From 3d9d74d09527c0d3bf3dc5b68dcbfa66c754a598 Mon Sep 17 00:00:00 2001
From: Pavel Semyonov
Date: Fri, 22 Nov 2024 17:00:36 +0700
Subject: [PATCH 1/5] Update lua_call config description
---
.../supervised_failover/source.yaml | 4 +---
.../supervised_instance.lua | 23 -------------------
.../replication/supervised_failover.rst | 15 ------------
.../configuration/configuration_reference.rst | 3 ++-
4 files changed, 3 insertions(+), 42 deletions(-)
delete mode 100644 doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua
diff --git a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
index a0db246964..f4c0a7d6ed 100644
--- a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
+++ b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
@@ -5,7 +5,7 @@ credentials:
roles: [ replication ]
privileges:
- permissions: [ execute ]
- functions: [ 'failover.execute' ]
+ lua_call: [ 'failover.execute' ]
iproto:
advertise:
@@ -23,8 +23,6 @@ failover:
keepalive_interval: 5
renew_interval: 1
-roles: [ 'supervised_instance' ]
-
groups:
group001:
replicasets:
diff --git a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua
deleted file mode 100644
index 105c06dbe8..0000000000
--- a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua
+++ /dev/null
@@ -1,23 +0,0 @@
--- supervised_instance.lua --
-return {
- validate = function()
- end,
- apply = function()
- if box.info.ro then
- return
- end
- local func_name = 'failover.execute'
- local opts = { if_not_exists = true }
- box.schema.func.create(func_name, opts)
- end,
- stop = function()
- if box.info.ro then
- return
- end
- local func_name = 'failover.execute'
- if not box.schema.func.exists(func_name) then
- return
- end
- box.schema.func.drop(func_name)
- end,
-}
diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst
index d1a1dd44a1..37e7253a5d 100644
--- a/doc/platform/replication/supervised_failover.rst
+++ b/doc/platform/replication/supervised_failover.rst
@@ -124,21 +124,6 @@ To configure a cluster to work with an external failover coordinator, follow the
:end-at: failover.execute
:dedent:
-4. Create the ``failover.execute`` function in the application code.
- For example, you can create a :ref:`custom role ` for this purpose:
-
- .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua
- :language: lua
- :dedent:
-
- Then, you need to enable this role for all storage instances:
-
- .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
- :language: yaml
- :start-at: supervised_instance
- :end-before: groups:
- :dedent:
-
5. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section:
.. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
diff --git a/doc/reference/configuration/configuration_reference.rst b/doc/reference/configuration/configuration_reference.rst
index 0f9fdc1f63..3bda36af69 100644
--- a/doc/reference/configuration/configuration_reference.rst
+++ b/doc/reference/configuration/configuration_reference.rst
@@ -1445,7 +1445,8 @@ credentials.users.*
.. confval:: .privileges.lua_call
- Whether this user or a user with this role can call any global user-defined Lua function.
+ A list of global user-defined Lua functions that this user or a user with this role can call.
+ To allow calling all such functions, specify the ``all`` value.
.. _configuration_reference_credentials_privileges_sql:
From f75538406533e1a415b68a664d58014c7be02e6d Mon Sep 17 00:00:00 2001
From: Pavel Semyonov
Date: Fri, 22 Nov 2024 17:40:44 +0700
Subject: [PATCH 2/5] Update lua_call config description
---
.../replication/supervised_failover.rst | 69 +++++++++++++++++--
.../configuration/configuration_reference.rst | 3 +
2 files changed, 68 insertions(+), 4 deletions(-)
diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst
index 37e7253a5d..4b74753c29 100644
--- a/doc/platform/replication/supervised_failover.rst
+++ b/doc/platform/replication/supervised_failover.rst
@@ -106,9 +106,9 @@ Configuring a cluster
To configure a cluster to work with an external failover coordinator, follow the steps below:
-1. (Optional) If you need to run :ref:`several failover coordinators ` to increase fault tolerance, set up an etcd-based configuration storage, as described in :ref:`configuration_etcd`.
+#. (Optional) If you need to run :ref:`several failover coordinators ` to increase fault tolerance, set up an etcd-based configuration storage, as described in :ref:`configuration_etcd`.
-2. Set the :ref:`replication.failover ` option to ``supervised``:
+#. Set the :ref:`replication.failover ` option to ``supervised``:
.. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
:language: yaml
@@ -116,7 +116,7 @@ To configure a cluster to work with an external failover coordinator, follow the
:end-at: failover: supervised
:dedent:
-3. Grant a user used for replication :ref:`permissions ` to execute the ``failover.execute`` function:
+#. Grant a user used for replication :ref:`permissions ` to execute the ``failover.execute`` function:
.. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
:language: yaml
@@ -124,7 +124,12 @@ To configure a cluster to work with an external failover coordinator, follow the
:end-at: failover.execute
:dedent:
-5. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section:
+.. note::
+
+ For Tarantool 3.0 and 3.1, the configuration is different and a custom application
+ role is required. See :ref:`supervised_failover_configuration_with_role` for details.
+
+#. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section:
.. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
:language: yaml
@@ -134,6 +139,62 @@ To configure a cluster to work with an external failover coordinator, follow the
You can find the full example on GitHub: `supervised_failover `_.
+.. _supervised_failover_configuration_with_role:
+
+Tarantool 3.0 and 3.1 configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Before version 3.2, Tarantool used another mechanism to grant execute access to Lua
+functions. With Tarantool 3.0 or 3.1, the ``credentials`` configuration section
+should look as follows:
+
+.. code-block:: yaml
+
+ # Tarantool 3.0 and 3.1
+ credentials:
+ users:
+ replicator:
+ password: 'topsecret'
+ roles: [ replication ]
+ privileges:
+ - permissions: [ execute ]
+ functions: [ 'failover.execute' ]
+
+Additionally, you should create the ``failover.execute`` function in the application code.
+For example, you can create a :ref:`custom role ` for this purpose:
+
+.. code-block:: lua
+
+ -- Tarantool 3.0 and 3.1 --
+ -- supervised_instance.lua --
+ return {
+ validate = function()
+ end,
+ apply = function()
+ if box.info.ro then
+ return
+ end
+ local func_name = 'failover.execute'
+ local opts = { if_not_exists = true }
+ box.schema.func.create(func_name, opts)
+ end,
+ stop = function()
+ if box.info.ro then
+ return
+ end
+ local func_name = 'failover.execute'
+ if not box.schema.func.exists(func_name) then
+ return
+ end
+ box.schema.func.drop(func_name)
+ end,
+ }
+
+Then, enable this role for all storage instances:
+
+.. code-block:: yaml
+
+ roles: [ 'supervised_instance' ]
.. _supervised_failover_start_coordinator:
diff --git a/doc/reference/configuration/configuration_reference.rst b/doc/reference/configuration/configuration_reference.rst
index 3bda36af69..70e3adb61e 100644
--- a/doc/reference/configuration/configuration_reference.rst
+++ b/doc/reference/configuration/configuration_reference.rst
@@ -1448,6 +1448,9 @@ credentials.users.*
A list of global user-defined Lua functions that this user or a user with this role can call.
To allow calling all such functions, specify the ``all`` value.
+ This option should be configured together with the ``execute``
+ :ref:`permission `.
+
.. _configuration_reference_credentials_privileges_sql:
.. confval:: .privileges.sql
From 3d61f3af0fa887913effd772fd043a79ecc6bbb8 Mon Sep 17 00:00:00 2001
From: Pavel Semyonov
Date: Fri, 22 Nov 2024 17:51:00 +0700
Subject: [PATCH 3/5] Fix
---
doc/platform/replication/supervised_failover.rst | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst
index 4b74753c29..9a5931530d 100644
--- a/doc/platform/replication/supervised_failover.rst
+++ b/doc/platform/replication/supervised_failover.rst
@@ -124,17 +124,17 @@ To configure a cluster to work with an external failover coordinator, follow the
:end-at: failover.execute
:dedent:
-.. note::
+ .. note::
- For Tarantool 3.0 and 3.1, the configuration is different and a custom application
- role is required. See :ref:`supervised_failover_configuration_with_role` for details.
+ In Tarantool 3.0 and 3.1, the configuration is different and the function
+ must be created in the application code . See :ref:`supervised_failover_configuration_with_role` for details.
#. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section:
.. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml
:language: yaml
:start-after: failover: supervised
- :end-before: supervised_instance
+ :end-before: groups
:dedent:
You can find the full example on GitHub: `supervised_failover `_.
@@ -145,7 +145,7 @@ Tarantool 3.0 and 3.1 configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Before version 3.2, Tarantool used another mechanism to grant execute access to Lua
-functions. With Tarantool 3.0 or 3.1, the ``credentials`` configuration section
+functions. In Tarantool 3.0 or 3.1, the ``credentials`` configuration section
should look as follows:
.. code-block:: yaml
@@ -194,6 +194,7 @@ Then, enable this role for all storage instances:
.. code-block:: yaml
+ # Tarantool 3.0 and 3.1
roles: [ 'supervised_instance' ]
.. _supervised_failover_start_coordinator:
From 3189295745ccd670d9e572415c0bf830c5776987 Mon Sep 17 00:00:00 2001
From: Pavel Semyonov
Date: Fri, 22 Nov 2024 18:09:33 +0700
Subject: [PATCH 4/5] Fix
---
doc/platform/replication/supervised_failover.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst
index 9a5931530d..7a8ef9331e 100644
--- a/doc/platform/replication/supervised_failover.rst
+++ b/doc/platform/replication/supervised_failover.rst
@@ -127,7 +127,7 @@ To configure a cluster to work with an external failover coordinator, follow the
.. note::
In Tarantool 3.0 and 3.1, the configuration is different and the function
- must be created in the application code . See :ref:`supervised_failover_configuration_with_role` for details.
+ must be created in the application code. See :ref:`supervised_failover_configuration_with_role` for details.
#. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section:
From 59d108241b9826aa0504e3dc34e2370687546282 Mon Sep 17 00:00:00 2001
From: Pavel Semyonov
Date: Tue, 26 Nov 2024 10:14:15 +0700
Subject: [PATCH 5/5] Update doc/platform/replication/supervised_failover.rst
Co-authored-by: Kseniia Antonova <73473519+xuniq@users.noreply.github.com>
---
doc/platform/replication/supervised_failover.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst
index 7a8ef9331e..681827fa79 100644
--- a/doc/platform/replication/supervised_failover.rst
+++ b/doc/platform/replication/supervised_failover.rst
@@ -145,7 +145,7 @@ Tarantool 3.0 and 3.1 configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Before version 3.2, Tarantool used another mechanism to grant execute access to Lua
-functions. In Tarantool 3.0 or 3.1, the ``credentials`` configuration section
+functions. In Tarantool 3.0 and 3.1, the ``credentials`` configuration section
should look as follows:
.. code-block:: yaml