openstack/fuel-library
Code Issues Proposed changes

Merge "Create users only on primary controller"

Browse Source
This commit is contained in:
Jenkins 2016-04-08 13:22:10 +00:00 committed by Gerrit Code Review
commit 99148359d9
2 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
deployment/puppet/osnailyfacter/manifests/database/database.pp
View File

@ -19,7 +19,7 @@ class osnailyfacter::database::database {
$haproxy_stats_port = '10000' $haproxy_stats_port = '10000'
$haproxy_stats_url = "http://${database_vip}:${haproxy_stats_port}/;csv" $haproxy_stats_url = "http://${database_vip}:${haproxy_stats_port}/;csv"
$mysql_database_password = $mysql_hash['root_password'] $mysql_root_password = $mysql_hash['root_password']
$enabled = pick($mysql_hash['enabled'], true) $enabled = pick($mysql_hash['enabled'], true)
$galera_node_address = get_network_role_property('mgmt/database', 'ipaddr') $galera_node_address = get_network_role_property('mgmt/database', 'ipaddr')
@ -45,7 +45,7 @@ class osnailyfacter::database::database {
############################################################################# #############################################################################
validate_string($status_password) validate_string($status_password)
validate_string($mysql_database_password) validate_string($mysql_root_password)
validate_string($status_password) validate_string($status_password)
if $enabled { if $enabled {
@ -212,13 +212,16 @@ class osnailyfacter::database::database {
'wsrep_provider_options' => $wsrep_provider_options, 'wsrep_provider_options' => $wsrep_provider_options,
'wsrep_slave_threads' => $wsrep_slave_threads, 'wsrep_slave_threads' => $wsrep_slave_threads,
'wsrep_sst_method' => 'xtrabackup-v2', 'wsrep_sst_method' => 'xtrabackup-v2',
'wsrep_sst_auth' => "\"root:${mysql_database_password}\"", #TODO fix this, should be a specific user not root #TODO (sgolovatiuk): fix this, should be a specific user not root
'wsrep_sst_auth' => "\"root:${mysql_root_password}\"",
'wsrep_node_address' => $galera_node_address, 'wsrep_node_address' => $galera_node_address,
'wsrep_node_incoming_address' => $galera_node_address, 'wsrep_node_incoming_address' => $galera_node_address,
'wsrep_sst_receive_address' => $galera_node_address, 'wsrep_sst_receive_address' => $galera_node_address,
}, },
'xtrabackup' => { 'xtrabackup' => {
'parallel' => inline_template("<%= [[${::processorcount}, 2].max, 6].min %>"), 'parallel' => inline_template(
"<%= [[${::processorcount}, 2].max, 6].min %>"
),
}, },
'sst' => { 'sst' => {
'streamfmt' => 'xbstream', 'streamfmt' => 'xbstream',
@ -248,9 +251,10 @@ class osnailyfacter::database::database {
galera_package_name => $galera_package_name, galera_package_name => $galera_package_name,
client_package_name => $client_package_name, client_package_name => $client_package_name,
galera_servers => $galera_nodes, galera_servers => $galera_nodes,
galera_master => false, # NOTE: we don't want the galera module to boostrap # NOTE: we don't want the galera module to boostrap
galera_master => false,
mysql_port => $backend_port, mysql_port => $backend_port,
root_password => $mysql_database_password, root_password => $mysql_root_password,
create_root_user => $primary_controller, create_root_user => $primary_controller,
create_root_my_cnf => true, create_root_my_cnf => true,
configure_repo => false, # NOTE: repos should be managed via fuel configure_repo => false, # NOTE: repos should be managed via fuel
@ -322,20 +326,23 @@ class osnailyfacter::database::database {
# TODO: (sgolovatiuk): This class should be removed once # TODO: (sgolovatiuk): This class should be removed once
# https://github.com/puppetlabs/puppetlabs-mysql/pull/801/files is accepted # https://github.com/puppetlabs/puppetlabs-mysql/pull/801/files is accepted
class { '::osnailyfacter::mysql_access': class { '::osnailyfacter::mysql_access':
db_password => $mysql_database_password, db_password => $mysql_root_password,
require => Class['::galera'],
} }
# this sets up remote grants for use with detached db # this sets up remote grants for use with detached db
class { '::osnailyfacter::mysql_user_access': if $primary_controller {
db_user => 'root', # We do not need to create users on all controllers as
db_password_hash => mysql_password($mysql_database_password), # whole /var/lib/mysql will be transferred during SST
access_networks => $access_networks, # Also this leads to split brain as MyISAM tables are got diverged
class { '::osnailyfacter::mysql_user_access':
db_user => 'root',
db_password_hash => mysql_password($mysql_root_password),
access_networks => $access_networks,
require => Class['::osnailyfacter::mysql_access'],
}
} }
Class['::galera'] ->
Class['::osnailyfacter::mysql_access'] ->
Class['::osnailyfacter::mysql_user_access']
Class['::openstack::galera::status'] -> Class['::openstack::galera::status'] ->
::Osnailyfacter::Wait_for_backend['mysql'] ::Osnailyfacter::Wait_for_backend['mysql']
} }

16
tests/noop/spec/hosts/database/database_spec.rb
View File

@ -156,12 +156,16 @@ describe manifest do
) )
end end
it 'should setup additional root grants from other hosts' do it 'should setup additional root grants from other hosts only on primary controller' do
should contain_class('osnailyfacter::mysql_user_access').with( if primary_controller
:db_user => 'root', should contain_class('osnailyfacter::mysql_user_access').with(
:db_password_hash => mysql_database_password_hash, :db_user => 'root',
:access_networks => access_networks :db_password_hash => mysql_database_password_hash,
) :access_networks => access_networks
)
else
should_not contain_class('osnailyfacter::mysql_user_access')
end
end end
it 'should remove package provided wsrep.cnf' do it 'should remove package provided wsrep.cnf' do