c7466dea40
The old version of the puppet mysql module defined the "all" privilege as all the columns in the *_priv rows in the "db" table of the "mysql" database, which included "Grant_priv". The new version simply uses the normal MySQL API, which defines the "all" privilege as "Grant all privileges at specified access level except GRANT OPTION". In order to get back the old behavior of grant permissions on single use slaves we use the options parameter with ['GRANT']. Change-Id: I93b9375de916ca701399aee03dfaa9ab4d197319
157 lines
4.5 KiB
Puppet
157 lines
4.5 KiB
Puppet
# Slave database configuration
|
|
class openstack_project::slave_db(
|
|
$all_mysql_privs = false,
|
|
){
|
|
|
|
$root_db_password = 'insecure_slave'
|
|
|
|
if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
|
|
class {'mysql::server':
|
|
root_password => $root_db_password,
|
|
override_options => {
|
|
'mysqld' => {
|
|
'default-storage-engine' => 'MyISAM',
|
|
}
|
|
},
|
|
package_name => 'community-mysql-server',
|
|
}
|
|
} else {
|
|
class {'mysql::server':
|
|
root_password => $root_db_password,
|
|
override_options => {
|
|
'mysqld' => {
|
|
'default-storage-engine' => 'MyISAM',
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
include mysql::server::account_security
|
|
|
|
mysql::db { 'openstack_citest':
|
|
user => 'openstack_citest',
|
|
password => 'openstack_citest',
|
|
host => 'localhost',
|
|
grant => ['all'],
|
|
require => [
|
|
Class['mysql::server'],
|
|
Class['mysql::server::account_security'],
|
|
],
|
|
}
|
|
|
|
# mysql::db is too dumb to realize that the same user can have
|
|
# access to multiple databases and will fail if you try creating
|
|
# a second DB with the same user. Create the DB directly as mysql::db
|
|
# above is creating the user for us.
|
|
mysql_database { 'openstack_baremetal_citest':
|
|
ensure => present,
|
|
charset => 'utf8',
|
|
require => [
|
|
Class['mysql::server'],
|
|
Class['mysql::server::account_security'],
|
|
],
|
|
}
|
|
|
|
mysql_grant { 'openstack_citest@localhost/openstack_baremetal_citest.*':
|
|
privileges => ['all'],
|
|
user => 'openstack_citest@localhost',
|
|
table => 'openstack_baremetal_citest.*',
|
|
require => Mysql_user['openstack_citest@localhost'],
|
|
}
|
|
|
|
if ($all_mysql_privs == true) {
|
|
mysql_grant { 'openstack_citest@localhost/*.*':
|
|
privileges => ['all'],
|
|
options => ['GRANT'],
|
|
user => 'openstack_citest@localhost',
|
|
table => '*.*',
|
|
require => Mysql_user['openstack_citest@localhost'],
|
|
}
|
|
}
|
|
|
|
# The puppetlabs postgres module does not manage the postgres user
|
|
# and group for us. Create them here to ensure concat can create
|
|
# dirs and files owned by this user and group.
|
|
user { 'postgres':
|
|
ensure => present,
|
|
gid => 'postgres',
|
|
system => true,
|
|
require => Group['postgres'],
|
|
}
|
|
|
|
group { 'postgres':
|
|
ensure => present,
|
|
system => true,
|
|
}
|
|
|
|
if ($::lsbdistcodename == 'trusty') {
|
|
class { 'postgresql::globals':
|
|
version => '9.3',
|
|
before => Class['postgresql::server'],
|
|
}
|
|
}
|
|
|
|
class { 'postgresql::server':
|
|
postgres_password => $root_db_password,
|
|
manage_firewall => false,
|
|
# The puppetlabs postgres module incorrectly quotes ip addresses
|
|
# in the postgres server config. Use localhost instead.
|
|
listen_addresses => ['localhost'],
|
|
require => [
|
|
User['postgres'],
|
|
Class['postgresql::params'],
|
|
],
|
|
}
|
|
|
|
class { 'postgresql::lib::devel':
|
|
require => Class['postgresql::params'],
|
|
}
|
|
|
|
# Create DB user and explicitly make it non superuser
|
|
# that can create databases.
|
|
postgresql::server::role { 'openstack_citest':
|
|
password_hash => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
createdb => true,
|
|
superuser => false,
|
|
require => Class['postgresql::server'],
|
|
}
|
|
|
|
postgresql::server::db { 'openstack_citest':
|
|
user => 'openstack_citest',
|
|
password => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
grant => 'all',
|
|
require => [
|
|
Class['postgresql::server'],
|
|
Postgresql::Server::Role['openstack_citest'],
|
|
],
|
|
}
|
|
|
|
# Alter the new database giving the test DB user ownership of the DB.
|
|
# This is necessary to make the nova unittests run properly.
|
|
postgresql_psql { 'ALTER DATABASE openstack_citest OWNER TO openstack_citest':
|
|
db => 'postgres',
|
|
refreshonly => true,
|
|
subscribe => Postgresql::Server::Db['openstack_citest'],
|
|
}
|
|
|
|
postgresql::server::db { 'openstack_baremetal_citest':
|
|
user => 'openstack_citest',
|
|
password => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
grant => 'all',
|
|
require => [
|
|
Class['postgresql::server'],
|
|
Postgresql::Server::Role['openstack_citest'],
|
|
],
|
|
}
|
|
|
|
# Alter the new database giving the test DB user ownership of the DB.
|
|
# This is necessary to make the nova unittests run properly.
|
|
postgresql_psql { 'ALTER DATABASE openstack_baremetal_citest OWNER TO
|
|
openstack_citest':
|
|
db => 'postgres',
|
|
refreshonly => true,
|
|
subscribe => Postgresql::Server::Db['openstack_baremetal_citest'],
|
|
}
|
|
|
|
}
|