From c24528917661a9dc6f0fb1379cc74c544c690a42 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Fri, 23 Aug 2024 08:37:13 +0200
Subject: [PATCH] mariadb: Bump to 11.4

11.4 is the next LTS release (see [1])

New variable ``VERIFY_DB_SERVER_CERT`` is added to mitigate the MariaDB
client variable ``ssl-verify-server-cert`` change from ``FALSE`` to
``TRUE``. [2]
This variable can be overidden by assigning ``TRUE`` to environment
variable with the same name.

[1]: https://mariadb.org/11-4-lts/
[2]: https://jira.mariadb.org/browse/MDEV-31857

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/928487
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/958281

Change-Id: Ifb41c0c48c4743e70e95fa7e1d329e91362e966c
Signed-off-by: Seunghun Lee <seunghun@stackhpc.com>
---
 docker/mariadb-server/Dockerfile.j2                |  2 +-
 docker/mariadb-server/backup_replica.sh            |  3 ++-
 docker/mariadb-server/extend_start.sh              | 14 +++++++-------
 kolla/template/repos.yaml                          |  7 +++----
 .../notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml       |  5 +++++
 5 files changed, 18 insertions(+), 13 deletions(-)
 create mode 100644 releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml

diff --git a/docker/mariadb-server/Dockerfile.j2 b/docker/mariadb-server/Dockerfile.j2
index ddb045fbb6..8d17ff4ff9 100644
--- a/docker/mariadb-server/Dockerfile.j2
+++ b/docker/mariadb-server/Dockerfile.j2
@@ -43,7 +43,7 @@ RUN ln -s /usr/lib64/galera-4 /usr/lib64/galera
 {{ macros.install_packages(mariadb_packages | customizable("packages")) }}
 
 {% block mariadb_healthcheck %}
-ENV MARIADB_VERSION=10.11
+ENV MARIADB_VERSION=11.4
 ADD plugins-archive /
 RUN install -m 755 /plugins/mariadb-server-plugin-mariadb-docker-archive*/$MARIADB_VERSION/healthcheck.sh /usr/bin/healthcheck.sh
 {% endblock %}
diff --git a/docker/mariadb-server/backup_replica.sh b/docker/mariadb-server/backup_replica.sh
index ebdcbf6b0b..fe10bc61b1 100644
--- a/docker/mariadb-server/backup_replica.sh
+++ b/docker/mariadb-server/backup_replica.sh
@@ -8,6 +8,7 @@ DEFAULT_MY_CNF="/etc/mysql/my.cnf"
 REPLICA_MY_CNF="$(mktemp)"
 RETRY_INTERVAL=5  # Interval between retries (in seconds)
 MAX_RETRIES=12    # Max retries (12 retries * 5 seconds = 60 seconds)
+VERIFY_DB_SERVER_CERT="${VERIFY_DB_SERVER_CERT:=FALSE}"
 
 # Cleanup function to remove the REPLICA_MY_CNF file
 cleanup() {
@@ -74,7 +75,7 @@ retry_mysql_query() {
     local attempt=1
 
     while [ ${attempt} -le ${MAX_RETRIES} ]; do
-        result=$(mysql -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
+        result=$(mariadb --ssl-verify-server-cert="${VERIFY_DB_SERVER_CERT}" -h "${HOST}" -u "${USER}" -p"${PASS}" -s -N -e "${query}" 2>/dev/null || true)
         if [ -n "${result}" ]; then
             echo "${result}"
             return 0
diff --git a/docker/mariadb-server/extend_start.sh b/docker/mariadb-server/extend_start.sh
index 53a54557d6..f14c859492 100644
--- a/docker/mariadb-server/extend_start.sh
+++ b/docker/mariadb-server/extend_start.sh
@@ -3,7 +3,7 @@
 : ${MARIADB_LOG_DIR:=/var/log/kolla/mariadb}
 
 function bootstrap_db {
-    mysqld_safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
+    mariadbd-safe --wsrep-new-cluster --skip-networking --wsrep-on=OFF --pid-file=/var/lib/mysql/mariadb.pid &
     # Wait for the mariadb server to be "Ready" before starting the security reset with a max timeout
     # NOTE(huikang): the location of mysql's socket file varies depending on the OS distributions.
     # Querying the cluster status has to be executed after the existence of mysql.sock and mariadb.pid.
@@ -22,9 +22,9 @@ function bootstrap_db {
     sudo -E kolla_security_reset
 
     set +o xtrace
-    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
-    mysql -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
-    mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
+    mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    mariadb -u root --password="${DB_ROOT_PASSWORD}" -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${DB_ROOT_PASSWORD}' WITH GRANT OPTION;"
+    mariadb-admin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
     set -o xtrace
 }
 
@@ -38,21 +38,21 @@ fi
 
 # This catches all cases of the BOOTSTRAP variable being set, including empty
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    mysql_install_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
+    mariadb-install-db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
     bootstrap_db 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-bootstrap.log
     exit 0
 fi
 
 # This catches all cases of the KOLLA_UPGRADE variable being set, including empty
 if [[ "${!KOLLA_UPGRADE[@]}" ]]; then
-    # The mysql_upgrade command treats any directories under /var/lib/mysql as
+    # The mariadb-upgrade command treats any directories under /var/lib/mysql as
     # databases. Somehow we can end up with a .pki directory, which causes the
     # command to fail with this error:
     # Incorrect database name '#mysql50#.pki' when selecting the database
     # There doesn't seem to be anything in the directory, so remove it.
     rm -rf /var/lib/mysql/.pki
 
-    mysql_upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
+    mariadb-upgrade --host=${DB_HOST} --port=${DB_PORT} --user=root --password="${DB_ROOT_PASSWORD}" 2>&1 | tee -a ${MARIADB_LOG_DIR}/mariadb-upgrade.log
     exit 0
 fi
 
diff --git a/kolla/template/repos.yaml b/kolla/template/repos.yaml
index 59c3f5c748..6739c9bd1e 100644
--- a/kolla/template/repos.yaml
+++ b/kolla/template/repos.yaml
@@ -41,7 +41,7 @@ debian:
     component: "contrib"
     gpg_key: "fluentd.asc"
   mariadb:
-    url: "https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian"
+    url: "https://dlm.mariadb.com/repo/mariadb-server/11.4/repo/debian"
     suite: "bookworm"
     component: "main"
     gpg_key: "mariadb.gpg"
@@ -83,7 +83,7 @@ ubuntu:
     component: "contrib"
     gpg_key: "fluentd.asc"
   mariadb:
-    url: "https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/ubuntu"
+    url: "https://dlm.mariadb.com/repo/mariadb-server/11.4/repo/ubuntu"
     suite: "noble"
     component: "main"
     gpg_key: "mariadb.gpg"
@@ -153,7 +153,7 @@ rpm:
     gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/el10-missing/pubkey.gpg"
     name: "kolla_el10"
   mariadb:
-    baseurl: "https://dlm.mariadb.com/repo/mariadb-server/10.11/yum/rhel/$releasever/$basearch"
+    baseurl: "https://dlm.mariadb.com/repo/mariadb-server/11.4/yum/rhel/$releasever/$basearch"
     gpgkey: "https://downloads.mariadb.com/MariaDB/RPM-GPG-KEY-MariaDB"
     name: "mariadb"
   opensearch:
@@ -197,4 +197,3 @@ rocky-aarch64:
     baseurl: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/rhel-$releasever-aarch64/"
     gpgkey: "https://download.copr.fedorainfracloud.org/results/@openstack-kolla/rabbitmq-erlang-27/pubkey.gpg"
     name: "copr-rabbitmq-erlang"
-
diff --git a/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml b/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml
new file mode 100644
index 0000000000..17c0f9845f
--- /dev/null
+++ b/releasenotes/notes/mariadb-11.4-b66b5baf9f5e6cd0.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    ``MariaDB`` version has been updated to ``11.4 LTS``.
+    This version will be supported until 29th May 2029.