafana/plugins - recurse: no - file_type: directory - excludes: - - "*-???????" - - pmm-app - register: custom_plugins - - - name: Synchronization plugins (for versions before 2.22.0) - synchronize: - src: "{{ item['path'] }}" - dest: "/srv/grafana/plugins/" - loop: "{{ custom_plugins['files'] }}" - - - name: Find custom plugin in old plugin dir - find: - paths: /var/lib/grafana/plugins - recurse: no - file_type: directory - excludes: - - "*-???????" - - pmm-app - when: old_plugin_dir_exist.stat.exists - - name: Get plugin list register: plugin_list find: @@ -39,7 +6,7 @@ depth: 2 file_type: directory -- name: Delete existing dist folder +- name: Delete redundant dist folders file: path: "/srv/grafana/plugins/{{ item['path'].split('/')[-1] }}" state: absent @@ -54,36 +21,19 @@ file: path: "/srv/grafana/plugins" state: directory - owner: grafana - group: grafana - mode: "0775" - -- name: Check that the SQLite grafana database exists - stat: - path: /srv/grafana/grafana.db - register: sqlite_grafana - -- name: Remove the old clickhouse plugin - shell: grafana cli --pluginsDir /srv/grafana/plugins plugins remove vertamedia-clickhouse-datasource || true - when: not ansible_check_mode - -- name: Restart grafana with new plugins EL7 - supervisorctl: - name: grafana - state: restarted - become: true - ignore_errors: true - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - # TODO: fix the race condition. - # We generate grafana supervisor config in pmm-managed and it may not exist at this stage + owner: pmm + group: pmm + mode: 0775 + recurse: yes - name: Restart grafana with new plugins EL9 supervisorctl: name: grafana state: restarted - supervisorctl_path: /usr/local/bin/supervisorctl become: true - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' ignore_errors: true # TODO: fix the race condition. # We generate grafana supervisor config in pmm-managed and it may not exist at this stage diff --git a/update/ansible/playbook/tasks/roles/grafana/tasks/main.yml b/update/ansible/playbook/tasks/roles/grafana/tasks/main.yml index e212ed109d..cd007335da 100644 --- a/update/ansible/playbook/tasks/roles/grafana/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/grafana/tasks/main.yml @@ -3,67 +3,34 @@ file: path: "{{ item }}" state: directory - owner: grafana - group: grafana - mode: "0775" + owner: pmm + group: pmm + mode: 0755 loop: - /srv/grafana - /srv/grafana/plugins -- name: Set Grafana folder for plugins on /srv partition for all users - lineinfile: - path: /etc/bashrc - line: "export GF_PLUGIN_DIR=/srv/grafana/plugins" +- name: Set ownership on /etc/grafana + file: + path: /etc/grafana + state: directory + owner: pmm + group: pmm + mode: 0744 + recurse: true - name: Copy new version of grafana.ini copy: src: grafana.ini dest: /etc/grafana/grafana.ini - owner: grafana - group: grafana - mode: "0444" - -- name: Check that the SQLite grafana database exists - stat: - path: /srv/grafana/grafana.db - register: sqlite_grafana - -- name: Temporary change database to SQLite - block: - - name: Remove database options (SQLite is default) - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: type - state: absent - - - name: Remove database host - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: host - state: absent - - - name: Remove database user - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: user - state: absent - - - name: Remove database password - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: password - state: absent - when: sqlite_grafana.stat.exists + owner: pmm + group: pmm - name: Create provisioning directory file: path: "/usr/share/grafana/conf/provisioning/{{ item }}" - owner: grafana - group: grafana + owner: pmm + group: pmm state: directory loop: - datasources @@ -74,13 +41,14 @@ copy: src: "{{ item }}.yml" dest: "/usr/share/grafana/conf/provisioning/{{ item }}/default.yml" - owner: grafana - group: grafana + owner: pmm + group: pmm loop: - datasources - plugins - dashboards -- name: Upgrade grafana database (Get the latest schema) - command: grafana cli --homepath=/usr/share/grafana admin data-migration encrypt-datasource-passwords - changed_when: True +# This was redundant, as the schema is migrated during the startup phase +# - name: Upgrade grafana database (apply the latest schema) +# command: grafana cli --homepath=/usr/share/grafana --config=/etc/grafana/grafana.ini admin data-migration encrypt-datasource-passwords +# changed_when: True diff --git a/update/ansible/playbook/tasks/roles/initialization/tasks/main.yml b/update/ansible/playbook/tasks/roles/initialization/tasks/main.yml index 5113096993..cffa2f73b0 100644 --- a/update/ansible/playbook/tasks/roles/initialization/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/initialization/tasks/main.yml @@ -53,17 +53,6 @@ mode: 0644 when: docker_upgrade -# PMM-10858 - In certain environments, including AWS EC2, some of the -# EPEL repository mirrors do not respond within the time limit defined -# by pmm-update which is currently set to 30 seconds. This was causing -# supervisord to kill pmm-update-checker -- name: Update repository settings - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - command: yum-config-manager --setopt=epel.timeout=1 --save - changed_when: True - - name: Clean yum metadata command: yum clean metadata become: true @@ -97,16 +86,6 @@ path: /srv/backup state: directory -- name: Check if Postgres 11 exists - stat: - path: /srv/postgres - register: is_postgres_11 - -- name: Upgrade Postgres database - include_role: - name: postgres - when: is_postgres_11.stat.exists - - name: Create grafana DB block: - name: Create grafana database in postgres @@ -139,75 +118,13 @@ - name: Create empty configuration file for VictoriaMetrics file: path=/etc/victoriametrics-promscrape.yml state=touch owner=pmm group=pmm -- name: Run operations for docker-way upgrade - block: - - name: Check that the SQLite grafana database exists - stat: - path: /srv/grafana/grafana.db - register: is_database_sqlite - - - name: Run SQLite -> Postgres only - block: - - name: Remove database options (SQLite is default) - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: type - state: absent - - - name: Remove database host - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: host - state: absent - - - name: Remove database user - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: user - state: absent - - - name: Remove database password - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: password - state: absent - - - name: Upgrade grafana database (Get the latest schema) - command: grafana cli --homepath=/usr/share/grafana admin data-migration encrypt-datasource-passwords - changed_when: True - - - name: Start grafana again - supervisorctl: - name: grafana - state: restarted - - - name: Wait for grafana - pause: seconds=10 - - - name: Migrate Grafana database from SQLite to Postgresql - include_role: - name: sqlite-to-postgres - tags: - - skip_ansible_lint # '503 Tasks that run when changed should likely be handlers'. - when: is_database_sqlite.stat.exists - - - name: Change default admin id - postgresql_query: - db: grafana - query: UPDATE "user" SET id='1' WHERE login='admin'; - when: not ansible_check_mode - - when: docker_upgrade - - name: Copy file with image version copy: src: /usr/share/percona-dashboards/VERSION dest: /srv/grafana/PERCONA_DASHBOARDS_VERSION - owner: grafana + owner: pmm + group: pmm + mode: 0666 remote_src: yes when: not pmm_current_version is version(pmm_image_version, '>=') @@ -227,5 +144,3 @@ path: /usr/share/pmm-server/maintenance/maintenance.html # We use current_version_file['failed'] because we don't want to run this on creating container when: docker_upgrade - - diff --git a/update/ansible/playbook/tasks/roles/nginx/tasks/main.yml b/update/ansible/playbook/tasks/roles/nginx/tasks/main.yml index 57d7f95ae6..1ae7e56102 100644 --- a/update/ansible/playbook/tasks/roles/nginx/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/nginx/tasks/main.yml @@ -1,16 +1,5 @@ --- # We already have nginx package in epel repo -- name: Add Nginx repository for RHEL7 - when: - - ansible_distribution == 'CentOS' - - ansible_distribution_major_version == '7' - yum_repository: - name: nginx - description: nginx repo - baseurl: http://nginx.org/packages/centos/7/$basearch/ - gpgcheck: no - enabled: no - - name: Add Nginx repository for RHEL9 when: - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' @@ -81,12 +70,3 @@ src: local-rss.xml dest: /usr/share/pmm-server/static/ mode: 0644 - -# - name: Restart nginx -# command: /usr/local/bin/supervisorctl {{ item }} nginx -# become: true -# changed_when: True -# loop: -# - "stop" -# - "remove" -# - "add" diff --git a/update/ansible/playbook/tasks/roles/postgres/tasks/main.yml b/update/ansible/playbook/tasks/roles/postgres/tasks/main.yml index e70c17ca80..1b1dd56d42 100644 --- a/update/ansible/playbook/tasks/roles/postgres/tasks/main.yml +++ b/update/ansible/playbook/tasks/roles/postgres/tasks/main.yml @@ -1,43 +1,5 @@ --- # Install Postgres -- name: Install Postgres for EL7 - block: - - name: Add PostgreSQL 14 YUM repository for EL7 - yum_repository: - name: percona-ppg-14 - description: PostgreSQL YUM repository - x86_64 - baseurl: http://repo.percona.com/ppg-14/yum/release/7/RPMS/x86_64 - gpgcheck: yes - enabled: yes - gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY - - - name: Add PostgreSQL 11 YUM repository for EL7 - yum_repository: - name: percona-ppg-11 - description: PostgreSQL YUM repository - x86_64 - baseurl: http://repo.percona.com/ppg-11/yum/release/7/RPMS/x86_64 - gpgcheck: yes - enabled: yes - gpgkey: file:///etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY - - # we need the old postgres binary for the upgrade process - - name: Install Postgres - when: - - not ansible_check_mode - yum: - name: - - percona-postgresql14-server - - percona-postgresql14-contrib - - percona-postgresql14 - - percona-postgresql11-server - - percona-postgresql11-contrib - - percona-postgresql11 - - python-psycopg2 # Python PostgreSQL database adapterĀ§ - state: installed - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - - name: Install Postgres for EL9 block: - name: Add PostgreSQL 14 YUM repository for EL9 @@ -118,18 +80,6 @@ path: /var/run/supervisor/supervisor.sock register: is_upgrade - - name: Stop pmm-managed and postgres before backup database | EL7 - supervisorctl: - name: "{{ item }}" - state: stopped - loop: - - pmm-managed - - postgresql - become: true - when: - - is_upgrade.stat.exists - - ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - - name: Stop pmm-managed and postgres before backup database | EL9 supervisorctl: name: "{{ item }}" @@ -217,25 +167,11 @@ state: absent when: is_upgrade.stat.exists - - name: Reread supervisord configuration EL7 - when: is_upgrade.stat.exists and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl reread - - name: Reread supervisord configuration EL9 when: is_upgrade.stat.exists and (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' command: /usr/local/bin/supervisorctl reread become: true - - name: Restart Postgres | EL7 - command: supervisorctl {{ item }} postgresql - changed_when: True - become: true - loop: - - stop - - remove - - add - when: is_upgrade.stat.exists and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - - name: Restart Postgres | EL9 command: /usr/local/bin/supervisorctl {{ item }} postgresql changed_when: True @@ -246,15 +182,6 @@ - add when: is_upgrade.stat.exists and (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - - name: Run pmm-managed again | EL7 - supervisorctl: - name: pmm-managed - state: started - become: true - when: - - is_upgrade.stat.exists - - ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - - name: Run pmm-managed again | EL9 supervisorctl: name: pmm-managed diff --git a/update/ansible/playbook/tasks/roles/sqlite-to-postgres/tasks/main.yml b/update/ansible/playbook/tasks/roles/sqlite-to-postgres/tasks/main.yml deleted file mode 100644 index 8a905dcf3e..0000000000 --- a/update/ansible/playbook/tasks/roles/sqlite-to-postgres/tasks/main.yml +++ /dev/null @@ -1,177 +0,0 @@ ---- -- name: Wait for grafana to update DB and be ready - ansible.builtin.uri: - url: "http://127.0.0.1:3000/api/health" - status_code: 200 - method: GET - register: healthcheck - until: healthcheck is not failed - retries: 120 - delay: 1 - -- name: Create Grafana backup dir - file: - path: "/srv/backup/grafana" - state: directory - owner: grafana - group: grafana - mode: '0700' - -- name: Stop grafana before upgrade - supervisorctl: - name: 'grafana' - state: stopped - -- name: Drop grafana database from postgres EL7 - command: dropdb -f grafana -U postgres - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - - not ansible_check_mode - -- name: Drop grafana database from postgres EL9 - postgresql_db: - name: grafana - state: absent - force: yes - when: - - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' - - ansible_distribution_major_version == '9' - -- name: Create grafana database in postgres - postgresql_db: - name: grafana - state: present - -- name: Create grafana user in postgres - postgresql_user: - db: grafana - name: grafana - password: grafana - priv: 'ALL' - expires: infinity - state: present - when: not ansible_check_mode - -- name: Create backup for SQLite Grafana database - copy: - src: /srv/grafana/grafana.db - dest: "/srv/backup/grafana/grafana.db" - owner: grafana - group: grafana - mode: '0700' - -- name: Remove all ` symbols in grafana dashboard description - command: sqlite3 /srv/grafana/grafana.db -cmd ".timeout 60000" "UPDATE dashboard SET data = REPLACE(data, '`', '');" - changed_when: True - -- name: Disable provisioning before change database - ini_file: - dest: /etc/grafana/grafana.ini - section: paths - option: provisioning - value: conf/provisioning_disable - -- name: Switch to postgres - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: type - value: postgres - -- name: Set database host - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: host - value: localhost - -- name: Set database user - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: user - value: grafana - -- name: Set database password - ini_file: - dest: /etc/grafana/grafana.ini - section: database - option: password - value: grafana - -- name: Start grafana again - supervisorctl: - name: grafana - state: restarted - ignore_errors: yes - -- name: Check if initial data were created - postgresql_query: - db: grafana - query: SELECT 1 FROM org WHERE id=1 - retries: 3 - delay: 3 - register: psql_result - until: psql_result.rowcount == 1 - when: not ansible_check_mode - ignore_errors: yes - -- name: Wait for grafana database initialization - pause: - seconds: 10 - -- name: Stop grafana before upgrade - supervisorctl: - name: grafana - state: stopped - -- name: Remove default admin user - postgresql_query: - db: grafana - query: DELETE FROM public.user WHERE login='admin' - when: not ansible_check_mode - -- name: Run grafana migrator - command: grafana-db-migrator --change-char-to-text /srv/grafana/grafana.db "postgres://grafana:grafana@localhost:5432/grafana?sslmode=disable" - register: migrator_output - changed_when: "'All done' in migrator_output.stdout" - -- name: copy the output of grafana-db-migrator to file - copy: - content: "{{ migrator_output.stdout }}" - dest: "/srv/logs/grafana-db-migrator.log" - when: not ansible_check_mode - -- name: Enable provisioning after change database - ini_file: - dest: /etc/grafana/grafana.ini - section: paths - option: provisioning - value: conf/provisioning - -- name: Start grafana again - supervisorctl: - name: grafana - state: restarted - -- name: Wait for grafana initialization - pause: - seconds: 5 - -- name: Fix database/folder relationship - command: grafana-db-migrator --fix-folders-id /srv/grafana/grafana.db "postgres://grafana:grafana@localhost:5432/grafana?sslmode=disable" - register: migrator_output - changed_when: "'All done' in migrator_output.stdout" - -- name: Copy the output of grafana-db-migrator to file - ansible.builtin.blockinfile: - dest: /srv/logs/grafana-db-migrator.log - block: "{{ migrator_output.stdout }}" - backup: yes - when: not ansible_check_mode - -- name: Remove SQLite Grafana database - file: - path: /srv/grafana/grafana.db - state: absent diff --git a/update/ansible/playbook/tasks/update.yml b/update/ansible/playbook/tasks/update.yml index b1db8e3891..cd2bda5dc2 100644 --- a/update/ansible/playbook/tasks/update.yml +++ b/update/ansible/playbook/tasks/update.yml @@ -8,33 +8,24 @@ environment: PATH: /usr/local/bin:{{ ansible_env.PATH }} - vars: - pmm_packages: - - percona-victoriametrics - - percona-qan-api2 - - percona-alertmanager - - pmm-managed - - pmm-update - - pmm-dump - - vmproxy - - grafana-db-migrator pre_tasks: - name: detect /srv/pmm-distribution stat: path: /srv/pmm-distribution - no_log: yes + no_log: true register: srv_pmm_distribution - name: detect containers set_fact: is_docker: '{{ lookup("file", "/srv/pmm-distribution") == "docker" }}' - no_log: yes + no_log: true when: srv_pmm_distribution.stat.exists - name: force container set_fact: - is_docker: True + is_docker: true when: is_docker is undefined + tasks: - name: Enable maintenance mode copy: @@ -42,53 +33,12 @@ dest: /usr/share/pmm-server/maintenance/ mode: 0644 - - name: Remove percona-dashboard without architecture - yum: - name: percona-dashboards.*noarch - state: absent - - # see https://jira.percona.com/browse/PMM-8492 for details about a issue - - name: Delete experimental repo file in 2.16 version - file: - path: "/etc/yum.repos.d/percona-original-experimental.repo" - state: absent - register: experimental_repo_existed - - - name: Update percona-dashboards package - yum: - name: - - percona-dashboards - - percona-grafana - state: latest - - - name: Cleanup yum metadata - command: yum clean metadata - register: yum_clean_result - changed_when: "'Cleaning repos' in yum_clean_result.stdout" - when: experimental_repo_existed.changed - tags: - - skip_ansible_lint # '503 Tasks that run when changed should likely be handlers'. - # The handler looks bad in this case - - # TODO: join with the command above - name: Cleanup yum metadata command: yum clean metadata become: true tags: - skip_ansible_lint - # Split download and update to produce a bit more of progress output. - - name: Download pmm packages - yum: - name: "{{ pmm_packages }}" - state: latest - download_only: yes - - - name: Update pmm packages - yum: - name: "{{ pmm_packages }}" - state: latest - - name: Create supervisord dir file: path: /etc/supervisord.d/ @@ -164,18 +114,19 @@ path: /var/run/supervisor/supervisor.sock register: is_supervisor_running - - name: Supervisord start EL7 | Start supervisord for docker - when: is_docker and not is_supervisor_running.stat.exists and ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - shell: supervisord -c /etc/supervisord.conf & - - name: Supervisord start EL9 | Start supervisord for docker - when: is_docker and not is_supervisor_running.stat.exists and (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - shell: /usr/local/bin/supervisord -c /etc/supervisord.conf & + when: + - is_docker + - not is_supervisor_running.stat.exists + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + shell: supervisord -c /etc/supervisord.conf & - name: Wait until postgres port is present before continuing wait_for: host: localhost port: 5432 + timeout: 150 - name: Run initialization playbook include_role: @@ -200,33 +151,22 @@ # See https://github.com/Supervisor/supervisor/issues/1264 for explanation # why we do reread + stop/remove/add instead of using supervisorctl Ansible module. - - - name: Reread supervisord configuration EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl reread - register: reread_result - changed_when: "'No config updates to processes' not in reread_result.stdout" - - name: Reread supervisord configuration EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl reread - become: true + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl reread register: reread_result changed_when: "'No config updates to processes' not in reread_result.stdout" - name: Check reread results debug: var=reread_result.stdout_lines - - name: Restart pmm-managed EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl {{ item }} pmm-managed - become: true - changed_when: true - with_items: ["stop", "remove", "add"] - - name: Restart pmm-managed EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl {{ item }} pmm-managed + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl {{ item }} pmm-managed become: true changed_when: true with_items: ["stop", "remove", "add"] @@ -236,63 +176,6 @@ - name: Wait for pmm-managed pause: seconds=10 - - name: Update system packages EL7 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - yum: - name: "*" - state: latest - security: yes - exclude: - - nginx* - - - name: Updating only select packages EL7 - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" - yum: - name: "{{ item }}" - state: latest - loop: - - nss - - tzdata - - libssh2 - - sshpass - - vi - - - name: Remove ansible RPM if installed | EL9 - when: - - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' - - ansible_distribution_major_version == '9' - yum: - name: ansible - state: absent - ignore_errors: yes - - - name: Install ansible-core RPM | EL9 - when: - - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' - - ansible_distribution_major_version == '9' - yum: - name: - - ansible-core - - ansible-collection-community-general - - ansible-collection-community-postgresql - - ansible-collection-ansible-posix - state: present - - - name: Update system packages EL9 - when: - - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' - - ansible_distribution_major_version == '9' - - not ansible_check_mode - yum: - name: "*" - state: latest - exclude: - - nginx* - - name: Install nginx include_role: name: nginx @@ -332,37 +215,23 @@ regexp: "set -o errexit" replace: "" - - name: Reread supervisord configuration again EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl reread - register: reread_result - changed_when: "'No config updates to processes' not in reread_result.stdout" - - name: Reread supervisord configuration again EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl reread + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl reread register: reread_result changed_when: "'No config updates to processes' not in reread_result.stdout" - name: Check reread results debug: var=reread_result.stdout_lines - - name: Restart services EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl {{ item.1 }} {{ item.0 }} - become: true - changed_when: true - with_nested: - - - alertmanager - - nginx - - grafana - - qan-api2 - - pmm-agent - - ["stop", "remove", "add"] - - name: Restart services EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' and is_docker - command: /usr/local/bin/supervisorctl {{ item.1 }} {{ item.0 }} + when: + - is_docker + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl {{ item.1 }} {{ item.0 }} become: true changed_when: true with_nested: @@ -373,27 +242,11 @@ - pmm-agent - ["stop", "remove", "add"] - - name: Delete old grafana and yum-cron artifacts - file: - state: absent - path: "{{ item }}" - loop: - - /var/lib/grafana/plugins/ - - /usr/share/grafana/data/grafana.db - - /etc/yum/yum-cron-hourly.conf - - /etc/yum/yum-cron.conf - - - name: Check that the SQLite grafana database exists - stat: - path: /srv/grafana/grafana.db - register: is_database_sqlite + - name: Check supervisord logs + shell: sleep 10 && tail -n 200 /srv/logs/supervisord.log - - name: Migrate Grafana database from SQLite to Postgresql - include_role: - name: sqlite-to-postgres - when: is_database_sqlite.stat.exists - tags: - - skip_ansible_lint # '503 Tasks that run when changed should likely be handlers'. + - name: Check grafana logs + shell: cat /srv/logs/grafana.log - name: Fix grafana fields type postgresql_query: @@ -413,16 +266,11 @@ when: not ansible_check_mode # we need to put this step as one of the last steps, because it removes pmm.ini and /etc/alertmanager.yml - - name: Remove old or redundant packages + - name: Remove redundant packages yum: state: absent name: - - percona-qan-app # https://jira.percona.com/browse/PMM-6766 - - mariadb-libs # https://jira.percona.com/browse/PMM-5215 - logrotate # https://jira.percona.com/browse/PMM-7627 - - pmm-server # https://jira.percona.com/browse/PMM-11239 - - screen - - yum-cron # Regenerating pmm.ini and enabling pmm-update-perform-init - name: Generate new supervisor config @@ -430,42 +278,29 @@ register: managed_init_result changed_when: True - - name: Reread pmm-update-perform-init supervisor config EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl reread - register: reread_init__result - changed_when: "'No config updates to processes' not in reread_init__result.stdout" - - name: Reread pmm-update-perform-init supervisor config EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl reread + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl reread register: reread_init__result changed_when: "'No config updates to processes' not in reread_init__result.stdout" # restarting pmm-managed to regenerate /etc/alertmanager.yml - - name: Restart pmm-managed EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl {{ item }} pmm-managed - become: true - changed_when: true - with_items: ["stop", "remove", "add"] - - name: Restart pmm-managed EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl {{ item }} pmm-managed + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl {{ item }} pmm-managed become: true changed_when: true with_items: ["stop", "remove", "add"] - - name: Update/restart other services EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - command: supervisorctl update - register: update_result - changed_when: "'updated' in update_result.stdout" - - name: Update/restart other services EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - command: /usr/local/bin/supervisorctl update + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + command: supervisorctl update register: update_result changed_when: "'updated' in update_result.stdout" @@ -484,15 +319,11 @@ # SIGUSR2 is sent to supervisord by pmm-managed right before the update for logging to work correctly. # We use that fact to show what was restarted during the update. - - name: Get supervisord logs EL7 - when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7' - shell: supervisorctl maintail -100000 | tac | awk '!flag; /received SIGUSR2/{flag = 1};' | tac - register: maintail_result - changed_when: False - - name: Get supervisord logs EL9 - when: (ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux') and ansible_distribution_major_version == '9' - shell: /usr/local/bin/supervisorctl maintail -100000 | tac | awk '!flag; /received SIGUSR2/{flag = 1};' | tac + when: + - ansible_distribution == 'OracleLinux' or ansible_distribution == 'AlmaLinux' + - ansible_distribution_major_version == '9' + shell: supervisorctl maintail -100000 | tac | awk '!flag; /received SIGUSR2/{flag = 1};' | tac register: maintail_result changed_when: False @@ -503,10 +334,3 @@ file: state: absent path: /usr/share/pmm-server/maintenance/maintenance.html - - - name: Cleanup yum cache - file: - state: absent - path: /var/cache/yum - -