Make ironic database use more configurable

Basic changes to allow for greater flexibility
in detailed configurations that may scale beyond
a single coductor host, or cases where a remote
database server may need to be utilized.

Also removed a note from the defaults file which
no longer made sense. I think it was an incomplete
thought that I had accidently committed at some point.

Change-Id: Ieea8e4c6a847eebfb80001d301da22e8e562b9bb

playbooks/roles/bifrost-ironic-install/README.md

@@ -239,6 +239,25 @@ ssh_private_key: If a user wishes to define an SSH private key as a string,
                  this variable can be utilized which overrides the
                  ssh_private_key_path setting.
 
+### Changing Database Configuration
+
+Bifrost utilizes a nested data stucture for the configuration of database.
+Simply put:
+
+  - Values cannot be overrriden via set_fact.
+  - Values cannot be overrriden via the command line with ``-e``.
+  - The entire data structure must be defined if is modified.
+
+Please see defaults/main.yml file for the structure named ``ironic``.
+
+Please note, if the hostname is set to something besides``localhost``,
+then the playbook will not attempt to create databases, database users,
+and grant privileges.
+
+Similarly, if hardware introspection support is installed, the
+nearly identical data structure for inspector can be found in the
+same file named ``ironic_inspector``.
+
 Notes
 -----
 

playbooks/roles/bifrost-ironic-install/defaults/main.yml

@@ -216,6 +216,11 @@ ironic:
   keystone:
     default_username: "bifrost_user"
     default_password: "ChangeThisPa55w0rd"
+  database:
+    name: "ironic"
+    username: "ironic"
+    password: "{{ ironic_db_password }}"
+    host: "localhost"
 
 ironic_inspector:
   service_catalog:
@@ -226,9 +231,10 @@ ironic_inspector:
   keystone:
     default_username: "inspector_user"
     default_password: "ChangeThisPa55w0rd"
-#    public_url: "http://127.0.0.1:5050/"
+  database:
-#    private_url: "http://127.0.0.1:5050/"
+    name: "inspector"
-#    internal_url: "http://127.0.0.1:5050/"
+    username: "inspector"
-# TODO(TheJulia): Thinking outloud, I we ought to head in the
+    password: "{{ ironic_db_password }}"
-# direction of identifying the address of the conductor host
+    host: "localhost"
-# in a more uniform fashion. What that is exactly, is TBD.
+    # DEPRECATED(TheJulia): Inheritance of ironic_db_password params
+    # should be removed in Queens.

playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml

@@ -26,10 +26,13 @@
   set_fact:
     enable_venv: true
   when: lookup('env', 'VENV') | length > 0
+
 # NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
 # during bootstrapping. all other services are started in the Start phase.
 - name: "Start database service"
   service: name={{ mysql_service_name }} state=started enabled=yes
+  when: ironic.database.host == 'localhost'
+
 - name: "RabbitMQ - Testing if hostname is defined in /etc/hosts"
   command: grep -i "{{ ansible_hostname }}" /etc/hosts
   ignore_errors: yes
@@ -70,32 +73,39 @@
     write_priv: ".*"
     read_priv: ".*"
   no_log: true
+
 - name: "Set mysql_username if environment variable mysql_user is set"
   set_fact:
     mysql_username: "{{ lookup('env', 'mysql_user') }}"
   when: lookup('env', 'mysql_user') | length > 0
   no_log: true
+
 - name: "Set mysql_password if environment variable mysql_pass is set"
   set_fact:
     mysql_password: "{{ lookup('env', 'mysql_pass') }}"
   when: lookup('env', 'mysql_pass') | length > 0
   no_log: true
+
 - name: "MySQL - Creating DB"
   mysql_db:
-    name: "ironic"
+    name: "{{ ironic.database.name }}"
     state: present
     encoding: utf8
     login_user: "{{ mysql_username | default(None) }}"
     login_password: "{{ mysql_password | default(None) }}"
   register: test_created_db
+  when: ironic.database.host == 'localhost'
+
 - name: "MySQL - Creating user for Ironic"
   mysql_user:
-    name: "ironic"
+    name: "{{ ironic.database.username }}"
-    password: "{{ ironic_db_password }}"
+    password: "{{ ironic.database.password }}"
-    priv: "ironic.*:ALL"
+    priv: "{{ ironic.database.name }}.*:ALL"
     state: present
     login_user: "{{ mysql_username | default(None) }}"
     login_password: "{{ mysql_password | default(None) }}"
+  when: ironic.database.host == 'localhost'
+
 - name: "Create an ironic service group"
   group:
     name: "ironic"
@@ -147,14 +157,21 @@
     owner: "ironic"
     group: "ironic"
     mode: 0644
+
 - name: "Create ironic DB Schema"
   command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
   environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
-  when: test_created_db.changed | bool == true
+  when: >
+      ironic.database.host == 'localhost' and
+      test_created_db.changed | bool == true
+
 - name: "Upgrade ironic DB Schema"
   command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
   environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
-  when: test_created_db.changed | bool == false
+  when: >
+      ironic.database.host != 'localhost' or
+      test_created_db.changed | bool == false
+
 - name: "Create service folder if systemd template is defined"
   file:
     path: "{{ init_dest_dir }}"

playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml

@@ -15,20 +15,23 @@
 ---
 - name: "MySQL - Create database"
   mysql_db:
-    login_user={{ mysql_username }}
+    login_user: "{{ mysql_username }}"
-    login_password={{ mysql_password }}
+    login_password: "{{ mysql_password }}"
-    name=inspector
+    name: "{{ ironic_inspector.database.name }}"
-    state=present
+    state: present
-    encoding=utf8
+    encoding: utf8
-  register: test_created_inspector_db
+  when: ironic_inspector.database.host == 'localhost'
+
 - name: "MySQL - Create user for inspector"
   mysql_user:
-    login_user={{ mysql_username }}
+    login_user: "{{ mysql_username }}"
-    login_password={{ mysql_password }}
+    login_password: "{{ mysql_password }}"
-     name=inspector
+    name: "{{ ironic_inspector.database.username }}"
-     password={{ ironic_db_password }}
+    password: "{{ ironic_inspector.database.password }}"
-     priv=inspector.*:ALL
+    priv: "{{ ironic_inspector.database.name }}.*:ALL"
-     state=present
+    state: present
+  when: ironic_inspector.database.host == 'localhost'
+
 - name: "Inspector - Ensure /etc/ironic-inspector/ exists"
   file:
     dest=/etc/ironic-inspector

playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2

@@ -12,7 +12,7 @@ auth_strategy = {{ inspector_auth | default('noauth') }}
 debug = {{ inspector_debug | bool }}
 
 [database]
-connection=mysql+pymysql://inspector:{{ ironic_db_password }}@localhost/inspector?charset=utf8
+connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8
 
 [firewall]
 manage_firewall = {{ inspector_manage_firewall | bool | default('false') }}

playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2

@@ -45,7 +45,7 @@ clean_nodes = {{ cleaning | lower }}
 automated_clean = {{ cleaning | lower }}
 
 [database]
-connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8
+connection = mysql+pymysql://{{ ironic.database.username }}:{{ ironic.database.password }}@{{ ironic.database.host }}/{{ ironic.database.name }}?charset=utf8
 
 [dhcp]
 dhcp_provider = none

playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml

@@ -78,6 +78,7 @@
     login_user: "{{ mysql_username | default(None) }}"
     login_password: "{{ mysql_password | default(None) }}"
   register: test_created_keystone_db
+  when: keystone.database.host == 'localhost'
 
 - name: "MySQL - Creating user for keystone"
   mysql_user:
@@ -87,6 +88,7 @@
     state: present
     login_user: "{{ mysql_username | default(None) }}"
     login_password: "{{ mysql_password | default(None) }}"
+  when: keystone.database.host == 'localhost'
 
 - name: "Create an keystone service group"
   group:
@@ -154,7 +156,8 @@
   environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
   when: >
     test_created_keystone_db.changed | bool == true and
-    keystone.bootstrap.enabled | bool == true
+    keystone.bootstrap.enabled | bool == true and
+    keystone.database.host == 'localhost'
 
 - name: "Reserve keystone admin port"
   sysctl:

releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml

@@ -0,0 +1,15 @@
+---
+features:
+  - |
+    Bifrost now supports the definition of a specific database server,
+    username, password, and database name for ironic and ironic-inspector.
+  - |
+    If the host for the database is not set to ``localhost``, then actions
+    such as database and user creation are skipped. This functionality
+    is present in both the bootstrapping for ironic, ironic-inspector, and
+    keystone, and applies to initial explicit database schema creation steps
+    where applicable.
+deprecations:
+  - |
+    Use of the ``ironic_db_password`` variable as an available default will
+    be removed in the Queens release of bifrost.