From 906eb4217b6805d230e56de41c7bbc0def115097 Mon Sep 17 00:00:00 2001 From: Mykyta Koshykov Date: Tue, 23 Jun 2015 21:40:18 +0300 Subject: [PATCH] Refactor DB creation - Move DB creation for every service to own task - Refactor Murano and Sahara DB configuration classes - Cherry-pick MySQL providers from upstream to allow DB creation and management on remote host - Remove openstack::db::mysql - Move database and user creation to a separete task - Either install local database or use an external one Implements: blueprint: detach-components-from-controllers Co-Authored-By: Sergii Golovatiuk Co-Authored-By: Dmitry Ilyin Change-Id: Iaf3b7913e8c79c08025dbdaf5f2beff7337ab644 Signed-off-by: Sergii Golovatiuk --- .../puppet/murano/manifests/db/mysql.pp | 103 +++++++--- .../murano/manifests/db/mysql/host_access.pp | 45 +++-- deployment/puppet/murano/manifests/init.pp | 100 +++++----- .../lib/puppet/provider/database/mysql.rb | 25 ++- .../puppet/provider/database_grant/mysql.rb | 33 +++- .../puppet/provider/database_user/mysql.rb | 27 ++- .../puppet/openstack/manifests/db/mysql.pp | 154 --------------- deployment/puppet/openstack/manifests/heat.pp | 36 ++-- .../osnailyfacter/manifests/mysql_access.pp | 43 +++++ .../osnailyfacter/manifests/mysql_root.pp | 41 ++++ .../modular/database/database.pp | 179 +++++++++--------- .../osnailyfacter/modular/glance/glance_db.pp | 47 +++++ .../modular/glance/glance_pre.rb | 9 - .../osnailyfacter/modular/glance/tasks.yaml | 11 ++ .../puppet/osnailyfacter/modular/heat/heat.pp | 1 - .../osnailyfacter/modular/heat/heat_db.pp | 47 +++++ .../osnailyfacter/modular/heat/heat_pre.rb | 4 - .../osnailyfacter/modular/heat/tasks.yaml | 10 + .../modular/keystone/keystone_db.pp | 45 +++++ .../modular/keystone/keystone_pre.rb | 9 - .../osnailyfacter/modular/keystone/tasks.yaml | 10 + .../osnailyfacter/modular/murano/murano.pp | 4 - .../osnailyfacter/modular/murano/murano_db.pp | 50 +++++ .../modular/murano/murano_pre.rb | 5 - .../osnailyfacter/modular/murano/tasks.yaml | 10 + .../modular/openstack-cinder/cinder_db.pp | 47 +++++ .../modular/openstack-cinder/tasks.yaml | 10 + .../modular/openstack-controller/nova_db.pp | 47 +++++ .../modular/openstack-controller/tasks.yaml | 10 + .../modular/openstack-network/neutron_db.pp | 50 +++++ .../modular/openstack-network/tasks.yaml | 11 ++ .../osnailyfacter/modular/sahara/sahara.pp | 6 - .../osnailyfacter/modular/sahara/sahara_db.pp | 50 +++++ .../modular/sahara/sahara_pre.rb | 7 +- .../osnailyfacter/modular/sahara/tasks.yaml | 9 + .../templates/mysql.access.cnf.erb | 6 + .../puppet/sahara/manifests/db/mysql.pp | 91 +++++++-- .../sahara/manifests/db/mysql/host_access.pp | 45 +++-- deployment/puppet/sahara/manifests/init.pp | 10 - .../noop/spec/hosts/glance/glance_db_spec.rb | 8 + tests/noop/spec/hosts/heat/heat_db_spec.rb | 8 + .../spec/hosts/keystone/keystone_db_spec.rb | 8 + .../noop/spec/hosts/murano/murano_db_spec.rb | 8 + .../hosts/openstack-cinder/cinder_db_spec.rb | 8 + .../openstack-controller/nova_db_spec.rb | 8 + .../openstack-network/neutron_db_spec.rb | 8 + .../noop/spec/hosts/sahara/sahara_db_spec.rb | 8 + 47 files changed, 1053 insertions(+), 458 deletions(-) delete mode 100644 deployment/puppet/openstack/manifests/db/mysql.pp create mode 100644 deployment/puppet/osnailyfacter/manifests/mysql_access.pp create mode 100644 deployment/puppet/osnailyfacter/manifests/mysql_root.pp create mode 100644 deployment/puppet/osnailyfacter/modular/glance/glance_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/heat/heat_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/murano/murano_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp create mode 100644 deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp create mode 100644 deployment/puppet/osnailyfacter/templates/mysql.access.cnf.erb create mode 100644 tests/noop/spec/hosts/glance/glance_db_spec.rb create mode 100644 tests/noop/spec/hosts/heat/heat_db_spec.rb create mode 100644 tests/noop/spec/hosts/keystone/keystone_db_spec.rb create mode 100644 tests/noop/spec/hosts/murano/murano_db_spec.rb create mode 100644 tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb create mode 100644 tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb create mode 100644 tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb create mode 100644 tests/noop/spec/hosts/sahara/sahara_db_spec.rb diff --git a/deployment/puppet/murano/manifests/db/mysql.pp b/deployment/puppet/murano/manifests/db/mysql.pp index 8f9e7260ab..6f69b9b549 100644 --- a/deployment/puppet/murano/manifests/db/mysql.pp +++ b/deployment/puppet/murano/manifests/db/mysql.pp @@ -1,36 +1,95 @@ +# == Class murano::db::mysql +# +# Class that configures mysql for sahara +# +# === Parameters: +# +# [*password*] +# Password to use for the murano user +# +# [*dbname*] +# (optional) The name of the database +# Defaults to 'murano' +# +# [*user*] +# (optional) The mysql user to create +# Defaults to 'murano' +# +# [*host*] +# (optional) The IP address of the mysql server +# Defaults to '127.0.0.1' +# +# [*charset*] +# (optional) The charset to use for the murano database +# Defaults to 'utf8' +# +# [*collate*] +# (optional) The collate to use for the morano database +# Defaults to 'utf8_general_ci' +# +# [*allowed_hosts*] +# (optional) Additional hosts that are allowed to access this DB +# Defaults to undef +# +# [*cluster_id*] +# (optional) Deprecated. Does nothing +# Defaults to 'localzone' +# +# [*mysql_module*] +# (optional) Mysql puppet module version to use. Tested versions +# are 0.9 and 2.2. +# Defaults to '0.9' +# class murano::db::mysql( $password = 'murano', $dbname = 'murano', $user = 'murano', - $dbhost = 'localhost', + $dbhost = '127.0.0.1', $charset = 'utf8', + $collate = 'utf8_general_ci', $allowed_hosts = undef, + $mysql_module = '0.9' ) { - include 'murano::params' + if ($mysql_module >= 2.2) { + mysql::db { $dbname: + user => $user, + password => $password, + host => $dbhost, + charset => $charset, + collate => $collate, + require => Class['mysql::server'], + } + } else { + require 'mysql::python' - mysql::db { $dbname : - user => $user, - password => $password, - host => $dbhost, - charset => $charset, - grant => ['all'], - } - - if $allowed_hosts { - murano::db::mysql::host_access { $allowed_hosts: - user => $user, - password => $password, - database => $dbname, + mysql::db { $dbname: + user => $user, + password => $password, + host => $dbhost, + charset => $charset, + require => Class['mysql::config'], } } - $services = [ 'murano::api' ] - # TODO(dteselkin): Update the line above similar - # to the line below when murano::engine is added. - #$services = [ 'murano::conductor', 'murano::api' ] - Database[$dbname] -> Class[$services] - Database_user["${user}@${dbhost}"] -> Class[$services] - Database_grant["${user}@${dbhost}/${dbname}"] -> Class[$services] + # Check allowed_hosts to avoid duplicate resource declarations + if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] { + $real_allowed_hosts = delete($allowed_hosts,$dbhost) + } elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) { + $real_allowed_hosts = $allowed_hosts + } + + if $real_allowed_hosts { + murano::db::mysql::host_access { $real_allowed_hosts: + user => $user, + password => $password, + database => $dbname, + mysql_module => $mysql_module, + } + } + + Database[$dbname] -> Class['murano::api'] + Database_user["${user}@${dbhost}"] -> Class['murano::api'] + Database_grant["${user}@${dbhost}/${dbname}"] -> Class['murano::api'] } diff --git a/deployment/puppet/murano/manifests/db/mysql/host_access.pp b/deployment/puppet/murano/manifests/db/mysql/host_access.pp index d8a85b153f..9734caf8d9 100644 --- a/deployment/puppet/murano/manifests/db/mysql/host_access.pp +++ b/deployment/puppet/murano/manifests/db/mysql/host_access.pp @@ -13,18 +13,41 @@ # [*database*] # the database name # -define murano::db::mysql::host_access ($user, $password, $database) { +# [*mysql_module*] +# mysql module version +# +define murano::db::mysql::host_access ( + $user, + $password, + $database, + $mysql_module = '0.9' +) { - database_user { "${user}@${name}": - password_hash => mysql_password($password), - provider => 'mysql', - require => Database[$database], - } + if ($mysql_module >= 2.2) { + mysql_user { "${user}@${name}": + password_hash => mysql_password($password), + require => Mysql_database[$database], + } - database_grant { "${user}@${name}/${database}": - # TODO figure out which privileges to grant. - privileges => 'all', - provider => 'mysql', - require => Database_user["${user}@${name}"] + mysql_grant { "${user}@${name}/${database}.*": + privileges => ['ALL'], + options => ['GRANT'], + table => "${database}.*", + require => Mysql_user["${user}@${name}"], + user => "${user}@${name}" + } + } else { + database_user { "${user}@${name}": + password_hash => mysql_password($password), + provider => 'mysql', + require => Database[$database], + } + + database_grant { "${user}@${name}/${database}": + # TODO figure out which privileges to grant. + privileges => 'all', + provider => 'mysql', + require => Database_user["${user}@${name}"] + } } } diff --git a/deployment/puppet/murano/manifests/init.pp b/deployment/puppet/murano/manifests/init.pp index e824134494..693b495d05 100644 --- a/deployment/puppet/murano/manifests/init.pp +++ b/deployment/puppet/murano/manifests/init.pp @@ -24,16 +24,16 @@ class murano ( $murano_api_host = '127.0.0.1', # rabbit configuration # NOTE: - # Murano uses separate rabbitmq server for communication with agents. - # This server is launched on each controller node and uses port 55572. - # Separate rabbitmq is used to address security concern that instances - # managed by Murano have access to the 'system' RabbitMQ and thus could - # have access to OpenStack internal data. + # Murano uses separate rabbitmq server for communication with agents. + # This server is launched on each controller node and uses port 55572. + # Separate rabbitmq is used to address security concern that instances + # managed by Murano have access to the 'system' RabbitMQ and thus could + # have access to OpenStack internal data. # murano_rabbit_ha_hosts is used by murano-api and works with oslo.messaging $murano_rabbit_ha_hosts = '127.0.0.1:5672', $murano_rabbit_ha_queues = false, # murano_rabbit_host and murano_rabbit_port are used by murano-engine, - # which communicates with rabbitmq directly. + # which communicates with rabbitmq directly. $murano_rabbit_host = '127.0.0.1', $murano_rabbit_port = '55572', $murano_rabbit_ssl = false, @@ -67,7 +67,10 @@ class murano ( $murano_repo_url_string = undef, ) { - Class['mysql::server'] -> Class['murano::db::mysql'] -> Class['murano::murano_rabbitmq'] -> Class['murano::keystone'] -> Class['murano::python_muranoclient'] -> Class['murano::api'] -> Class['murano::dashboard'] + Class['murano::murano_rabbitmq'] -> + Class['murano::keystone'] -> + Class['murano::python_muranoclient'] -> + Class['murano::api'] -> Class['murano::dashboard'] User['murano'] -> Class['murano::api'] -> File <| title == $murano_log_dir |> @@ -107,64 +110,57 @@ class murano ( mode => '0750', } - class { 'murano::db::mysql': - password => $murano_db_password, - dbname => $murano_db_name, - user => $murano_db_user, - dbhost => $murano_db_host, - allowed_hosts => $murano_db_allowed_hosts, - } - class { 'murano::python_muranoclient': } class { 'murano::api' : - use_syslog => $use_syslog, - debug => $debug, - verbose => $verbose, - log_file => "${murano_log_dir}/murano.log", - syslog_log_facility => $syslog_log_facility, + use_syslog => $use_syslog, + debug => $debug, + verbose => $verbose, + log_file => "${murano_log_dir}/murano.log", + syslog_log_facility => $syslog_log_facility, - auth_host => $murano_keystone_host, - auth_port => $murano_keystone_port, - auth_protocol => $murano_keystone_protocol, - admin_tenant_name => $murano_keystone_tenant, - admin_user => $murano_keystone_user, - admin_password => $murano_keystone_password, - signing_dir => $murano_keystone_signing_dir, + auth_host => $murano_keystone_host, + auth_port => $murano_keystone_port, + auth_protocol => $murano_keystone_protocol, + admin_tenant_name => $murano_keystone_tenant, + admin_user => $murano_keystone_user, + admin_password => $murano_keystone_password, + signing_dir => $murano_keystone_signing_dir, - bind_host => $murano_bind_host, - bind_port => $murano_bind_port, + bind_host => $murano_bind_host, + bind_port => $murano_bind_port, - api_host => $murano_api_host, + api_host => $murano_api_host, - rabbit_host => $murano_rabbit_host, - rabbit_port => $murano_rabbit_port, - rabbit_ha_hosts => $murano_rabbit_ha_hosts, - rabbit_ha_queues => $murano_rabbit_ha_queues, - rabbit_use_ssl => $murano_rabbit_ssl, - rabbit_ca_certs => $murano_rabbit_ca_certs, - os_rabbit_userid => $murano_os_rabbit_userid, - os_rabbit_password => $murano_os_rabbit_passwd, - murano_rabbit_userid => $murano_own_rabbit_userid, - murano_rabbit_password => $murano_own_rabbit_passwd, - rabbit_virtual_host => $murano_rabbit_virtual_host, + rabbit_host => $murano_rabbit_host, + rabbit_port => $murano_rabbit_port, + rabbit_ha_hosts => $murano_rabbit_ha_hosts, + rabbit_ha_queues => $murano_rabbit_ha_queues, + rabbit_use_ssl => $murano_rabbit_ssl, + rabbit_ca_certs => $murano_rabbit_ca_certs, + os_rabbit_userid => $murano_os_rabbit_userid, + os_rabbit_password => $murano_os_rabbit_passwd, + murano_rabbit_userid => $murano_own_rabbit_userid, + murano_rabbit_password => $murano_own_rabbit_passwd, + rabbit_virtual_host => $murano_rabbit_virtual_host, - murano_db_password => $murano_db_password, - murano_db_name => $murano_db_name, - murano_db_user => $murano_db_user, - murano_db_host => $murano_db_host, + murano_db_password => $murano_db_password, + murano_db_name => $murano_db_name, + murano_db_user => $murano_db_user, + murano_db_host => $murano_db_host, - primary_controller => $primary_controller, + primary_controller => $primary_controller, - use_neutron => $use_neutron, - default_router => 'murano-default-router', - external_network => $external_network, + use_neutron => $use_neutron, + default_router => 'murano-default-router', + external_network => $external_network, } - class { 'murano::dashboard' : - settings_py => '/usr/share/openstack-dashboard/openstack_dashboard/settings.py', - repo_url_string => $murano_repo_url_string, + $dashboard = '/usr/share/openstack-dashboard/openstack_dashboard/settings.py' + class { 'murano::dashboard': + settings_py => $dashboard, + repo_url_string => $murano_repo_url_string, } class { 'murano::murano_rabbitmq' : diff --git a/deployment/puppet/mysql/lib/puppet/provider/database/mysql.rb b/deployment/puppet/mysql/lib/puppet/provider/database/mysql.rb index f8e9f3c3c5..e43b179d71 100644 --- a/deployment/puppet/mysql/lib/puppet/provider/database/mysql.rb +++ b/deployment/puppet/mysql/lib/puppet/provider/database/mysql.rb @@ -7,8 +7,21 @@ Puppet::Type.type(:database).provide(:mysql) do optional_commands :mysql => 'mysql' optional_commands :mysqladmin => 'mysqladmin' + # Optional defaults file + def self.defaults_file + if File.file?('/root/.my.cnf') + "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + + def defaults_file + self.class.defaults_file + end + def self.instances - mysql('-NBe', "show databases").split("\n").collect do |name| + mysql(defaults_file, '-NBe', "show databases").split("\n").collect do |name| new(:name => name) end end @@ -17,7 +30,7 @@ Puppet::Type.type(:database).provide(:mysql) do tries=10 begin debug("Trying to create database #{@resource[:name]} ") - mysql('-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}") + mysql(defaults_file, '-NBe', "create database `#{@resource[:name]}` character set #{resource[:charset]}") rescue debug("Can't connect to the server: #{tries} tries to reconnect") sleep 5 @@ -26,20 +39,20 @@ Puppet::Type.type(:database).provide(:mysql) do end def destroy - mysqladmin('-f', 'drop', @resource[:name]) + mysqladmin(defaults_file, '-f', 'drop', @resource[:name]) end def charset - mysql('-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1] + mysql(defaults_file, '-NBe', "show create database `#{resource[:name]}`").match(/.*?(\S+)\s\*\//)[1] end def charset=(value) - mysql('-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}") + mysql(defaults_file, '-NBe', "alter database `#{resource[:name]}` CHARACTER SET #{value}") end def exists? begin - mysql('-NBe', "show databases").match(/^#{@resource[:name]}$/) + mysql(defaults_file, '-NBe', "show databases").match(/^#{@resource[:name]}$/) rescue => e debug(e.message) return nil diff --git a/deployment/puppet/mysql/lib/puppet/provider/database_grant/mysql.rb b/deployment/puppet/mysql/lib/puppet/provider/database_grant/mysql.rb index 19b7352922..fbe3e46962 100644 --- a/deployment/puppet/mysql/lib/puppet/provider/database_grant/mysql.rb +++ b/deployment/puppet/mysql/lib/puppet/provider/database_grant/mysql.rb @@ -11,6 +11,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do optional_commands :mysql => 'mysql' optional_commands :mysqladmin => 'mysqladmin' + # Optional defaults file + def self.defaults_file + if File.file?('/root/.my.cnf') + "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + + def defaults_file + self.class.defaults_file + end + def self.prefetch(resources) @user_privs = nil @db_privs = nil @@ -33,19 +46,19 @@ Puppet::Type.type(:database_grant).provide(:mysql) do end def self.query_user_privs - results = mysql("mysql", "-Be", "describe user") + results = mysql(defaults_file, "mysql", "-Be", "describe user") column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] } @user_privs = column_names.delete_if { |e| !( e =~/_priv$/) } end def self.query_db_privs - results = mysql("mysql", "-Be", "describe db") + results = mysql(defaults_file, "mysql", "-Be", "describe db") column_names = results.split(/\n/).map { |l| l.chomp.split(/\t/)[0] } @db_privs = column_names.delete_if { |e| !(e =~/_priv$/) } end def mysql_flush - mysqladmin "flush-privileges" + mysqladmin defaults_file, "flush-privileges" end # this parses the @@ -73,11 +86,11 @@ Puppet::Type.type(:database_grant).provide(:mysql) do name = split_name(@resource[:name]) case name[:type] when :user - mysql "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ + mysql defaults_file, "mysql", "-e", "INSERT INTO user (host, user) VALUES ('%s', '%s')" % [ name[:host], name[:user], ] when :db - mysql "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ + mysql defaults_file, "mysql", "-e", "INSERT INTO db (host, user, db) VALUES ('%s', '%s', '%s')" % [ name[:host], name[:user], name[:db], ] end @@ -86,7 +99,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do end def destroy - mysql "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] + mysql defaults_file, "mysql", "-e", "REVOKE ALL ON '%s'.* FROM '%s@%s'" % [ @resource[:privileges], @resource[:database], @resource[:name], @resource[:host] ] end def row_exists? @@ -95,7 +108,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do if name[:type] == :db fields << :db end - not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? + not mysql(defaults_file, "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty? end def all_privs_set? @@ -117,9 +130,9 @@ Puppet::Type.type(:database_grant).provide(:mysql) do case name[:type] when :user - privs = mysql "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] + privs = mysql defaults_file, "mysql", "-Be", 'select * from user where user="%s" and host="%s"' % [ name[:user], name[:host] ] when :db - privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] + privs = mysql defaults_file, "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ] end if privs.match(/^$/) @@ -170,7 +183,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do # puts "set:", set stmt = stmt << set << where - mysql "mysql", "-Be", stmt + mysql defaults_file, "mysql", "-Be", stmt mysql_flush end end diff --git a/deployment/puppet/mysql/lib/puppet/provider/database_user/mysql.rb b/deployment/puppet/mysql/lib/puppet/provider/database_user/mysql.rb index 9f613d8344..3b4131c7b4 100644 --- a/deployment/puppet/mysql/lib/puppet/provider/database_user/mysql.rb +++ b/deployment/puppet/mysql/lib/puppet/provider/database_user/mysql.rb @@ -7,33 +7,46 @@ Puppet::Type.type(:database_user).provide(:mysql) do optional_commands :mysql => 'mysql' optional_commands :mysqladmin => 'mysqladmin' + # Optional defaults file + def self.defaults_file + if File.file?('/root/.my.cnf') + "--defaults-extra-file=#{Facter.value(:root_home)}/.my.cnf" + else + nil + end + end + + def defaults_file + self.class.defaults_file + end + def self.instances - users = mysql("mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n") + users = mysql(defaults_file, "mysql", '-BNe' "select concat(User, '@',Host) as User from mysql.user").split("\n") users.select{ |user| user =~ /.+@/ }.collect do |name| new(:name => name) end end def create - mysql("mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ]) + mysql(defaults_file, "mysql", "-e", "create user '%s' identified by PASSWORD '%s'" % [ @resource[:name].sub("@", "'@'"), @resource.value(:password_hash) ]) end def destroy - mysql("mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") ) + mysql(defaults_file, "mysql", "-e", "drop user '%s'" % @resource.value(:name).sub("@", "'@'") ) end def password_hash - mysql("mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp + mysql(defaults_file, "mysql", "-NBe", "select password from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).chomp end def password_hash=(string) - mysql("mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] ) + mysql(defaults_file, "mysql", "-e", "SET PASSWORD FOR '%s' = '%s'" % [ @resource[:name].sub("@", "'@'"), string ] ) end def exists? tries=10 begin - not mysql("mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty? + not mysql(defaults_file, "mysql", "-NBe", "select '1' from user where CONCAT(user, '@', host) = '%s'" % @resource.value(:name)).empty? rescue debug("Can't connect to the mysql server: #{tries} tries to reconnect") sleep 5 @@ -43,7 +56,7 @@ Puppet::Type.type(:database_user).provide(:mysql) do def flush @property_hash.clear - mysqladmin "flush-privileges" + mysqladmin defaults_file, "flush-privileges" end end diff --git a/deployment/puppet/openstack/manifests/db/mysql.pp b/deployment/puppet/openstack/manifests/db/mysql.pp deleted file mode 100644 index 743140d5b7..0000000000 --- a/deployment/puppet/openstack/manifests/db/mysql.pp +++ /dev/null @@ -1,154 +0,0 @@ -# -# === Class: openstack::db::mysql -# -# Create MySQL databases for all components of -# OpenStack that require a database -# -# === Parameters -# -# [mysql_root_password] Root password for mysql. Required. -# [keystone_db_password] Password for keystone database. Required. -# [glance_db_password] Password for glance database. Required. -# [nova_db_password] Password for nova database. Required. -# [mysql_bind_address] Address that mysql will bind to. Optional .Defaults to '0.0.0.0'. -# [mysql_account_security] If a secure mysql db should be setup. Optional .Defaults to true. -# [keystone_db_user] DB user for keystone. Optional. Defaults to 'keystone'. -# [keystone_db_dbname] DB name for keystone. Optional. Defaults to 'keystone'. -# [glance_db_user] DB user for glance. Optional. Defaults to 'glance'. -# [glance_db_dbname]. Name of glance DB. Optional. Defaults to 'glance'. -# [nova_db_user]. Name of nova DB user. Optional. Defaults to 'nova'. -# [nova_db_dbname]. Name of nova DB. Optional. Defaults to 'nova'. -# [allowed_hosts] List of hosts that are allowed access. Optional. Defaults to false. -# [enabled] If the db service should be started. Optional. Defaults to true. -# -# === Example -# -# class { 'openstack::db::mysql': -# mysql_root_password => 'changeme', -# keystone_db_password => 'changeme', -# glance_db_password => 'changeme', -# nova_db_password => 'changeme', -# allowed_hosts => ['127.0.0.1', '10.0.0.%'], -# } -class openstack::db::mysql ( - # Required MySQL - # passwords - $mysql_root_password, - $keystone_db_password, - $glance_db_password, - $nova_db_password, - $cinder_db_password, - $neutron_db_password, - # MySQL - $mysql_bind_address = '0.0.0.0', - $mysql_account_security = true, - # Keystone - $keystone_db_user = 'keystone', - $keystone_db_dbname = 'keystone', - # Glance - $glance_db_user = 'glance', - $glance_db_dbname = 'glance', - # Nova - $nova_db_user = 'nova', - $nova_db_dbname = 'nova', - $allowed_hosts = false, - # Cinder - $cinder = true, - $cinder_db_user = 'cinder', - $cinder_db_dbname = 'cinder', - # neutron - $neutron = true, - $neutron_db_user = 'neutron', - $neutron_db_dbname = 'neutron', - $enabled = true, - $galera_cluster_name = 'openstack', - $primary_controller = false, - $galera_node_address = '127.0.0.1', - $db_host = '127.0.0.1', - $galera_nodes = ['127.0.0.1'], - $mysql_skip_name_resolve = false, - $custom_setup_class = undef, - $use_syslog = false, - $debug = false, -) { - - if $custom_setup_class { - file { '/etc/mysql/my.cnf': - ensure => absent, - require => Class['mysql::server'] - } - $config_hash_real = { - 'config_file' => '/etc/my.cnf' - } - } else { - $config_hash_real = {} - } - - class { "mysql::server" : - bind_address => '0.0.0.0', - etc_root_password => true, - root_password => $mysql_root_password, - old_root_password => '', - galera_cluster_name => $galera_cluster_name, - primary_controller => $primary_controller, - galera_node_address => $galera_node_address, - galera_nodes => $galera_nodes, - enabled => $enabled, - custom_setup_class => $custom_setup_class, - mysql_skip_name_resolve => $mysql_skip_name_resolve, - use_syslog => $use_syslog, - config_hash => $config_hash_real, - } - - # This removes default users and guest access - if $mysql_account_security and $custom_setup_class == undef { - class { 'mysql::server::account_security': } - } - - if ($enabled) { - # Create the Keystone db - class { 'keystone::db::mysql': - user => $keystone_db_user, - password => $keystone_db_password, - dbname => $keystone_db_dbname, - allowed_hosts => $allowed_hosts, - } - - # Create the Glance db - class { 'glance::db::mysql': - user => $glance_db_user, - password => $glance_db_password, - dbname => $glance_db_dbname, - allowed_hosts => $allowed_hosts, - } - - # Create the Nova db - class { 'nova::db::mysql': - user => $nova_db_user, - password => $nova_db_password, - dbname => $nova_db_dbname, - allowed_hosts => $allowed_hosts, - } - - # create cinder db - if ($cinder) { - class { 'cinder::db::mysql': - user => $cinder_db_user, - password => $cinder_db_password, - dbname => $cinder_db_dbname, - allowed_hosts => $allowed_hosts, - } - } - - # create neutron db - if ($neutron) { - class { 'neutron::db::mysql': - user => $neutron_db_user, - password => $neutron_db_password, - dbname => $neutron_db_dbname, - allowed_hosts => $allowed_hosts, - } - } - } -} - diff --git a/deployment/puppet/openstack/manifests/heat.pp b/deployment/puppet/openstack/manifests/heat.pp index 4a5eff88ce..6d352c6245 100644 --- a/deployment/puppet/openstack/manifests/heat.pp +++ b/deployment/puppet/openstack/manifests/heat.pp @@ -6,7 +6,6 @@ class openstack::heat ( $enabled = true, $keystone_auth = true, - $create_heat_db = true, $keystone_host = '127.0.0.1', $keystone_port = '35357', $keystone_service_port = '5000', @@ -96,39 +95,26 @@ class openstack::heat ( } Package<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |> Heat_config <| - title == 'DEFAULT/instance_connection_https_validate_certificates' or - title == 'DEFAULT/instance_connection_is_secure' + title == 'DEFAULT/instance_connection_https_validate_certificates' or + title == 'DEFAULT/instance_connection_is_secure' |> -> Service<| title == 'heat-api-cfn' or title == 'heat-api-cloudwatch' |> # Firewall rules for APIs firewall { '206 heat-api-cloudwatch' : - dport => [ $api_cloudwatch_bind_port ], - proto => 'tcp', - action => 'accept', + dport => [ $api_cloudwatch_bind_port ], + proto => 'tcp', + action => 'accept', } -> firewall { '205 heat-api-cfn' : - dport => [ $api_cfn_bind_port ], - proto => 'tcp', - action => 'accept', + dport => [ $api_cfn_bind_port ], + proto => 'tcp', + action => 'accept', } -> firewall { '204 heat-api' : - dport => [ $api_bind_port ], - proto => 'tcp', - action => 'accept', - } - - # Follow the Heat installation order - # DB - if ($create_heat_db){ - class { 'heat::db::mysql': - password => $db_password, - dbname => $db_name, - user => $db_user, - host => $db_host, - allowed_hosts => $db_allowed_hosts, - require => Firewall['204 heat-api'], - } + dport => [ $api_bind_port ], + proto => 'tcp', + action => 'accept', } if ($keystone_auth){ diff --git a/deployment/puppet/osnailyfacter/manifests/mysql_access.pp b/deployment/puppet/osnailyfacter/manifests/mysql_access.pp new file mode 100644 index 0000000000..f14e76ce11 --- /dev/null +++ b/deployment/puppet/osnailyfacter/manifests/mysql_access.pp @@ -0,0 +1,43 @@ +# == Class osnailyfacter::mysql_access +# +# Class that configures .my.cnf for services +# +# === Parameters: +# +# [*db_user*] +# (optional) The mysql user to create +# Defaults to 'root' +# +# [*db_password*] +# Password to use for db_user +# +# [*db_host*] +# (optional) The IP address of the mysql server +# Defaults to '127.0.0.1' +# +class osnailyfacter::mysql_access ( + $ensure = 'present', + $db_user = 'root', + $db_password = '', + $db_host = 'localhost', +) { + $default_file_path = '/root/.my.cnf' + $host_file_path = "/root/.my.${db_host}.cnf" + + file { "${db_host}-mysql-access": + ensure => $ensure, + path => $host_file_path, + owner => 'root', + group => 'root', + mode => '0640', + content => template('osnailyfacter/mysql.access.cnf.erb') + } + + if $ensure == 'present' { + file { 'default-mysql-access-link': + ensure => 'symlink', + path => $default_file_path, + target => $host_file_path, + } + } +} diff --git a/deployment/puppet/osnailyfacter/manifests/mysql_root.pp b/deployment/puppet/osnailyfacter/manifests/mysql_root.pp new file mode 100644 index 0000000000..2fe64ec6b0 --- /dev/null +++ b/deployment/puppet/osnailyfacter/manifests/mysql_root.pp @@ -0,0 +1,41 @@ +# == Class osnailyfacter::mysql_root +# +# Class for root grant permissions +# +# [*password*] +# Password to use with root user +# +class osnailyfacter::mysql_root ( + $password = '', +) { + + Exec { + path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + creates => '/root/.my.cnf', + } + + exec { 'mysql_drop_test' : + command => "mysql -NBe \"drop database if exists test\"", + } -> + + exec { 'mysql_root_%' : + command => "mysql -NBe \"grant all on *.* to 'root'@'%' with grant option\"", + } -> + + exec { 'mysql_root_localhost' : + command => "mysql -NBe \"grant all on *.* to 'root'@'localhost' with grant option\"", + } -> + + exec { 'mysql_root_127.0.0.1' : + command => "mysql -NBe \"grant all on *.* to 'root'@'127.0.0.1' with grant option\"", + } -> + + exec { 'mysql_root_password' : + command => "mysql -NBe \"update mysql.user set password = password('${password}') where user = 'root'\"", + } -> + + exec { 'mysql_flush_privileges' : + command => "mysql -NBe \"flush privileges\"", + } + +} diff --git a/deployment/puppet/osnailyfacter/modular/database/database.pp b/deployment/puppet/osnailyfacter/modular/database/database.pp index 601c7b4130..7dfaf2ca6f 100644 --- a/deployment/puppet/osnailyfacter/modular/database/database.pp +++ b/deployment/puppet/osnailyfacter/modular/database/database.pp @@ -1,111 +1,106 @@ notice('MODULAR: database.pp') -$neutron = hiera('use_neutron') -$mysql_hash = hiera('mysql') -$keystone_hash = hiera('keystone') -$glance_hash = hiera('glance') -$nova_hash = hiera('nova') -$cinder_hash = hiera('cinder') -$internal_address = hiera('internal_address') -$network_scheme = hiera('network_scheme', {}) -$neutron_db_password = hiera('neutron_db_password', false) -$controller_nodes = hiera('controller_nodes') -$use_syslog = hiera('use_syslog', true) -$primary_controller = hiera('primary_controller') -$management_vip = hiera('management_vip') +$internal_address = hiera('internal_address') +$management_network_range = hiera('management_network_range') +$controller_nodes = hiera('controller_nodes') +$use_syslog = hiera('use_syslog', true) +$primary_controller = hiera('primary_controller') +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip', undef) +$mysql_hash = hiera_hash('mysql', {}) -$haproxy_stats_port = '10000' -$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv" +$haproxy_stats_port = '10000' +$haproxy_stats_url = "http://${management_vip}:${haproxy_stats_port}/;csv" -$mysql_root_password = $mysql_hash['root_password'] -$mysql_bind_address = '0.0.0.0' -$mysql_account_security = true +$mysql_database_password = $mysql_hash['root_password'] +$mysql_database_enabled = pick($mysql_hash['enabled'], true) +$mysql_db_host = pick($database_vip, $management_vip, 'localhost') -$keystone_db_user = 'keystone' -$keystone_db_dbname = 'keystone' -$keystone_db_password = $keystone_hash['db_password'] - -$glance_db_user = 'glance' -$glance_db_dbname = 'glance' -$glance_db_password = $glance_hash['db_password'] - -$nova_db_user = 'nova' -$nova_db_dbname = 'nova' -$nova_db_password = $nova_hash['db_password'] - -$cinder_db_user = 'cinder' -$cinder_db_dbname = 'cinder' -$cinder_db_password = $cinder_hash['db_password'] - -$neutron_db_user = 'neutron' -$neutron_db_dbname = 'neutron' +$mysql_bind_address = '0.0.0.0' $enabled = true -$allowed_hosts = [ '%', $::hostname ] $galera_cluster_name = 'openstack' $galera_node_address = $internal_address $galera_nodes = $controller_nodes -$custom_mysql_setup_class = 'galera' $mysql_skip_name_resolve = true +$custom_setup_class = 'galera' $status_user = 'clustercheck' $status_password = $mysql_hash['wsrep_password'] $backend_port = '3307' $backend_timeout = '10' -$man_net = $network_scheme['endpoints'][$network_scheme['roles']['management']]['IP'] -############################################################################### +############################################################################# + +if $mysql_database_enabled { + + if $custom_setup_class { + file { '/etc/mysql/my.cnf': + ensure => absent, + require => Class['mysql::server'] + } + $config_hash_real = { + 'config_file' => '/etc/my.cnf' + } + } else { + $config_hash_real = { } + } + + class { 'mysql::server': + bind_address => '0.0.0.0', + etc_root_password => true, + root_password => $mysql_database_password, + old_root_password => '', + galera_cluster_name => $galera_cluster_name, + primary_controller => $primary_controller, + galera_node_address => $galera_node_address, + galera_nodes => $galera_nodes, + enabled => $enabled, + custom_setup_class => $custom_setup_class, + mysql_skip_name_resolve => $mysql_skip_name_resolve, + use_syslog => $use_syslog, + config_hash => $config_hash_real, + } + + class { 'osnailyfacter::mysql_access': + db_user => 'root', + db_password => $mysql_database_password, + db_host => $mysql_db_host, + } + + class { 'osnailyfacter::mysql_root': + password => $mysql_database_password, + } + + exec { 'initial_access_config': + command => '/bin/ln -sf /etc/mysql/conf.d/password.cnf /root/.my.cnf', + } + + class { 'openstack::galera::status': + status_user => $status_user, + status_password => $status_password, + status_allow => $galera_node_address, + backend_host => $galera_node_address, + backend_port => $backend_port, + backend_timeout => $backend_timeout, + only_from => "127.0.0.1 240.0.0.2 ${management_network_range}", + } + + haproxy_backend_status { 'mysql' : + name => 'mysqld', + url => $haproxy_stats_url, + } + + package { 'socat': + ensure => 'present' + } + + Package['socat'] -> + Class['mysql::server'] -> + Class['osnailyfacter::mysql_root'] -> + Exec['initial_access_config'] -> + Class['openstack::galera::status'] -> + Haproxy_backend_status['mysql'] -> + Class['osnailyfacter::mysql_access'] -class { 'openstack::db::mysql': - mysql_root_password => $mysql_root_password, - mysql_bind_address => $mysql_bind_address, - mysql_account_security => $mysql_account_security, - keystone_db_user => $keystone_db_user, - keystone_db_password => $keystone_db_password, - keystone_db_dbname => $keystone_db_dbname, - glance_db_user => $glance_db_user, - glance_db_password => $glance_db_password, - glance_db_dbname => $glance_db_dbname, - nova_db_user => $nova_db_user, - nova_db_password => $nova_db_password, - nova_db_dbname => $nova_db_dbname, - cinder => $cinder, - cinder_db_user => $cinder_db_user, - cinder_db_password => $cinder_db_password, - cinder_db_dbname => $cinder_db_dbname, - neutron => $neutron, - neutron_db_user => $neutron_db_user, - neutron_db_password => $neutron_db_password, - neutron_db_dbname => $neutron_db_dbname, - allowed_hosts => $allowed_hosts, - enabled => $enabled, - galera_cluster_name => $galera_cluster_name, - primary_controller => $primary_controller, - galera_node_address => $galera_node_address, - galera_nodes => $galera_nodes, - custom_setup_class => $custom_mysql_setup_class, - mysql_skip_name_resolve => $mysql_skip_name_resolve, - use_syslog => $use_syslog, } - -class { 'openstack::galera::status': - status_user => $status_user, - status_password => $status_password, - status_allow => $galera_node_address, - backend_host => $galera_node_address, - backend_port => $backend_port, - backend_timeout => $backend_timeout, - only_from => "127.0.0.1 240.0.0.2 ${man_net}", -} - -haproxy_backend_status { 'mysql' : - name => 'mysqld', - url => $haproxy_stats_url, -} - -package { 'socat': ensure => present } - -Package['socat'] -> Class['openstack::db::mysql'] -Class['openstack::db::mysql'] -> Class['openstack::galera::status'] -Class['openstack::galera::status'] -> Haproxy_backend_status['mysql'] -Class['mysql::server'] -> Haproxy_backend_status['mysql'] diff --git a/deployment/puppet/osnailyfacter/modular/glance/glance_db.pp b/deployment/puppet/osnailyfacter/modular/glance/glance_db.pp new file mode 100644 index 0000000000..e48157bf5c --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/glance/glance_db.pp @@ -0,0 +1,47 @@ +notice('MODULAR: glance_db.pp') + +$glance_hash = hiera_hash('glance', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($glance_hash['db_user'], 'glance') +$db_name = pick($glance_hash['db_name'], 'glance') +$db_password = pick($glance_hash['db_password'], $mysql_root_password) + +$db_host = pick($glance_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($glance_hash['db_create'], $mysql_db_create) +$db_root_user = pick($glance_hash['root_user'], $mysql_root_user) +$db_root_password = pick($glance_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'glance::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['glance::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/glance/glance_pre.rb b/deployment/puppet/osnailyfacter/modular/glance/glance_pre.rb index b477572625..cab137d618 100644 --- a/deployment/puppet/osnailyfacter/modular/glance/glance_pre.rb +++ b/deployment/puppet/osnailyfacter/modular/glance/glance_pre.rb @@ -8,15 +8,6 @@ class GlancePreTest < Test::Unit::TestCase assert TestCommon::HAProxy.backend_present?(BACKEND), "There is no '#{BACKEND}' HAProxy backend!" end - def test_mysql_accessible_for_glance - TestCommon::MySQL.pass = TestCommon::Settings.glance['db_password'] - TestCommon::MySQL.user = 'glance' - TestCommon::MySQL.host = TestCommon::Settings.management_vip - TestCommon::MySQL.port = 3306 - TestCommon::MySQL.db = 'glance' - assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Glance auth!' - end - def test_amqp_accessible assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!' end diff --git a/deployment/puppet/osnailyfacter/modular/glance/tasks.yaml b/deployment/puppet/osnailyfacter/modular/glance/tasks.yaml index b3e9db63c0..21cf0d7423 100644 --- a/deployment/puppet/osnailyfacter/modular/glance/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/glance/tasks.yaml @@ -11,3 +11,14 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/glance/glance_post.rb + +- id: glance-db + type: puppet + groups: [primary-controller] + required_for: [glance] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/glance/glance_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 + diff --git a/deployment/puppet/osnailyfacter/modular/heat/heat.pp b/deployment/puppet/osnailyfacter/modular/heat/heat.pp index 69491a45f3..7e5a039c07 100644 --- a/deployment/puppet/osnailyfacter/modular/heat/heat.pp +++ b/deployment/puppet/osnailyfacter/modular/heat/heat.pp @@ -50,7 +50,6 @@ if $::operatingsystem == 'Ubuntu' { class { 'openstack::heat' : external_ip => $controller_node_public, keystone_auth => pick($heat_hash['keystone_auth'], true), - create_heat_db => pick($heat_hash['create_heat_db'], true), api_bind_host => $internal_address, api_cfn_bind_host => $internal_address, api_cloudwatch_bind_host => $internal_address, diff --git a/deployment/puppet/osnailyfacter/modular/heat/heat_db.pp b/deployment/puppet/osnailyfacter/modular/heat/heat_db.pp new file mode 100644 index 0000000000..e91c750a8b --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/heat/heat_db.pp @@ -0,0 +1,47 @@ +notice('MODULAR: heat_db.pp') + +$heat_hash = hiera_hash('heat', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($heat_hash['db_user'], 'heat') +$db_name = pick($heat_hash['db_name'], 'heat') +$db_password = pick($heat_hash['db_password'], $mysql_root_password) + +$db_host = pick($heat_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($heat_hash['db_create'], $mysql_db_create) +$db_root_user = pick($heat_hash['root_user'], $mysql_root_user) +$db_root_password = pick($heat_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'heat::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['heat::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/heat/heat_pre.rb b/deployment/puppet/osnailyfacter/modular/heat/heat_pre.rb index e73afd820a..7e6f678e94 100644 --- a/deployment/puppet/osnailyfacter/modular/heat/heat_pre.rb +++ b/deployment/puppet/osnailyfacter/modular/heat/heat_pre.rb @@ -1,10 +1,6 @@ require File.join File.dirname(__FILE__), '../test_common.rb' class HeatPostTest < Test::Unit::TestCase - def test_mysql_connection_without_auth - TestCommon::MySQL.no_auth - assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!' - end def test_amqp_accessible assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!' diff --git a/deployment/puppet/osnailyfacter/modular/heat/tasks.yaml b/deployment/puppet/osnailyfacter/modular/heat/tasks.yaml index e63e8367f9..b44b28b41d 100644 --- a/deployment/puppet/osnailyfacter/modular/heat/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/heat/tasks.yaml @@ -11,3 +11,13 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/heat/heat_post.rb + +- id: heat-db + type: puppet + groups: [primary-controller] + required_for: [heat] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/heat/heat_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp b/deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp new file mode 100644 index 0000000000..b81e288e14 --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/keystone/keystone_db.pp @@ -0,0 +1,45 @@ +notice('MODULAR: keystone_db.pp') + +$keystone_hash = hiera_hash('keystone', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($keystone_hash['db_user'], 'keystone') +$db_name = pick($keystone_hash['db_name'], 'keystone') +$db_password = pick($keystone_hash['db_password'], $mysql_root_password) + +$db_host = pick($keystone_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($keystone_hash['db_create'], $mysql_db_create) +$db_root_user = pick($keystone_hash['root_user'], $mysql_root_user) +$db_root_password = pick($keystone_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +if $db_create { + + class { 'keystone::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['keystone::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/keystone/keystone_pre.rb b/deployment/puppet/osnailyfacter/modular/keystone/keystone_pre.rb index 3fa70d225d..0a9f604c58 100644 --- a/deployment/puppet/osnailyfacter/modular/keystone/keystone_pre.rb +++ b/deployment/puppet/osnailyfacter/modular/keystone/keystone_pre.rb @@ -13,15 +13,6 @@ class KeystonePreTest < Test::Unit::TestCase assert TestCommon::HAProxy.backend_present?(ADMIN_BACKEND), "There is no '#{ADMIN_BACKEND}' HAProxy backend!" end - def test_mysql_accessible_for_keystone - TestCommon::MySQL.pass = TestCommon::Settings.keystone['db_password'] - TestCommon::MySQL.user = 'keystone' - TestCommon::MySQL.host = TestCommon::Settings.management_vip - TestCommon::MySQL.port = 3306 - TestCommon::MySQL.db = 'keystone' - assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL with Keystone auth!' - end - def test_amqp_accessible assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!' end diff --git a/deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml b/deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml index 1075573dc4..db800eeec9 100644 --- a/deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/keystone/tasks.yaml @@ -11,3 +11,13 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_post.rb + +- id: keystone-db + type: puppet + groups: [primary-controller] + required_for: [keystone] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/keystone/keystone_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/modular/murano/murano.pp b/deployment/puppet/osnailyfacter/modular/murano/murano.pp index e89d820ea3..73769dfe10 100644 --- a/deployment/puppet/osnailyfacter/modular/murano/murano.pp +++ b/deployment/puppet/osnailyfacter/modular/murano/murano.pp @@ -116,12 +116,8 @@ if $murano_hash['enabled'] { ###################### -class mysql::server {} -class mysql::config {} class rabbitmq::service {} class openstack::firewall {} -include mysql::server -include mysql::config include rabbitmq::service include openstack::firewall diff --git a/deployment/puppet/osnailyfacter/modular/murano/murano_db.pp b/deployment/puppet/osnailyfacter/modular/murano/murano_db.pp new file mode 100644 index 0000000000..516fe0ad97 --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/murano/murano_db.pp @@ -0,0 +1,50 @@ +notice('MODULAR: murano_db.pp') + +$murano_hash = hiera_hash('murano', {}) +$murano_enabled = pick($murano_hash['enabled'], false) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($murano_hash['db_user'], 'murano') +$db_name = pick($murano_hash['db_name'], 'murano') +$db_password = pick($murano_hash['db_password'], $mysql_root_password) + +$db_host = pick($murano_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($murano_hash['db_create'], $mysql_db_create) +$db_root_user = pick($murano_hash['root_user'], $mysql_root_user) +$db_root_password = pick($murano_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $murano_enabled and $db_create { + + class { 'murano::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['murano::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server +class murano::api {} +include murano::api diff --git a/deployment/puppet/osnailyfacter/modular/murano/murano_pre.rb b/deployment/puppet/osnailyfacter/modular/murano/murano_pre.rb index a1e06e9e8f..c8074efd09 100644 --- a/deployment/puppet/osnailyfacter/modular/murano/murano_pre.rb +++ b/deployment/puppet/osnailyfacter/modular/murano/murano_pre.rb @@ -2,11 +2,6 @@ require File.join File.dirname(__FILE__), '../test_common.rb' class MuranoPreTest < Test::Unit::TestCase - def test_mysql_connection_without_auth - TestCommon::MySQL.no_auth - assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!' - end - def test_amqp_accessible assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!' end diff --git a/deployment/puppet/osnailyfacter/modular/murano/tasks.yaml b/deployment/puppet/osnailyfacter/modular/murano/tasks.yaml index ba64e3ee39..ed520e33eb 100644 --- a/deployment/puppet/osnailyfacter/modular/murano/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/murano/tasks.yaml @@ -11,3 +11,13 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/murano/murano_post.rb + +- id: murano-db + type: puppet + groups: [primary-controller] + required_for: [murano] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/murano/murano_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp b/deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp new file mode 100644 index 0000000000..00470d8c65 --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/openstack-cinder/cinder_db.pp @@ -0,0 +1,47 @@ +notice('MODULAR: cinder_db.pp') + +$cinder_hash = hiera_hash('cinder', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($cinder_hash['db_user'], 'cinder') +$db_name = pick($cinder_hash['db_name'], 'cinder') +$db_password = pick($cinder_hash['db_password'], $mysql_root_password) + +$db_host = pick($cinder_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($cinder_hash['db_create'], $mysql_db_create) +$db_root_user = pick($cinder_hash['root_user'], $mysql_root_user) +$db_root_password = pick($cinder_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'cinder::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['cinder::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml b/deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml index 7c931bd5a4..3ee71b14f5 100644 --- a/deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/openstack-cinder/tasks.yaml @@ -7,3 +7,13 @@ puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/openstack-cinder.pp puppet_modules: /etc/puppet/modules timeout: 1200 + +- id: cinder_db + type: puppet + groups: [primary-controller] + required_for: [openstack-cinder] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-cinder/cinder_db.pp + puppet_modules: /etc/puppet/modules + timeout: 1200 diff --git a/deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp b/deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp new file mode 100644 index 0000000000..cac5aee37a --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/openstack-controller/nova_db.pp @@ -0,0 +1,47 @@ +notice('MODULAR: nova_db.pp') + +$nova_hash = hiera_hash('nova', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($nova_hash['db_user'], 'nova') +$db_name = pick($nova_hash['db_name'], 'nova') +$db_password = pick($nova_hash['db_password'], $mysql_root_password) + +$db_host = pick($nova_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($nova_hash['db_create'], $mysql_db_create) +$db_root_user = pick($nova_hash['root_user'], $mysql_root_user) +$db_root_password = pick($nova_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'nova::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['nova::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml b/deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml index 937f9c0e84..ae2f11c67d 100644 --- a/deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/openstack-controller/tasks.yaml @@ -7,3 +7,13 @@ puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/openstack-controller.pp puppet_modules: /etc/puppet/modules timeout: 3600 + +- id: nova-db + type: puppet + groups: [primary-controller] + required_for: [openstack-controller] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-controller/nova_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp b/deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp new file mode 100644 index 0000000000..59927288d2 --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/openstack-network/neutron_db.pp @@ -0,0 +1,50 @@ +notice('MODULAR: neutron_db.pp') + +$use_neutron = hiera('use_neutron', false) +$neutron_hash = hiera_hash('quantum_settings', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$neutron_db = merge($neutron_hash['database'], {}) + +$db_user = pick($neutron_db['db_user'], 'neutron') +$db_name = pick($neutron_db['db_name'], 'neutron') +$db_password = pick($neutron_db['passwd'], $mysql_root_password) + +$db_host = pick($neutron_db['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($neutron_db['db_create'], $mysql_db_create) +$db_root_user = pick($neutron_db['root_user'], $mysql_root_user) +$db_root_password = pick($neutron_db['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $use_neutron and $db_create { + + class { 'neutron::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['neutron::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml b/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml index 7973483576..08fb1e2e5e 100644 --- a/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml @@ -11,6 +11,7 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-controller_post.rb + - id: openstack-network-compute type: puppet groups: [compute] @@ -24,3 +25,13 @@ cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_pre.rb test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/openstack-network/openstack-network-compute_post.rb + +- id: neutron-db + type: puppet + groups: [primary-controller] + required_for: [openstack-network] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/neutron_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/modular/sahara/sahara.pp b/deployment/puppet/osnailyfacter/modular/sahara/sahara.pp index f0ee442b43..793792f4a6 100644 --- a/deployment/puppet/osnailyfacter/modular/sahara/sahara.pp +++ b/deployment/puppet/osnailyfacter/modular/sahara/sahara.pp @@ -79,11 +79,5 @@ if $sahara_hash['enabled'] { ######################### -class mysql::server {} -class mysql::config {} - -include mysql::server -include mysql::config - class openstack::firewall {} include openstack::firewall diff --git a/deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp b/deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp new file mode 100644 index 0000000000..951ebd1cc0 --- /dev/null +++ b/deployment/puppet/osnailyfacter/modular/sahara/sahara_db.pp @@ -0,0 +1,50 @@ +notice('MODULAR: sahara_db.pp') + +$sahara_hash = hiera_hash('sahara', {}) +$sahara_enabled = pick($sahara_hash['enabled'], false) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($sahara_hash['db_user'], 'sahara') +$db_name = pick($sahara_hash['db_name'], 'sahara') +$db_password = pick($sahara_hash['db_password'], $mysql_root_password) + +$db_host = pick($sahara_hash['db_host'], $database_vip, $management_vip, 'localhost') +$db_create = pick($sahara_hash['db_create'], $mysql_db_create) +$db_root_user = pick($sahara_hash['root_user'], $mysql_root_user) +$db_root_password = pick($sahara_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $sahara_enabled and $db_create { + + class { 'sahara::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['osnailyfacter::mysql_access'] -> Class['sahara::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server +class sahara::api {} +include sahara::api diff --git a/deployment/puppet/osnailyfacter/modular/sahara/sahara_pre.rb b/deployment/puppet/osnailyfacter/modular/sahara/sahara_pre.rb index 36408b5e80..05a54fc4d6 100644 --- a/deployment/puppet/osnailyfacter/modular/sahara/sahara_pre.rb +++ b/deployment/puppet/osnailyfacter/modular/sahara/sahara_pre.rb @@ -2,17 +2,12 @@ require File.join File.dirname(__FILE__), '../test_common.rb' class SaharaPreTest < Test::Unit::TestCase - def test_mysql_connection_without_auth - TestCommon::MySQL.no_auth - assert TestCommon::MySQL.connection?, 'Cannot connect to MySQL without auth!' - end - def test_amqp_accessible assert TestCommon::AMQP.connection?, 'Cannot connect to AMQP server!' end def test_haproxy_sahara_backend_present - assert TestCommon::HAProxy.backend_present?('sahara'), 'No murano haproxy backend!' + assert TestCommon::HAProxy.backend_present?('sahara'), 'No sahara haproxy backend!' end def test_horizon_haproxy_backend_online diff --git a/deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml b/deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml index 37ec9400f4..79ddce8a02 100644 --- a/deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml +++ b/deployment/puppet/osnailyfacter/modular/sahara/tasks.yaml @@ -12,3 +12,12 @@ test_post: cmd: ruby /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_post.rb +- id: sahara-db + type: puppet + groups: [primary-controller] + required_for: [sahara] + requires: [database] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/sahara/sahara_db.pp + puppet_modules: /etc/puppet/modules + timeout: 3600 diff --git a/deployment/puppet/osnailyfacter/templates/mysql.access.cnf.erb b/deployment/puppet/osnailyfacter/templates/mysql.access.cnf.erb new file mode 100644 index 0000000000..feb3cd6e67 --- /dev/null +++ b/deployment/puppet/osnailyfacter/templates/mysql.access.cnf.erb @@ -0,0 +1,6 @@ +<%- %w(mysql client mysqldump mysqladmin mysqlcheck).each do |section| %> +[<%= section %>] +user = '<%= @db_user %>' +password = '<%= @db_password %>' +host = '<%= @db_host %>' +<%- end %> diff --git a/deployment/puppet/sahara/manifests/db/mysql.pp b/deployment/puppet/sahara/manifests/db/mysql.pp index 174deeb3ed..1c2e70f0f8 100644 --- a/deployment/puppet/sahara/manifests/db/mysql.pp +++ b/deployment/puppet/sahara/manifests/db/mysql.pp @@ -1,27 +1,90 @@ +# == Class sahara::db::mysql +# +# Class that configures mysql for sahara +# +# === Parameters: +# +# [*password*] +# Password to use for the sahara user +# +# [*dbname*] +# (optional) The name of the database +# Defaults to 'sahara' +# +# [*user*] +# (optional) The mysql user to create +# Defaults to 'sahara' +# +# [*host*] +# (optional) The IP address of the mysql server +# Defaults to '127.0.0.1' +# +# [*charset*] +# (optional) The charset to use for the sahara database +# Defaults to 'utf8' +# +# [*collate*] +# (optional) The collate to use for the sahara database +# Defaults to 'utf8_general_ci' +# +# [*allowed_hosts*] +# (optional) Additional hosts that are allowed to access this DB +# Defaults to undef +# +# [*cluster_id*] +# (optional) Deprecated. Does nothing +# Defaults to 'localzone' +# +# [*mysql_module*] +# (optional) Mysql puppet module version to use. Tested versions +# are 0.9 and 2.2. +# Defaults to '0.9' +# class sahara::db::mysql( - $password = 'sahara', + $password, $dbname = 'sahara', $user = 'sahara', - $dbhost = 'localhost', + $dbhost = '127.0.0.1', $charset = 'utf8', + $collate = 'utf8_general_ci', $allowed_hosts = undef, + $mysql_module = '0.9' ) { - include 'sahara::params' + if ($mysql_module >= 2.2) { + mysql::db { $dbname: + user => $user, + password => $password, + host => $dbhost, + charset => $charset, + collate => $collate, + require => Class['mysql::server'], + } + } else { + require 'mysql::python' - mysql::db { $dbname : - user => $user, - password => $password, - host => $dbhost, - charset => $charset, - grant => ['all'], + mysql::db { $dbname: + user => $user, + password => $password, + host => $dbhost, + charset => $charset, + require => Class['mysql::config'], + } } - if $allowed_hosts { - sahara::db::mysql::host_access { $allowed_hosts: - user => $user, - password => $password, - database => $dbname, + # Check allowed_hosts to avoid duplicate resource declarations + if is_array($allowed_hosts) and delete($allowed_hosts,$dbhost) != [] { + $real_allowed_hosts = delete($allowed_hosts,$dbhost) + } elsif is_string($allowed_hosts) and ($allowed_hosts != $dbhost) { + $real_allowed_hosts = $allowed_hosts + } + + if $real_allowed_hosts { + sahara::db::mysql::host_access { $real_allowed_hosts: + user => $user, + password => $password, + database => $dbname, + mysql_module => $mysql_module, } } diff --git a/deployment/puppet/sahara/manifests/db/mysql/host_access.pp b/deployment/puppet/sahara/manifests/db/mysql/host_access.pp index 039a7b7828..abdd8caec2 100644 --- a/deployment/puppet/sahara/manifests/db/mysql/host_access.pp +++ b/deployment/puppet/sahara/manifests/db/mysql/host_access.pp @@ -13,18 +13,41 @@ # [*database*] # the database name # -define sahara::db::mysql::host_access ($user, $password, $database) { +# [*mysql_module*] +# mysql module version +# +define sahara::db::mysql::host_access ( + $user, + $password, + $database, + $mysql_module = '0.9' +) { - database_user { "${user}@${name}": - password_hash => mysql_password($password), - provider => 'mysql', - require => Database[$database], - } + if ($mysql_module >= 2.2) { + mysql_user { "${user}@${name}": + password_hash => mysql_password($password), + require => Mysql_database[$database], + } - database_grant { "${user}@${name}/${database}": - # TODO figure out which privileges to grant. - privileges => 'all', - provider => 'mysql', - require => Database_user["${user}@${name}"] + mysql_grant { "${user}@${name}/${database}.*": + privileges => ['ALL'], + options => ['GRANT'], + table => "${database}.*", + require => Mysql_user["${user}@${name}"], + user => "${user}@${name}" + } + } else { + database_user { "${user}@${name}": + password_hash => mysql_password($password), + provider => 'mysql', + require => Database[$database], + } + + database_grant { "${user}@${name}/${database}": + # TODO figure out which privileges to grant. + privileges => 'all', + provider => 'mysql', + require => Database_user["${user}@${name}"] + } } } diff --git a/deployment/puppet/sahara/manifests/init.pp b/deployment/puppet/sahara/manifests/init.pp index e386709a35..32d00d7563 100644 --- a/deployment/puppet/sahara/manifests/init.pp +++ b/deployment/puppet/sahara/manifests/init.pp @@ -39,14 +39,6 @@ class sahara ( $sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=60" - class { 'sahara::db::mysql': - password => $db_password, - dbname => $db_name, - user => $db_user, - dbhost => $db_host, - allowed_hosts => $db_allowed_hosts, - } - class { 'sahara::api': enabled => $enabled, auth_uri => $auth_uri, @@ -106,8 +98,6 @@ class sahara ( action => 'accept', } - Class['mysql::server'] -> - Class['sahara::db::mysql'] -> Firewall[$firewall_rule] -> Class['sahara::keystone::auth'] -> Class['sahara::api'] diff --git a/tests/noop/spec/hosts/glance/glance_db_spec.rb b/tests/noop/spec/hosts/glance/glance_db_spec.rb new file mode 100644 index 0000000000..71db71d872 --- /dev/null +++ b/tests/noop/spec/hosts/glance/glance_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'glance/glance_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/heat/heat_db_spec.rb b/tests/noop/spec/hosts/heat/heat_db_spec.rb new file mode 100644 index 0000000000..723030ba9b --- /dev/null +++ b/tests/noop/spec/hosts/heat/heat_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'heat/heat_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/keystone/keystone_db_spec.rb b/tests/noop/spec/hosts/keystone/keystone_db_spec.rb new file mode 100644 index 0000000000..6d08bdca74 --- /dev/null +++ b/tests/noop/spec/hosts/keystone/keystone_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'keystone/keystone_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/murano/murano_db_spec.rb b/tests/noop/spec/hosts/murano/murano_db_spec.rb new file mode 100644 index 0000000000..eba8867299 --- /dev/null +++ b/tests/noop/spec/hosts/murano/murano_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'murano/murano_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb b/tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb new file mode 100644 index 0000000000..222e971aa4 --- /dev/null +++ b/tests/noop/spec/hosts/openstack-cinder/cinder_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'openstack-cinder/cinder_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb b/tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb new file mode 100644 index 0000000000..0d16b823d2 --- /dev/null +++ b/tests/noop/spec/hosts/openstack-controller/nova_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'openstack-controller/nova_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb b/tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb new file mode 100644 index 0000000000..2c29c924de --- /dev/null +++ b/tests/noop/spec/hosts/openstack-network/neutron_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'openstack-network/neutron_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end + diff --git a/tests/noop/spec/hosts/sahara/sahara_db_spec.rb b/tests/noop/spec/hosts/sahara/sahara_db_spec.rb new file mode 100644 index 0000000000..9a398a40d8 --- /dev/null +++ b/tests/noop/spec/hosts/sahara/sahara_db_spec.rb @@ -0,0 +1,8 @@ +require 'spec_helper' +require 'shared-examples' +manifest = 'sahara/sahara_db.pp' + +describe manifest do + test_ubuntu_and_centos manifest +end +