From 0a9c34e57f1ea4a8f2f2d6a90c8674844da425da Mon Sep 17 00:00:00 2001 From: shayancanonical <99665202+shayancanonical@users.noreply.github.com> Date: Tue, 10 Sep 2024 08:13:24 -0400 Subject: [PATCH 1/3] [DPE-4861] Avoid ambiguous service selector when multiple mysql apps in a model have the same cluster-name (#501) * Avoid ambiguous service selector when multiple mysql apps in a model have the same cluster-name * Use hyphen instead of underscore * Fix failing unit test --- src/k8s_helpers.py | 7 ++++++- tests/unit/test_k8s_helpers.py | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/k8s_helpers.py b/src/k8s_helpers.py index 401418477..334a70e96 100644 --- a/src/k8s_helpers.py +++ b/src/k8s_helpers.py @@ -54,7 +54,11 @@ def create_endpoint_services(self, roles: List[str]) -> None: roles: List of roles to append on the service name """ for role in roles: - selector = {"cluster-name": self.cluster_name, "role": role} + selector = { + "cluster-name": self.cluster_name, + "application-name": self.app_name, + "role": role, + } service_name = f"{self.app_name}-{role}" pod0 = self.client.get( res=Pod, @@ -128,6 +132,7 @@ def label_pod(self, role: str, pod_name: Optional[str] = None) -> None: logger.debug(f"Patching {pod_name=} with {role=}") pod.metadata.labels["cluster-name"] = self.cluster_name + pod.metadata.labels["application-name"] = self.app_name pod.metadata.labels["role"] = role self.client.patch(Pod, pod_name, pod) except ApiError as e: diff --git a/tests/unit/test_k8s_helpers.py b/tests/unit/test_k8s_helpers.py index cc45eac46..860f9c53e 100644 --- a/tests/unit/test_k8s_helpers.py +++ b/tests/unit/test_k8s_helpers.py @@ -49,6 +49,7 @@ def test_create_endpoint_service(self, _create): spec=ServiceSpec( selector={ "cluster-name": self.harness.charm.app_peer_data.get("cluster-name"), + "application-name": self.harness.charm.model.app.name, "role": "role1", }, ports=[ServicePort(port=3306, targetPort=3306)], From 5d2f4e3966de3bbfcc181725e9dd1c543685f894 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 16:05:16 -0300 Subject: [PATCH 2/3] Sync docs from Discourse (#503) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> --- docs/explanation/e-audit-logs.md | 34 +++++ docs/explanation/e-logs.md | 186 ++++++++++++++----------- docs/how-to/h-create-backup.md | 6 + docs/how-to/h-enable-alert-rules.md | 77 ++++++++++ docs/overview.md | 3 + docs/reference/r-plugins-extensions.md | 9 ++ 6 files changed, 235 insertions(+), 80 deletions(-) create mode 100644 docs/explanation/e-audit-logs.md create mode 100644 docs/how-to/h-enable-alert-rules.md create mode 100644 docs/reference/r-plugins-extensions.md diff --git a/docs/explanation/e-audit-logs.md b/docs/explanation/e-audit-logs.md new file mode 100644 index 000000000..5342beccc --- /dev/null +++ b/docs/explanation/e-audit-logs.md @@ -0,0 +1,34 @@ +# Audit Logs + +The Audit Log plugin allows all login/logout records to be stored in a log file. It is enabled in Charmed MySQL K8s by default. + +## Overview + +The following is a sample of the audit logs, with format json with login/logout records: + +```json +{"audit_record":{"name":"Quit","record":"6_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"992","status":0,"user":"clusteradmin","priv_user":"clusteradmin","os_login":"","proxy_user":"","host":"localhost","ip":"","db":""}} +{"audit_record":{"name":"Connect","record":"7_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"993","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}} +{"audit_record":{"name":"Connect","record":"8_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"994","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}} +``` + +The logs are stored in the `/var/log/mysql` directory of the mysql container, and it's rotated +every minute to the `/var/log/mysql/archive_audit` directory. +It's recommended to integrate the charm with [COS](/t/9900), from where the logs can be easily persisted and queried using Loki/Grafana. + +## Configurations + +1. `plugin-audit-enabled` - The audit plugin is enabled by default in the charm, but it's possible to disable it by setting: + + ```bash + juju config mysql-k8s plugin-audit-enabled=false + ``` + Valid value are `false` and `true`. By setting it to false, existing logs are still kept in the `archive_audit` directory. + +1. `plugin-audit-strategy` - By default the audit plugin writes logs in asynchronous mode for better performance. + To ensure logs are written to disk on more timely fashion, this configuration can be set to semi-synchronous mode: + + ```bash + juju config mysql-k8s plugin-audit-strategy=semi-async + ``` + Valid values are `async` and `semi-async`. \ No newline at end of file diff --git a/docs/explanation/e-logs.md b/docs/explanation/e-logs.md index 4b451aa94..8a1ed768e 100644 --- a/docs/explanation/e-logs.md +++ b/docs/explanation/e-logs.md @@ -1,50 +1,60 @@ -# Log rotation +# Logs -## Overview +This explanation goes over the types of logging in MySQL and the configuration parameters for log rotation. -The charm stores its logs in `/var/log/mysql`. It is recommended to set up a [COS integration](/t/9981) so that these log files can be streamed to Loki. This leads to better persistence and security of the logs. +The charm currently has audit, error and general logs enabled by default, while slow query logs are disabled by default. All of these files are rotated if present into a separate dedicated archive folder under the logs directory. + +We do not yet support the rotation of binary logs (binlog, relay log, undo log, redo log, etc). + +## Summary +* [Log types](#log-types) + * [Audit logs](#audit-logs) + * [Error logs](#error-logs) + * [General logs](#general-logs) + * [Slowquery logs](#slowquery-logs) +* [Log rotation configuration](#log-rotation-configuration) +* [High Level Design](#high-level-design) + +--- + +## Log types + +The charm stores its logs in `/var/snap/charmed-mysql/common/var/log/mysql`. ```shell -root@mysql-k8s-0:/# ls -lahR /var/log/mysql +$ ls -lahR /var/snap/charmed-mysql/common/var/log/mysql + /var/log/mysql: -total 28K -drwxr-xr-x 1 mysql mysql 4.0K Oct 23 20:46 . -drwxr-xr-x 1 root root 4.0K Sep 27 20:55 .. drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_audit drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_error drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_general drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:45 archive_slowquery --rw-r----- 1 mysql mysql 1.2K Oct 23 20:46 error.log +-rw-r----- 1 mysql mysql 1.1K Oct 23 20:46 audit.log +-rw-r----- 1 mysql mysql 1.1K Oct 23 20:46 error.log -rw-r----- 1 mysql mysql 1.7K Oct 23 20:46 general.log /var/snap/charmed-mysql/common/var/log/mysql/archive_audit: -total 452K -drwxrwx--- 2 snap_daemon snap_daemon 4.0K Sep 3 01:49 . -drwxr-xr-x 6 snap_daemon root 4.0K Sep 3 01:49 .. -rw-r----- 1 snap_daemon root 43K Sep 3 01:24 audit.log-20240903_0124 -rw-r----- 1 snap_daemon root 109K Sep 3 01:25 audit.log-20240903_0125 -/var/log/mysql/archive_error: -total 20K -drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 . -drwxr-xr-x 1 mysql mysql 4.0K Oct 23 20:46 .. +/var/snap/charmed-mysql/common/var/log/mysql/archive_error: -rw-r----- 1 mysql mysql 8.7K Oct 23 20:44 error.log-43_2045 --rw-r----- 1 mysql mysql 1.1K Oct 23 20:45 error.log-43_2046 +-rw-r----- 1 mysql mysql 2.3K Oct 23 20:45 error.log-43_2046 -/var/log/mysql/archive_general: -total 8.0M -drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 . -drwxr-xr-x 1 mysql mysql 4.0K Oct 23 20:46 .. +/var/snap/charmed-mysql/common/var/log/mysql/archive_general: -rw-r----- 1 mysql mysql 8.0M Oct 23 20:45 general.log-43_2045 -rw-r----- 1 mysql mysql 4.6K Oct 23 20:46 general.log-43_2046 -/var/log/mysql/archive_slowquery: -total 8.0K -drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:45 . -drwxr-xr-x 1 mysql mysql 4.0K Oct 23 20:46 .. +/var/snap/charmed-mysql/common/var/log/mysql/archive_slowquery: ``` -The following is a sample of the audit logs, with format json with login/logout records: +It is recommended to set up a [COS integration] so that these log files can be streamed to Loki. This leads to better persistence and security of the logs. + +### Audit logs +The Audit Log plugin allows all login/logout records to be stored in a log file. + +
+Example of audit logs in JSON format with login/logout records ```json {"audit_record":{"name":"Connect","record":"17_2024-09-03T01:52:14","timestamp":"2024-09-03T01:53:14Z","connection_id":"988","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}} @@ -58,44 +68,54 @@ The following is a sample of the audit logs, with format json with login/logout {"audit_record":{"name":"Connect","record":"7_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"993","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}} {"audit_record":{"name":"Connect","record":"8_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"994","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}} ``` +
+ +For more details, see the [Audit Logs explanation]. -The following is a sample of the error logs, with format `time thread [label] [err_code] [subsystem] msg`: +### Error logs +
+Example of error logs with format time thread [label] [err_code] [subsystem] msg ```shell -2023-10-23T11:57:44.924594Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.34-0ubuntu0.22.04.1) initializing of server in progress as process 16 -2023-10-23T11:57:44.935004Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. -2023-10-23T11:57:50.420672Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. -2023-10-23T11:57:54.614751Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. -2023-10-23T11:57:59.690483Z mysqld_safe Logging to '/var/log/mysql/error.log'. -2023-10-23T11:57:59.710530Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql -2023-10-23T11:58:00.049606Z 0 [Warning] [MY-010101] [Server] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory. -2023-10-23T11:58:00.049702Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.34-0ubuntu0.22.04.1) starting as process 285 -2023-10-23T11:58:00.061489Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. -2023-10-23T11:58:04.897561Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. -2023-10-23T11:58:05.224159Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. -2023-10-23T11:58:05.224220Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. -2023-10-23T11:58:05.236134Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/lib/mysql' in the path is accessible to all OS users. Consider choosing a different direc -tory. -2023-10-23T11:58:05.269381Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '0.0.0.0' port: 33060, socket: /var/run/mysqld/mysqlx.sock -2023-10-23T11:57:44.924594Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld 8.0.34-0ubuntu0.22.04.1) initializing of server in progress as process 16 -2023-10-23T11:57:44.935004Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. -2023-10-23T11:57:50.420672Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. -2023-10-23T11:57:54.614751Z 6 [Warning] [MY-010453] [Server] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. -2023-10-23T11:57:59.690483Z mysqld_safe Logging to '/var/log/mysql/error.log'. -2023-10-23T11:57:59.710530Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql -2023-10-23T11:58:00.049606Z 0 [Warning] [MY-010101] [Server] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory. -2023-10-23T11:58:00.049702Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.34-0ubuntu0.22.04.1) starting as process 285 -2023-10-23T11:58:00.061489Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. -2023-10-23T11:58:04.897561Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. -2023-10-23T11:58:05.224159Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. -2023-10-23T11:58:05.224220Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. -2023-10-23T11:58:05.236134Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/var/lib/mysql' in the path is accessible to all OS users. Consider choosing a different direc -tory. -2023-10-23T11:58:05.269381Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '0.0.0.0' port: 33060, socket: /var/run/mysqld/mysqlx.sock +2023-10-24T23:28:07.048728Z mysqld_safe Number of processes running now: 0 +2023-10-24T23:28:07.063027Z mysqld_safe mysqld restarted +2023-10-24T23:28:07.472084Z 0 [Warning] [MY-010101] [Server] Insecure configuration for --secure-file-priv: Location is accessible to all OS users. Consider choosing a different directory. +2023-10-24T23:28:07.472149Z 0 [System] [MY-010116] [Server] /snap/charmed-mysql/69/usr/sbin/mysqld (mysqld 8.0.34-0ubuntu0.22.04.1) starting as process 4134 +2023-10-24T23:28:07.482044Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. +2023-10-24T23:28:11.219123Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. +2023-10-24T23:28:11.486308Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. +2023-10-24T23:28:11.487473Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. +2023-10-24T23:28:11.538807Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '0.0.0.0' port: 33060, socket: /var/snap/charmed-mysql/common/var/run/mysqld/mysqlx.sock +2023-10-24T23:28:11.538957Z 0 [System] [MY-010931] [Server] /snap/charmed-mysql/69/usr/sbin/mysqld: ready for connections. Version: '8.0.34-0ubuntu0.22.04.1' socket: '/var/snap/charmed-mysql/common/var/run/mysqld/mysqld.sock' port: 3306 (Ubuntu). +2023-10-24T23:28:17.983851Z 12 [Warning] [MY-010604] [Repl] Neither --relay-log nor --relay-log-index were used; so replication may break when this MySQL server acts as a replica and has his hostname changed!! Please use '--relay-log=juju-9860bb-0-relay-bin' to avoid this problem. +2023-10-24T23:28:17.999093Z 12 [System] [MY-010597] [Repl] 'CHANGE REPLICATION SOURCE TO FOR CHANNEL 'mysqlsh.test' executed'. Previous state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. New state source_host='juju-9860bb-0.lxd', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. +2023-10-24T23:28:18.025941Z 15 [Warning] [MY-010897] [Repl] Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information. +2023-10-24T23:28:18.046893Z 15 [ERROR] [MY-013117] [Repl] Replica I/O for channel 'mysqlsh.test': Fatal error: The replica I/O thread stops because source and replica have equal MySQL server ids; these ids must be different for replication to work (or the --replicate-same-server-id option must be used on replica but this does not always make sense; please check the manual before using it). Error_code: MY-013117 +2023-10-24T23:28:18.415923Z 12 [ERROR] [MY-011685] [Repl] Plugin group_replication reported: 'The group_replication_group_name option is mandatory' +2023-10-24T23:28:18.415960Z 12 [ERROR] [MY-011660] [Repl] Plugin group_replication reported: 'Unable to start Group Replication on boot' +2023-10-24T23:28:18.442291Z 12 [System] [MY-010597] [Repl] 'CHANGE REPLICATION SOURCE TO FOR CHANNEL '__mysql_innodb_cluster_creating_cluster__' executed'. Previous state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. New state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. +2023-10-24T23:28:18.508247Z 12 [System] [MY-010597] [Repl] 'CHANGE REPLICATION SOURCE TO FOR CHANNEL 'group_replication_recovery' executed'. Previous state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. New state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. +2023-10-24T23:28:18.572495Z 12 [System] [MY-013587] [Repl] Plugin group_replication reported: 'Plugin 'group_replication' is starting.' +2023-10-24T23:28:18.622821Z 20 [System] [MY-010597] [Repl] 'CHANGE REPLICATION SOURCE TO FOR CHANNEL 'group_replication_applier' executed'. Previous state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. New state source_host='', source_port= 0, source_log_file='', source_log_pos= 4, source_bind=''. +2023-10-24T23:28:18.875230Z 0 [System] [MY-011565] [Repl] Plugin group_replication reported: 'Setting super_read_only=ON.' +2023-10-24T23:28:18.875322Z 0 [System] [MY-013471] [Repl] Plugin group_replication reported: 'Distributed recovery will transfer data using: Incremental recovery from a group donor' +2023-10-24T23:28:18.875561Z 0 [System] [MY-011565] [Repl] Plugin group_replication reported: 'Setting super_read_only=ON.' +2023-10-24T23:28:18.875596Z 0 [System] [MY-011503] [Repl] Plugin group_replication reported: 'Group membership changed to juju-9860bb-0.lxd:3306 on view 16981900988747955:1.' +2023-10-24T23:28:19.176137Z 0 [System] [MY-011490] [Repl] Plugin group_replication reported: 'This server was declared online within the replication group.' +2023-10-24T23:28:19.176342Z 0 [System] [MY-011507] [Repl] Plugin group_replication reported: 'A new primary with address juju-9860bb-0.lxd:3306 was elected. The new primary will execute all previous group transactions before allowing writes.' +2023-10-24T23:28:19.176967Z 31 [System] [MY-011565] [Repl] Plugin group_replication reported: 'Setting super_read_only=ON.' +2023-10-24T23:28:19.179244Z 28 [System] [MY-013731] [Repl] Plugin group_replication reported: 'The member action "mysql_disable_super_read_only_if_primary" for event "AFTER_PRIMARY_ELECTION" with priority "1" will be run.' +2023-10-24T23:28:19.179289Z 28 [System] [MY-011566] [Repl] Plugin group_replication reported: 'Setting super_read_only=OFF.' +2023-10-24T23:28:19.179408Z 28 [System] [MY-013731] [Repl] Plugin group_replication reported: 'The member action "mysql_start_failover_channels_if_primary" for event "AFTER_PRIMARY_ELECTION" with priority "10" will be run.' +2023-10-24T23:28:19.179600Z 31 [System] [MY-011510] [Repl] Plugin group_replication reported: 'This server is working as primary member.' +2023-10-24T23:28:19.875216Z 12 [System] [MY-014010] [Repl] Plugin group_replication reported: 'Plugin 'group_replication' has been started.' ``` +
-The following is a sample of the general logs, with format `time thread_id command_type query_body`: +### General logs +
+Example of general logs, with format time thread_id command_type query_body ```shell Time Id Command Argument 2023-10-23T20:50:02.023329Z 94 Quit @@ -111,9 +131,12 @@ mode_and_not_super_user`, `ssl_type`, `ssl_cipher`, `x509_issuer`, `x509_subject 2023-10-23T20:50:02.670389Z 95 Query FLUSH SLOW LOGS 2023-10-23T20:50:02.670924Z 95 Quit ``` +
-The following is a sample of the slowquery log: +### Slowquery logs +
+Example of a slowquery log ```shell Time Id Command Argument # Time: 2023-10-23T22:22:47.564327Z @@ -122,12 +145,9 @@ Time Id Command Argument SET timestamp=1698099752; do sleep(15); ``` +
-The charm currently has error and general logs enabled by default, while slow query logs are disabled by default. All of these files are rotated if present into a separate dedicated archive folder under the logs directory. - -We do not yet support the rotation of binary logs (binlog, relay log, undo log, redo log, etc). - -## Log Rotation Configurations +## Log rotation configuration For each log (audit, error, general and slow query): @@ -142,23 +162,29 @@ The following are logrotate config values used for log rotation: | Option | Value | | --- | --- | -| su | snap_daemon snap_daemon | -| createoldddir | 770 snap_daemon snap_daemon | -| hourly | true | -| maxage | 7 | -| rotate | 10080 | -| dateext | true | -| dateformat | -%V-%H%M | -| ifempty | true | -| missingok | true | -| nocompress | true | -| nomail | true | -| nosharedscripts | true | -| nocopytruncate | true | -| olddir | archive_error / archive_general / archive_slowquery | - -## HLD (High Level Design) +| `su` | snap_daemon snap_daemon | +| `createoldddir` | 770 snap_daemon snap_daemon | +| `hourly` | true | +| `maxage` | 7 | +| `rotate` | 10080 | +| `dateext` | true | +| `dateformat` | -%V-%H%M | +| `ifempty` | true | +| `missingok` | true | +| `nocompress` | true | +| `nomail` | true | +| `nosharedscripts` | true | +| `nocopytruncate` | true | +| `olddir` | archive_error / archive_general / archive_slowquery | + +## High Level Design There is a cron job on the machine where the charm exists that is triggered every minute and runs `logrotate`. The logrotate utility does *not* use `copytruncate`. Instead, the existing log file is moved into the archive directory by logrotate, and then the logrotate's postrotate script invokes `juju-run` (or `juju-exec` depending on the juju version) to dispatch a custom event. This custom event's handler flushes the MySQL log with the [FLUSH](https://dev.mysql.com/doc/refman/8.0/en/flush.html) statement that will result in a new and empty log file being created under `/var/snap/charmed-mysql/common/var/log/mysql` and the rotated file's descriptor being closed. -We use a custom event in juju to execute the FLUSH statement in order to avoid storing any credentials on the disk. The charm code has a mechanism that will retrieve credentials from the peer relation databag or juju secrets backend, if available, and keep these credentials in memory for the duration of the event handler. \ No newline at end of file +We use a custom event in juju to execute the FLUSH statement in order to avoid storing any credentials on the disk. The charm code has a mechanism that will retrieve credentials from the peer relation databag or juju secrets backend, if available, and keep these credentials in memory for the duration of the event handler. + + + + +[COS integration]: /t/9981 +[Audit Logs explanation]: /t/15423 \ No newline at end of file diff --git a/docs/how-to/h-create-backup.md b/docs/how-to/h-create-backup.md index 91b082b4f..fd0f88248 100644 --- a/docs/how-to/h-create-backup.md +++ b/docs/how-to/h-create-backup.md @@ -10,6 +10,12 @@ Once Charmed MySQL K8s is `active` and `idle` (check `juju status`), you can cre juju run-action mysql-k8s/leader create-backup --wait ``` +[note] +If you have a cluster of one unit, you can run the `create-backup` action on `mysql-k8s/leader` (which will also be the primary unit). + +Otherwise, you must run the `create-backup` action on a non-primary unit (see `juju status` or run `juju run-action mysql-k8s/leader get-cluster-status` to find the primary unit). +[/note] + You can list your available, failed, and in progress backups by running the `list-backups` command: ```shell juju run-action mysql-k8s/leader list-backups --wait diff --git a/docs/how-to/h-enable-alert-rules.md b/docs/how-to/h-enable-alert-rules.md new file mode 100644 index 000000000..68e199f16 --- /dev/null +++ b/docs/how-to/h-enable-alert-rules.md @@ -0,0 +1,77 @@ +# How to enable COS Alert Rules + +This guide will show how to set up [Pushover](https://pushover.net/) to receive alert notifications from the COS Alert Manager with [Awesome Alert Rules](https://samber.github.io/awesome-prometheus-alerts/). + +Charmed MySQL K8s ships a pre-configured and pre-enabled [list of Awesome Alert Rules]. + +
Screenshot of alert rules in the Grafana web interface + +![Screenshot from 2024-01-18 20-05-52|690x439](upload://j6WSPQ1BzoFzqIg2jm1mTq79SMo.png) +
+ +For information about accessing and managing COS Alert Rules, refer to the [COS documentation](https://charmhub.io/cos-lite). + +## Prerequisites +* A deployed [Charmed MySQL K8s operator] +* A deployed [`cos-lite` bundle in a Kubernetes environment](https://charmhub.io/topics/canonical-observability-stack/tutorials/install-microk8s) +* Fully configured [COS Monitoring] + +## Enable COS alerts for Pushover +The following section is an example of the [Pushover](https://pushover.net/) alerts aggregator. + +The first step is to create a new account on Pushover (or use an existing one). The goal is to have the 'user key' and 'token' to authorize alerts for the Pushover application. Follow this straightforward [Pushover guide](https://support.pushover.net/i175-how-to-get-a-pushover-api-or-pushover-application-token). + +Next, create a new [COS Alert Manager](https://charmhub.io/alertmanager-k8s) config (replace `user_key` and `token` with yours): +```shell +cat > myalert.yaml << EOF +``` +```yaml +global: + resolve_timeout: 5m + http_config: + follow_redirects: true + enable_http2: true +route: + receiver: placeholder + group_by: + - juju_model_uuid + - juju_application + - juju_model + continue: false + group_wait: 30s + group_interval: 5m + repeat_interval: 1h +receivers: +- name: placeholder + pushover_configs: + - user_key: + token: + url: http:///cos-grafana/alerting/list + title: "{{ range .Alerts }}{{ .Labels.severity }} - {{ if .Labels.juju_unit }}{{ .Labels.juju_unit }}{{ else }}{{ .Labels.juju_application }}{{ end }} in model {{ .Labels.juju_model }}: {{ .Labels.alertname }} {{ end }}" + message: "{{ range .Alerts }} Job: {{ .Labels.job }} Instance: {{ .Labels.instance }} {{ end }}" +templates: [] +EOF +``` +Upload and apply newly the created alert manager config: +``` +juju switch : +juju config alertmanager config_file=@myalert.yaml +``` + +At this stage, the COS Alert Manager will start sending alert notifications to Pushover. Users can receive them on all supported [Pushover clients/apps](https://pushover.net/clients). + +The image below shows an example of the Pushover web client: + +![image|690x439](upload://vqUcKpZ5R4wQLmY2HYGV5fz5pNU.jpeg) + +## Alert receivers + +The similar way as above, COS alerts can be send to the long [list of supported receivers](https://prometheus.io/docs/alerting/latest/configuration/#receiver-integration-settings). + +Do you have questions? [Contact us]! + + +[Contact us]: /t/11868 +[Charmed MySQL K8s operator]: /t/11869 +[COS Monitoring]: /t/9981 +[list of Awesome Alert Rules]: https://github.com/canonical/mysql-k8s-operator/tree/main/src/prometheus_alert_rules \ No newline at end of file diff --git a/docs/overview.md b/docs/overview.md index ed82f3d7c..68795507f 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -68,6 +68,7 @@ Charmed MySQL K8s is an official distribution of MySQL. It’s an open-source pr | 2 | h-monitoring | [Monitoring (COS)]() | | 3 | h-enable-monitoring | [Enable monitoring](/t/9981) | | 3 | h-enable-tracing | [Enable tracing](/t/14448) | +| 3 | h-enable-alert-rules | [Enable Alert Rules](/t/15488) | | 2 | h-upgrade | [Upgrade]() | | 3 | h-upgrade-intro | [Overview](/t/11754) | | 3 | h-upgrade-juju | [Upgrade Juju](/t/14333) | @@ -101,6 +102,7 @@ Charmed MySQL K8s is an official distribution of MySQL. It’s an open-source pr | 2 | r-requirements | [Requirements](/t/11421) | | 2 | r-testing | [Testing](/t/11772) | | 2 | r-profiles | [Profiles](/t/11892) | +| 2 | r-plugins-extensions | [Plugins/extensions](/t/15482) | | 2 | r-contacts | [Contacts](/t/11868) | | 1 | explanation | [Explanation]() | | 2 | e-architecture | [Architecture](/t/11757) | @@ -108,6 +110,7 @@ Charmed MySQL K8s is an official distribution of MySQL. It’s an open-source pr | 2 | e-statuses | [Statuses](/t/11866) | | 2 | e-users | [Users](/t/10791) | | 2 | e-logs | [Logs](/t/12080) | +| 3 | e-audit-logs | [Audit Logs](/t/15423) | | 2 | e-juju | [Juju](/t/11984) | | 2 | e-flowcharts | [Flowcharts](/t/10031) | | 2 | e-legacy-charm | [Legacy charm](/t/11236) | diff --git a/docs/reference/r-plugins-extensions.md b/docs/reference/r-plugins-extensions.md new file mode 100644 index 000000000..13b4e6728 --- /dev/null +++ b/docs/reference/r-plugins-extensions.md @@ -0,0 +1,9 @@ +# Supported plugins/extensions + +The following list contains all plugins/extensions supported by Charmed MySQL in alphabetical order. The **revision** column indicates which charm revision introduced support for the extension. + +If you need support for other extensions, feel free to [reach out to us](/t/11868). + +| Plugin/extension name | Revision | +|--------------------------------|------------------------------------------------------------------------------| +| [plugin-audit-enabled](/t/15423) | [178+](https://github.com/canonical/mysql-k8s-operator/releases/tag/rev179) | \ No newline at end of file From 9a20ea8c181269327addc892fed1ef55aaa4657e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Sep 2024 16:46:03 -0300 Subject: [PATCH 3/3] Update data-platform-workflows to v21.0.1 (#492) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/release.yaml | 4 ++-- .github/workflows/sync_docs.yaml | 2 +- poetry.lock | 22 +++++++++++----------- pyproject.toml | 10 +++++----- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bad543305..f3797952b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,7 +16,7 @@ on: jobs: lint: name: Lint - uses: canonical/data-platform-workflows/.github/workflows/lint.yaml@v20.0.2 + uses: canonical/data-platform-workflows/.github/workflows/lint.yaml@v21.0.1 unit-test: name: Unit test charm @@ -56,7 +56,7 @@ jobs: build: name: Build charm - uses: canonical/data-platform-workflows/.github/workflows/build_charm.yaml@v20.0.2 + uses: canonical/data-platform-workflows/.github/workflows/build_charm.yaml@v21.0.1 with: cache: true @@ -88,7 +88,7 @@ jobs: - lint - unit-test - build - uses: canonical/data-platform-workflows/.github/workflows/integration_test_charm.yaml@v21.0.0 + uses: canonical/data-platform-workflows/.github/workflows/integration_test_charm.yaml@v21.0.1 with: artifact-prefix: ${{ needs.build.outputs.artifact-prefix }} architecture: ${{ matrix.architecture }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e48f54e49..658086613 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: build: name: Build charm - uses: canonical/data-platform-workflows/.github/workflows/build_charm.yaml@v20.0.2 + uses: canonical/data-platform-workflows/.github/workflows/build_charm.yaml@v21.0.1 release: name: Release charm @@ -44,7 +44,7 @@ jobs: - lib-check - ci-tests - build - uses: canonical/data-platform-workflows/.github/workflows/release_charm.yaml@v20.0.2 + uses: canonical/data-platform-workflows/.github/workflows/release_charm.yaml@v21.0.1 with: channel: 8.0/edge artifact-prefix: ${{ needs.build.outputs.artifact-prefix }} diff --git a/.github/workflows/sync_docs.yaml b/.github/workflows/sync_docs.yaml index e7e8790f9..a75fbee87 100644 --- a/.github/workflows/sync_docs.yaml +++ b/.github/workflows/sync_docs.yaml @@ -10,7 +10,7 @@ on: jobs: sync-docs: name: Sync docs from Discourse - uses: canonical/data-platform-workflows/.github/workflows/sync_docs.yaml@v20.0.2 + uses: canonical/data-platform-workflows/.github/workflows/sync_docs.yaml@v21.0.1 with: reviewers: a-velasco permissions: diff --git a/poetry.lock b/poetry.lock index d05c87d01..6ac66e7c6 100644 --- a/poetry.lock +++ b/poetry.lock @@ -31,8 +31,8 @@ pytest = "*" [package.source] type = "git" url = "https://github.com/canonical/data-platform-workflows" -reference = "v21.0.0" -resolved_reference = "c0eccd0a2229ce88cd09765d8260e22e12db0b13" +reference = "v21.0.1" +resolved_reference = "06f252ea079edfd055cee236ede28c237467f9b0" subdirectory = "python/pytest_plugins/allure_pytest_collection_report" [[package]] @@ -1629,8 +1629,8 @@ develop = false [package.source] type = "git" url = "https://github.com/canonical/data-platform-workflows" -reference = "v21.0.0" -resolved_reference = "c0eccd0a2229ce88cd09765d8260e22e12db0b13" +reference = "v21.0.1" +resolved_reference = "06f252ea079edfd055cee236ede28c237467f9b0" subdirectory = "python/pytest_plugins/github_secrets" [[package]] @@ -1649,8 +1649,8 @@ pytest = "*" [package.source] type = "git" url = "https://github.com/canonical/data-platform-workflows" -reference = "v20.0.2" -resolved_reference = "37b15891a2ad9842721107fa4a42b6eb39ec830a" +reference = "v21.0.1" +resolved_reference = "06f252ea079edfd055cee236ede28c237467f9b0" subdirectory = "python/pytest_plugins/microceph" [[package]] @@ -1704,8 +1704,8 @@ pyyaml = "*" [package.source] type = "git" url = "https://github.com/canonical/data-platform-workflows" -reference = "v21.0.0" -resolved_reference = "c0eccd0a2229ce88cd09765d8260e22e12db0b13" +reference = "v21.0.1" +resolved_reference = "06f252ea079edfd055cee236ede28c237467f9b0" subdirectory = "python/pytest_plugins/pytest_operator_cache" [[package]] @@ -1723,8 +1723,8 @@ pytest = "*" [package.source] type = "git" url = "https://github.com/canonical/data-platform-workflows" -reference = "v21.0.0" -resolved_reference = "c0eccd0a2229ce88cd09765d8260e22e12db0b13" +reference = "v21.0.1" +resolved_reference = "06f252ea079edfd055cee236ede28c237467f9b0" subdirectory = "python/pytest_plugins/pytest_operator_groups" [[package]] @@ -2384,4 +2384,4 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", [metadata] lock-version = "2.0" python-versions = "^3.10" -content-hash = "34993cff1c809487ca19de8147be5507649615e32c3ddeec9953a2fa2abf8ec5" +content-hash = "4e15707ef6a14da7f861bde89a613729dde0a11cd177e6279b795ed3c468c716" diff --git a/pyproject.toml b/pyproject.toml index fb5e8c41a..cd2c435f6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,11 +50,11 @@ parameterized = "^0.9.0" [tool.poetry.group.integration.dependencies] pytest = "^7.4.0" -pytest-github-secrets = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.0", subdirectory = "python/pytest_plugins/github_secrets"} -pytest-microceph = {git = "https://github.com/canonical/data-platform-workflows", tag = "v20.0.2", subdirectory = "python/pytest_plugins/microceph"} +pytest-github-secrets = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.1", subdirectory = "python/pytest_plugins/github_secrets"} +pytest-microceph = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.1", subdirectory = "python/pytest_plugins/microceph"} pytest-operator = "^0.28.0" -pytest-operator-cache = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.0", subdirectory = "python/pytest_plugins/pytest_operator_cache"} -pytest-operator-groups = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.0", subdirectory = "python/pytest_plugins/pytest_operator_groups"} +pytest-operator-cache = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.1", subdirectory = "python/pytest_plugins/pytest_operator_cache"} +pytest-operator-groups = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.1", subdirectory = "python/pytest_plugins/pytest_operator_groups"} juju = "^3.5.2.0" ops = "^2.15.0" mysql-connector-python = "~8.0.33" @@ -65,7 +65,7 @@ urllib3 = "^1.26.16" lightkube = "^0.14.0" kubernetes = "^27.2.0" allure-pytest = "^2.13.2" -allure-pytest-collection-report = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.0", subdirectory = "python/pytest_plugins/allure_pytest_collection_report"} +allure-pytest-collection-report = {git = "https://github.com/canonical/data-platform-workflows", tag = "v21.0.1", subdirectory = "python/pytest_plugins/allure_pytest_collection_report"} pytest-asyncio = "^0.21.1" [tool.coverage.run]