openstack
/
fuel-library
Code Issues Proposed changes

Refactor DB creation 

- Move DB creation for every service to own task
- Refactor Murano and Sahara DB configuration classes
- Cherry-pick MySQL providers from upstream to allow DB creation and
  management on remote host
- Remove openstack::db::mysql
- Move database and user creation to a separete task
- Either install local database or use an external one

Implements: blueprint: detach-components-from-controllers

Co-Authored-By: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Co-Authored-By: Dmitry Ilyin <dilyin@mirantis.com>

Change-Id: Iaf3b7913e8c79c08025dbdaf5f2beff7337ab644
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
Mykyta Koshykov 2015-06-23 21:40:18 +03:00 committed by Sergii Golovatiuk
parent e0cc117d03
commit 906eb4217b
47 changed files with 1053 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
deployment/puppet/murano/manifests/db/mysql.pp
View File

@ -1,36 +1,95 @@
# == Class murano::db::mysql
#
# Class that configures mysql for sahara
#
# === Parameters:
#
# [*password*]
# Password to use for the murano user
#
# [*dbname*]
# (optional) The name of the database
# Defaults to 'murano'
#
# [*user*]
# (optional) The mysql user to create
# Defaults to 'murano'
#
# [*host*]
# (optional) The IP address of the mysql server
# Defaults to '127.0.0.1'
#
# [*charset*]
# (optional) The charset to use for the murano database
# Defaults to 'utf8'
#
# [*collate*]
# (optional) The collate to use for the morano database
# Defaults to 'utf8_general_ci'
#
# [*allowed_hosts*]
# (optional) Additional hosts that are allowed to access this DB
# Defaults to undef
#
# [*cluster_id*]
# (optional) Deprecated. Does nothing
# Defaults to 'localzone'
#
# [*mysql_module*]
# (optional) Mysql puppet module version to use. Tested versions
# are 0.9 and 2.2.
# Defaults to '0.9'
#
class murano::db::mysql(
$password = 'murano',
$dbname = 'murano',
$user = 'murano',
$dbhost = 'localhost',
$dbhost = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_general_ci',
$allowed_hosts = undef,
$mysql_module = '0.9'
) {
include 'murano::params'
if ($mysql_module >= 2.2) {
mysql::db { $dbname:
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
collate => $collate,
require => Class['mysql::server'],
}
} else {
require 'mysql::python'
mysql::db { $dbname :
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
grant => ['all'],
}
if $allowed_hosts {
murano::db::mysql::host_access { $allowed_hosts:
user => $user,
password => $password,
database => $dbname,
mysql::db { $dbname:
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
require => Class['mysql::config'],
}
}
$services = [ 'murano::api' ]
# TODO(dteselkin): Update the line above similar
# to the line below when murano::engine is added.
#$services = [ 'murano::conductor', 'murano::api' ]
Database[$dbname] -> Class[$services]
Database_user["${user}@${dbhost}"] -> Class[$services]
Database_grant["${user}@${dbhost}/${dbname}"] -> Class[$services]
# Check allowed_hosts to avoid duplicate resource declarations
if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] {
$real_allowed_hosts = delete($allowed_hosts,$dbhost)
} elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) {
$real_allowed_hosts = $allowed_hosts
}
if $real_allowed_hosts {
murano::db::mysql::host_access { $real_allowed_hosts:
user => $user,
password => $password,
database => $dbname,
mysql_module => $mysql_module,
}
}
Database[$dbname] -> Class['murano::api']
Database_user["${user}@${dbhost}"] -> Class['murano::api']
Database_grant["${user}@${dbhost}/${dbname}"] -> Class['murano::api']
}

45
deployment/puppet/murano/manifests/db/mysql/host_access.pp
View File

@ -13,18 +13,41 @@
# [*database*]
# the database name
#
define murano::db::mysql::host_access ($user, $password, $database) {
# [*mysql_module*]
# mysql module version
#
define murano::db::mysql::host_access (
$user,
$password,
$database,
$mysql_module = '0.9'
) {
database_user { "${user}@${name}":
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$database],
}
if ($mysql_module >= 2.2) {
mysql_user { "${user}@${name}":
password_hash => mysql_password($password),
require => Mysql_database[$database],
}
database_grant { "${user}@${name}/${database}":
# TODO figure out which privileges to grant.
privileges => 'all',
provider => 'mysql',
require => Database_user["${user}@${name}"]
mysql_grant { "${user}@${name}/${database}.*":
privileges => ['ALL'],
options => ['GRANT'],
table => "${database}.*",
require => Mysql_user["${user}@${name}"],
user => "${user}@${name}"
}
} else {
database_user { "${user}@${name}":
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$database],
}
database_grant { "${user}@${name}/${database}":
# TODO figure out which privileges to grant.
privileges => 'all',
provider => 'mysql',
require => Database_user["${user}@${name}"]
}
}
}

100
deployment/puppet/murano/manifests/init.pp
View File

@ -24,16 +24,16 @@ class murano (
$murano_api_host = '127.0.0.1',
# rabbit configuration
# NOTE:
# Murano uses separate rabbitmq server for communication with agents.
# This server is launched on each controller node and uses port 55572.
# Separate rabbitmq is used to address security concern that instances
# managed by Murano have access to the 'system' RabbitMQ and thus could
# have access to OpenStack internal data.
# Murano uses separate rabbitmq server for communication with agents.
# This server is launched on each controller node and uses port 55572.
# Separate rabbitmq is used to address security concern that instances
# managed by Murano have access to the 'system' RabbitMQ and thus could
# have access to OpenStack internal data.
# murano_rabbit_ha_hosts is used by murano-api and works with oslo.messaging
$murano_rabbit_ha_hosts = '127.0.0.1:5672',
$murano_rabbit_ha_queues = false,
# murano_rabbit_host and murano_rabbit_port are used by murano-engine,
# which communicates with rabbitmq directly.
# which communicates with rabbitmq directly.
$murano_rabbit_host = '127.0.0.1',
$murano_rabbit_port = '55572',
$murano_rabbit_ssl = false,
@ -67,7 +67,10 @@ class murano (
$murano_repo_url_string = undef,
) {
Class['mysql::server'] -> Class['murano::db::mysql'] -> Class['murano::murano_rabbitmq'] -> Class['murano::keystone'] -> Class['murano::python_muranoclient'] -> Class['murano::api'] -> Class['murano::dashboard']
Class['murano::murano_rabbitmq'] ->
Class['murano::keystone'] ->
Class['murano::python_muranoclient'] ->
Class['murano::api'] -> Class['murano::dashboard']
User['murano'] -> Class['murano::api'] -> File <| title == $murano_log_dir |>
@ -107,64 +110,57 @@ class murano (
mode => '0750',
}
class { 'murano::db::mysql':
password => $murano_db_password,
dbname => $murano_db_name,
user => $murano_db_user,
dbhost => $murano_db_host,
allowed_hosts => $murano_db_allowed_hosts,
}
class { 'murano::python_muranoclient':
}
class { 'murano::api' :
use_syslog => $use_syslog,
debug => $debug,
verbose => $verbose,
log_file => "${murano_log_dir}/murano.log",
syslog_log_facility => $syslog_log_facility,
use_syslog => $use_syslog,
debug => $debug,
verbose => $verbose,
log_file => "${murano_log_dir}/murano.log",
syslog_log_facility => $syslog_log_facility,
auth_host => $murano_keystone_host,
auth_port => $murano_keystone_port,
auth_protocol => $murano_keystone_protocol,
admin_tenant_name => $murano_keystone_tenant,
admin_user => $murano_keystone_user,
admin_password => $murano_keystone_password,
signing_dir => $murano_keystone_signing_dir,
auth_host => $murano_keystone_host,
auth_port => $murano_keystone_port,
auth_protocol => $murano_keystone_protocol,
admin_tenant_name => $murano_keystone_tenant,
admin_user => $murano_keystone_user,
admin_password => $murano_keystone_password,
signing_dir => $murano_keystone_signing_dir,
bind_host => $murano_bind_host,
bind_port => $murano_bind_port,
bind_host => $murano_bind_host,
bind_port => $murano_bind_port,
api_host => $murano_api_host,
api_host => $murano_api_host,
rabbit_host => $murano_rabbit_host,
rabbit_port => $murano_rabbit_port,
rabbit_ha_hosts => $murano_rabbit_ha_hosts,
rabbit_ha_queues => $murano_rabbit_ha_queues,
rabbit_use_ssl => $murano_rabbit_ssl,
rabbit_ca_certs => $murano_rabbit_ca_certs,
os_rabbit_userid => $murano_os_rabbit_userid,
os_rabbit_password => $murano_os_rabbit_passwd,
murano_rabbit_userid => $murano_own_rabbit_userid,
murano_rabbit_password => $murano_own_rabbit_passwd,
rabbit_virtual_host => $murano_rabbit_virtual_host,
rabbit_host => $murano_rabbit_host,
rabbit_port => $murano_rabbit_port,
rabbit_ha_hosts => $murano_rabbit_ha_hosts,
rabbit_ha_queues => $murano_rabbit_ha_queues,
rabbit_use_ssl => $murano_rabbit_ssl,
rabbit_ca_certs => $murano_rabbit_ca_certs,
os_rabbit_userid => $murano_os_rabbit_userid,
os_rabbit_password => $murano_os_rabbit_passwd,
murano_rabbit_userid => $murano_own_rabbit_userid,
murano_rabbit_password => $murano_own_rabbit_passwd,
rabbit_virtual_host => $murano_rabbit_virtual_host,
murano_db_password => $murano_db_password,
murano_db_name => $murano_db_name,
murano_db_user => $murano_db_user,
murano_db_host => $murano_db_host,
murano_db_password => $murano_db_password,
murano_db_name => $murano_db_name,
murano_db_user => $murano_db_user,
murano_db_host => $murano_db_host,
primary_controller => $primary_controller,
primary_controller => $primary_controller,
use_neutron => $use_neutron,
default_router => 'murano-default-router',
external_network => $external_network,
use_neutron => $use_neutron,
default_router => 'murano-default-router',
external_network => $external_network,
}
class { 'murano::dashboard' :
settings_py => '/usr/share/openstack-dashboard/openstack_dashboard/settings.py',
repo_url_string => $murano_repo_url_string,
$dashboard = '/usr/share/openstack-dashboard/openstack_dashboard/settings.py'
class { 'murano::dashboard':
settings_py => $dashboard,
repo_url_string => $murano_repo_url_string,
}
class { 'murano::murano_rabbitmq' :

25
deployment/puppet/mysql/lib/puppet/provider/database/mysql.rb
View File

@ -7,8 +7,21 @@ Puppet::Type.type(:database).provide(:mysql) do
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
# Optional defaults file
def self.defaults_file
if File.file?('/root/.my.cnf')
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
else
nil
end
end
def defaults_file
self.class.defaults_file
end
def self.instances
mysql('-NBe', "show databases").split("\n").collect do |name|
mysql(defaults_file, '-NBe', "show databases").split("\n").collect do |name|
new(:name => name)
end
end
@ -17,7 +30,7 @@ Puppet::Type.type(:database).provide(:mysql) do
tries=10
begin
debug("Trying to create database #{@resource[:name]} ")
mysql('-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
mysql(defaults_file, '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
rescue
debug("Can't connect to the server: #{tries} tries to reconnect")
sleep 5
@ -26,20 +39,20 @@ Puppet::Type.type(:database).provide(:mysql) do
end
def destroy
mysqladmin('-f', 'drop', @resource[:name])
mysqladmin(defaults_file, '-f', 'drop', @resource[:name])
end
def charset
mysql('-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
mysql(defaults_file, '-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
end
def charset=(value)
mysql('-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
mysql(defaults_file, '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
end
def exists?
begin
mysql('-NBe', "show databases").match(/^#{@resource[:name]}$/)
mysql(defaults_file, '-NBe', "show databases").match(/^#{@resource[:name]}$/)
rescue => e
debug(e.message)
return nil

33
deployment/puppet/mysql/lib/puppet/provider/database_grant/mysql.rb
View File

@ -11,6 +11,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
# Optional defaults file
def self.defaults_file
if File.file?('/root/.my.cnf')
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
else
nil
end
end
def defaults_file
self.class.defaults_file
end
def self.prefetch(resources)
@user_privs = nil
@db_privs = nil
@ -33,19 +46,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
end
def self.query_user_privs
results = mysql("mysql", "-Be", "describe user")
results = mysql(defaults_file, "mysql", "-Be", "describe user")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
end
def self.query_db_privs
results = mysql("mysql", "-Be", "describe db")
results = mysql(defaults_file, "mysql", "-Be", "describe db")
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
@db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
end
def mysql_flush
mysqladmin "flush-privileges"
mysqladmin defaults_file, "flush-privileges"
end
# this parses the
@ -73,11 +86,11 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
name = split_name(@resource[:name])
case name[:type]
when :user
mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
mysql defaults_file, "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
name[:host], name[:user],
]
when :db
mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
mysql defaults_file, "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
name[:host], name[:user], name[:db],
]
end
@ -86,7 +99,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
end
def destroy
mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
mysql defaults_file, "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
end
def row_exists?
@ -95,7 +108,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
if name[:type] == :db
fields << :db
end
not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
not mysql(defaults_file, "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
end
def all_privs_set?
@ -117,9 +130,9 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
case name[:type]
when :user
privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
privs = mysql defaults_file, "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
when :db
privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
privs = mysql defaults_file, "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
end
if privs.match(/^$/)
@ -170,7 +183,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
# puts "set:", set
stmt = stmt << set << where
mysql "mysql", "-Be", stmt
mysql defaults_file, "mysql", "-Be", stmt
mysql_flush
end
end

27
deployment/puppet/mysql/lib/puppet/provider/database_user/mysql.rb
View File

@ -7,33 +7,46 @@ Puppet::Type.type(:database_user).provide(:mysql) do
optional_commands :mysql => 'mysql'
optional_commands :mysqladmin => 'mysqladmin'
# Optional defaults file
def self.defaults_file
if File.file?('/root/.my.cnf')
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
else
nil
end
end
def defaults_file
self.class.defaults_file
end
def self.instances
users = mysql("mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
users = mysql(defaults_file, "mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
users.select{ |user| user =~ /.+@/ }.collect do |name|
new(:name => name)
end
end
def create
mysql("mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
mysql(defaults_file, "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
end
def destroy
mysql("mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
mysql(defaults_file, "mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
end
def password_hash
mysql("mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
mysql(defaults_file, "mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
end
def password_hash=(string)
mysql("mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
mysql(defaults_file, "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
end
def exists?
tries=10
begin
not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
not mysql(defaults_file, "mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
rescue
debug("Can't connect to the mysql server: #{tries} tries to reconnect")
sleep 5
@ -43,7 +56,7 @@ Puppet::Type.type(:database_user).provide(:mysql) do
def flush
@property_hash.clear
mysqladmin "flush-privileges"
mysqladmin defaults_file, "flush-privileges"
end
end

154
deployment/puppet/openstack/manifests/db/mysql.pp
View File

@ -1,154 +0,0 @@
#
# === Class: openstack::db::mysql
#
# Create MySQL databases for all components of
# OpenStack that require a database
#
# === Parameters
#
# [mysql_root_password] Root password for mysql. Required.
# [keystone_db_password] Password for keystone database. Required.
# [glance_db_password] Password for glance database. Required.
# [nova_db_password] Password for nova database. Required.
# [mysql_bind_address] Address that mysql will bind to. Optional .Defaults to '0.0.0.0'.
# [mysql_account_security] If a secure mysql db should be setup. Optional .Defaults to true.
# [keystone_db_user] DB user for keystone. Optional. Defaults to 'keystone'.
# [keystone_db_dbname] DB name for keystone. Optional. Defaults to 'keystone'.
# [glance_db_user] DB user for glance. Optional. Defaults to 'glance'.
# [glance_db_dbname]. Name of glance DB. Optional. Defaults to 'glance'.
# [nova_db_user]. Name of nova DB user. Optional. Defaults to 'nova'.
# [nova_db_dbname]. Name of nova DB. Optional. Defaults to 'nova'.
# [allowed_hosts] List of hosts that are allowed access. Optional. Defaults to false.
# [enabled] If the db service should be started. Optional. Defaults to true.
#
# === Example
#
# class { 'openstack::db::mysql':
# mysql_root_password => 'changeme',
# keystone_db_password => 'changeme',
# glance_db_password => 'changeme',
# nova_db_password => 'changeme',
# allowed_hosts => ['127.0.0.1', '10.0.0.%'],
# }
class openstack::db::mysql (
# Required MySQL
# passwords
$mysql_root_password,
$keystone_db_password,
$glance_db_password,
$nova_db_password,
$cinder_db_password,
$neutron_db_password,
# MySQL
$mysql_bind_address = '0.0.0.0',
$mysql_account_security = true,
# Keystone
$keystone_db_user = 'keystone',
$keystone_db_dbname = 'keystone',
# Glance
$glance_db_user = 'glance',
$glance_db_dbname = 'glance',
# Nova
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
$allowed_hosts = false,
# Cinder
$cinder = true,
$cinder_db_user = 'cinder',
$cinder_db_dbname = 'cinder',
# neutron
$neutron = true,
$neutron_db_user = 'neutron',
$neutron_db_dbname = 'neutron',
$enabled = true,
$galera_cluster_name = 'openstack',
$primary_controller = false,
$galera_node_address = '127.0.0.1',
$db_host = '127.0.0.1',
$galera_nodes = ['127.0.0.1'],
$mysql_skip_name_resolve = false,
$custom_setup_class = undef,
$use_syslog = false,
$debug = false,
) {
if $custom_setup_class {
file { '/etc/mysql/my.cnf':
ensure => absent,
require => Class['mysql::server']
}
$config_hash_real = {
'config_file' => '/etc/my.cnf'
}
} else {
$config_hash_real = {}
}
class { "mysql::server" :
bind_address => '0.0.0.0',
etc_root_password => true,
root_password => $mysql_root_password,
old_root_password => '',
galera_cluster_name => $galera_cluster_name,
primary_controller => $primary_controller,
galera_node_address => $galera_node_address,
galera_nodes => $galera_nodes,
enabled => $enabled,
custom_setup_class => $custom_setup_class,
mysql_skip_name_resolve => $mysql_skip_name_resolve,
use_syslog => $use_syslog,
config_hash => $config_hash_real,
}
# This removes default users and guest access
if $mysql_account_security and $custom_setup_class == undef {
class { 'mysql::server::account_security': }
}
if ($enabled) {
# Create the Keystone db
class { 'keystone::db::mysql':
user => $keystone_db_user,
password => $keystone_db_password,
dbname => $keystone_db_dbname,
allowed_hosts => $allowed_hosts,
}
# Create the Glance db
class { 'glance::db::mysql':
user => $glance_db_user,
password => $glance_db_password,
dbname => $glance_db_dbname,
allowed_hosts => $allowed_hosts,
}
# Create the Nova db
class { 'nova::db::mysql':
user => $nova_db_user,
password => $nova_db_password,
dbname => $nova_db_dbname,
allowed_hosts => $allowed_hosts,
}
# create cinder db
if ($cinder) {
class { 'cinder::db::mysql':
user => $cinder_db_user,
password => $cinder_db_password,
dbname => $cinder_db_dbname,
allowed_hosts => $allowed_hosts,
}
}
# create neutron db
if ($neutron) {
class { 'neutron::db::mysql':
user => $neutron_db_user,
password => $neutron_db_password,
dbname => $neutron_db_dbname,
allowed_hosts => $allowed_hosts,
}
}
}
}

36
deployment/puppet/openstack/manifests/heat.pp
View File

@ -6,7 +6,6 @@ class openstack::heat (
$enabled = true,
$keystone_auth = true,
$create_heat_db = true,
$keystone_host = '127.0.0.1',
$keystone_port = '35357',
$keystone_service_port = '5000',
@ -96,39 +95,26 @@ class openstack::heat (
}
Package<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |>
Heat_config <|
title == 'DEFAULT/instance_connection_https_validate_certificates' or
title == 'DEFAULT/instance_connection_is_secure'
title == 'DEFAULT/instance_connection_https_validate_certificates' or
title == 'DEFAULT/instance_connection_is_secure'
|> ->
Service<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |>
# Firewall rules for APIs
firewall { '206 heat-api-cloudwatch' :
dport => [ $api_cloudwatch_bind_port ],
proto => 'tcp',
action => 'accept',
dport => [ $api_cloudwatch_bind_port ],
proto => 'tcp',
action => 'accept',
} ->
firewall { '205 heat-api-cfn' :
dport => [ $api_cfn_bind_port ],
proto => 'tcp',
action => 'accept',
dport => [ $api_cfn_bind_port ],
proto => 'tcp',
action => 'accept',
} ->
firewall { '204 heat-api' :
dport => [ $api_bind_port ],
proto => 'tcp',
action => 'accept',
}
# Follow the Heat installation order
# DB
if ($create_heat_db){
class { 'heat::db::mysql':
password => $db_password,
dbname => $db_name,
user => $db_user,
host => $db_host,
allowed_hosts => $db_allowed_hosts,
require => Firewall['204 heat-api'],
}
dport => [ $api_bind_port ],
proto => 'tcp',
action => 'accept',
}
if ($keystone_auth){

43
deployment/puppet/osnailyfacter/manifests/mysql_access.pp Normal file
View File

@ -0,0 +1,43 @@
# == Class osnailyfacter::mysql_access
#
# Class that configures .my.cnf for services
#
# === Parameters:
#
# [*db_user*]
# (optional) The mysql user to create
# Defaults to 'root'
#
# [*db_password*]
# Password to use for db_user
#
# [*db_host*]
# (optional) The IP address of the mysql server
# Defaults to '127.0.0.1'
#
class osnailyfacter::mysql_access (
$ensure = 'present',
$db_user = 'root',
$db_password = '',
$db_host = 'localhost',
) {
$default_file_path = '/root/.my.cnf'
$host_file_path = "/root/.my.${db_host}.cnf"
file { "${db_host}-mysql-access":
ensure => $ensure,
path => $host_file_path,
owner => 'root',
group => 'root',
mode => '0640',
content => template('osnailyfacter/mysql.access.cnf.erb')
}
if $ensure == 'present' {
file { 'default-mysql-access-link':
ensure => 'symlink',
path => $default_file_path,
target => $host_file_path,
}
}
}

41
deployment/puppet/osnailyfacter/manifests/mysql_root.pp Normal file
View File

@ -0,0 +1,41 @@
# == Class osnailyfacter::mysql_root
#
# Class for root grant permissions
#
# [*password*]
# Password to use with root user
#
class osnailyfacter::mysql_root (
$password = '',
) {
Exec {
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
creates => '/root/.my.cnf',
}
exec { 'mysql_drop_test' :
command => "mysql -NBe \"drop database if exists test\"",
} ->
exec { 'mysql_root_%' :
command => "mysql -NBe \"grant all on *.* to 'root'@'%' with grant option\"",
} ->
exec { 'mysql_root_localhost' :
command => "mysql -NBe \"grant all on *.* to 'root'@'localhost' with grant option\"",
} ->
exec { 'mysql_root_127.0.0.1' :
command => "mysql -NBe \"grant all on *.* to 'root'@'127.0.0.1' with grant option\"",
} ->
exec { 'mysql_root_password' :
command => "mysql -NBe \"update mysql.user set password = password('${password}') where user = 'root'\"",
} ->
exec { 'mysql_flush_privileges' :
command => "mysql -NBe \"flush privileges\"",
}
}

179
deployment/puppet/osnailyfacter/modular/database/database.pp
View File

@ -1,111 +1,106 @@
notice('MODULAR: database.pp')
$neutron = hiera('use_neutron')
$mysql_hash = hiera('mysql')
$keystone_hash = hiera('keystone')
$glance_hash = hiera('glance')
$nova_hash = hiera('nova')
$cinder_hash = hiera('cinder')
$internal_address = hiera('internal_address')
$network_scheme = hiera('network_scheme', {})
$neutron_db_password = hiera('neutron_db_password', false)
$controller_nodes = hiera('controller_nodes')
$use_syslog = hiera('use_syslog', true)
$primary_controller = hiera('primary_controller')
$management_vip = hiera('management_vip')
$internal_address = hiera('internal_address')
$management_network_range = hiera('management_network_range')
$controller_nodes = hiera('controller_nodes')
$use_syslog = hiera('use_syslog', true)
$primary_controller = hiera('primary_controller')
$management_vip = hiera('management_vip')
$database_vip = hiera('database_vip', undef)
$mysql_hash = hiera_hash('mysql', {})
$haproxy_stats_port = '10000'
$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv"
$haproxy_stats_port = '10000'
$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv"
$mysql_root_password = $mysql_hash['root_password']
$mysql_bind_address = '0.0.0.0'
$mysql_account_security = true
$mysql_database_password = $mysql_hash['root_password']
$mysql_database_enabled = pick($mysql_hash['enabled'], true)
$mysql_db_host = pick($database_vip, $management_vip, 'localhost')
$keystone_db_user = 'keystone'
$keystone_db_dbname = 'keystone'
$keystone_db_password = $keystone_hash['db_password']
$glance_db_user = 'glance'
$glance_db_dbname = 'glance'
$glance_db_password = $glance_hash['db_password']
$nova_db_user = 'nova'
$nova_db_dbname = 'nova'
$nova_db_password = $nova_hash['db_password']
$cinder_db_user = 'cinder'
$cinder_db_dbname = 'cinder'
$cinder_db_password = $cinder_hash['db_password']
$neutron_db_user = 'neutron'
$neutron_db_dbname = 'neutron'
$mysql_bind_address = '0.0.0.0'
$enabled = true
$allowed_hosts = [ '%', $::hostname ]
$galera_cluster_name = 'openstack'
$galera_node_address = $internal_address
$galera_nodes = $controller_nodes
$custom_mysql_setup_class = 'galera'
$mysql_skip_name_resolve = true
$custom_setup_class = 'galera'
$status_user = 'clustercheck'
$status_password = $mysql_hash['wsrep_password']
$backend_port = '3307'
$backend_timeout = '10'
$man_net = $network_scheme['endpoints'][$network_scheme['roles']['management']]['IP']
###############################################################################
#############################################################################
if $mysql_database_enabled {
if $custom_setup_class {
file { '/etc/mysql/my.cnf':
ensure => absent,
require => Class['mysql::server']
}
$config_hash_real = {
'config_file' => '/etc/my.cnf'
}
} else {
$config_hash_real = { }
}
class { 'mysql::server':
bind_address => '0.0.0.0',
etc_root_password => true,
root_password => $mysql_database_password,
old_root_password => '',
galera_cluster_name => $galera_cluster_name,
primary_controller => $primary_controller,
galera_node_address => $galera_node_address,
galera_nodes => $galera_nodes,
enabled => $enabled,
custom_setup_class => $custom_setup_class,
mysql_skip_name_resolve => $mysql_skip_name_resolve,
use_syslog => $use_syslog,
config_hash => $config_hash_real,
}
class { 'osnailyfacter::mysql_access':
db_user => 'root',
db_password => $mysql_database_password,
db_host => $mysql_db_host,
}
class { 'osnailyfacter::mysql_root':
password => $mysql_database_password,
}
exec { 'initial_access_config':
command => '/bin/ln -sf /etc/mysql/conf.d/password.cnf /root/.my.cnf',
}
class { 'openstack::galera::status':
status_user => $status_user,
status_password => $status_password,
status_allow => $galera_node_address,
backend_host => $galera_node_address,
backend_port => $backend_port,
backend_timeout => $backend_timeout,
only_from => "127.0.0.1 240.0.0.2 ${management_network_range}",
}
haproxy_backend_status { 'mysql' :
name => 'mysqld',
url => $haproxy_stats_url,
}
package { 'socat':
ensure => 'present'
}
Package['socat'] ->
Class['mysql::server'] ->
Class['osnailyfacter::mysql_root'] ->
Exec['initial_access_config'] ->
Class['openstack::galera::status'] ->
Haproxy_backend_status['mysql'] ->
Class['osnailyfacter::mysql_access']
class { 'openstack::db::mysql':
mysql_root_password => $mysql_root_password,
mysql_bind_address => $mysql_bind_address,
mysql_account_security => $mysql_account_security,
keystone_db_user => $keystone_db_user,
keystone_db_password => $keystone_db_password,
keystone_db_dbname => $keystone_db_dbname,
glance_db_user => $glance_db_user,
glance_db_password => $glance_db_password,
glance_db_dbname => $glance_db_dbname,
nova_db_user => $nova_db_user,
nova_db_password => $nova_db_password,
nova_db_dbname => $nova_db_dbname,
cinder => $cinder,
cinder_db_user => $cinder_db_user,
cinder_db_password => $cinder_db_password,
cinder_db_dbname => $cinder_db_dbname,
neutron => $neutron,
neutron_db_user => $neutron_db_user,
neutron_db_password => $neutron_db_password,
neutron_db_dbname => $neutron_db_dbname,
allowed_hosts => $allowed_hosts,
enabled => $enabled,
galera_cluster_name => $galera_cluster_name,
primary_controller => $primary_controller,
galera_node_address => $galera_node_address,
galera_nodes => $galera_nodes,
custom_setup_class => $custom_mysql_setup_class,
mysql_skip_name_resolve => $mysql_skip_name_resolve,
use_syslog => $use_syslog,
}
class { 'openstack::galera::status':
status_user => $status_user,
status_password => $status_password,
status_allow => $galera_node_address,
backend_host => $galera_node_address,
backend_port => $backend_port,
backend_timeout => $backend_timeout,
only_from => "127.0.0.1 240.0.0.2 ${man_net}",
}
haproxy_backend_status { 'mysql' :
name => 'mysqld',
url => $haproxy_stats_url,
}
package { 'socat': ensure => present }
Package['socat'] -> Class['openstack::db::mysql']
Class['openstack::db::mysql'] -> Class['openstack::galera::status']
Class['openstack::galera::status'] -> Haproxy_backend_status['mysql']
Class['mysql::server'] -> Haproxy_backend_status['mysql']

47
deployment/puppet/osnailyfacter/modular/glance/glance_db.pp Normal file
View File

@ -0,0 +1,47 @@
notice('MODULAR: glance_db.pp')
$glance_hash = hiera_hash('glance', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($glance_hash['db_user'], 'glance')
$db_name = pick($glance_hash['db_name'], 'glance')
$db_password = pick($glance_hash['db_password'], $mysql_root_password)
$db_host = pick($glance_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($glance_hash['db_create'], $mysql_db_create)
$db_root_user = pick($glance_hash['root_user'], $mysql_root_user)
$db_root_password = pick($glance_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $db_create {
class { 'glance::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['glance::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

9
deployment/puppet/osnailyfacter/modular/glance/glance_pre.rb
View File

@ -8,15 +8,6 @@ class GlancePreTest < Test::Unit::TestCase
assert TestCommon::HAProxy.backend_present?(BACKEND), "There is no '#{BACKEND}' HAProxy backend!"
end
def test_mysql_accessible_for_glance
TestCommon::MySQL.pass = TestCommon::Settings.glance['db_password']
TestCommon::MySQL.user = 'glance'
TestCommon::MySQL.host = TestCommon::Settings.management_vip
TestCommon::MySQL.port = 3306
TestCommon::MySQL.db = 'glance'
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Glance auth!'
end
def test_amqp_accessible
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
end

11
deployment/puppet/osnailyfacter/modular/glance/tasks.yaml
View File

@ -11,3 +11,14 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_post.rb
- id: glance-db
type: puppet
groups: [primary-controller]
required_for: [glance]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

1
deployment/puppet/osnailyfacter/modular/heat/heat.pp
View File

@ -50,7 +50,6 @@ if $::operatingsystem == 'Ubuntu' {
class { 'openstack::heat' :
external_ip => $controller_node_public,
keystone_auth => pick($heat_hash['keystone_auth'], true),
create_heat_db => pick($heat_hash['create_heat_db'], true),
api_bind_host => $internal_address,
api_cfn_bind_host => $internal_address,
api_cloudwatch_bind_host => $internal_address,

47
deployment/puppet/osnailyfacter/modular/heat/heat_db.pp Normal file
View File

@ -0,0 +1,47 @@
notice('MODULAR: heat_db.pp')
$heat_hash = hiera_hash('heat', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($heat_hash['db_user'], 'heat')
$db_name = pick($heat_hash['db_name'], 'heat')
$db_password = pick($heat_hash['db_password'], $mysql_root_password)
$db_host = pick($heat_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($heat_hash['db_create'], $mysql_db_create)
$db_root_user = pick($heat_hash['root_user'], $mysql_root_user)
$db_root_password = pick($heat_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $db_create {
class { 'heat::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['heat::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

4
deployment/puppet/osnailyfacter/modular/heat/heat_pre.rb
View File

@ -1,10 +1,6 @@
require File.join File.dirname(__FILE__), '../test_common.rb'
class HeatPostTest < Test::Unit::TestCase
def test_mysql_connection_without_auth
TestCommon::MySQL.no_auth
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
end
def test_amqp_accessible
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'

10
deployment/puppet/osnailyfacter/modular/heat/tasks.yaml
View File

@ -11,3 +11,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_post.rb
- id: heat-db
type: puppet
groups: [primary-controller]
required_for: [heat]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/heat_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

45
deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp Normal file
View File

@ -0,0 +1,45 @@
notice('MODULAR: keystone_db.pp')
$keystone_hash = hiera_hash('keystone', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($keystone_hash['db_user'], 'keystone')
$db_name = pick($keystone_hash['db_name'], 'keystone')
$db_password = pick($keystone_hash['db_password'], $mysql_root_password)
$db_host = pick($keystone_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($keystone_hash['db_create'], $mysql_db_create)
$db_root_user = pick($keystone_hash['root_user'], $mysql_root_user)
$db_root_password = pick($keystone_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
if $db_create {
class { 'keystone::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['keystone::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

9
deployment/puppet/osnailyfacter/modular/keystone/keystone_pre.rb
View File

@ -13,15 +13,6 @@ class KeystonePreTest < Test::Unit::TestCase
assert TestCommon::HAProxy.backend_present?(ADMIN_BACKEND), "There is no '#{ADMIN_BACKEND}' HAProxy backend!"
end
def test_mysql_accessible_for_keystone
TestCommon::MySQL.pass = TestCommon::Settings.keystone['db_password']
TestCommon::MySQL.user = 'keystone'
TestCommon::MySQL.host = TestCommon::Settings.management_vip
TestCommon::MySQL.port = 3306
TestCommon::MySQL.db = 'keystone'
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Keystone auth!'
end
def test_amqp_accessible
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
end

10
deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml
View File

@ -11,3 +11,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb
- id: keystone-db
type: puppet
groups: [primary-controller]
required_for: [keystone]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

4
deployment/puppet/osnailyfacter/modular/murano/murano.pp
View File

@ -116,12 +116,8 @@ if $murano_hash['enabled'] {
######################
class mysql::server {}
class mysql::config {}
class rabbitmq::service {}
class openstack::firewall {}
include mysql::server
include mysql::config
include rabbitmq::service
include openstack::firewall

50
deployment/puppet/osnailyfacter/modular/murano/murano_db.pp Normal file
View File

@ -0,0 +1,50 @@
notice('MODULAR: murano_db.pp')
$murano_hash = hiera_hash('murano', {})
$murano_enabled = pick($murano_hash['enabled'], false)
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($murano_hash['db_user'], 'murano')
$db_name = pick($murano_hash['db_name'], 'murano')
$db_password = pick($murano_hash['db_password'], $mysql_root_password)
$db_host = pick($murano_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($murano_hash['db_create'], $mysql_db_create)
$db_root_user = pick($murano_hash['root_user'], $mysql_root_user)
$db_root_password = pick($murano_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $murano_enabled and $db_create {
class { 'murano::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['murano::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server
class murano::api {}
include murano::api

5
deployment/puppet/osnailyfacter/modular/murano/murano_pre.rb
View File

@ -2,11 +2,6 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
class MuranoPreTest < Test::Unit::TestCase
def test_mysql_connection_without_auth
TestCommon::MySQL.no_auth
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
end
def test_amqp_accessible
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
end

10
deployment/puppet/osnailyfacter/modular/murano/tasks.yaml
View File

@ -11,3 +11,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_post.rb
- id: murano-db
type: puppet
groups: [primary-controller]
required_for: [murano]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/murano/murano_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

47
deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp Normal file
View File

@ -0,0 +1,47 @@
notice('MODULAR: cinder_db.pp')
$cinder_hash = hiera_hash('cinder', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($cinder_hash['db_user'], 'cinder')
$db_name = pick($cinder_hash['db_name'], 'cinder')
$db_password = pick($cinder_hash['db_password'], $mysql_root_password)
$db_host = pick($cinder_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($cinder_hash['db_create'], $mysql_db_create)
$db_root_user = pick($cinder_hash['root_user'], $mysql_root_user)
$db_root_password = pick($cinder_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $db_create {
class { 'cinder::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['cinder::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

10
deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml
View File

@ -7,3 +7,13 @@
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/openstack-cinder.pp
puppet_modules: /etc/puppet/modules
timeout: 1200
- id: cinder_db
type: puppet
groups: [primary-controller]
required_for: [openstack-cinder]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/cinder_db.pp
puppet_modules: /etc/puppet/modules
timeout: 1200

47
deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp Normal file
View File

@ -0,0 +1,47 @@
notice('MODULAR: nova_db.pp')
$nova_hash = hiera_hash('nova', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($nova_hash['db_user'], 'nova')
$db_name = pick($nova_hash['db_name'], 'nova')
$db_password = pick($nova_hash['db_password'], $mysql_root_password)
$db_host = pick($nova_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($nova_hash['db_create'], $mysql_db_create)
$db_root_user = pick($nova_hash['root_user'], $mysql_root_user)
$db_root_password = pick($nova_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $db_create {
class { 'nova::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['nova::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

10
deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml
View File

@ -7,3 +7,13 @@
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/openstack-controller.pp
puppet_modules: /etc/puppet/modules
timeout: 3600
- id: nova-db
type: puppet
groups: [primary-controller]
required_for: [openstack-controller]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/nova_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

50
deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp Normal file
View File

@ -0,0 +1,50 @@
notice('MODULAR: neutron_db.pp')
$use_neutron = hiera('use_neutron', false)
$neutron_hash = hiera_hash('quantum_settings', {})
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$neutron_db = merge($neutron_hash['database'], {})
$db_user = pick($neutron_db['db_user'], 'neutron')
$db_name = pick($neutron_db['db_name'], 'neutron')
$db_password = pick($neutron_db['passwd'], $mysql_root_password)
$db_host = pick($neutron_db['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($neutron_db['db_create'], $mysql_db_create)
$db_root_user = pick($neutron_db['root_user'], $mysql_root_user)
$db_root_password = pick($neutron_db['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $use_neutron and $db_create {
class { 'neutron::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['neutron::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

11
deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml
View File

@ -11,6 +11,7 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_post.rb
- id: openstack-network-compute
type: puppet
groups: [compute]
@ -24,3 +25,13 @@
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_pre.rb
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_post.rb
- id: neutron-db
type: puppet
groups: [primary-controller]
required_for: [openstack-network]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/neutron_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

6
deployment/puppet/osnailyfacter/modular/sahara/sahara.pp
View File

@ -79,11 +79,5 @@ if $sahara_hash['enabled'] {
#########################
class mysql::server {}
class mysql::config {}
include mysql::server
include mysql::config
class openstack::firewall {}
include openstack::firewall

50
deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp Normal file
View File

@ -0,0 +1,50 @@
notice('MODULAR: sahara_db.pp')
$sahara_hash = hiera_hash('sahara', {})
$sahara_enabled = pick($sahara_hash['enabled'], false)
$mysql_hash = hiera_hash('mysql', {})
$management_vip = hiera('management_vip', undef)
$database_vip = hiera('database_vip', undef)
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = pick($sahara_hash['db_user'], 'sahara')
$db_name = pick($sahara_hash['db_name'], 'sahara')
$db_password = pick($sahara_hash['db_password'], $mysql_root_password)
$db_host = pick($sahara_hash['db_host'], $database_vip, $management_vip, 'localhost')
$db_create = pick($sahara_hash['db_create'], $mysql_db_create)
$db_root_user = pick($sahara_hash['root_user'], $mysql_root_user)
$db_root_password = pick($sahara_hash['root_password'], $mysql_root_password)
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $sahara_enabled and $db_create {
class { 'sahara::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['osnailyfacter::mysql_access'] -> Class['sahara::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server
class sahara::api {}
include sahara::api

7
deployment/puppet/osnailyfacter/modular/sahara/sahara_pre.rb
View File

@ -2,17 +2,12 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
class SaharaPreTest < Test::Unit::TestCase
def test_mysql_connection_without_auth
TestCommon::MySQL.no_auth
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
end
def test_amqp_accessible
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
end
def test_haproxy_sahara_backend_present
assert TestCommon::HAProxy.backend_present?('sahara'), 'No murano haproxy backend!'
assert TestCommon::HAProxy.backend_present?('sahara'), 'No sahara haproxy backend!'
end
def test_horizon_haproxy_backend_online

9
deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml
View File

@ -12,3 +12,12 @@
test_post:
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_post.rb
- id: sahara-db
type: puppet
groups: [primary-controller]
required_for: [sahara]
requires: [database]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_db.pp
puppet_modules: /etc/puppet/modules
timeout: 3600

6
deployment/puppet/osnailyfacter/templates/mysql.access.cnf.erb Normal file
View File

@ -0,0 +1,6 @@
<%- %w(mysql client mysqldump mysqladmin mysqlcheck).each do |section| %>
[<%= section %>]
user = '<%= @db_user %>'
password = '<%= @db_password %>'
host = '<%= @db_host %>'
<%- end %>

91
deployment/puppet/sahara/manifests/db/mysql.pp
View File

@ -1,27 +1,90 @@
# == Class sahara::db::mysql
#
# Class that configures mysql for sahara
#
# === Parameters:
#
# [*password*]
# Password to use for the sahara user
#
# [*dbname*]
# (optional) The name of the database
# Defaults to 'sahara'
#
# [*user*]
# (optional) The mysql user to create
# Defaults to 'sahara'
#
# [*host*]
# (optional) The IP address of the mysql server
# Defaults to '127.0.0.1'
#
# [*charset*]
# (optional) The charset to use for the sahara database
# Defaults to 'utf8'
#
# [*collate*]
# (optional) The collate to use for the sahara database
# Defaults to 'utf8_general_ci'
#
# [*allowed_hosts*]
# (optional) Additional hosts that are allowed to access this DB
# Defaults to undef
#
# [*cluster_id*]
# (optional) Deprecated. Does nothing
# Defaults to 'localzone'
#
# [*mysql_module*]
# (optional) Mysql puppet module version to use. Tested versions
# are 0.9 and 2.2.
# Defaults to '0.9'
#
class sahara::db::mysql(
$password = 'sahara',
$password,
$dbname = 'sahara',
$user = 'sahara',
$dbhost = 'localhost',
$dbhost = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_general_ci',
$allowed_hosts = undef,
$mysql_module = '0.9'
) {
include 'sahara::params'
if ($mysql_module >= 2.2) {
mysql::db { $dbname:
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
collate => $collate,
require => Class['mysql::server'],
}
} else {
require 'mysql::python'
mysql::db { $dbname :
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
grant => ['all'],
mysql::db { $dbname:
user => $user,
password => $password,
host => $dbhost,
charset => $charset,
require => Class['mysql::config'],
}
}
if $allowed_hosts {
sahara::db::mysql::host_access { $allowed_hosts:
user => $user,
password => $password,
database => $dbname,
# Check allowed_hosts to avoid duplicate resource declarations
if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] {
$real_allowed_hosts = delete($allowed_hosts,$dbhost)
} elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) {
$real_allowed_hosts = $allowed_hosts
}
if $real_allowed_hosts {
sahara::db::mysql::host_access { $real_allowed_hosts:
user => $user,
password => $password,
database => $dbname,
mysql_module => $mysql_module,
}
}

45
deployment/puppet/sahara/manifests/db/mysql/host_access.pp
View File

@ -13,18 +13,41 @@
# [*database*]
# the database name
#
define sahara::db::mysql::host_access ($user, $password, $database) {
# [*mysql_module*]
# mysql module version
#
define sahara::db::mysql::host_access (
$user,
$password,
$database,
$mysql_module = '0.9'
) {
database_user { "${user}@${name}":
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$database],
}
if ($mysql_module >= 2.2) {
mysql_user { "${user}@${name}":
password_hash => mysql_password($password),
require => Mysql_database[$database],
}
database_grant { "${user}@${name}/${database}":
# TODO figure out which privileges to grant.
privileges => 'all',
provider => 'mysql',
require => Database_user["${user}@${name}"]
mysql_grant { "${user}@${name}/${database}.*":
privileges => ['ALL'],
options => ['GRANT'],
table => "${database}.*",
require => Mysql_user["${user}@${name}"],
user => "${user}@${name}"
}
} else {
database_user { "${user}@${name}":
password_hash => mysql_password($password),
provider => 'mysql',
require => Database[$database],
}
database_grant { "${user}@${name}/${database}":
# TODO figure out which privileges to grant.
privileges => 'all',
provider => 'mysql',
require => Database_user["${user}@${name}"]
}
}
}

10
deployment/puppet/sahara/manifests/init.pp
View File

@ -39,14 +39,6 @@ class sahara (
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
class { 'sahara::db::mysql':
password => $db_password,
dbname => $db_name,
user => $db_user,
dbhost => $db_host,
allowed_hosts => $db_allowed_hosts,
}
class { 'sahara::api':
enabled => $enabled,
auth_uri => $auth_uri,
@ -106,8 +98,6 @@ class sahara (
action => 'accept',
}
Class['mysql::server'] ->
Class['sahara::db::mysql'] ->
Firewall[$firewall_rule] ->
Class['sahara::keystone::auth'] ->
Class['sahara::api']

8
tests/noop/spec/hosts/glance/glance_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'glance/glance_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/heat/heat_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'heat/heat_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/keystone/keystone_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'keystone/keystone_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/murano/murano_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'murano/murano_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-cinder/cinder_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-controller/nova_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'openstack-network/neutron_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end

8
tests/noop/spec/hosts/sahara/sahara_db_spec.rb Normal file
View File

@ -0,0 +1,8 @@
require 'spec_helper'
require 'shared-examples'
manifest = 'sahara/sahara_db.pp'
describe manifest do
test_ubuntu_and_centos manifest
end