From 3d9d74d09527c0d3bf3dc5b68dcbfa66c754a598 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 22 Nov 2024 17:00:36 +0700 Subject: [PATCH 1/5] Update lua_call config description --- .../supervised_failover/source.yaml | 4 +--- .../supervised_instance.lua | 23 ------------------- .../replication/supervised_failover.rst | 15 ------------ .../configuration/configuration_reference.rst | 3 ++- 4 files changed, 3 insertions(+), 42 deletions(-) delete mode 100644 doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua diff --git a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml index a0db246964..f4c0a7d6ed 100644 --- a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml +++ b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml @@ -5,7 +5,7 @@ credentials: roles: [ replication ] privileges: - permissions: [ execute ] - functions: [ 'failover.execute' ] + lua_call: [ 'failover.execute' ] iproto: advertise: @@ -23,8 +23,6 @@ failover: keepalive_interval: 5 renew_interval: 1 -roles: [ 'supervised_instance' ] - groups: group001: replicasets: diff --git a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua b/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua deleted file mode 100644 index 105c06dbe8..0000000000 --- a/doc/code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua +++ /dev/null @@ -1,23 +0,0 @@ --- supervised_instance.lua -- -return { - validate = function() - end, - apply = function() - if box.info.ro then - return - end - local func_name = 'failover.execute' - local opts = { if_not_exists = true } - box.schema.func.create(func_name, opts) - end, - stop = function() - if box.info.ro then - return - end - local func_name = 'failover.execute' - if not box.schema.func.exists(func_name) then - return - end - box.schema.func.drop(func_name) - end, -} diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst index d1a1dd44a1..37e7253a5d 100644 --- a/doc/platform/replication/supervised_failover.rst +++ b/doc/platform/replication/supervised_failover.rst @@ -124,21 +124,6 @@ To configure a cluster to work with an external failover coordinator, follow the :end-at: failover.execute :dedent: -4. Create the ``failover.execute`` function in the application code. - For example, you can create a :ref:`custom role ` for this purpose: - - .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/supervised_instance.lua - :language: lua - :dedent: - - Then, you need to enable this role for all storage instances: - - .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml - :language: yaml - :start-at: supervised_instance - :end-before: groups: - :dedent: - 5. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section: .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml diff --git a/doc/reference/configuration/configuration_reference.rst b/doc/reference/configuration/configuration_reference.rst index 0f9fdc1f63..3bda36af69 100644 --- a/doc/reference/configuration/configuration_reference.rst +++ b/doc/reference/configuration/configuration_reference.rst @@ -1445,7 +1445,8 @@ credentials.users.* .. confval:: .privileges.lua_call - Whether this user or a user with this role can call any global user-defined Lua function. + A list of global user-defined Lua functions that this user or a user with this role can call. + To allow calling all such functions, specify the ``all`` value. .. _configuration_reference_credentials_privileges_sql: From f75538406533e1a415b68a664d58014c7be02e6d Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 22 Nov 2024 17:40:44 +0700 Subject: [PATCH 2/5] Update lua_call config description --- .../replication/supervised_failover.rst | 69 +++++++++++++++++-- .../configuration/configuration_reference.rst | 3 + 2 files changed, 68 insertions(+), 4 deletions(-) diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst index 37e7253a5d..4b74753c29 100644 --- a/doc/platform/replication/supervised_failover.rst +++ b/doc/platform/replication/supervised_failover.rst @@ -106,9 +106,9 @@ Configuring a cluster To configure a cluster to work with an external failover coordinator, follow the steps below: -1. (Optional) If you need to run :ref:`several failover coordinators ` to increase fault tolerance, set up an etcd-based configuration storage, as described in :ref:`configuration_etcd`. +#. (Optional) If you need to run :ref:`several failover coordinators ` to increase fault tolerance, set up an etcd-based configuration storage, as described in :ref:`configuration_etcd`. -2. Set the :ref:`replication.failover ` option to ``supervised``: +#. Set the :ref:`replication.failover ` option to ``supervised``: .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml :language: yaml @@ -116,7 +116,7 @@ To configure a cluster to work with an external failover coordinator, follow the :end-at: failover: supervised :dedent: -3. Grant a user used for replication :ref:`permissions ` to execute the ``failover.execute`` function: +#. Grant a user used for replication :ref:`permissions ` to execute the ``failover.execute`` function: .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml :language: yaml @@ -124,7 +124,12 @@ To configure a cluster to work with an external failover coordinator, follow the :end-at: failover.execute :dedent: -5. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section: +.. note:: + + For Tarantool 3.0 and 3.1, the configuration is different and a custom application + role is required. See :ref:`supervised_failover_configuration_with_role` for details. + +#. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section: .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml :language: yaml @@ -134,6 +139,62 @@ To configure a cluster to work with an external failover coordinator, follow the You can find the full example on GitHub: `supervised_failover `_. +.. _supervised_failover_configuration_with_role: + +Tarantool 3.0 and 3.1 configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Before version 3.2, Tarantool used another mechanism to grant execute access to Lua +functions. With Tarantool 3.0 or 3.1, the ``credentials`` configuration section +should look as follows: + +.. code-block:: yaml + + # Tarantool 3.0 and 3.1 + credentials: + users: + replicator: + password: 'topsecret' + roles: [ replication ] + privileges: + - permissions: [ execute ] + functions: [ 'failover.execute' ] + +Additionally, you should create the ``failover.execute`` function in the application code. +For example, you can create a :ref:`custom role ` for this purpose: + +.. code-block:: lua + + -- Tarantool 3.0 and 3.1 -- + -- supervised_instance.lua -- + return { + validate = function() + end, + apply = function() + if box.info.ro then + return + end + local func_name = 'failover.execute' + local opts = { if_not_exists = true } + box.schema.func.create(func_name, opts) + end, + stop = function() + if box.info.ro then + return + end + local func_name = 'failover.execute' + if not box.schema.func.exists(func_name) then + return + end + box.schema.func.drop(func_name) + end, + } + +Then, enable this role for all storage instances: + +.. code-block:: yaml + + roles: [ 'supervised_instance' ] .. _supervised_failover_start_coordinator: diff --git a/doc/reference/configuration/configuration_reference.rst b/doc/reference/configuration/configuration_reference.rst index 3bda36af69..70e3adb61e 100644 --- a/doc/reference/configuration/configuration_reference.rst +++ b/doc/reference/configuration/configuration_reference.rst @@ -1448,6 +1448,9 @@ credentials.users.* A list of global user-defined Lua functions that this user or a user with this role can call. To allow calling all such functions, specify the ``all`` value. + This option should be configured together with the ``execute`` + :ref:`permission `. + .. _configuration_reference_credentials_privileges_sql: .. confval:: .privileges.sql From 3d61f3af0fa887913effd772fd043a79ecc6bbb8 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 22 Nov 2024 17:51:00 +0700 Subject: [PATCH 3/5] Fix --- doc/platform/replication/supervised_failover.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst index 4b74753c29..9a5931530d 100644 --- a/doc/platform/replication/supervised_failover.rst +++ b/doc/platform/replication/supervised_failover.rst @@ -124,17 +124,17 @@ To configure a cluster to work with an external failover coordinator, follow the :end-at: failover.execute :dedent: -.. note:: + .. note:: - For Tarantool 3.0 and 3.1, the configuration is different and a custom application - role is required. See :ref:`supervised_failover_configuration_with_role` for details. + In Tarantool 3.0 and 3.1, the configuration is different and the function + must be created in the application code . See :ref:`supervised_failover_configuration_with_role` for details. #. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section: .. literalinclude:: /code_snippets/snippets/replication/instances.enabled/supervised_failover/source.yaml :language: yaml :start-after: failover: supervised - :end-before: supervised_instance + :end-before: groups :dedent: You can find the full example on GitHub: `supervised_failover `_. @@ -145,7 +145,7 @@ Tarantool 3.0 and 3.1 configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Before version 3.2, Tarantool used another mechanism to grant execute access to Lua -functions. With Tarantool 3.0 or 3.1, the ``credentials`` configuration section +functions. In Tarantool 3.0 or 3.1, the ``credentials`` configuration section should look as follows: .. code-block:: yaml @@ -194,6 +194,7 @@ Then, enable this role for all storage instances: .. code-block:: yaml + # Tarantool 3.0 and 3.1 roles: [ 'supervised_instance' ] .. _supervised_failover_start_coordinator: From 3189295745ccd670d9e572415c0bf830c5776987 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Fri, 22 Nov 2024 18:09:33 +0700 Subject: [PATCH 4/5] Fix --- doc/platform/replication/supervised_failover.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst index 9a5931530d..7a8ef9331e 100644 --- a/doc/platform/replication/supervised_failover.rst +++ b/doc/platform/replication/supervised_failover.rst @@ -127,7 +127,7 @@ To configure a cluster to work with an external failover coordinator, follow the .. note:: In Tarantool 3.0 and 3.1, the configuration is different and the function - must be created in the application code . See :ref:`supervised_failover_configuration_with_role` for details. + must be created in the application code. See :ref:`supervised_failover_configuration_with_role` for details. #. (Optional) Configure options that control how a failover coordinator operates in the :ref:`failover ` section: From 59d108241b9826aa0504e3dc34e2370687546282 Mon Sep 17 00:00:00 2001 From: Pavel Semyonov Date: Tue, 26 Nov 2024 10:14:15 +0700 Subject: [PATCH 5/5] Update doc/platform/replication/supervised_failover.rst Co-authored-by: Kseniia Antonova <73473519+xuniq@users.noreply.github.com> --- doc/platform/replication/supervised_failover.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/platform/replication/supervised_failover.rst b/doc/platform/replication/supervised_failover.rst index 7a8ef9331e..681827fa79 100644 --- a/doc/platform/replication/supervised_failover.rst +++ b/doc/platform/replication/supervised_failover.rst @@ -145,7 +145,7 @@ Tarantool 3.0 and 3.1 configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Before version 3.2, Tarantool used another mechanism to grant execute access to Lua -functions. In Tarantool 3.0 or 3.1, the ``credentials`` configuration section +functions. In Tarantool 3.0 and 3.1, the ``credentials`` configuration section should look as follows: .. code-block:: yaml