9f74110cb6
This patch upgrades the mysql module version as well as upgrading the usage of that module in openstack_project. This includes: - upgrading the syntax to set the root password - no longer setting bind_address anywhere since it defaults to 127.0.0.1 - upgrading the syntax to set the default storage engine using the new override_options param - upgrading the database and database_grant puppet resources to use the mysql_database and mysql_grant types. These types were renamed and are now more strict about how the title should look and what parameters need to be specified rather than inferred from the title. There is also no longer any reason to specify the 'mysql' provider since they gave up on the generic database provider idea. Changes to the system that we can expect: - /etc/mysql/my.cnf will have its parameters reordered. The key_buffer config parameter was renamed to key_buffer_size and the log_error parameter was renamed to log-error. Default values haven't changed. - The change in /etc/mysql/my.conf will trigger a mysql restart - /root/.my.cnf now adds single quotes around the password value. This won't change how mysql or the module reads the value, but puppet will report the file as having changed. This patch should not be merged until a downtime is prepared for the paste and wiki services. Change-Id: I8072e0aab03606307505e37fe6fb0c8b18eef854 Depends-On: I3ff754b15eef51c3c86c188647353a4a1d3bfea0
156 lines
4.5 KiB
Puppet
156 lines
4.5 KiB
Puppet
# Slave database configuration
|
|
class openstack_project::slave_db(
|
|
$all_mysql_privs = false,
|
|
){
|
|
|
|
$root_db_password = 'insecure_slave'
|
|
|
|
if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
|
|
class {'mysql::server':
|
|
root_password => $root_db_password,
|
|
override_options => {
|
|
'mysqld' => {
|
|
'default-storage-engine' => 'MyISAM',
|
|
}
|
|
},
|
|
package_name => 'community-mysql-server',
|
|
}
|
|
} else {
|
|
class {'mysql::server':
|
|
root_password => $root_db_password,
|
|
override_options => {
|
|
'mysqld' => {
|
|
'default-storage-engine' => 'MyISAM',
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
include mysql::server::account_security
|
|
|
|
mysql::db { 'openstack_citest':
|
|
user => 'openstack_citest',
|
|
password => 'openstack_citest',
|
|
host => 'localhost',
|
|
grant => ['all'],
|
|
require => [
|
|
Class['mysql::server'],
|
|
Class['mysql::server::account_security'],
|
|
],
|
|
}
|
|
|
|
# mysql::db is too dumb to realize that the same user can have
|
|
# access to multiple databases and will fail if you try creating
|
|
# a second DB with the same user. Create the DB directly as mysql::db
|
|
# above is creating the user for us.
|
|
mysql_database { 'openstack_baremetal_citest':
|
|
ensure => present,
|
|
charset => 'utf8',
|
|
require => [
|
|
Class['mysql::server'],
|
|
Class['mysql::server::account_security'],
|
|
],
|
|
}
|
|
|
|
mysql_grant { 'openstack_citest@localhost/openstack_baremetal_citest.*':
|
|
privileges => ['all'],
|
|
user => 'openstack_citest@localhost',
|
|
table => 'openstack_baremetal_citest.*',
|
|
require => Mysql_user['openstack_citest@localhost'],
|
|
}
|
|
|
|
if ($all_mysql_privs == true) {
|
|
mysql_grant { 'openstack_citest@localhost/*.*':
|
|
privileges => ['all'],
|
|
user => 'openstack_citest@localhost',
|
|
table => '*.*',
|
|
require => Mysql_user['openstack_citest@localhost'],
|
|
}
|
|
}
|
|
|
|
# The puppetlabs postgres module does not manage the postgres user
|
|
# and group for us. Create them here to ensure concat can create
|
|
# dirs and files owned by this user and group.
|
|
user { 'postgres':
|
|
ensure => present,
|
|
gid => 'postgres',
|
|
system => true,
|
|
require => Group['postgres'],
|
|
}
|
|
|
|
group { 'postgres':
|
|
ensure => present,
|
|
system => true,
|
|
}
|
|
|
|
if ($::lsbdistcodename == 'trusty') {
|
|
class { 'postgresql::globals':
|
|
version => '9.3',
|
|
before => Class['postgresql::server'],
|
|
}
|
|
}
|
|
|
|
class { 'postgresql::server':
|
|
postgres_password => $root_db_password,
|
|
manage_firewall => false,
|
|
# The puppetlabs postgres module incorrectly quotes ip addresses
|
|
# in the postgres server config. Use localhost instead.
|
|
listen_addresses => ['localhost'],
|
|
require => [
|
|
User['postgres'],
|
|
Class['postgresql::params'],
|
|
],
|
|
}
|
|
|
|
class { 'postgresql::lib::devel':
|
|
require => Class['postgresql::params'],
|
|
}
|
|
|
|
# Create DB user and explicitly make it non superuser
|
|
# that can create databases.
|
|
postgresql::server::role { 'openstack_citest':
|
|
password_hash => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
createdb => true,
|
|
superuser => false,
|
|
require => Class['postgresql::server'],
|
|
}
|
|
|
|
postgresql::server::db { 'openstack_citest':
|
|
user => 'openstack_citest',
|
|
password => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
grant => 'all',
|
|
require => [
|
|
Class['postgresql::server'],
|
|
Postgresql::Server::Role['openstack_citest'],
|
|
],
|
|
}
|
|
|
|
# Alter the new database giving the test DB user ownership of the DB.
|
|
# This is necessary to make the nova unittests run properly.
|
|
postgresql_psql { 'ALTER DATABASE openstack_citest OWNER TO openstack_citest':
|
|
db => 'postgres',
|
|
refreshonly => true,
|
|
subscribe => Postgresql::Server::Db['openstack_citest'],
|
|
}
|
|
|
|
postgresql::server::db { 'openstack_baremetal_citest':
|
|
user => 'openstack_citest',
|
|
password => postgresql_password('openstack_citest', 'openstack_citest'),
|
|
grant => 'all',
|
|
require => [
|
|
Class['postgresql::server'],
|
|
Postgresql::Server::Role['openstack_citest'],
|
|
],
|
|
}
|
|
|
|
# Alter the new database giving the test DB user ownership of the DB.
|
|
# This is necessary to make the nova unittests run properly.
|
|
postgresql_psql { 'ALTER DATABASE openstack_baremetal_citest OWNER TO
|
|
openstack_citest':
|
|
db => 'postgres',
|
|
refreshonly => true,
|
|
subscribe => Postgresql::Server::Db['openstack_baremetal_citest'],
|
|
}
|
|
|
|
}
|