feat(mariadb): topology merge + addon-api conformance (alpha.86 → alpha.90)

[weicao]

Summary

MariaDB addon evolution: alpha.37 semisync fencing baseline through 1.2.0-alpha.9. Topology merge, addon-api conformance, galera stabilization, replication hardening, syncer-side bug fixes, and full-topology acceptance.

Key changes

• Topology merge (alpha.89): single replication topology with merged CmpD covers async + semisync; legacy CmpDs retained for upgrade compat.
• Synthetic-parameter mapper (alpha.89): replicationMode={async,semisync} user switch; CUE validates, addon mapper translates to rpl_semi_sync_* variables.
• Account model (alpha.108-114): BINLOG ADMIN restore, kb_internal_root provisioning, declarative account Phase A Path C.
• Galera stabilization (alpha.115-122): single-owner bootstrap, wsrep-recover crash recovery, self-healing watcher, peer check, reconfigure auth fixes.
• Replication hardening (alpha.124-129): host-scoped BINLOG ADMIN fence, semisync mode guard, non-mutating switchover probe, sql_log_bin suppression.
• Syncer fixes (PR chore: fix restore pitr failed for mongo, if using datafile backup #170/Revert "chore: update disk size (#188)" #192): WriteCheck binlog guard outside transactions (Error 1694), async mode guard (no semisync in async), fallback lag check, EnableSemiSyncSource runtime timeout fix.
• addon-api/12b conformance: README capability matrix, explicit unsupported declarations, BackupPolicyTemplate target block.
• CmpV pin (alpha.9): 11.4.10 image tag pinned (was floating :11.4), Chart.yaml development journal stripped.

Validation

• Galera: alpha.122 r4 PASS 135/FAIL 0/SKIP 3; alpha.123 r2+r3 PASS 139/FAIL 0/SKIP 3
• Standalone: alpha.122 r1 PASS 26/FAIL 0/SKIP 3
• Async replication N=2: r23 PASS 96/FAIL 0/SKIP 4; r29 PASS 103/FAIL 0/SKIP 2 (alpha.1, including Chaos Mesh C7 + Backup/Restore)
• Semisync N=1 CLEAN PASS: r27 PASS 127/FAIL 0/SKIP 3 (alpha.9 + syncer 1baf0ee, rc=0, cleanup=0); r26b PASS 130/FAIL 0/SKIP 3 (product path green); r28 T8 VScale FAIL → alpha.10 fix (PR fix(mariadb): require replication truth for pending secondary role #2775); r32 T7 Start FAIL → alpha.11 fix (PR fix(mariadb): defer failed pod0 bootstrap to runtime reconcile #2776)
• helm lint/template clean across all chart versions

Follow-up

• Async N=2 reached (r23 + r29 CLEAN PASS)
• Semisync N=1 CLEAN PASS reached on alpha.9 (r27); r28-r32 exposed two new bugs fixed by alpha.10 (PR fix(mariadb): require replication truth for pending secondary role #2775) + alpha.11 (PR fix(mariadb): defer failed pod0 bootstrap to runtime reconcile #2776); N=1 recount on alpha.11 in progress
• Syncer PR Revert "chore: update disk size (#188)" #192 pending human review

Child PRs (merged into dev branch)

• fix(mariadb): recover empty existing slave channel #2780 fix(mariadb): recover empty runtime slave status in existing-slave-config rejoin (alpha.13)
• fix(mariadb): repair stale primary listener markers #2778 fix(mariadb): repair stale primary listener markers (alpha.12)
• fix(mariadb): defer failed pod0 bootstrap to runtime reconcile #2776 fix(mariadb): defer failed pod0 bootstrap to runtime reconcile (alpha.11)
• fix(mariadb): require replication truth for pending secondary role #2775 fix(mariadb): gate pending-secondary on replication thread readiness (alpha.10)
• fix(mariadb): pin 11.4.10 image tag and remove Chart.yaml journal #2774 fix(mariadb): pin 11.4.10 image tag and remove Chart.yaml journal
• fix(mariadb): clear stale prestop fence on container restart #2770 fix(mariadb): clear stale prestop fence on container restart (alpha.9)
• fix(mariadb): hand off replica rejoin on syncer promote #2769 bump chart to 1.2.0-alpha.8 for semisync pivot
• fix(mariadb): recover semisync primary after stop start #2768 fix(mariadb): startup deadlock on fresh cluster (alpha.7)
• test(mariadb): align shellspec assertions with alpha.4 chart #2763 align shellspec assertions with alpha.4 chart
• fix(mariadb): gate semisync role shape before ready #2762 gate semisync role shape before ready (alpha.4)
• mariadb: bump chart to 1.2.0-alpha.2 for semisync pivot #2756 bump chart to 1.2.0-alpha.2 for semisync pivot
• fix(mariadb): DCS primary overrides service routing during rolling update #2755 fix(mariadb): reorder DCS role check before service routing in CM4
• fix(mariadb): use bash for ActionSet pipefail #2754 fix(mariadb): suppress sql_log_bin in secondary bootstrap
• fix(mariadb): backup ActionSet pipefail + privilege fix #2753 fix(mariadb): non-mutating switchover probe (query-only)
• fix(mariadb): non-mutating switchover candidate probe #2752 fix(mariadb): non-mutating switchover candidate probe
• fix(mariadb): gate semisync operations on replication mode env #2751 fix(mariadb): gate semisync operations on replication mode env
• fix(mariadb): scope switchover BINLOG ADMIN fence by host #2746 fix(mariadb): scope switchover BINLOG ADMIN fence by host
• fix(mariadb): reduce galera polling log noise during wait-for-Primary #2740 fix(mariadb): reduce galera polling log noise during wait-for-Primary
• fix(mariadb): galera self-healing watcher kills stuck non-Primary nodes #2735 fix(mariadb): galera self-healing watcher kills stuck non-Primary nodes
• fix(mariadb): galera non-pod-0 waits for Primary before joining #2734 fix(mariadb): galera non-pod-0 waits for Primary before joining
• fix(mariadb): galera peer check queries wsrep_cluster_status #2732 fix(mariadb): galera peer check queries wsrep_cluster_status
• fix(mariadb): galera single-owner bootstrap prevents split-brain #2731 fix(mariadb): galera single-owner bootstrap prevents split-brain
• fix(mariadb): galera Stop/Start crash recovery — pod-0 wsrep-recover bootstrap #2730 fix(mariadb): galera Stop/Start crash recovery
• fix(mariadb): galera reconfigure auth — set MARIADB_INTERNAL_ROOT_USER=root #2729 fix(mariadb): galera reconfigure auth
• mariadb: alpha.116 — add wsrep_slave_threads to dynamicParameters #2728 alpha.116 add wsrep_slave_threads to dynamicParameters
• mariadb: alpha.115 — fix passwordGenerationPolicy.numDigits violating CRD Maximum=8 (surfaced by alpha.114 first live deploy) #2724 alpha.115 fix passwordGenerationPolicy.numDigits violating CRD Maximum=8
• mariadb: write .replication-pending marker on every memberJoin rc=1 path (close roleProbe stuck-initializing window) #2722 write .replication-pending marker on every memberJoin rc=1 path
• test(mariadb): lock replication mode contract wording #2720 lock replication mode contract wording
• mariadb: alpha.114 v2 — account model Phase A Path C declarative-only #2714 alpha.114 account model Phase A Path C declarative-only
• mariadb: alpha.113 — single-shot bootstrap-or-defer refactor of replication-member-join.sh #2712 alpha.113 single-shot bootstrap-or-defer refactor
• fix(mariadb): use published syncer default #2711 fix(mariadb): use published syncer default
• docs(mariadb): align README topology entry points #2710 docs(mariadb): align README topology entry points
• mariadb: alpha.112 — honest 60s timeoutSeconds on memberJoin + galera single-shot bootstrap-or-defer refactor #2702 alpha.112 honest 60s timeoutSeconds on memberJoin
• mariadb: alpha.111 P0a URGENT Phase 2 — wrap unwrapped FLUSH PRIVILEGES sites to close orphan binlog source #2701 alpha.111 wrap unwrapped FLUSH PRIVILEGES sites
• mariadb: alpha.110 P0a URGENT — skip primary_local_root_write_ready syncerctl-writecheck on reconcile-repair-begin path #2700 alpha.110 skip writecheck on reconcile-repair-begin path
• mariadb: alpha.109 P0a — sentinel + INTERNAL_LOCAL probe skip on grant_internal_admin_runtime_privileges secondary-restart path #2697 alpha.109 sentinel + INTERNAL_LOCAL probe skip on secondary-restart
• mariadb: alpha.108 P0a — restore BINLOG ADMIN on user-facing root @localhost+@127.0.0.1 to close sql_log_bin=0 wrap silent-fail #2696 alpha.108 restore BINLOG ADMIN on root
• mariadb: alpha.107 reaper Cond 7 bind verify + chart reconciled-existing path verify + audit log #2695 alpha.107 reaper Cond 7 bind verify + chart reconciled-existing verify
• fix(mariadb): self-heal stuck-pending markers + raise retry budget (alpha.106) #2694 alpha.106 self-heal stuck-pending markers + raise retry budget
• fix(mariadb): rewrite fence verifier to read-only privilege query (alpha.105) #2692 alpha.105 rewrite fence verifier to read-only privilege query
• fix(mariadb): provision kb_internal_root in standalone CmpD (alpha.104) #2691 alpha.104 provision kb_internal_root in standalone CmpD
• bump(mariadb): 1.1.1-alpha.103 pin reconfigure action image #2690 bump 1.1.1-alpha.103 pin reconfigure action image
• fix(mariadb): pin reconfigure action image #2689 fix(mariadb): pin reconfigure action image
• fix(mariadb): alpha.100 per-server gtid_domain_id avoids GTID 1950 out-of-order #2673 alpha.100 per-server gtid_domain_id avoids GTID out-of-order
• fix(mariadb): align shellspec tests with alpha.2 chart + seeder timeout preservation #2757 align shellspec tests with alpha.2 chart + seeder timeout preservation
• fix(mariadb): skip helm-dependent shellspec tests when helm unavailable #2758 skip helm-dependent shellspec tests when helm unavailable
• fix(mariadb): suppress shellspec warnings treated as failures in CI #2759 suppress shellspec warnings treated as failures in CI
• fix(mariadb): guard helm template calls in shellspec setup hooks #2760 guard helm template calls in shellspec setup hooks

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 3601 lines in your changes missing coverage. Please review.
✅ Project coverage is 0.00%. Comparing base (d784c97) to head (8a9d3cf).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...iadb/scripts-ut-spec/replication_roleprobe_spec.sh	0.00%	654 Missing ⚠️
...db/scripts-ut-spec/replication_member_join_spec.sh	0.00%	620 Missing ⚠️
...pts-ut-spec/semisync_rejoin_fence_template_spec.sh	0.00%	389 Missing ⚠️
...ipts-ut-spec/reconfigure_persisted_alpha86_spec.sh	0.00%	346 Missing ⚠️
...db/scripts-ut-spec/replication_mode_mapper_spec.sh	0.00%	269 Missing ⚠️
...plication_merged_semisync_startup_recovery_spec.sh	0.00%	224 Missing ⚠️
...ts-ut-spec/seed_replication_mode_overrides_spec.sh	0.00%	213 Missing ⚠️
...plication_merged_replication_mode_env_wire_spec.sh	0.00%	166 Missing ⚠️
...ripts-ut-spec/replication_user_convergence_spec.sh	0.00%	142 Missing ⚠️
...replication_merged_pd_regex_disambiguation_spec.sh	0.00%	123 Missing ⚠️
... and 8 more

Additional details and impacted files

@@           Coverage Diff           @@
##            main   #2633     +/-   ##
=======================================
  Coverage   0.00%   0.00%             
=======================================
  Files         73      92     +19     
  Lines       9270   14942   +5672     
=======================================
- Misses      9270   14942   +5672     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[weicao]

Review: PR #2633 — feat(mariadb): topology merge + addon-api conformance (alpha.86 -> alpha.90)

Reviewer: @JADE (PR Reviewer)
Stats: +24,151 / -34 across 54 files. CI RED (28 ShellSpec failures).

---

Summary

Mega-rollup of MariaDB addon evolution spanning ~25 alpha versions. Delivers:

1. Topology merge: async + semi-sync consolidated into single replication CmpD with mode selector
2. Galera topology (new CmpD + scripts)
3. Version expansion: 1 -> 6 declared versions
4. Addon-API conformance (PD, PCR, ClusterDefinition, BPT)
5. Backup modernization (datasafed)
6. Security hardening (kb_internal_root, SUPER stripping)

---

Blocking Issues

B1. CI ShellSpec tests RED — 28 failures out of 1197.
Multiple categories: test-vs-code desync (parametersSchema removed but tests still expect it), hardcoded version literals not updated, new env-wire tests failing, template content tests stale. Tests must pass before merge.

B2. Image tag mismatch for 11.4.10.
cmpv.yaml maps 11.4.10 release to floating tag mariadb:11.4 instead of pinned mariadb:11.4.10. This means the release silently drifts to whatever Docker Hub resolves. Either pin to 11.4.10 or document the floating-tag decision.

B3. Chart.yaml contains ~2,500 lines of development journal.
Every alpha version's root cause, fix rationale, and design discussion references are inlined. This ships in the chart artifact — every helm show chart dumps pages of internal notes. Move to a separate changelog or commit messages.

---

Non-blocking

1. Scope mixing — this is at least 4 PRs in one (topology merge, Galera, version expansion, addon-API conformance, backup modernization, security hardening, standalone overhaul, README rewrite). 24K lines across 54 files makes thorough review impractical. Strongly recommend splitting.

2. Legacy CmpDs rendered unconditionally — cmpd-replication.yaml (1K lines) and cmpd-semisync.yaml (2.4K lines) retained for upgrade compat but no .Values gate to disable them.

3. Excessive inline comments — templates contain hundreds of lines of rationale referencing specific people, timestamps, message IDs. Not meaningful to future maintainers.

4. values.yaml default replication.mode: "" is ambiguous — empty string means async behavior but isn't declared. New users get no signal.

5. BPT uses broad CmpD regex (^mariadb-) matching all topologies. If Galera has different backup requirements, this is a problem.

---

Questions

1. Why is Galera included in a PR titled "topology merge"? It's entirely new, not a merge.
2. For the merged CmpD, does mode "async" still provision semi-sync grants? Wasteful or harmful?
3. Was the PR rebased after live validation? CI is red against actual branch head.

---

Verdict: REQUEST_CHANGES

Mandatory:

1. Fix all 28 ShellSpec test failures
2. Pin mariadb:11.4 -> mariadb:11.4.10 or document floating-tag intent
3. Remove 2,500-line Chart.yaml development journal

Strongly recommended:
4. Split into smaller PRs. At minimum: (a) standalone + addon-API, (b) topology merge, (c) Galera, (d) version expansion. The current PR is unreviewable as a single unit.