Refactor DB creation
- Move DB creation for every service to own task - Refactor Murano and Sahara DB configuration classes - Cherry-pick MySQL providers from upstream to allow DB creation and management on remote host - Remove openstack::db::mysql - Move database and user creation to a separete task - Either install local database or use an external one Implements: blueprint: detach-components-from-controllers Co-Authored-By: Sergii Golovatiuk <sgolovatiuk@mirantis.com> Co-Authored-By: Dmitry Ilyin <dilyin@mirantis.com> Change-Id: Iaf3b7913e8c79c08025dbdaf5f2beff7337ab644 Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
This commit is contained in:
parent
e0cc117d03
commit
906eb4217b
|
@ -1,36 +1,95 @@
|
|||
# == Class murano::db::mysql
|
||||
#
|
||||
# Class that configures mysql for sahara
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*password*]
|
||||
# Password to use for the murano user
|
||||
#
|
||||
# [*dbname*]
|
||||
# (optional) The name of the database
|
||||
# Defaults to 'murano'
|
||||
#
|
||||
# [*user*]
|
||||
# (optional) The mysql user to create
|
||||
# Defaults to 'murano'
|
||||
#
|
||||
# [*host*]
|
||||
# (optional) The IP address of the mysql server
|
||||
# Defaults to '127.0.0.1'
|
||||
#
|
||||
# [*charset*]
|
||||
# (optional) The charset to use for the murano database
|
||||
# Defaults to 'utf8'
|
||||
#
|
||||
# [*collate*]
|
||||
# (optional) The collate to use for the morano database
|
||||
# Defaults to 'utf8_general_ci'
|
||||
#
|
||||
# [*allowed_hosts*]
|
||||
# (optional) Additional hosts that are allowed to access this DB
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cluster_id*]
|
||||
# (optional) Deprecated. Does nothing
|
||||
# Defaults to 'localzone'
|
||||
#
|
||||
# [*mysql_module*]
|
||||
# (optional) Mysql puppet module version to use. Tested versions
|
||||
# are 0.9 and 2.2.
|
||||
# Defaults to '0.9'
|
||||
#
|
||||
class murano::db::mysql(
|
||||
$password = 'murano',
|
||||
$dbname = 'murano',
|
||||
$user = 'murano',
|
||||
$dbhost = 'localhost',
|
||||
$dbhost = '127.0.0.1',
|
||||
$charset = 'utf8',
|
||||
$collate = 'utf8_general_ci',
|
||||
$allowed_hosts = undef,
|
||||
$mysql_module = '0.9'
|
||||
) {
|
||||
|
||||
include 'murano::params'
|
||||
if ($mysql_module >= 2.2) {
|
||||
mysql::db { $dbname:
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
collate => $collate,
|
||||
require => Class['mysql::server'],
|
||||
}
|
||||
} else {
|
||||
require 'mysql::python'
|
||||
|
||||
mysql::db { $dbname :
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
grant => ['all'],
|
||||
}
|
||||
|
||||
if $allowed_hosts {
|
||||
murano::db::mysql::host_access { $allowed_hosts:
|
||||
user => $user,
|
||||
password => $password,
|
||||
database => $dbname,
|
||||
mysql::db { $dbname:
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
require => Class['mysql::config'],
|
||||
}
|
||||
}
|
||||
|
||||
$services = [ 'murano::api' ]
|
||||
# TODO(dteselkin): Update the line above similar
|
||||
# to the line below when murano::engine is added.
|
||||
#$services = [ 'murano::conductor', 'murano::api' ]
|
||||
Database[$dbname] -> Class[$services]
|
||||
Database_user["${user}@${dbhost}"] -> Class[$services]
|
||||
Database_grant["${user}@${dbhost}/${dbname}"] -> Class[$services]
|
||||
# Check allowed_hosts to avoid duplicate resource declarations
|
||||
if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] {
|
||||
$real_allowed_hosts = delete($allowed_hosts,$dbhost)
|
||||
} elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) {
|
||||
$real_allowed_hosts = $allowed_hosts
|
||||
}
|
||||
|
||||
if $real_allowed_hosts {
|
||||
murano::db::mysql::host_access { $real_allowed_hosts:
|
||||
user => $user,
|
||||
password => $password,
|
||||
database => $dbname,
|
||||
mysql_module => $mysql_module,
|
||||
}
|
||||
}
|
||||
|
||||
Database[$dbname] -> Class['murano::api']
|
||||
Database_user["${user}@${dbhost}"] -> Class['murano::api']
|
||||
Database_grant["${user}@${dbhost}/${dbname}"] -> Class['murano::api']
|
||||
|
||||
}
|
||||
|
|
|
@ -13,18 +13,41 @@
|
|||
# [*database*]
|
||||
# the database name
|
||||
#
|
||||
define murano::db::mysql::host_access ($user, $password, $database) {
|
||||
# [*mysql_module*]
|
||||
# mysql module version
|
||||
#
|
||||
define murano::db::mysql::host_access (
|
||||
$user,
|
||||
$password,
|
||||
$database,
|
||||
$mysql_module = '0.9'
|
||||
) {
|
||||
|
||||
database_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
provider => 'mysql',
|
||||
require => Database[$database],
|
||||
}
|
||||
if ($mysql_module >= 2.2) {
|
||||
mysql_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
require => Mysql_database[$database],
|
||||
}
|
||||
|
||||
database_grant { "${user}@${name}/${database}":
|
||||
# TODO figure out which privileges to grant.
|
||||
privileges => 'all',
|
||||
provider => 'mysql',
|
||||
require => Database_user["${user}@${name}"]
|
||||
mysql_grant { "${user}@${name}/${database}.*":
|
||||
privileges => ['ALL'],
|
||||
options => ['GRANT'],
|
||||
table => "${database}.*",
|
||||
require => Mysql_user["${user}@${name}"],
|
||||
user => "${user}@${name}"
|
||||
}
|
||||
} else {
|
||||
database_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
provider => 'mysql',
|
||||
require => Database[$database],
|
||||
}
|
||||
|
||||
database_grant { "${user}@${name}/${database}":
|
||||
# TODO figure out which privileges to grant.
|
||||
privileges => 'all',
|
||||
provider => 'mysql',
|
||||
require => Database_user["${user}@${name}"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,16 +24,16 @@ class murano (
|
|||
$murano_api_host = '127.0.0.1',
|
||||
# rabbit configuration
|
||||
# NOTE:
|
||||
# Murano uses separate rabbitmq server for communication with agents.
|
||||
# This server is launched on each controller node and uses port 55572.
|
||||
# Separate rabbitmq is used to address security concern that instances
|
||||
# managed by Murano have access to the 'system' RabbitMQ and thus could
|
||||
# have access to OpenStack internal data.
|
||||
# Murano uses separate rabbitmq server for communication with agents.
|
||||
# This server is launched on each controller node and uses port 55572.
|
||||
# Separate rabbitmq is used to address security concern that instances
|
||||
# managed by Murano have access to the 'system' RabbitMQ and thus could
|
||||
# have access to OpenStack internal data.
|
||||
# murano_rabbit_ha_hosts is used by murano-api and works with oslo.messaging
|
||||
$murano_rabbit_ha_hosts = '127.0.0.1:5672',
|
||||
$murano_rabbit_ha_queues = false,
|
||||
# murano_rabbit_host and murano_rabbit_port are used by murano-engine,
|
||||
# which communicates with rabbitmq directly.
|
||||
# which communicates with rabbitmq directly.
|
||||
$murano_rabbit_host = '127.0.0.1',
|
||||
$murano_rabbit_port = '55572',
|
||||
$murano_rabbit_ssl = false,
|
||||
|
@ -67,7 +67,10 @@ class murano (
|
|||
$murano_repo_url_string = undef,
|
||||
) {
|
||||
|
||||
Class['mysql::server'] -> Class['murano::db::mysql'] -> Class['murano::murano_rabbitmq'] -> Class['murano::keystone'] -> Class['murano::python_muranoclient'] -> Class['murano::api'] -> Class['murano::dashboard']
|
||||
Class['murano::murano_rabbitmq'] ->
|
||||
Class['murano::keystone'] ->
|
||||
Class['murano::python_muranoclient'] ->
|
||||
Class['murano::api'] -> Class['murano::dashboard']
|
||||
|
||||
User['murano'] -> Class['murano::api'] -> File <| title == $murano_log_dir |>
|
||||
|
||||
|
@ -107,64 +110,57 @@ class murano (
|
|||
mode => '0750',
|
||||
}
|
||||
|
||||
class { 'murano::db::mysql':
|
||||
password => $murano_db_password,
|
||||
dbname => $murano_db_name,
|
||||
user => $murano_db_user,
|
||||
dbhost => $murano_db_host,
|
||||
allowed_hosts => $murano_db_allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'murano::python_muranoclient':
|
||||
}
|
||||
|
||||
class { 'murano::api' :
|
||||
use_syslog => $use_syslog,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_file => "${murano_log_dir}/murano.log",
|
||||
syslog_log_facility => $syslog_log_facility,
|
||||
use_syslog => $use_syslog,
|
||||
debug => $debug,
|
||||
verbose => $verbose,
|
||||
log_file => "${murano_log_dir}/murano.log",
|
||||
syslog_log_facility => $syslog_log_facility,
|
||||
|
||||
auth_host => $murano_keystone_host,
|
||||
auth_port => $murano_keystone_port,
|
||||
auth_protocol => $murano_keystone_protocol,
|
||||
admin_tenant_name => $murano_keystone_tenant,
|
||||
admin_user => $murano_keystone_user,
|
||||
admin_password => $murano_keystone_password,
|
||||
signing_dir => $murano_keystone_signing_dir,
|
||||
auth_host => $murano_keystone_host,
|
||||
auth_port => $murano_keystone_port,
|
||||
auth_protocol => $murano_keystone_protocol,
|
||||
admin_tenant_name => $murano_keystone_tenant,
|
||||
admin_user => $murano_keystone_user,
|
||||
admin_password => $murano_keystone_password,
|
||||
signing_dir => $murano_keystone_signing_dir,
|
||||
|
||||
bind_host => $murano_bind_host,
|
||||
bind_port => $murano_bind_port,
|
||||
bind_host => $murano_bind_host,
|
||||
bind_port => $murano_bind_port,
|
||||
|
||||
api_host => $murano_api_host,
|
||||
api_host => $murano_api_host,
|
||||
|
||||
rabbit_host => $murano_rabbit_host,
|
||||
rabbit_port => $murano_rabbit_port,
|
||||
rabbit_ha_hosts => $murano_rabbit_ha_hosts,
|
||||
rabbit_ha_queues => $murano_rabbit_ha_queues,
|
||||
rabbit_use_ssl => $murano_rabbit_ssl,
|
||||
rabbit_ca_certs => $murano_rabbit_ca_certs,
|
||||
os_rabbit_userid => $murano_os_rabbit_userid,
|
||||
os_rabbit_password => $murano_os_rabbit_passwd,
|
||||
murano_rabbit_userid => $murano_own_rabbit_userid,
|
||||
murano_rabbit_password => $murano_own_rabbit_passwd,
|
||||
rabbit_virtual_host => $murano_rabbit_virtual_host,
|
||||
rabbit_host => $murano_rabbit_host,
|
||||
rabbit_port => $murano_rabbit_port,
|
||||
rabbit_ha_hosts => $murano_rabbit_ha_hosts,
|
||||
rabbit_ha_queues => $murano_rabbit_ha_queues,
|
||||
rabbit_use_ssl => $murano_rabbit_ssl,
|
||||
rabbit_ca_certs => $murano_rabbit_ca_certs,
|
||||
os_rabbit_userid => $murano_os_rabbit_userid,
|
||||
os_rabbit_password => $murano_os_rabbit_passwd,
|
||||
murano_rabbit_userid => $murano_own_rabbit_userid,
|
||||
murano_rabbit_password => $murano_own_rabbit_passwd,
|
||||
rabbit_virtual_host => $murano_rabbit_virtual_host,
|
||||
|
||||
murano_db_password => $murano_db_password,
|
||||
murano_db_name => $murano_db_name,
|
||||
murano_db_user => $murano_db_user,
|
||||
murano_db_host => $murano_db_host,
|
||||
murano_db_password => $murano_db_password,
|
||||
murano_db_name => $murano_db_name,
|
||||
murano_db_user => $murano_db_user,
|
||||
murano_db_host => $murano_db_host,
|
||||
|
||||
primary_controller => $primary_controller,
|
||||
primary_controller => $primary_controller,
|
||||
|
||||
use_neutron => $use_neutron,
|
||||
default_router => 'murano-default-router',
|
||||
external_network => $external_network,
|
||||
use_neutron => $use_neutron,
|
||||
default_router => 'murano-default-router',
|
||||
external_network => $external_network,
|
||||
}
|
||||
|
||||
class { 'murano::dashboard' :
|
||||
settings_py => '/usr/share/openstack-dashboard/openstack_dashboard/settings.py',
|
||||
repo_url_string => $murano_repo_url_string,
|
||||
$dashboard = '/usr/share/openstack-dashboard/openstack_dashboard/settings.py'
|
||||
class { 'murano::dashboard':
|
||||
settings_py => $dashboard,
|
||||
repo_url_string => $murano_repo_url_string,
|
||||
}
|
||||
|
||||
class { 'murano::murano_rabbitmq' :
|
||||
|
|
|
@ -7,8 +7,21 @@ Puppet::Type.type(:database).provide(:mysql) do
|
|||
optional_commands :mysql => 'mysql'
|
||||
optional_commands :mysqladmin => 'mysqladmin'
|
||||
|
||||
# Optional defaults file
|
||||
def self.defaults_file
|
||||
if File.file?('/root/.my.cnf')
|
||||
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def defaults_file
|
||||
self.class.defaults_file
|
||||
end
|
||||
|
||||
def self.instances
|
||||
mysql('-NBe', "show databases").split("\n").collect do |name|
|
||||
mysql(defaults_file, '-NBe', "show databases").split("\n").collect do |name|
|
||||
new(:name => name)
|
||||
end
|
||||
end
|
||||
|
@ -17,7 +30,7 @@ Puppet::Type.type(:database).provide(:mysql) do
|
|||
tries=10
|
||||
begin
|
||||
debug("Trying to create database #{@resource[:name]} ")
|
||||
mysql('-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
|
||||
mysql(defaults_file, '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}")
|
||||
rescue
|
||||
debug("Can't connect to the server: #{tries} tries to reconnect")
|
||||
sleep 5
|
||||
|
@ -26,20 +39,20 @@ Puppet::Type.type(:database).provide(:mysql) do
|
|||
end
|
||||
|
||||
def destroy
|
||||
mysqladmin('-f', 'drop', @resource[:name])
|
||||
mysqladmin(defaults_file, '-f', 'drop', @resource[:name])
|
||||
end
|
||||
|
||||
def charset
|
||||
mysql('-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
|
||||
mysql(defaults_file, '-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1]
|
||||
end
|
||||
|
||||
def charset=(value)
|
||||
mysql('-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
|
||||
mysql(defaults_file, '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}")
|
||||
end
|
||||
|
||||
def exists?
|
||||
begin
|
||||
mysql('-NBe', "show databases").match(/^#{@resource[:name]}$/)
|
||||
mysql(defaults_file, '-NBe', "show databases").match(/^#{@resource[:name]}$/)
|
||||
rescue => e
|
||||
debug(e.message)
|
||||
return nil
|
||||
|
|
|
@ -11,6 +11,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
optional_commands :mysql => 'mysql'
|
||||
optional_commands :mysqladmin => 'mysqladmin'
|
||||
|
||||
# Optional defaults file
|
||||
def self.defaults_file
|
||||
if File.file?('/root/.my.cnf')
|
||||
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def defaults_file
|
||||
self.class.defaults_file
|
||||
end
|
||||
|
||||
def self.prefetch(resources)
|
||||
@user_privs = nil
|
||||
@db_privs = nil
|
||||
|
@ -33,19 +46,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
end
|
||||
|
||||
def self.query_user_privs
|
||||
results = mysql("mysql", "-Be", "describe user")
|
||||
results = mysql(defaults_file, "mysql", "-Be", "describe user")
|
||||
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
|
||||
@user_privs = column_names.delete_if { |e| !( e =~/_priv$/) }
|
||||
end
|
||||
|
||||
def self.query_db_privs
|
||||
results = mysql("mysql", "-Be", "describe db")
|
||||
results = mysql(defaults_file, "mysql", "-Be", "describe db")
|
||||
column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] }
|
||||
@db_privs = column_names.delete_if { |e| !(e =~/_priv$/) }
|
||||
end
|
||||
|
||||
def mysql_flush
|
||||
mysqladmin "flush-privileges"
|
||||
mysqladmin defaults_file, "flush-privileges"
|
||||
end
|
||||
|
||||
# this parses the
|
||||
|
@ -73,11 +86,11 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
name = split_name(@resource[:name])
|
||||
case name[:type]
|
||||
when :user
|
||||
mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
|
||||
mysql defaults_file, "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [
|
||||
name[:host], name[:user],
|
||||
]
|
||||
when :db
|
||||
mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
|
||||
mysql defaults_file, "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [
|
||||
name[:host], name[:user], name[:db],
|
||||
]
|
||||
end
|
||||
|
@ -86,7 +99,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
end
|
||||
|
||||
def destroy
|
||||
mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
|
||||
mysql defaults_file, "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ]
|
||||
end
|
||||
|
||||
def row_exists?
|
||||
|
@ -95,7 +108,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
if name[:type] == :db
|
||||
fields << :db
|
||||
end
|
||||
not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
|
||||
not mysql(defaults_file, "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
|
||||
end
|
||||
|
||||
def all_privs_set?
|
||||
|
@ -117,9 +130,9 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
|
||||
case name[:type]
|
||||
when :user
|
||||
privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
|
||||
privs = mysql defaults_file, "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ]
|
||||
when :db
|
||||
privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
|
||||
privs = mysql defaults_file, "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
|
||||
end
|
||||
|
||||
if privs.match(/^$/)
|
||||
|
@ -170,7 +183,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
|
|||
# puts "set:", set
|
||||
stmt = stmt << set << where
|
||||
|
||||
mysql "mysql", "-Be", stmt
|
||||
mysql defaults_file, "mysql", "-Be", stmt
|
||||
mysql_flush
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,33 +7,46 @@ Puppet::Type.type(:database_user).provide(:mysql) do
|
|||
optional_commands :mysql => 'mysql'
|
||||
optional_commands :mysqladmin => 'mysqladmin'
|
||||
|
||||
# Optional defaults file
|
||||
def self.defaults_file
|
||||
if File.file?('/root/.my.cnf')
|
||||
"--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf"
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
|
||||
def defaults_file
|
||||
self.class.defaults_file
|
||||
end
|
||||
|
||||
def self.instances
|
||||
users = mysql("mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
|
||||
users = mysql(defaults_file, "mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n")
|
||||
users.select{ |user| user =~ /.+@/ }.collect do |name|
|
||||
new(:name => name)
|
||||
end
|
||||
end
|
||||
|
||||
def create
|
||||
mysql("mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
|
||||
mysql(defaults_file, "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ])
|
||||
end
|
||||
|
||||
def destroy
|
||||
mysql("mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
|
||||
mysql(defaults_file, "mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") )
|
||||
end
|
||||
|
||||
def password_hash
|
||||
mysql("mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
|
||||
mysql(defaults_file, "mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp
|
||||
end
|
||||
|
||||
def password_hash=(string)
|
||||
mysql("mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
|
||||
mysql(defaults_file, "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] )
|
||||
end
|
||||
|
||||
def exists?
|
||||
tries=10
|
||||
begin
|
||||
not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
|
||||
not mysql(defaults_file, "mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty?
|
||||
rescue
|
||||
debug("Can't connect to the mysql server: #{tries} tries to reconnect")
|
||||
sleep 5
|
||||
|
@ -43,7 +56,7 @@ Puppet::Type.type(:database_user).provide(:mysql) do
|
|||
|
||||
def flush
|
||||
@property_hash.clear
|
||||
mysqladmin "flush-privileges"
|
||||
mysqladmin defaults_file, "flush-privileges"
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -1,154 +0,0 @@
|
|||
#
|
||||
# === Class: openstack::db::mysql
|
||||
#
|
||||
# Create MySQL databases for all components of
|
||||
# OpenStack that require a database
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [mysql_root_password] Root password for mysql. Required.
|
||||
# [keystone_db_password] Password for keystone database. Required.
|
||||
# [glance_db_password] Password for glance database. Required.
|
||||
# [nova_db_password] Password for nova database. Required.
|
||||
# [mysql_bind_address] Address that mysql will bind to. Optional .Defaults to '0.0.0.0'.
|
||||
# [mysql_account_security] If a secure mysql db should be setup. Optional .Defaults to true.
|
||||
# [keystone_db_user] DB user for keystone. Optional. Defaults to 'keystone'.
|
||||
# [keystone_db_dbname] DB name for keystone. Optional. Defaults to 'keystone'.
|
||||
# [glance_db_user] DB user for glance. Optional. Defaults to 'glance'.
|
||||
# [glance_db_dbname]. Name of glance DB. Optional. Defaults to 'glance'.
|
||||
# [nova_db_user]. Name of nova DB user. Optional. Defaults to 'nova'.
|
||||
# [nova_db_dbname]. Name of nova DB. Optional. Defaults to 'nova'.
|
||||
# [allowed_hosts] List of hosts that are allowed access. Optional. Defaults to false.
|
||||
# [enabled] If the db service should be started. Optional. Defaults to true.
|
||||
#
|
||||
# === Example
|
||||
#
|
||||
# class { 'openstack::db::mysql':
|
||||
# mysql_root_password => 'changeme',
|
||||
# keystone_db_password => 'changeme',
|
||||
# glance_db_password => 'changeme',
|
||||
# nova_db_password => 'changeme',
|
||||
# allowed_hosts => ['127.0.0.1', '10.0.0.%'],
|
||||
# }
|
||||
class openstack::db::mysql (
|
||||
# Required MySQL
|
||||
# passwords
|
||||
$mysql_root_password,
|
||||
$keystone_db_password,
|
||||
$glance_db_password,
|
||||
$nova_db_password,
|
||||
$cinder_db_password,
|
||||
$neutron_db_password,
|
||||
# MySQL
|
||||
$mysql_bind_address = '0.0.0.0',
|
||||
$mysql_account_security = true,
|
||||
# Keystone
|
||||
$keystone_db_user = 'keystone',
|
||||
$keystone_db_dbname = 'keystone',
|
||||
# Glance
|
||||
$glance_db_user = 'glance',
|
||||
$glance_db_dbname = 'glance',
|
||||
# Nova
|
||||
$nova_db_user = 'nova',
|
||||
$nova_db_dbname = 'nova',
|
||||
$allowed_hosts = false,
|
||||
# Cinder
|
||||
$cinder = true,
|
||||
$cinder_db_user = 'cinder',
|
||||
$cinder_db_dbname = 'cinder',
|
||||
# neutron
|
||||
$neutron = true,
|
||||
$neutron_db_user = 'neutron',
|
||||
$neutron_db_dbname = 'neutron',
|
||||
$enabled = true,
|
||||
$galera_cluster_name = 'openstack',
|
||||
$primary_controller = false,
|
||||
$galera_node_address = '127.0.0.1',
|
||||
$db_host = '127.0.0.1',
|
||||
$galera_nodes = ['127.0.0.1'],
|
||||
$mysql_skip_name_resolve = false,
|
||||
$custom_setup_class = undef,
|
||||
$use_syslog = false,
|
||||
$debug = false,
|
||||
) {
|
||||
|
||||
if $custom_setup_class {
|
||||
file { '/etc/mysql/my.cnf':
|
||||
ensure => absent,
|
||||
require => Class['mysql::server']
|
||||
}
|
||||
$config_hash_real = {
|
||||
'config_file' => '/etc/my.cnf'
|
||||
}
|
||||
} else {
|
||||
$config_hash_real = {}
|
||||
}
|
||||
|
||||
class { "mysql::server" :
|
||||
bind_address => '0.0.0.0',
|
||||
etc_root_password => true,
|
||||
root_password => $mysql_root_password,
|
||||
old_root_password => '',
|
||||
galera_cluster_name => $galera_cluster_name,
|
||||
primary_controller => $primary_controller,
|
||||
galera_node_address => $galera_node_address,
|
||||
galera_nodes => $galera_nodes,
|
||||
enabled => $enabled,
|
||||
custom_setup_class => $custom_setup_class,
|
||||
mysql_skip_name_resolve => $mysql_skip_name_resolve,
|
||||
use_syslog => $use_syslog,
|
||||
config_hash => $config_hash_real,
|
||||
}
|
||||
|
||||
# This removes default users and guest access
|
||||
if $mysql_account_security and $custom_setup_class == undef {
|
||||
class { 'mysql::server::account_security': }
|
||||
}
|
||||
|
||||
if ($enabled) {
|
||||
# Create the Keystone db
|
||||
class { 'keystone::db::mysql':
|
||||
user => $keystone_db_user,
|
||||
password => $keystone_db_password,
|
||||
dbname => $keystone_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
# Create the Glance db
|
||||
class { 'glance::db::mysql':
|
||||
user => $glance_db_user,
|
||||
password => $glance_db_password,
|
||||
dbname => $glance_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
# Create the Nova db
|
||||
class { 'nova::db::mysql':
|
||||
user => $nova_db_user,
|
||||
password => $nova_db_password,
|
||||
dbname => $nova_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
# create cinder db
|
||||
if ($cinder) {
|
||||
class { 'cinder::db::mysql':
|
||||
user => $cinder_db_user,
|
||||
password => $cinder_db_password,
|
||||
dbname => $cinder_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
}
|
||||
|
||||
# create neutron db
|
||||
if ($neutron) {
|
||||
class { 'neutron::db::mysql':
|
||||
user => $neutron_db_user,
|
||||
password => $neutron_db_password,
|
||||
dbname => $neutron_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -6,7 +6,6 @@ class openstack::heat (
|
|||
$enabled = true,
|
||||
|
||||
$keystone_auth = true,
|
||||
$create_heat_db = true,
|
||||
$keystone_host = '127.0.0.1',
|
||||
$keystone_port = '35357',
|
||||
$keystone_service_port = '5000',
|
||||
|
@ -96,39 +95,26 @@ class openstack::heat (
|
|||
}
|
||||
Package<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |>
|
||||
Heat_config <|
|
||||
title == 'DEFAULT/instance_connection_https_validate_certificates' or
|
||||
title == 'DEFAULT/instance_connection_is_secure'
|
||||
title == 'DEFAULT/instance_connection_https_validate_certificates' or
|
||||
title == 'DEFAULT/instance_connection_is_secure'
|
||||
|> ->
|
||||
Service<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |>
|
||||
|
||||
# Firewall rules for APIs
|
||||
firewall { '206 heat-api-cloudwatch' :
|
||||
dport => [ $api_cloudwatch_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
dport => [ $api_cloudwatch_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
} ->
|
||||
firewall { '205 heat-api-cfn' :
|
||||
dport => [ $api_cfn_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
dport => [ $api_cfn_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
} ->
|
||||
firewall { '204 heat-api' :
|
||||
dport => [ $api_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
# Follow the Heat installation order
|
||||
# DB
|
||||
if ($create_heat_db){
|
||||
class { 'heat::db::mysql':
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
user => $db_user,
|
||||
host => $db_host,
|
||||
allowed_hosts => $db_allowed_hosts,
|
||||
require => Firewall['204 heat-api'],
|
||||
}
|
||||
dport => [ $api_bind_port ],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
}
|
||||
|
||||
if ($keystone_auth){
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
# == Class osnailyfacter::mysql_access
|
||||
#
|
||||
# Class that configures .my.cnf for services
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*db_user*]
|
||||
# (optional) The mysql user to create
|
||||
# Defaults to 'root'
|
||||
#
|
||||
# [*db_password*]
|
||||
# Password to use for db_user
|
||||
#
|
||||
# [*db_host*]
|
||||
# (optional) The IP address of the mysql server
|
||||
# Defaults to '127.0.0.1'
|
||||
#
|
||||
class osnailyfacter::mysql_access (
|
||||
$ensure = 'present',
|
||||
$db_user = 'root',
|
||||
$db_password = '',
|
||||
$db_host = 'localhost',
|
||||
) {
|
||||
$default_file_path = '/root/.my.cnf'
|
||||
$host_file_path = "/root/.my.${db_host}.cnf"
|
||||
|
||||
file { "${db_host}-mysql-access":
|
||||
ensure => $ensure,
|
||||
path => $host_file_path,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
content => template('osnailyfacter/mysql.access.cnf.erb')
|
||||
}
|
||||
|
||||
if $ensure == 'present' {
|
||||
file { 'default-mysql-access-link':
|
||||
ensure => 'symlink',
|
||||
path => $default_file_path,
|
||||
target => $host_file_path,
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
# == Class osnailyfacter::mysql_root
|
||||
#
|
||||
# Class for root grant permissions
|
||||
#
|
||||
# [*password*]
|
||||
# Password to use with root user
|
||||
#
|
||||
class osnailyfacter::mysql_root (
|
||||
$password = '',
|
||||
) {
|
||||
|
||||
Exec {
|
||||
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
creates => '/root/.my.cnf',
|
||||
}
|
||||
|
||||
exec { 'mysql_drop_test' :
|
||||
command => "mysql -NBe \"drop database if exists test\"",
|
||||
} ->
|
||||
|
||||
exec { 'mysql_root_%' :
|
||||
command => "mysql -NBe \"grant all on *.* to 'root'@'%' with grant option\"",
|
||||
} ->
|
||||
|
||||
exec { 'mysql_root_localhost' :
|
||||
command => "mysql -NBe \"grant all on *.* to 'root'@'localhost' with grant option\"",
|
||||
} ->
|
||||
|
||||
exec { 'mysql_root_127.0.0.1' :
|
||||
command => "mysql -NBe \"grant all on *.* to 'root'@'127.0.0.1' with grant option\"",
|
||||
} ->
|
||||
|
||||
exec { 'mysql_root_password' :
|
||||
command => "mysql -NBe \"update mysql.user set password = password('${password}') where user = 'root'\"",
|
||||
} ->
|
||||
|
||||
exec { 'mysql_flush_privileges' :
|
||||
command => "mysql -NBe \"flush privileges\"",
|
||||
}
|
||||
|
||||
}
|
|
@ -1,111 +1,106 @@
|
|||
notice('MODULAR: database.pp')
|
||||
|
||||
$neutron = hiera('use_neutron')
|
||||
$mysql_hash = hiera('mysql')
|
||||
$keystone_hash = hiera('keystone')
|
||||
$glance_hash = hiera('glance')
|
||||
$nova_hash = hiera('nova')
|
||||
$cinder_hash = hiera('cinder')
|
||||
$internal_address = hiera('internal_address')
|
||||
$network_scheme = hiera('network_scheme', {})
|
||||
$neutron_db_password = hiera('neutron_db_password', false)
|
||||
$controller_nodes = hiera('controller_nodes')
|
||||
$use_syslog = hiera('use_syslog', true)
|
||||
$primary_controller = hiera('primary_controller')
|
||||
$management_vip = hiera('management_vip')
|
||||
$internal_address = hiera('internal_address')
|
||||
$management_network_range = hiera('management_network_range')
|
||||
$controller_nodes = hiera('controller_nodes')
|
||||
$use_syslog = hiera('use_syslog', true)
|
||||
$primary_controller = hiera('primary_controller')
|
||||
$management_vip = hiera('management_vip')
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
|
||||
$haproxy_stats_port = '10000'
|
||||
$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv"
|
||||
$haproxy_stats_port = '10000'
|
||||
$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv"
|
||||
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
$mysql_bind_address = '0.0.0.0'
|
||||
$mysql_account_security = true
|
||||
$mysql_database_password = $mysql_hash['root_password']
|
||||
$mysql_database_enabled = pick($mysql_hash['enabled'], true)
|
||||
$mysql_db_host = pick($database_vip, $management_vip, 'localhost')
|
||||
|
||||
$keystone_db_user = 'keystone'
|
||||
$keystone_db_dbname = 'keystone'
|
||||
$keystone_db_password = $keystone_hash['db_password']
|
||||
|
||||
$glance_db_user = 'glance'
|
||||
$glance_db_dbname = 'glance'
|
||||
$glance_db_password = $glance_hash['db_password']
|
||||
|
||||
$nova_db_user = 'nova'
|
||||
$nova_db_dbname = 'nova'
|
||||
$nova_db_password = $nova_hash['db_password']
|
||||
|
||||
$cinder_db_user = 'cinder'
|
||||
$cinder_db_dbname = 'cinder'
|
||||
$cinder_db_password = $cinder_hash['db_password']
|
||||
|
||||
$neutron_db_user = 'neutron'
|
||||
$neutron_db_dbname = 'neutron'
|
||||
$mysql_bind_address = '0.0.0.0'
|
||||
|
||||
$enabled = true
|
||||
$allowed_hosts = [ '%', $::hostname ]
|
||||
$galera_cluster_name = 'openstack'
|
||||
$galera_node_address = $internal_address
|
||||
$galera_nodes = $controller_nodes
|
||||
$custom_mysql_setup_class = 'galera'
|
||||
$mysql_skip_name_resolve = true
|
||||
$custom_setup_class = 'galera'
|
||||
|
||||
$status_user = 'clustercheck'
|
||||
$status_password = $mysql_hash['wsrep_password']
|
||||
$backend_port = '3307'
|
||||
$backend_timeout = '10'
|
||||
$man_net = $network_scheme['endpoints'][$network_scheme['roles']['management']]['IP']
|
||||
|
||||
###############################################################################
|
||||
#############################################################################
|
||||
|
||||
if $mysql_database_enabled {
|
||||
|
||||
if $custom_setup_class {
|
||||
file { '/etc/mysql/my.cnf':
|
||||
ensure => absent,
|
||||
require => Class['mysql::server']
|
||||
}
|
||||
$config_hash_real = {
|
||||
'config_file' => '/etc/my.cnf'
|
||||
}
|
||||
} else {
|
||||
$config_hash_real = { }
|
||||
}
|
||||
|
||||
class { 'mysql::server':
|
||||
bind_address => '0.0.0.0',
|
||||
etc_root_password => true,
|
||||
root_password => $mysql_database_password,
|
||||
old_root_password => '',
|
||||
galera_cluster_name => $galera_cluster_name,
|
||||
primary_controller => $primary_controller,
|
||||
galera_node_address => $galera_node_address,
|
||||
galera_nodes => $galera_nodes,
|
||||
enabled => $enabled,
|
||||
custom_setup_class => $custom_setup_class,
|
||||
mysql_skip_name_resolve => $mysql_skip_name_resolve,
|
||||
use_syslog => $use_syslog,
|
||||
config_hash => $config_hash_real,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_user => 'root',
|
||||
db_password => $mysql_database_password,
|
||||
db_host => $mysql_db_host,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_root':
|
||||
password => $mysql_database_password,
|
||||
}
|
||||
|
||||
exec { 'initial_access_config':
|
||||
command => '/bin/ln -sf /etc/mysql/conf.d/password.cnf /root/.my.cnf',
|
||||
}
|
||||
|
||||
class { 'openstack::galera::status':
|
||||
status_user => $status_user,
|
||||
status_password => $status_password,
|
||||
status_allow => $galera_node_address,
|
||||
backend_host => $galera_node_address,
|
||||
backend_port => $backend_port,
|
||||
backend_timeout => $backend_timeout,
|
||||
only_from => "127.0.0.1 240.0.0.2 ${management_network_range}",
|
||||
}
|
||||
|
||||
haproxy_backend_status { 'mysql' :
|
||||
name => 'mysqld',
|
||||
url => $haproxy_stats_url,
|
||||
}
|
||||
|
||||
package { 'socat':
|
||||
ensure => 'present'
|
||||
}
|
||||
|
||||
Package['socat'] ->
|
||||
Class['mysql::server'] ->
|
||||
Class['osnailyfacter::mysql_root'] ->
|
||||
Exec['initial_access_config'] ->
|
||||
Class['openstack::galera::status'] ->
|
||||
Haproxy_backend_status['mysql'] ->
|
||||
Class['osnailyfacter::mysql_access']
|
||||
|
||||
class { 'openstack::db::mysql':
|
||||
mysql_root_password => $mysql_root_password,
|
||||
mysql_bind_address => $mysql_bind_address,
|
||||
mysql_account_security => $mysql_account_security,
|
||||
keystone_db_user => $keystone_db_user,
|
||||
keystone_db_password => $keystone_db_password,
|
||||
keystone_db_dbname => $keystone_db_dbname,
|
||||
glance_db_user => $glance_db_user,
|
||||
glance_db_password => $glance_db_password,
|
||||
glance_db_dbname => $glance_db_dbname,
|
||||
nova_db_user => $nova_db_user,
|
||||
nova_db_password => $nova_db_password,
|
||||
nova_db_dbname => $nova_db_dbname,
|
||||
cinder => $cinder,
|
||||
cinder_db_user => $cinder_db_user,
|
||||
cinder_db_password => $cinder_db_password,
|
||||
cinder_db_dbname => $cinder_db_dbname,
|
||||
neutron => $neutron,
|
||||
neutron_db_user => $neutron_db_user,
|
||||
neutron_db_password => $neutron_db_password,
|
||||
neutron_db_dbname => $neutron_db_dbname,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
enabled => $enabled,
|
||||
galera_cluster_name => $galera_cluster_name,
|
||||
primary_controller => $primary_controller,
|
||||
galera_node_address => $galera_node_address,
|
||||
galera_nodes => $galera_nodes,
|
||||
custom_setup_class => $custom_mysql_setup_class,
|
||||
mysql_skip_name_resolve => $mysql_skip_name_resolve,
|
||||
use_syslog => $use_syslog,
|
||||
}
|
||||
|
||||
class { 'openstack::galera::status':
|
||||
status_user => $status_user,
|
||||
status_password => $status_password,
|
||||
status_allow => $galera_node_address,
|
||||
backend_host => $galera_node_address,
|
||||
backend_port => $backend_port,
|
||||
backend_timeout => $backend_timeout,
|
||||
only_from => "127.0.0.1 240.0.0.2 ${man_net}",
|
||||
}
|
||||
|
||||
haproxy_backend_status { 'mysql' :
|
||||
name => 'mysqld',
|
||||
url => $haproxy_stats_url,
|
||||
}
|
||||
|
||||
package { 'socat': ensure => present }
|
||||
|
||||
Package['socat'] -> Class['openstack::db::mysql']
|
||||
Class['openstack::db::mysql'] -> Class['openstack::galera::status']
|
||||
Class['openstack::galera::status'] -> Haproxy_backend_status['mysql']
|
||||
Class['mysql::server'] -> Haproxy_backend_status['mysql']
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
notice('MODULAR: glance_db.pp')
|
||||
|
||||
$glance_hash = hiera_hash('glance', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($glance_hash['db_user'], 'glance')
|
||||
$db_name = pick($glance_hash['db_name'], 'glance')
|
||||
$db_password = pick($glance_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($glance_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($glance_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($glance_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($glance_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $db_create {
|
||||
|
||||
class { 'glance::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['glance::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -8,15 +8,6 @@ class GlancePreTest < Test::Unit::TestCase
|
|||
assert TestCommon::HAProxy.backend_present?(BACKEND), "There is no '#{BACKEND}' HAProxy backend!"
|
||||
end
|
||||
|
||||
def test_mysql_accessible_for_glance
|
||||
TestCommon::MySQL.pass = TestCommon::Settings.glance['db_password']
|
||||
TestCommon::MySQL.user = 'glance'
|
||||
TestCommon::MySQL.host = TestCommon::Settings.management_vip
|
||||
TestCommon::MySQL.port = 3306
|
||||
TestCommon::MySQL.db = 'glance'
|
||||
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Glance auth!'
|
||||
end
|
||||
|
||||
def test_amqp_accessible
|
||||
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
|
||||
end
|
||||
|
|
|
@ -11,3 +11,14 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_post.rb
|
||||
|
||||
- id: glance-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [glance]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
|
|
|
@ -50,7 +50,6 @@ if $::operatingsystem == 'Ubuntu' {
|
|||
class { 'openstack::heat' :
|
||||
external_ip => $controller_node_public,
|
||||
keystone_auth => pick($heat_hash['keystone_auth'], true),
|
||||
create_heat_db => pick($heat_hash['create_heat_db'], true),
|
||||
api_bind_host => $internal_address,
|
||||
api_cfn_bind_host => $internal_address,
|
||||
api_cloudwatch_bind_host => $internal_address,
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
notice('MODULAR: heat_db.pp')
|
||||
|
||||
$heat_hash = hiera_hash('heat', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($heat_hash['db_user'], 'heat')
|
||||
$db_name = pick($heat_hash['db_name'], 'heat')
|
||||
$db_password = pick($heat_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($heat_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($heat_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($heat_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($heat_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $db_create {
|
||||
|
||||
class { 'heat::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['heat::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -1,10 +1,6 @@
|
|||
require File.join File.dirname(__FILE__), '../test_common.rb'
|
||||
|
||||
class HeatPostTest < Test::Unit::TestCase
|
||||
def test_mysql_connection_without_auth
|
||||
TestCommon::MySQL.no_auth
|
||||
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
|
||||
end
|
||||
|
||||
def test_amqp_accessible
|
||||
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
|
||||
|
|
|
@ -11,3 +11,13 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_post.rb
|
||||
|
||||
- id: heat-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [heat]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/heat_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
notice('MODULAR: keystone_db.pp')
|
||||
|
||||
$keystone_hash = hiera_hash('keystone', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($keystone_hash['db_user'], 'keystone')
|
||||
$db_name = pick($keystone_hash['db_name'], 'keystone')
|
||||
$db_password = pick($keystone_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($keystone_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($keystone_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($keystone_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($keystone_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
if $db_create {
|
||||
|
||||
class { 'keystone::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['keystone::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -13,15 +13,6 @@ class KeystonePreTest < Test::Unit::TestCase
|
|||
assert TestCommon::HAProxy.backend_present?(ADMIN_BACKEND), "There is no '#{ADMIN_BACKEND}' HAProxy backend!"
|
||||
end
|
||||
|
||||
def test_mysql_accessible_for_keystone
|
||||
TestCommon::MySQL.pass = TestCommon::Settings.keystone['db_password']
|
||||
TestCommon::MySQL.user = 'keystone'
|
||||
TestCommon::MySQL.host = TestCommon::Settings.management_vip
|
||||
TestCommon::MySQL.port = 3306
|
||||
TestCommon::MySQL.db = 'keystone'
|
||||
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Keystone auth!'
|
||||
end
|
||||
|
||||
def test_amqp_accessible
|
||||
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
|
||||
end
|
||||
|
|
|
@ -11,3 +11,13 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb
|
||||
|
||||
- id: keystone-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [keystone]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -116,12 +116,8 @@ if $murano_hash['enabled'] {
|
|||
|
||||
######################
|
||||
|
||||
class mysql::server {}
|
||||
class mysql::config {}
|
||||
class rabbitmq::service {}
|
||||
class openstack::firewall {}
|
||||
include mysql::server
|
||||
include mysql::config
|
||||
include rabbitmq::service
|
||||
include openstack::firewall
|
||||
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
notice('MODULAR: murano_db.pp')
|
||||
|
||||
$murano_hash = hiera_hash('murano', {})
|
||||
$murano_enabled = pick($murano_hash['enabled'], false)
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($murano_hash['db_user'], 'murano')
|
||||
$db_name = pick($murano_hash['db_name'], 'murano')
|
||||
$db_password = pick($murano_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($murano_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($murano_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($murano_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($murano_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $murano_enabled and $db_create {
|
||||
|
||||
class { 'murano::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['murano::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
||||
class murano::api {}
|
||||
include murano::api
|
|
@ -2,11 +2,6 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
|
|||
|
||||
class MuranoPreTest < Test::Unit::TestCase
|
||||
|
||||
def test_mysql_connection_without_auth
|
||||
TestCommon::MySQL.no_auth
|
||||
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
|
||||
end
|
||||
|
||||
def test_amqp_accessible
|
||||
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
|
||||
end
|
||||
|
|
|
@ -11,3 +11,13 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_post.rb
|
||||
|
||||
- id: murano-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [murano]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/murano/murano_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
notice('MODULAR: cinder_db.pp')
|
||||
|
||||
$cinder_hash = hiera_hash('cinder', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($cinder_hash['db_user'], 'cinder')
|
||||
$db_name = pick($cinder_hash['db_name'], 'cinder')
|
||||
$db_password = pick($cinder_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($cinder_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($cinder_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($cinder_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($cinder_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $db_create {
|
||||
|
||||
class { 'cinder::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['cinder::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -7,3 +7,13 @@
|
|||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/openstack-cinder.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1200
|
||||
|
||||
- id: cinder_db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [openstack-cinder]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/cinder_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 1200
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
notice('MODULAR: nova_db.pp')
|
||||
|
||||
$nova_hash = hiera_hash('nova', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($nova_hash['db_user'], 'nova')
|
||||
$db_name = pick($nova_hash['db_name'], 'nova')
|
||||
$db_password = pick($nova_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($nova_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($nova_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($nova_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($nova_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $db_create {
|
||||
|
||||
class { 'nova::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['nova::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -7,3 +7,13 @@
|
|||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/openstack-controller.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
- id: nova-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [openstack-controller]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/nova_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
notice('MODULAR: neutron_db.pp')
|
||||
|
||||
$use_neutron = hiera('use_neutron', false)
|
||||
$neutron_hash = hiera_hash('quantum_settings', {})
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$neutron_db = merge($neutron_hash['database'], {})
|
||||
|
||||
$db_user = pick($neutron_db['db_user'], 'neutron')
|
||||
$db_name = pick($neutron_db['db_name'], 'neutron')
|
||||
$db_password = pick($neutron_db['passwd'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($neutron_db['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($neutron_db['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($neutron_db['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($neutron_db['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $use_neutron and $db_create {
|
||||
|
||||
class { 'neutron::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['neutron::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
|
@ -11,6 +11,7 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_post.rb
|
||||
|
||||
- id: openstack-network-compute
|
||||
type: puppet
|
||||
groups: [compute]
|
||||
|
@ -24,3 +25,13 @@
|
|||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_pre.rb
|
||||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_post.rb
|
||||
|
||||
- id: neutron-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [openstack-network]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/neutron_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -79,11 +79,5 @@ if $sahara_hash['enabled'] {
|
|||
|
||||
#########################
|
||||
|
||||
class mysql::server {}
|
||||
class mysql::config {}
|
||||
|
||||
include mysql::server
|
||||
include mysql::config
|
||||
|
||||
class openstack::firewall {}
|
||||
include openstack::firewall
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
notice('MODULAR: sahara_db.pp')
|
||||
|
||||
$sahara_hash = hiera_hash('sahara', {})
|
||||
$sahara_enabled = pick($sahara_hash['enabled'], false)
|
||||
$mysql_hash = hiera_hash('mysql', {})
|
||||
$management_vip = hiera('management_vip', undef)
|
||||
$database_vip = hiera('database_vip', undef)
|
||||
|
||||
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
|
||||
$mysql_db_create = pick($mysql_hash['db_create'], true)
|
||||
$mysql_root_password = $mysql_hash['root_password']
|
||||
|
||||
$db_user = pick($sahara_hash['db_user'], 'sahara')
|
||||
$db_name = pick($sahara_hash['db_name'], 'sahara')
|
||||
$db_password = pick($sahara_hash['db_password'], $mysql_root_password)
|
||||
|
||||
$db_host = pick($sahara_hash['db_host'], $database_vip, $management_vip, 'localhost')
|
||||
$db_create = pick($sahara_hash['db_create'], $mysql_db_create)
|
||||
$db_root_user = pick($sahara_hash['root_user'], $mysql_root_user)
|
||||
$db_root_password = pick($sahara_hash['root_password'], $mysql_root_password)
|
||||
|
||||
$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ]
|
||||
|
||||
validate_string($mysql_root_user)
|
||||
|
||||
if $sahara_enabled and $db_create {
|
||||
|
||||
class { 'sahara::db::mysql':
|
||||
user => $db_user,
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'osnailyfacter::mysql_access':
|
||||
db_host => $db_host,
|
||||
db_user => $db_root_user,
|
||||
db_password => $db_root_password,
|
||||
}
|
||||
|
||||
Class['osnailyfacter::mysql_access'] -> Class['sahara::db::mysql']
|
||||
|
||||
}
|
||||
|
||||
class mysql::config {}
|
||||
include mysql::config
|
||||
class mysql::server {}
|
||||
include mysql::server
|
||||
class sahara::api {}
|
||||
include sahara::api
|
|
@ -2,17 +2,12 @@ require File.join File.dirname(__FILE__), '../test_common.rb'
|
|||
|
||||
class SaharaPreTest < Test::Unit::TestCase
|
||||
|
||||
def test_mysql_connection_without_auth
|
||||
TestCommon::MySQL.no_auth
|
||||
assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!'
|
||||
end
|
||||
|
||||
def test_amqp_accessible
|
||||
assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!'
|
||||
end
|
||||
|
||||
def test_haproxy_sahara_backend_present
|
||||
assert TestCommon::HAProxy.backend_present?('sahara'), 'No murano haproxy backend!'
|
||||
assert TestCommon::HAProxy.backend_present?('sahara'), 'No sahara haproxy backend!'
|
||||
end
|
||||
|
||||
def test_horizon_haproxy_backend_online
|
||||
|
|
|
@ -12,3 +12,12 @@
|
|||
test_post:
|
||||
cmd: ruby /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_post.rb
|
||||
|
||||
- id: sahara-db
|
||||
type: puppet
|
||||
groups: [primary-controller]
|
||||
required_for: [sahara]
|
||||
requires: [database]
|
||||
parameters:
|
||||
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_db.pp
|
||||
puppet_modules: /etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
<%- %w(mysql client mysqldump mysqladmin mysqlcheck).each do |section| %>
|
||||
[<%= section %>]
|
||||
user = '<%= @db_user %>'
|
||||
password = '<%= @db_password %>'
|
||||
host = '<%= @db_host %>'
|
||||
<%- end %>
|
|
@ -1,27 +1,90 @@
|
|||
# == Class sahara::db::mysql
|
||||
#
|
||||
# Class that configures mysql for sahara
|
||||
#
|
||||
# === Parameters:
|
||||
#
|
||||
# [*password*]
|
||||
# Password to use for the sahara user
|
||||
#
|
||||
# [*dbname*]
|
||||
# (optional) The name of the database
|
||||
# Defaults to 'sahara'
|
||||
#
|
||||
# [*user*]
|
||||
# (optional) The mysql user to create
|
||||
# Defaults to 'sahara'
|
||||
#
|
||||
# [*host*]
|
||||
# (optional) The IP address of the mysql server
|
||||
# Defaults to '127.0.0.1'
|
||||
#
|
||||
# [*charset*]
|
||||
# (optional) The charset to use for the sahara database
|
||||
# Defaults to 'utf8'
|
||||
#
|
||||
# [*collate*]
|
||||
# (optional) The collate to use for the sahara database
|
||||
# Defaults to 'utf8_general_ci'
|
||||
#
|
||||
# [*allowed_hosts*]
|
||||
# (optional) Additional hosts that are allowed to access this DB
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cluster_id*]
|
||||
# (optional) Deprecated. Does nothing
|
||||
# Defaults to 'localzone'
|
||||
#
|
||||
# [*mysql_module*]
|
||||
# (optional) Mysql puppet module version to use. Tested versions
|
||||
# are 0.9 and 2.2.
|
||||
# Defaults to '0.9'
|
||||
#
|
||||
class sahara::db::mysql(
|
||||
$password = 'sahara',
|
||||
$password,
|
||||
$dbname = 'sahara',
|
||||
$user = 'sahara',
|
||||
$dbhost = 'localhost',
|
||||
$dbhost = '127.0.0.1',
|
||||
$charset = 'utf8',
|
||||
$collate = 'utf8_general_ci',
|
||||
$allowed_hosts = undef,
|
||||
$mysql_module = '0.9'
|
||||
) {
|
||||
|
||||
include 'sahara::params'
|
||||
if ($mysql_module >= 2.2) {
|
||||
mysql::db { $dbname:
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
collate => $collate,
|
||||
require => Class['mysql::server'],
|
||||
}
|
||||
} else {
|
||||
require 'mysql::python'
|
||||
|
||||
mysql::db { $dbname :
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
grant => ['all'],
|
||||
mysql::db { $dbname:
|
||||
user => $user,
|
||||
password => $password,
|
||||
host => $dbhost,
|
||||
charset => $charset,
|
||||
require => Class['mysql::config'],
|
||||
}
|
||||
}
|
||||
|
||||
if $allowed_hosts {
|
||||
sahara::db::mysql::host_access { $allowed_hosts:
|
||||
user => $user,
|
||||
password => $password,
|
||||
database => $dbname,
|
||||
# Check allowed_hosts to avoid duplicate resource declarations
|
||||
if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] {
|
||||
$real_allowed_hosts = delete($allowed_hosts,$dbhost)
|
||||
} elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) {
|
||||
$real_allowed_hosts = $allowed_hosts
|
||||
}
|
||||
|
||||
if $real_allowed_hosts {
|
||||
sahara::db::mysql::host_access { $real_allowed_hosts:
|
||||
user => $user,
|
||||
password => $password,
|
||||
database => $dbname,
|
||||
mysql_module => $mysql_module,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -13,18 +13,41 @@
|
|||
# [*database*]
|
||||
# the database name
|
||||
#
|
||||
define sahara::db::mysql::host_access ($user, $password, $database) {
|
||||
# [*mysql_module*]
|
||||
# mysql module version
|
||||
#
|
||||
define sahara::db::mysql::host_access (
|
||||
$user,
|
||||
$password,
|
||||
$database,
|
||||
$mysql_module = '0.9'
|
||||
) {
|
||||
|
||||
database_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
provider => 'mysql',
|
||||
require => Database[$database],
|
||||
}
|
||||
if ($mysql_module >= 2.2) {
|
||||
mysql_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
require => Mysql_database[$database],
|
||||
}
|
||||
|
||||
database_grant { "${user}@${name}/${database}":
|
||||
# TODO figure out which privileges to grant.
|
||||
privileges => 'all',
|
||||
provider => 'mysql',
|
||||
require => Database_user["${user}@${name}"]
|
||||
mysql_grant { "${user}@${name}/${database}.*":
|
||||
privileges => ['ALL'],
|
||||
options => ['GRANT'],
|
||||
table => "${database}.*",
|
||||
require => Mysql_user["${user}@${name}"],
|
||||
user => "${user}@${name}"
|
||||
}
|
||||
} else {
|
||||
database_user { "${user}@${name}":
|
||||
password_hash => mysql_password($password),
|
||||
provider => 'mysql',
|
||||
require => Database[$database],
|
||||
}
|
||||
|
||||
database_grant { "${user}@${name}/${database}":
|
||||
# TODO figure out which privileges to grant.
|
||||
privileges => 'all',
|
||||
provider => 'mysql',
|
||||
require => Database_user["${user}@${name}"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -39,14 +39,6 @@ class sahara (
|
|||
|
||||
$sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60"
|
||||
|
||||
class { 'sahara::db::mysql':
|
||||
password => $db_password,
|
||||
dbname => $db_name,
|
||||
user => $db_user,
|
||||
dbhost => $db_host,
|
||||
allowed_hosts => $db_allowed_hosts,
|
||||
}
|
||||
|
||||
class { 'sahara::api':
|
||||
enabled => $enabled,
|
||||
auth_uri => $auth_uri,
|
||||
|
@ -106,8 +98,6 @@ class sahara (
|
|||
action => 'accept',
|
||||
}
|
||||
|
||||
Class['mysql::server'] ->
|
||||
Class['sahara::db::mysql'] ->
|
||||
Firewall[$firewall_rule] ->
|
||||
Class['sahara::keystone::auth'] ->
|
||||
Class['sahara::api']
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'glance/glance_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'heat/heat_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'keystone/keystone_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'murano/murano_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'openstack-cinder/cinder_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'openstack-controller/nova_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'openstack-network/neutron_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
require 'spec_helper'
|
||||
require 'shared-examples'
|
||||
manifest = 'sahara/sahara_db.pp'
|
||||
|
||||
describe manifest do
|
||||
test_ubuntu_and_centos manifest
|
||||
end
|
||||
|
Loading…
Reference in New Issue