database and message queue refactoring
* adapted the database and message queue attributes to fit to the ones used for the openstack services * added optional attribute to allow setting an specific endpoint for the db root user (useful in hardening scenarios) Implements: blueprint cookbook-refactoring Change-Id: Iae7e302973805af3cb44be1b29d0e61e76eb0aa0
This commit is contained in:
parent
e198fd4eab
commit
9e066bdf53
|
@ -71,15 +71,25 @@
|
|||
#
|
||||
|
||||
# ******************** Database Endpoint **************************************
|
||||
default['openstack']['endpoints']['db']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints']['db']['scheme'] = nil
|
||||
default['openstack']['endpoints']['db']['port'] = '3306'
|
||||
default['openstack']['endpoints']['db']['path'] = nil
|
||||
default['openstack']['endpoints']['db']['bind_interface'] = nil
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['db']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['db']['port'] = '3306'
|
||||
end
|
||||
default['openstack']['bind_service']['db']['interface'] = nil
|
||||
default['openstack']['endpoints']['db']['enabled_slave'] = false
|
||||
default['openstack']['endpoints']['db']['slave_host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints']['db']['slave_port'] = '3316'
|
||||
|
||||
# If you bind the database to a specific ip-address (you can only choose one
|
||||
# here for mysql, so 127.0.0.1 + external address is not an option), to allow
|
||||
# the services and applications to access it via this one, you probably do not
|
||||
# want to allow the db root user to access it via this external address. In this
|
||||
# case you have the option to allow root access only via localhost, which
|
||||
# will work for mysql databases, since it will use a direct connection via
|
||||
# the socket, so the database does not have not to listen on 127.0.0.1.
|
||||
# Set this to 'localhost' for mysql to connect via socket.
|
||||
default['openstack']['endpoints']['db']['host_for_db_root_user'] = nil
|
||||
|
||||
# Default database attributes
|
||||
default['openstack']['db']['server_role'] = 'os-ops-database'
|
||||
# Database charset during create database
|
||||
|
|
|
@ -25,11 +25,13 @@
|
|||
#
|
||||
|
||||
# ******************** RabbitMQ Endpoint **************************************
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['mq']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['mq']['port'] = '5672'
|
||||
end
|
||||
default['openstack']['bind_service']['mq']['interface'] = nil
|
||||
default['openstack']['endpoints']['mq']['host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints']['mq']['scheme'] = nil
|
||||
default['openstack']['endpoints']['mq']['port'] = '5672'
|
||||
default['openstack']['endpoints']['mq']['path'] = nil
|
||||
default['openstack']['endpoints']['mq']['bind_interface'] = nil
|
||||
|
||||
###################################################################
|
||||
# Services to assign mq attributes for
|
||||
|
|
|
@ -23,10 +23,10 @@ private
|
|||
def info
|
||||
info = node['openstack']['endpoints']['db']
|
||||
service_info = db new_resource.service
|
||||
@host = service_info['host'] || info['host']
|
||||
@host = info['host_for_db_root_user'] || service_info['host'] || info['host']
|
||||
@port = service_info['port'] || info['port']
|
||||
user_key = node['openstack']['db']['root_user_key']
|
||||
@super_password = get_password 'user', user_key
|
||||
@super_password = get_password 'db', user_key
|
||||
@db_type = service_info['service_type']
|
||||
@db_name = service_info['db_name']
|
||||
@user = new_resource.user
|
||||
|
|
|
@ -11,9 +11,9 @@ describe 'test-openstack-common-database::default' do
|
|||
end
|
||||
let(:node) { runner.node }
|
||||
let(:chef_run) do
|
||||
node.override['openstack']['use_databags'] = false
|
||||
node.set['openstack']['use_databags'] = false
|
||||
node.set['openstack']['secret']['mysqlroot']['db'] = 'root_pass'
|
||||
node.set['openstack']['db']['service'] = { service_type: 'mysql', port: 3306, db_name: 'service_db' }
|
||||
node.set['openstack']['secret']['mysqlroot']['user'] = 'root_pass'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
|
@ -22,6 +22,21 @@ describe 'test-openstack-common-database::default' do
|
|||
.with(user: 'db_user', pass: 'db_pass')
|
||||
end
|
||||
|
||||
context 'specific root user db endpoint' do
|
||||
before do
|
||||
node.set['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost123'
|
||||
end
|
||||
it 'connects to the database via a specific endpoint for the root user' do
|
||||
expect(chef_run).to create_database('create database service_db')
|
||||
.with(
|
||||
provider: ::Chef::Provider::Database::Mysql,
|
||||
connection: { host: 'localhost123', port: 3306, username: 'root', password: 'root_pass' },
|
||||
database_name: 'service_db',
|
||||
encoding: 'utf8'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'creates the database with the database resource' do
|
||||
expect(chef_run).to create_database('create database service_db')
|
||||
.with(
|
||||
|
|
Loading…
Reference in New Issue