Update MariaDB container image to 10.6

We can not perform upgrade directly from 10.5 to 11, but we need
to make a special steps to perform an upgrade.
According to the docs [1][2], we need to make an upgrade to 10.6 first,
then we can try to go to MariaDB 11.4, but we should consider to upgrade
to 10.11 first, then go to the 11.4.

[1] https://mariadb.com/kb/en/upgrading/
[2] https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-4/

Depends-On: https://softwarefactory-project.io/r/c/containers/+/31604

Change-Id: I413498c0afad3a37eea69dc5723e288579e54482

Author: danpawlik

controllers/libs/base/static/images.yaml

@@ -44,8 +44,8 @@ images:
       source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/purgelogs.container?id=6dea4a90864e62e4c7c9e1b85397b6545b421e39
     - name: mariadb
       container: quay.io/software-factory/mariadb
-      version: 10.5.16-4
-      source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/mariadb.container?id=6dea4a90864e62e4c7c9e1b85397b6545b421e39
+      version: 10.6-ubi9-1
+      source: https://softwarefactory-project.io/cgit/containers/tree/images-sf/master/containers/rendered/mariadb.container?id=475c0603059886c4fcfa172a81899bb1ca517d1c
     - name: busybox
       container: quay.io/software-factory/sf-op-busybox
       version: 1.5-3

controllers/mariadb.go

@@ -85,14 +85,14 @@ func createLogForwarderSidecar(r *SFController, annotations map[string]string) (
 }
 
 func (r *SFController) CreateDBInitContainer(username string, password string, dbname string) apiv1.Container {
-	c := "CREATE DATABASE IF NOT EXISTS " + dbname + " CHARACTER SET utf8 COLLATE utf8_general_ci; "
-	g := "GRANT ALL PRIVILEGES ON " + dbname + ".* TO '" + username + "'@'%' IDENTIFIED BY '${USER_PASSWORD}' WITH GRANT OPTION; FLUSH PRIVILEGES;"
+	c := fmt.Sprintf("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8 COLLATE utf8_general_ci;", dbname)
+	g := fmt.Sprintf("GRANT ALL PRIVILEGES ON %s.* TO '%s'@'%%' IDENTIFIED BY '${USER_PASSWORD}' WITH GRANT OPTION; FLUSH PRIVILEGES;", dbname, username)
 	container := base.MkContainer("mariadb-client", base.MariaDBImage())
 	base.SetContainerLimitsLowProfile(&container)
 	container.Command = []string{"sh", "-c", `
-	echo 'Running: mysql --host=" ` + MariaDBIdent + `" --user=root --password="$MYSQL_ROOT_PASSWORD" -e "` + c + g + `"'
+	echo 'Running: mysql --host="` + MariaDBIdent + `" --user=root --password="$MARIADB_ROOT_PASSWORD" -e "` + c + g + `"'
 	ATTEMPT=0
-	while ! mysql --host=mariadb --user=root --password="$MYSQL_ROOT_PASSWORD" -e "` + c + g + `"; do
+	while ! mysql --host=mariadb --user=root --password="$MARIADB_ROOT_PASSWORD" -e "` + c + g + `"; do
 		ATTEMPT=$[ $ATTEMPT + 1 ]
 		if test $ATTEMPT -eq 10; then
 			echo "Failed after $ATTEMPT attempt";
@@ -102,7 +102,7 @@ func (r *SFController) CreateDBInitContainer(username string, password string, d
 	done
 	`}
 	container.Env = []apiv1.EnvVar{
-		base.MkSecretEnvVar("MYSQL_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkSecretEnvVar("MARIADB_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
 		{
 			Name:  "USER_PASSWORD",
 			Value: password,
@@ -180,6 +180,18 @@ func (r *SFController) DeployMariadb() bool {
 			MYSQLRootPassword string
 		}{MYSQLRootPassword: string(adminPassSecret.Data["mariadb-root-password"])})
 
+	initfileSQL := fmt.Sprintf(
+		`CREATE USER IF NOT EXISTS root@localhost IDENTIFIED BY '%s';
+SET PASSWORD FOR root@localhost = PASSWORD('%s');
+GRANT ALL ON *.* TO root@localhost WITH GRANT OPTION;
+CREATE USER IF NOT EXISTS root@'%%' IDENTIFIED BY '%s';
+SET PASSWORD FOR root@'%%' = PASSWORD('%s');
+GRANT ALL ON *.* TO root@'%%' WITH GRANT OPTION;`,
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"],
+		adminPassSecret.Data["mariadb-root-password"])
+
 	configSecret := apiv1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "mariadb-config-secrets",
@@ -189,7 +201,17 @@ func (r *SFController) DeployMariadb() bool {
 			"my.cnf": []byte(myCNF),
 		},
 	}
+	initDBSecret := apiv1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "mariadb-initdb-secrets",
+			Namespace: r.ns,
+		},
+		Data: map[string][]byte{
+			"initfile.sql": []byte(initfileSQL),
+		},
+	}
 	r.EnsureSecret(&configSecret)
+	r.EnsureSecret(&initDBSecret)
 
 	sts := r.mkStatefulSet(MariaDBIdent, base.MariaDBImage(), r.getStorageConfOrDefault(r.cr.Spec.MariaDB.DBStorage), apiv1.ReadWriteOnce)
 
@@ -223,10 +245,18 @@ func (r *SFController) DeployMariadb() bool {
 			MountPath: "/var/lib/mysql/.my.cnf",
 			ReadOnly:  true,
 		},
+		{
+			Name:      "mariadb-initdb-secrets",
+			SubPath:   "initfile.sql",
+			MountPath: "/docker-entrypoint-initdb.d/initfile.sql",
+			ReadOnly:  true,
+		},
 	}, volumeMountsStatsExporter...)
 	sts.Spec.Template.Spec.Containers[0].Env = []apiv1.EnvVar{
 		base.MkEnvVar("HOME", "/var/lib/mysql"),
-		base.MkSecretEnvVar("MYSQL_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkSecretEnvVar("MARIADB_ROOT_PASSWORD", "mariadb-root-password", "mariadb-root-password"),
+		base.MkEnvVar("MARIADB_DISABLE_UPGRADE_BACKUP", "1"),
+		base.MkEnvVar("MARIADB_AUTO_UPGRADE", "1"),
 	}
 	sts.Spec.Template.Spec.Containers[0].Ports = []apiv1.ContainerPort{
 		base.MkContainerPort(mariadbPort, mariaDBPortName),
@@ -237,6 +267,7 @@ func (r *SFController) DeployMariadb() bool {
 	sts.Spec.Template.Spec.Volumes = []apiv1.Volume{
 		base.MkEmptyDirVolume("mariadb-run"),
 		base.MkVolumeSecret("mariadb-config-secrets", "mariadb-config-secrets"),
+		base.MkVolumeSecret("mariadb-initdb-secrets", "mariadb-initdb-secrets"),
 	}
 
 	annotations := map[string]string{

controllers/static/mariadb/my.cnf.tmpl

@@ -1,4 +1,12 @@
 [client]
 user=root
 host=localhost
-password={{ .MYSQLRootPassword }}
+password={{ .MYSQLRootPassword }}
+
+[mysqld]
+init-file=/docker-entrypoint-initdb.d/initfile.sql
+innodb_file_per_table=on
+
+[mariadb]
+general_log
+general_log_file=/var/log/mariadb/mariadb.log

roles/post/get-loki-logs/tasks/main.yaml

@@ -28,7 +28,7 @@
 
 - name: Get aggregated logs prefixed by service
   ansible.builtin.shell: >
-    ~/bin/logcli query --forward --since=6h --parallel-duration 15m --parallel-max-workers 4 --part-path-prefix=/tmp/all-query --merge-parts --no-labels --quiet '{namespace="sf"} | json | {{ line_format_query }}' > {{ _output_dir_realpath.stdout }}/all.log
+    ~/bin/logcli query  --batch 200 --limit 1000 --tail --forward --since=6h --parallel-duration 15m --parallel-max-workers 4 --part-path-prefix=/tmp/all-query --merge-parts --no-labels --quiet '{namespace="sf"} | json | {{ line_format_query }}' > {{ _output_dir_realpath.stdout }}/all.log
 
 - name: Change owner and group for the log dir
   ansible.builtin.command: chown -R {{ ansible_user }}:{{ ansible_user }} {{ _output_dir_realpath.stdout }}