Make ironic database use more configurable

Basic changes to allow for greater flexibility
in detailed configurations that may scale beyond
a single coductor host, or cases where a remote
database server may need to be utilized.

Also removed a note from the defaults file which
no longer made sense. I think it was an incomplete
thought that I had accidently committed at some point.

Change-Id: Ieea8e4c6a847eebfb80001d301da22e8e562b9bb
This commit is contained in:
Julia Kreger 2017-03-02 15:04:47 +00:00 committed by yolanda.robla
parent 2600d546ed
commit ff75b0cf4b
8 changed files with 90 additions and 27 deletions

View File

@ -239,6 +239,25 @@ ssh_private_key: If a user wishes to define an SSH private key as a string,
this variable can be utilized which overrides the this variable can be utilized which overrides the
ssh_private_key_path setting. ssh_private_key_path setting.
### Changing Database Configuration
Bifrost utilizes a nested data stucture for the configuration of database.
Simply put:
- Values cannot be overrriden via set_fact.
- Values cannot be overrriden via the command line with ``-e``.
- The entire data structure must be defined if is modified.
Please see defaults/main.yml file for the structure named ``ironic``.
Please note, if the hostname is set to something besides``localhost``,
then the playbook will not attempt to create databases, database users,
and grant privileges.
Similarly, if hardware introspection support is installed, the
nearly identical data structure for inspector can be found in the
same file named ``ironic_inspector``.
Notes Notes
----- -----

View File

@ -216,6 +216,11 @@ ironic:
keystone: keystone:
default_username: "bifrost_user" default_username: "bifrost_user"
default_password: "ChangeThisPa55w0rd" default_password: "ChangeThisPa55w0rd"
database:
name: "ironic"
username: "ironic"
password: "{{ ironic_db_password }}"
host: "localhost"
ironic_inspector: ironic_inspector:
service_catalog: service_catalog:
@ -226,9 +231,10 @@ ironic_inspector:
keystone: keystone:
default_username: "inspector_user" default_username: "inspector_user"
default_password: "ChangeThisPa55w0rd" default_password: "ChangeThisPa55w0rd"
# public_url: "http://127.0.0.1:5050/" database:
# private_url: "http://127.0.0.1:5050/" name: "inspector"
# internal_url: "http://127.0.0.1:5050/" username: "inspector"
# TODO(TheJulia): Thinking outloud, I we ought to head in the password: "{{ ironic_db_password }}"
# direction of identifying the address of the conductor host host: "localhost"
# in a more uniform fashion. What that is exactly, is TBD. # DEPRECATED(TheJulia): Inheritance of ironic_db_password params
# should be removed in Queens.

View File

@ -26,10 +26,13 @@
set_fact: set_fact:
enable_venv: true enable_venv: true
when: lookup('env', 'VENV') | length > 0 when: lookup('env', 'VENV') | length > 0
# NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started # NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
# during bootstrapping. all other services are started in the Start phase. # during bootstrapping. all other services are started in the Start phase.
- name: "Start database service" - name: "Start database service"
service: name={{ mysql_service_name }} state=started enabled=yes service: name={{ mysql_service_name }} state=started enabled=yes
when: ironic.database.host == 'localhost'
- name: "RabbitMQ - Testing if hostname is defined in /etc/hosts" - name: "RabbitMQ - Testing if hostname is defined in /etc/hosts"
command: grep -i "{{ ansible_hostname }}" /etc/hosts command: grep -i "{{ ansible_hostname }}" /etc/hosts
ignore_errors: yes ignore_errors: yes
@ -70,32 +73,39 @@
write_priv: ".*" write_priv: ".*"
read_priv: ".*" read_priv: ".*"
no_log: true no_log: true
- name: "Set mysql_username if environment variable mysql_user is set" - name: "Set mysql_username if environment variable mysql_user is set"
set_fact: set_fact:
mysql_username: "{{ lookup('env', 'mysql_user') }}" mysql_username: "{{ lookup('env', 'mysql_user') }}"
when: lookup('env', 'mysql_user') | length > 0 when: lookup('env', 'mysql_user') | length > 0
no_log: true no_log: true
- name: "Set mysql_password if environment variable mysql_pass is set" - name: "Set mysql_password if environment variable mysql_pass is set"
set_fact: set_fact:
mysql_password: "{{ lookup('env', 'mysql_pass') }}" mysql_password: "{{ lookup('env', 'mysql_pass') }}"
when: lookup('env', 'mysql_pass') | length > 0 when: lookup('env', 'mysql_pass') | length > 0
no_log: true no_log: true
- name: "MySQL - Creating DB" - name: "MySQL - Creating DB"
mysql_db: mysql_db:
name: "ironic" name: "{{ ironic.database.name }}"
state: present state: present
encoding: utf8 encoding: utf8
login_user: "{{ mysql_username | default(None) }}" login_user: "{{ mysql_username | default(None) }}"
login_password: "{{ mysql_password | default(None) }}" login_password: "{{ mysql_password | default(None) }}"
register: test_created_db register: test_created_db
when: ironic.database.host == 'localhost'
- name: "MySQL - Creating user for Ironic" - name: "MySQL - Creating user for Ironic"
mysql_user: mysql_user:
name: "ironic" name: "{{ ironic.database.username }}"
password: "{{ ironic_db_password }}" password: "{{ ironic.database.password }}"
priv: "ironic.*:ALL" priv: "{{ ironic.database.name }}.*:ALL"
state: present state: present
login_user: "{{ mysql_username | default(None) }}" login_user: "{{ mysql_username | default(None) }}"
login_password: "{{ mysql_password | default(None) }}" login_password: "{{ mysql_password | default(None) }}"
when: ironic.database.host == 'localhost'
- name: "Create an ironic service group" - name: "Create an ironic service group"
group: group:
name: "ironic" name: "ironic"
@ -147,14 +157,21 @@
owner: "ironic" owner: "ironic"
group: "ironic" group: "ironic"
mode: 0644 mode: 0644
- name: "Create ironic DB Schema" - name: "Create ironic DB Schema"
command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
when: test_created_db.changed | bool == true when: >
ironic.database.host == 'localhost' and
test_created_db.changed | bool == true
- name: "Upgrade ironic DB Schema" - name: "Upgrade ironic DB Schema"
command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
when: test_created_db.changed | bool == false when: >
ironic.database.host != 'localhost' or
test_created_db.changed | bool == false
- name: "Create service folder if systemd template is defined" - name: "Create service folder if systemd template is defined"
file: file:
path: "{{ init_dest_dir }}" path: "{{ init_dest_dir }}"

View File

@ -15,20 +15,23 @@
--- ---
- name: "MySQL - Create database" - name: "MySQL - Create database"
mysql_db: mysql_db:
login_user={{ mysql_username }} login_user: "{{ mysql_username }}"
login_password={{ mysql_password }} login_password: "{{ mysql_password }}"
name=inspector name: "{{ ironic_inspector.database.name }}"
state=present state: present
encoding=utf8 encoding: utf8
register: test_created_inspector_db when: ironic_inspector.database.host == 'localhost'
- name: "MySQL - Create user for inspector" - name: "MySQL - Create user for inspector"
mysql_user: mysql_user:
login_user={{ mysql_username }} login_user: "{{ mysql_username }}"
login_password={{ mysql_password }} login_password: "{{ mysql_password }}"
name=inspector name: "{{ ironic_inspector.database.username }}"
password={{ ironic_db_password }} password: "{{ ironic_inspector.database.password }}"
priv=inspector.*:ALL priv: "{{ ironic_inspector.database.name }}.*:ALL"
state=present state: present
when: ironic_inspector.database.host == 'localhost'
- name: "Inspector - Ensure /etc/ironic-inspector/ exists" - name: "Inspector - Ensure /etc/ironic-inspector/ exists"
file: file:
dest=/etc/ironic-inspector dest=/etc/ironic-inspector

View File

@ -12,7 +12,7 @@ auth_strategy = {{ inspector_auth | default('noauth') }}
debug = {{ inspector_debug | bool }} debug = {{ inspector_debug | bool }}
[database] [database]
connection=mysql+pymysql://inspector:{{ ironic_db_password }}@localhost/inspector?charset=utf8 connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8
[firewall] [firewall]
manage_firewall = {{ inspector_manage_firewall | bool | default('false') }} manage_firewall = {{ inspector_manage_firewall | bool | default('false') }}

View File

@ -45,7 +45,7 @@ clean_nodes = {{ cleaning | lower }}
automated_clean = {{ cleaning | lower }} automated_clean = {{ cleaning | lower }}
[database] [database]
connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8 connection = mysql+pymysql://{{ ironic.database.username }}:{{ ironic.database.password }}@{{ ironic.database.host }}/{{ ironic.database.name }}?charset=utf8
[dhcp] [dhcp]
dhcp_provider = none dhcp_provider = none

View File

@ -78,6 +78,7 @@
login_user: "{{ mysql_username | default(None) }}" login_user: "{{ mysql_username | default(None) }}"
login_password: "{{ mysql_password | default(None) }}" login_password: "{{ mysql_password | default(None) }}"
register: test_created_keystone_db register: test_created_keystone_db
when: keystone.database.host == 'localhost'
- name: "MySQL - Creating user for keystone" - name: "MySQL - Creating user for keystone"
mysql_user: mysql_user:
@ -87,6 +88,7 @@
state: present state: present
login_user: "{{ mysql_username | default(None) }}" login_user: "{{ mysql_username | default(None) }}"
login_password: "{{ mysql_password | default(None) }}" login_password: "{{ mysql_password | default(None) }}"
when: keystone.database.host == 'localhost'
- name: "Create an keystone service group" - name: "Create an keystone service group"
group: group:
@ -154,7 +156,8 @@
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
when: > when: >
test_created_keystone_db.changed | bool == true and test_created_keystone_db.changed | bool == true and
keystone.bootstrap.enabled | bool == true keystone.bootstrap.enabled | bool == true and
keystone.database.host == 'localhost'
- name: "Reserve keystone admin port" - name: "Reserve keystone admin port"
sysctl: sysctl:

View File

@ -0,0 +1,15 @@
---
features:
- |
Bifrost now supports the definition of a specific database server,
username, password, and database name for ironic and ironic-inspector.
- |
If the host for the database is not set to ``localhost``, then actions
such as database and user creation are skipped. This functionality
is present in both the bootstrapping for ironic, ironic-inspector, and
keystone, and applies to initial explicit database schema creation steps
where applicable.
deprecations:
- |
Use of the ``ironic_db_password`` variable as an available default will
be removed in the Queens release of bifrost.