Merge "Create users only on primary controller"

2016-04-08 13:22:10 +00:00 · 2016-04-08 13:22:10 +00:00 · 99148359d9
commit 99148359d9
parent 0d73db0241 f1c63b04ee
2 changed files with 32 additions and 21 deletions
--- a/deployment/puppet/osnailyfacter/manifests/database/database.pp
+++ b/deployment/puppet/osnailyfacter/manifests/database/database.pp
@ -19,7 +19,7 @@ class osnailyfacter::database::database {
  $haproxy_stats_port   = '10000'
  $haproxy_stats_url    = "http://${database_vip}:${haproxy_stats_port}/;csv"

-  $mysql_database_password   = $mysql_hash['root_password']
+  $mysql_root_password       = $mysql_hash['root_password']
  $enabled                   = pick($mysql_hash['enabled'], true)

  $galera_node_address       = get_network_role_property('mgmt/database', 'ipaddr')
@ -45,7 +45,7 @@ class osnailyfacter::database::database {

  #############################################################################
  validate_string($status_password)
-  validate_string($mysql_database_password)
+  validate_string($mysql_root_password)
  validate_string($status_password)

  if $enabled {
@ -212,13 +212,16 @@ class osnailyfacter::database::database {
        'wsrep_provider_options'         => $wsrep_provider_options,
        'wsrep_slave_threads'            => $wsrep_slave_threads,
        'wsrep_sst_method'               => 'xtrabackup-v2',
-        'wsrep_sst_auth'                 => "\"root:${mysql_database_password}\"", #TODO fix this, should be a specific user not root
+        #TODO (sgolovatiuk): fix this, should be a specific user not root
+        'wsrep_sst_auth'                 => "\"root:${mysql_root_password}\"",
        'wsrep_node_address'             => $galera_node_address,
        'wsrep_node_incoming_address'    => $galera_node_address,
        'wsrep_sst_receive_address'      => $galera_node_address,
      },
      'xtrabackup' => {
-        'parallel' => inline_template("<%= [[${::processorcount}, 2].max, 6].min %>"),
+        'parallel' => inline_template(
+                        "<%= [[${::processorcount}, 2].max, 6].min %>"
+                      ),
      },
      'sst'        => {
        'streamfmt'   => 'xbstream',
@ -248,9 +251,10 @@ class osnailyfacter::database::database {
      galera_package_name   => $galera_package_name,
      client_package_name   => $client_package_name,
      galera_servers        => $galera_nodes,
-      galera_master         => false, # NOTE: we don't want the galera module to boostrap
+      # NOTE: we don't want the galera module to boostrap
+      galera_master         => false,
      mysql_port            => $backend_port,
-      root_password         => $mysql_database_password,
+      root_password         => $mysql_root_password,
      create_root_user      => $primary_controller,
      create_root_my_cnf    => true,
      configure_repo        => false, # NOTE: repos should be managed via fuel
@ -322,19 +326,22 @@ class osnailyfacter::database::database {
    # TODO: (sgolovatiuk): This class should be removed once
    # https://github.com/puppetlabs/puppetlabs-mysql/pull/801/files is accepted
    class { '::osnailyfacter::mysql_access':
-      db_password => $mysql_database_password,
+      db_password => $mysql_root_password,
+      require     => Class['::galera'],
    }

    # this sets up remote grants for use with detached db
+    if $primary_controller {
+      # We do not need to create users on all controllers as
+      # whole /var/lib/mysql will be transferred during SST
+      # Also this leads to split brain as MyISAM tables are got diverged
      class { '::osnailyfacter::mysql_user_access':
        db_user          => 'root',
-      db_password_hash => mysql_password($mysql_database_password),
+        db_password_hash => mysql_password($mysql_root_password),
        access_networks  => $access_networks,
+        require          => Class['::osnailyfacter::mysql_access'],
+      }
    }
-
-    Class['::galera'] ->
-      Class['::osnailyfacter::mysql_access'] ->
-        Class['::osnailyfacter::mysql_user_access']

    Class['::openstack::galera::status'] ->
      ::Osnailyfacter::Wait_for_backend['mysql']
--- a/tests/noop/spec/hosts/database/database_spec.rb
+++ b/tests/noop/spec/hosts/database/database_spec.rb
@ -156,12 +156,16 @@ describe manifest do
      )
    end

-    it 'should setup additional root grants from other hosts' do
+    it 'should setup additional root grants from other hosts only on primary controller' do
+      if primary_controller
        should contain_class('osnailyfacter::mysql_user_access').with(
          :db_user          => 'root',
          :db_password_hash => mysql_database_password_hash,
          :access_networks  => access_networks
        )
+      else
+        should_not contain_class('osnailyfacter::mysql_user_access')
+      end
    end

    it 'should remove package provided wsrep.cnf' do