system-config/modules/openstack_project/manifests/slave_db.pp
Colleen Murphy 9f74110cb6 Upgrade mysql module to 3.6.1
This patch upgrades the mysql module version as well as upgrading the
usage of that module in openstack_project. This includes:

 - upgrading the syntax to set the root password
 - no longer setting bind_address anywhere since it defaults to 127.0.0.1
 - upgrading the syntax to set the default storage engine using the new
   override_options param
 - upgrading the database and database_grant puppet resources to use the
   mysql_database and mysql_grant types. These types were renamed and
   are now more strict about how the title should look and what
   parameters need to be specified rather than inferred from the title.
   There is also no longer any reason to specify the 'mysql' provider
   since they gave up on the generic database provider idea.

Changes to the system that we can expect:

 - /etc/mysql/my.cnf will have its parameters reordered. The key_buffer
   config parameter was renamed to key_buffer_size and the log_error
   parameter was renamed to log-error. Default values haven't changed.
 - The change in /etc/mysql/my.conf will trigger a mysql restart
 - /root/.my.cnf now adds single quotes around the password value. This
   won't change how mysql or the module reads the value, but puppet
   will report the file as having changed.

This patch should not be merged until a downtime is prepared for the
paste and wiki services.

Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854
Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
2016-01-04 10:51:50 -08:00

156 lines
4.5 KiB
Puppet

# Slave database configuration
class openstack_project::slave_db(
$all_mysql_privs = false,
){
$root_db_password = 'insecure_slave'
if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
class {'mysql::server':
root_password => $root_db_password,
override_options => {
'mysqld' => {
'default-storage-engine' => 'MyISAM',
}
},
package_name => 'community-mysql-server',
}
} else {
class {'mysql::server':
root_password => $root_db_password,
override_options => {
'mysqld' => {
'default-storage-engine' => 'MyISAM',
}
},
}
}
include mysql::server::account_security
mysql::db { 'openstack_citest':
user => 'openstack_citest',
password => 'openstack_citest',
host => 'localhost',
grant => ['all'],
require => [
Class['mysql::server'],
Class['mysql::server::account_security'],
],
}
# mysql::db is too dumb to realize that the same user can have
# access to multiple databases and will fail if you try creating
# a second DB with the same user. Create the DB directly as mysql::db
# above is creating the user for us.
mysql_database { 'openstack_baremetal_citest':
ensure => present,
charset => 'utf8',
require => [
Class['mysql::server'],
Class['mysql::server::account_security'],
],
}
mysql_grant { 'openstack_citest@localhost/openstack_baremetal_citest.*':
privileges => ['all'],
user => 'openstack_citest@localhost',
table => 'openstack_baremetal_citest.*',
require => Mysql_user['openstack_citest@localhost'],
}
if ($all_mysql_privs == true) {
mysql_grant { 'openstack_citest@localhost/*.*':
privileges => ['all'],
user => 'openstack_citest@localhost',
table => '*.*',
require => Mysql_user['openstack_citest@localhost'],
}
}
# The puppetlabs postgres module does not manage the postgres user
# and group for us. Create them here to ensure concat can create
# dirs and files owned by this user and group.
user { 'postgres':
ensure => present,
gid => 'postgres',
system => true,
require => Group['postgres'],
}
group { 'postgres':
ensure => present,
system => true,
}
if ($::lsbdistcodename == 'trusty') {
class { 'postgresql::globals':
version => '9.3',
before => Class['postgresql::server'],
}
}
class { 'postgresql::server':
postgres_password => $root_db_password,
manage_firewall => false,
# The puppetlabs postgres module incorrectly quotes ip addresses
# in the postgres server config. Use localhost instead.
listen_addresses => ['localhost'],
require => [
User['postgres'],
Class['postgresql::params'],
],
}
class { 'postgresql::lib::devel':
require => Class['postgresql::params'],
}
# Create DB user and explicitly make it non superuser
# that can create databases.
postgresql::server::role { 'openstack_citest':
password_hash => postgresql_password('openstack_citest', 'openstack_citest'),
createdb => true,
superuser => false,
require => Class['postgresql::server'],
}
postgresql::server::db { 'openstack_citest':
user => 'openstack_citest',
password => postgresql_password('openstack_citest', 'openstack_citest'),
grant => 'all',
require => [
Class['postgresql::server'],
Postgresql::Server::Role['openstack_citest'],
],
}
# Alter the new database giving the test DB user ownership of the DB.
# This is necessary to make the nova unittests run properly.
postgresql_psql { 'ALTER DATABASE openstack_citest OWNER TO openstack_citest':
db => 'postgres',
refreshonly => true,
subscribe => Postgresql::Server::Db['openstack_citest'],
}
postgresql::server::db { 'openstack_baremetal_citest':
user => 'openstack_citest',
password => postgresql_password('openstack_citest', 'openstack_citest'),
grant => 'all',
require => [
Class['postgresql::server'],
Postgresql::Server::Role['openstack_citest'],
],
}
# Alter the new database giving the test DB user ownership of the DB.
# This is necessary to make the nova unittests run properly.
postgresql_psql { 'ALTER DATABASE openstack_baremetal_citest OWNER TO
openstack_citest':
db => 'postgres',
refreshonly => true,
subscribe => Postgresql::Server::Db['openstack_baremetal_citest'],
}
}