Split the database grants into their own class

In anticipation of the nodepool patch, make the database grants,
which need a running database server to run, their own class. This
allows us to skip running them while in the chroot, and then on
boot we can simply run:

  puppet apply 'class {"openstack_project::slave_db": }'

Change-Id: I4223e691d7545b445d39048a8ca801458cc3c2ed

modules/openstack_project/manifests/slave_db.pp

@@ -0,0 +1,152 @@
+# Slave database configuration
+class openstack_project::slave_db(
+  $all_mysql_privs = false,
+){
+
+  $root_db_password = 'insecure_slave'
+
+  if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
+    class {'mysql::server':
+      config_hash    =>  {
+        'root_password'  => $root_db_password,
+        'default_engine' => 'MyISAM',
+        'bind_address'   => '127.0.0.1',
+      },
+      package_name   => 'community-mysql-server',
+    }
+  } else {
+    class {'mysql::server':
+      config_hash    =>  {
+        'root_password'  => $root_db_password,
+        'default_engine' => 'MyISAM',
+        'bind_address'   => '127.0.0.1',
+      },
+    }
+  }
+
+  include mysql::server::account_security
+
+  mysql::db { 'openstack_citest':
+    user     => 'openstack_citest',
+    password => 'openstack_citest',
+    host     => 'localhost',
+    grant    => ['all'],
+    require  => [
+      Class['mysql::server'],
+      Class['mysql::server::account_security'],
+    ],
+  }
+
+  # mysql::db is too dumb to realize that the same user can have
+  # access to multiple databases and will fail if you try creating
+  # a second DB with the same user. Create the DB directly as mysql::db
+  # above is creating the user for us.
+  database { 'openstack_baremetal_citest':
+    ensure   => present,
+    charset  => 'utf8',
+    provider => 'mysql',
+    require  => [
+      Class['mysql::server'],
+      Class['mysql::server::account_security'],
+    ],
+  }
+
+  database_grant { 'openstack_citest@localhost/openstack_baremetal_citest':
+    privileges => ['all'],
+    provider   => 'mysql',
+    require    => Database_user['openstack_citest@localhost'],
+  }
+
+  if ($all_mysql_privs == true) {
+    database_grant { 'openstack_citest@localhost':
+      privileges => ['all'],
+      provider   => 'mysql',
+      require    => Database_user['openstack_citest@localhost'],
+    }
+  }
+
+  # The puppetlabs postgres module does not manage the postgres user
+  # and group for us. Create them here to ensure concat can create
+  # dirs and files owned by this user and group.
+  user { 'postgres':
+    ensure  => present,
+    gid     => 'postgres',
+    system  => true,
+    require => Group['postgres'],
+  }
+
+  group { 'postgres':
+    ensure => present,
+    system => true,
+  }
+
+  if ($::lsbdistcodename == 'trusty') {
+    class { 'postgresql::globals':
+      version => '9.3',
+      before  => Class['postgresql::server'],
+    }
+  }
+
+  class { 'postgresql::server':
+    postgres_password => $root_db_password,
+    manage_firewall   => false,
+    # The puppetlabs postgres module incorrectly quotes ip addresses
+    # in the postgres server config. Use localhost instead.
+    listen_addresses  => ['localhost'],
+    require           => [
+      User['postgres'],
+      Class['postgresql::params'],
+    ],
+  }
+
+  class { 'postgresql::lib::devel':
+    require => Class['postgresql::params'],
+  }
+
+  # Create DB user and explicitly make it non superuser
+  # that can create databases.
+  postgresql::server::role { 'openstack_citest':
+    password_hash => postgresql_password('openstack_citest', 'openstack_citest'),
+    createdb      => true,
+    superuser     => false,
+    require       => Class['postgresql::server'],
+  }
+
+  postgresql::server::db { 'openstack_citest':
+    user     => 'openstack_citest',
+    password => postgresql_password('openstack_citest', 'openstack_citest'),
+    grant    => 'all',
+    require  => [
+      Class['postgresql::server'],
+      Postgresql::Server::Role['openstack_citest'],
+    ],
+  }
+
+  # Alter the new database giving the test DB user ownership of the DB.
+  # This is necessary to make the nova unittests run properly.
+  postgresql_psql { 'ALTER DATABASE openstack_citest OWNER TO openstack_citest':
+    db          => 'postgres',
+    refreshonly => true,
+    subscribe   => Postgresql::Server::Db['openstack_citest'],
+  }
+
+  postgresql::server::db { 'openstack_baremetal_citest':
+    user     => 'openstack_citest',
+    password => postgresql_password('openstack_citest', 'openstack_citest'),
+    grant    => 'all',
+    require  => [
+      Class['postgresql::server'],
+      Postgresql::Server::Role['openstack_citest'],
+    ],
+  }
+
+  # Alter the new database giving the test DB user ownership of the DB.
+  # This is necessary to make the nova unittests run properly.
+  postgresql_psql { 'ALTER DATABASE openstack_baremetal_citest OWNER TO
+                     openstack_citest':
+    db          => 'postgres',
+    refreshonly => true,
+    subscribe   => Postgresql::Server::Db['openstack_baremetal_citest'],
+  }
+
+}

modules/openstack_project/manifests/thick_slave.pp

@@ -101,149 +101,14 @@ class openstack_project::thick_slave(
     require  => Package[$::openstack_project::jenkins_params::rubygems_package],
   }
 
-  if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
-    class {'mysql::server':
-      config_hash  =>  {
-        'root_password'  => 'insecure_slave',
-        'default_engine' => 'MyISAM',
-        'bind_address'   => '127.0.0.1',
-      },
-      package_name => 'community-mysql-server',
+  if ($::in_chroot) {
+    notify { 'databases in chroot':
+      message => 'databases and grants not created, running in chroot',
     }
   } else {
-    class {'mysql::server':
-      config_hash =>  {
-        'root_password'  => 'insecure_slave',
-        'default_engine' => 'MyISAM',
-        'bind_address'   => '127.0.0.1',
-      }
+    class { 'openstack_project::slave_db':
+      all_mysql_privs => $all_mysql_privs,
     }
   }
-
-  include mysql::server::account_security
-
-  mysql::db { 'openstack_citest':
-    user     => 'openstack_citest',
-    password => 'openstack_citest',
-    host     => 'localhost',
-    grant    => ['all'],
-    require  => [
-      Class['mysql::server'],
-      Class['mysql::server::account_security'],
-    ],
-  }
-
-  # mysql::db is too dumb to realize that the same user can have
-  # access to multiple databases and will fail if you try creating
-  # a second DB with the same user. Create the DB directly as mysql::db
-  # above is creating the user for us.
-  database { 'openstack_baremetal_citest':
-    ensure   => present,
-    charset  => 'utf8',
-    provider => 'mysql',
-    require  => [
-      Class['mysql::server'],
-      Class['mysql::server::account_security'],
-    ],
-  }
-
-  database_grant { 'openstack_citest@localhost/openstack_baremetal_citest':
-    privileges => ['all'],
-    provider   => 'mysql',
-    require    => Database_user['openstack_citest@localhost'],
-  }
-
-  if ($all_mysql_privs == true) {
-    database_grant { 'openstack_citest@localhost':
-      privileges => ['all'],
-      provider   => 'mysql',
-      require    => Database_user['openstack_citest@localhost'],
-    }
-  }
-
-  # The puppetlabs postgres module does not manage the postgres user
-  # and group for us. Create them here to ensure concat can create
-  # dirs and files owned by this user and group.
-  user { 'postgres':
-    ensure  => present,
-    gid     => 'postgres',
-    system  => true,
-    require => Group['postgres'],
-  }
-
-  group { 'postgres':
-    ensure => present,
-    system => true,
-  }
-
-  if ($::lsbdistcodename == 'trusty') {
-    class { 'postgresql::globals':
-      version => '9.3',
-      before  => Class['postgresql::server'],
-    }
-  }
-
-  class { 'postgresql::server':
-    postgres_password => 'insecure_slave',
-    manage_firewall   => false,
-    # The puppetlabs postgres module incorrectly quotes ip addresses
-    # in the postgres server config. Use localhost instead.
-    listen_addresses  => ['localhost'],
-    require           => [
-      User['postgres'],
-      Class['postgresql::params'],
-    ],
-  }
-
-  class { 'postgresql::lib::devel':
-    require => Class['postgresql::params'],
-  }
-
-  # Create DB user and explicitly make it non superuser
-  # that can create databases.
-  postgresql::server::role { 'openstack_citest':
-    password_hash => postgresql_password('openstack_citest', 'openstack_citest'),
-    createdb      => true,
-    superuser     => false,
-    require       => Class['postgresql::server'],
-  }
-
-  postgresql::server::db { 'openstack_citest':
-    user     => 'openstack_citest',
-    password => postgresql_password('openstack_citest', 'openstack_citest'),
-    grant    => 'all',
-    require  => [
-      Class['postgresql::server'],
-      Postgresql::Server::Role['openstack_citest'],
-    ],
-  }
-
-  # Alter the new database giving the test DB user ownership of the DB.
-  # This is necessary to make the nova unittests run properly.
-  postgresql_psql { 'ALTER DATABASE openstack_citest OWNER TO openstack_citest':
-    db          => 'postgres',
-    refreshonly => true,
-    subscribe   => Postgresql::Server::Db['openstack_citest'],
-  }
-
-  postgresql::server::db { 'openstack_baremetal_citest':
-    user     => 'openstack_citest',
-    password => postgresql_password('openstack_citest', 'openstack_citest'),
-    grant    => 'all',
-    require  => [
-      Class['postgresql::server'],
-      Postgresql::Server::Role['openstack_citest'],
-    ],
-  }
-
-  # Alter the new database giving the test DB user ownership of the DB.
-  # This is necessary to make the nova unittests run properly.
-  postgresql_psql { 'ALTER DATABASE openstack_baremetal_citest OWNER TO
-                     openstack_citest':
-    db          => 'postgres',
-    refreshonly => true,
-    subscribe   => Postgresql::Server::Db['openstack_baremetal_citest'],
-  }
-
 }
 # vim:sw=2:ts=2:expandtab:textwidth=79