Make ironic database use more configurable
Basic changes to allow for greater flexibility in detailed configurations that may scale beyond a single coductor host, or cases where a remote database server may need to be utilized. Also removed a note from the defaults file which no longer made sense. I think it was an incomplete thought that I had accidently committed at some point. Change-Id: Ieea8e4c6a847eebfb80001d301da22e8e562b9bb
This commit is contained in:
parent
2600d546ed
commit
ff75b0cf4b
@ -239,6 +239,25 @@ ssh_private_key: If a user wishes to define an SSH private key as a string,
|
|||||||
this variable can be utilized which overrides the
|
this variable can be utilized which overrides the
|
||||||
ssh_private_key_path setting.
|
ssh_private_key_path setting.
|
||||||
|
|
||||||
|
### Changing Database Configuration
|
||||||
|
|
||||||
|
Bifrost utilizes a nested data stucture for the configuration of database.
|
||||||
|
Simply put:
|
||||||
|
|
||||||
|
- Values cannot be overrriden via set_fact.
|
||||||
|
- Values cannot be overrriden via the command line with ``-e``.
|
||||||
|
- The entire data structure must be defined if is modified.
|
||||||
|
|
||||||
|
Please see defaults/main.yml file for the structure named ``ironic``.
|
||||||
|
|
||||||
|
Please note, if the hostname is set to something besides``localhost``,
|
||||||
|
then the playbook will not attempt to create databases, database users,
|
||||||
|
and grant privileges.
|
||||||
|
|
||||||
|
Similarly, if hardware introspection support is installed, the
|
||||||
|
nearly identical data structure for inspector can be found in the
|
||||||
|
same file named ``ironic_inspector``.
|
||||||
|
|
||||||
Notes
|
Notes
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -216,6 +216,11 @@ ironic:
|
|||||||
keystone:
|
keystone:
|
||||||
default_username: "bifrost_user"
|
default_username: "bifrost_user"
|
||||||
default_password: "ChangeThisPa55w0rd"
|
default_password: "ChangeThisPa55w0rd"
|
||||||
|
database:
|
||||||
|
name: "ironic"
|
||||||
|
username: "ironic"
|
||||||
|
password: "{{ ironic_db_password }}"
|
||||||
|
host: "localhost"
|
||||||
|
|
||||||
ironic_inspector:
|
ironic_inspector:
|
||||||
service_catalog:
|
service_catalog:
|
||||||
@ -226,9 +231,10 @@ ironic_inspector:
|
|||||||
keystone:
|
keystone:
|
||||||
default_username: "inspector_user"
|
default_username: "inspector_user"
|
||||||
default_password: "ChangeThisPa55w0rd"
|
default_password: "ChangeThisPa55w0rd"
|
||||||
# public_url: "http://127.0.0.1:5050/"
|
database:
|
||||||
# private_url: "http://127.0.0.1:5050/"
|
name: "inspector"
|
||||||
# internal_url: "http://127.0.0.1:5050/"
|
username: "inspector"
|
||||||
# TODO(TheJulia): Thinking outloud, I we ought to head in the
|
password: "{{ ironic_db_password }}"
|
||||||
# direction of identifying the address of the conductor host
|
host: "localhost"
|
||||||
# in a more uniform fashion. What that is exactly, is TBD.
|
# DEPRECATED(TheJulia): Inheritance of ironic_db_password params
|
||||||
|
# should be removed in Queens.
|
||||||
|
@ -26,10 +26,13 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
enable_venv: true
|
enable_venv: true
|
||||||
when: lookup('env', 'VENV') | length > 0
|
when: lookup('env', 'VENV') | length > 0
|
||||||
|
|
||||||
# NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
|
# NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
|
||||||
# during bootstrapping. all other services are started in the Start phase.
|
# during bootstrapping. all other services are started in the Start phase.
|
||||||
- name: "Start database service"
|
- name: "Start database service"
|
||||||
service: name={{ mysql_service_name }} state=started enabled=yes
|
service: name={{ mysql_service_name }} state=started enabled=yes
|
||||||
|
when: ironic.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "RabbitMQ - Testing if hostname is defined in /etc/hosts"
|
- name: "RabbitMQ - Testing if hostname is defined in /etc/hosts"
|
||||||
command: grep -i "{{ ansible_hostname }}" /etc/hosts
|
command: grep -i "{{ ansible_hostname }}" /etc/hosts
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
@ -70,32 +73,39 @@
|
|||||||
write_priv: ".*"
|
write_priv: ".*"
|
||||||
read_priv: ".*"
|
read_priv: ".*"
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: "Set mysql_username if environment variable mysql_user is set"
|
- name: "Set mysql_username if environment variable mysql_user is set"
|
||||||
set_fact:
|
set_fact:
|
||||||
mysql_username: "{{ lookup('env', 'mysql_user') }}"
|
mysql_username: "{{ lookup('env', 'mysql_user') }}"
|
||||||
when: lookup('env', 'mysql_user') | length > 0
|
when: lookup('env', 'mysql_user') | length > 0
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: "Set mysql_password if environment variable mysql_pass is set"
|
- name: "Set mysql_password if environment variable mysql_pass is set"
|
||||||
set_fact:
|
set_fact:
|
||||||
mysql_password: "{{ lookup('env', 'mysql_pass') }}"
|
mysql_password: "{{ lookup('env', 'mysql_pass') }}"
|
||||||
when: lookup('env', 'mysql_pass') | length > 0
|
when: lookup('env', 'mysql_pass') | length > 0
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
- name: "MySQL - Creating DB"
|
- name: "MySQL - Creating DB"
|
||||||
mysql_db:
|
mysql_db:
|
||||||
name: "ironic"
|
name: "{{ ironic.database.name }}"
|
||||||
state: present
|
state: present
|
||||||
encoding: utf8
|
encoding: utf8
|
||||||
login_user: "{{ mysql_username | default(None) }}"
|
login_user: "{{ mysql_username | default(None) }}"
|
||||||
login_password: "{{ mysql_password | default(None) }}"
|
login_password: "{{ mysql_password | default(None) }}"
|
||||||
register: test_created_db
|
register: test_created_db
|
||||||
|
when: ironic.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "MySQL - Creating user for Ironic"
|
- name: "MySQL - Creating user for Ironic"
|
||||||
mysql_user:
|
mysql_user:
|
||||||
name: "ironic"
|
name: "{{ ironic.database.username }}"
|
||||||
password: "{{ ironic_db_password }}"
|
password: "{{ ironic.database.password }}"
|
||||||
priv: "ironic.*:ALL"
|
priv: "{{ ironic.database.name }}.*:ALL"
|
||||||
state: present
|
state: present
|
||||||
login_user: "{{ mysql_username | default(None) }}"
|
login_user: "{{ mysql_username | default(None) }}"
|
||||||
login_password: "{{ mysql_password | default(None) }}"
|
login_password: "{{ mysql_password | default(None) }}"
|
||||||
|
when: ironic.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "Create an ironic service group"
|
- name: "Create an ironic service group"
|
||||||
group:
|
group:
|
||||||
name: "ironic"
|
name: "ironic"
|
||||||
@ -147,14 +157,21 @@
|
|||||||
owner: "ironic"
|
owner: "ironic"
|
||||||
group: "ironic"
|
group: "ironic"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- name: "Create ironic DB Schema"
|
- name: "Create ironic DB Schema"
|
||||||
command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
|
||||||
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
||||||
when: test_created_db.changed | bool == true
|
when: >
|
||||||
|
ironic.database.host == 'localhost' and
|
||||||
|
test_created_db.changed | bool == true
|
||||||
|
|
||||||
- name: "Upgrade ironic DB Schema"
|
- name: "Upgrade ironic DB Schema"
|
||||||
command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
|
command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
|
||||||
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
||||||
when: test_created_db.changed | bool == false
|
when: >
|
||||||
|
ironic.database.host != 'localhost' or
|
||||||
|
test_created_db.changed | bool == false
|
||||||
|
|
||||||
- name: "Create service folder if systemd template is defined"
|
- name: "Create service folder if systemd template is defined"
|
||||||
file:
|
file:
|
||||||
path: "{{ init_dest_dir }}"
|
path: "{{ init_dest_dir }}"
|
||||||
|
@ -15,20 +15,23 @@
|
|||||||
---
|
---
|
||||||
- name: "MySQL - Create database"
|
- name: "MySQL - Create database"
|
||||||
mysql_db:
|
mysql_db:
|
||||||
login_user={{ mysql_username }}
|
login_user: "{{ mysql_username }}"
|
||||||
login_password={{ mysql_password }}
|
login_password: "{{ mysql_password }}"
|
||||||
name=inspector
|
name: "{{ ironic_inspector.database.name }}"
|
||||||
state=present
|
state: present
|
||||||
encoding=utf8
|
encoding: utf8
|
||||||
register: test_created_inspector_db
|
when: ironic_inspector.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "MySQL - Create user for inspector"
|
- name: "MySQL - Create user for inspector"
|
||||||
mysql_user:
|
mysql_user:
|
||||||
login_user={{ mysql_username }}
|
login_user: "{{ mysql_username }}"
|
||||||
login_password={{ mysql_password }}
|
login_password: "{{ mysql_password }}"
|
||||||
name=inspector
|
name: "{{ ironic_inspector.database.username }}"
|
||||||
password={{ ironic_db_password }}
|
password: "{{ ironic_inspector.database.password }}"
|
||||||
priv=inspector.*:ALL
|
priv: "{{ ironic_inspector.database.name }}.*:ALL"
|
||||||
state=present
|
state: present
|
||||||
|
when: ironic_inspector.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "Inspector - Ensure /etc/ironic-inspector/ exists"
|
- name: "Inspector - Ensure /etc/ironic-inspector/ exists"
|
||||||
file:
|
file:
|
||||||
dest=/etc/ironic-inspector
|
dest=/etc/ironic-inspector
|
||||||
|
@ -12,7 +12,7 @@ auth_strategy = {{ inspector_auth | default('noauth') }}
|
|||||||
debug = {{ inspector_debug | bool }}
|
debug = {{ inspector_debug | bool }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection=mysql+pymysql://inspector:{{ ironic_db_password }}@localhost/inspector?charset=utf8
|
connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8
|
||||||
|
|
||||||
[firewall]
|
[firewall]
|
||||||
manage_firewall = {{ inspector_manage_firewall | bool | default('false') }}
|
manage_firewall = {{ inspector_manage_firewall | bool | default('false') }}
|
||||||
|
@ -45,7 +45,7 @@ clean_nodes = {{ cleaning | lower }}
|
|||||||
automated_clean = {{ cleaning | lower }}
|
automated_clean = {{ cleaning | lower }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8
|
connection = mysql+pymysql://{{ ironic.database.username }}:{{ ironic.database.password }}@{{ ironic.database.host }}/{{ ironic.database.name }}?charset=utf8
|
||||||
|
|
||||||
[dhcp]
|
[dhcp]
|
||||||
dhcp_provider = none
|
dhcp_provider = none
|
||||||
|
@ -78,6 +78,7 @@
|
|||||||
login_user: "{{ mysql_username | default(None) }}"
|
login_user: "{{ mysql_username | default(None) }}"
|
||||||
login_password: "{{ mysql_password | default(None) }}"
|
login_password: "{{ mysql_password | default(None) }}"
|
||||||
register: test_created_keystone_db
|
register: test_created_keystone_db
|
||||||
|
when: keystone.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "MySQL - Creating user for keystone"
|
- name: "MySQL - Creating user for keystone"
|
||||||
mysql_user:
|
mysql_user:
|
||||||
@ -87,6 +88,7 @@
|
|||||||
state: present
|
state: present
|
||||||
login_user: "{{ mysql_username | default(None) }}"
|
login_user: "{{ mysql_username | default(None) }}"
|
||||||
login_password: "{{ mysql_password | default(None) }}"
|
login_password: "{{ mysql_password | default(None) }}"
|
||||||
|
when: keystone.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "Create an keystone service group"
|
- name: "Create an keystone service group"
|
||||||
group:
|
group:
|
||||||
@ -154,7 +156,8 @@
|
|||||||
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
|
||||||
when: >
|
when: >
|
||||||
test_created_keystone_db.changed | bool == true and
|
test_created_keystone_db.changed | bool == true and
|
||||||
keystone.bootstrap.enabled | bool == true
|
keystone.bootstrap.enabled | bool == true and
|
||||||
|
keystone.database.host == 'localhost'
|
||||||
|
|
||||||
- name: "Reserve keystone admin port"
|
- name: "Reserve keystone admin port"
|
||||||
sysctl:
|
sysctl:
|
||||||
|
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Bifrost now supports the definition of a specific database server,
|
||||||
|
username, password, and database name for ironic and ironic-inspector.
|
||||||
|
- |
|
||||||
|
If the host for the database is not set to ``localhost``, then actions
|
||||||
|
such as database and user creation are skipped. This functionality
|
||||||
|
is present in both the bootstrapping for ironic, ironic-inspector, and
|
||||||
|
keystone, and applies to initial explicit database schema creation steps
|
||||||
|
where applicable.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Use of the ``ironic_db_password`` variable as an available default will
|
||||||
|
be removed in the Queens release of bifrost.
|
Loading…
Reference in New Issue
Block a user