From 5838bd0b3c12eed1514e59852564006f044f241b Mon Sep 17 00:00:00 2001
From: "Michal (inc0) Jastrzebski" <inc007@gmail.com>
Date: Thu, 9 Jun 2016 20:29:54 +0000
Subject: [PATCH] Enable kolla k8s to override bind api bind address in
 genconfig

It's good if k8s reuses ansible templates, but we need to abstract all
ansible specific variables to achieve that.

- Implements ansible override variable api_interface_address.
- Adds api_interface_address setting and comments to globals.yml
- Makes changes to mariadb templates to accept this new setting.
- Disabled Galera when api_interface_address==0.0.0.0 in the
  case of Kubernetes.  Otherwise, mariadb fails to start.
- Tested with and without setting to ensure kolla genconfig output
  does not change when setting is disabled or undefined.

Change-Id: Ia0e4951c327be01b717aebb86ef4c3a4e7ed170e
Partially-implements: blueprint api-interface-bind-address-override
Co-authored-by: David Wang <dcwangmit01@gmail.com>
Co-authored-by: Ryan Hallisey <rhallise@redhat.com>
Co-authored-by: Kevin Fox <kevin@efox.cc>
---
 ansible/group_vars/all.yml                      | 17 +++++++++++++++++
 ansible/roles/mariadb/templates/galera.cnf.j2   | 15 ++++++++++-----
 .../roles/mariadb/templates/wsrep-notify.sh.j2  |  2 +-
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index ed6b6c15f4..e5ff91e3be 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -19,6 +19,10 @@ node_config_directory: "/etc/kolla/{{ project }}"
 ###################
 # Kolla options
 ###################
+
+# Which orchestration engine to use. Valid options are [ ANSIBLE, KUBERNETES ]
+orchestration_engine: "ANSIBLE"
+
 # Valid options are [ COPY_ONCE, COPY_ALWAYS ]
 config_strategy: "COPY_ALWAYS"
 
@@ -39,6 +43,19 @@ kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
 
+
+####################
+# kolla-kubernetes
+####################
+# By default, Kolla API services bind to the network address assigned
+# to the api_interface.  Allow the bind address to be an override.  In
+# some cases (Kubernetes), the api_interface address is not known
+# until container runtime, and thus it is necessary to bind to all
+# interfaces "0.0.0.0".  When used outside of Kubernetes, binding to
+# all interfaces may present a security issue, and thus is not
+# recommended.
+api_interface_address:  "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}"
+
 ####################
 # Database options
 ####################
diff --git a/ansible/roles/mariadb/templates/galera.cnf.j2 b/ansible/roles/mariadb/templates/galera.cnf.j2
index 7ffcb26a05..3dcb5f8670 100644
--- a/ansible/roles/mariadb/templates/galera.cnf.j2
+++ b/ansible/roles/mariadb/templates/galera.cnf.j2
@@ -1,6 +1,11 @@
-{% set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro == 'ubuntu' else '/usr/lib64/galera/libgalera_smm.so' %}
+{%- set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro == 'ubuntu' else '/usr/lib64/galera/libgalera_smm.so' %}
+
+{#- Disable Galera in the case of of Kubernetes as its not supported yet.  Otherwise, #}
+{#- mariadb will fail to start #}
+{%- set wsrep_driver = 'none' if orchestration_engine == 'KUBERNETES' else wsrep_driver %}
+
 [mysqld]
-bind-address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind-address={{ api_interface_address }}
 port={{ mariadb_port }}
 
 log-error=/var/log/kolla/mariadb/mariadb.log
@@ -13,10 +18,10 @@ datadir=/var/lib/mysql/
 
 wsrep_cluster_address=gcomm://{% if (groups['mariadb'] | length) > 1 %}{% for host in groups['mariadb'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_wsrep_port }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
 
-wsrep_provider_options=gmcast.listen_addr=tcp://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_ist_port }}
+wsrep_provider_options=gmcast.listen_addr=tcp://{{ api_interface_address }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ api_interface_address }}:{{ mariadb_ist_port }}
 
-wsrep_node_address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_wsrep_port }}
-wsrep_sst_receive_address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_sst_port }}
+wsrep_node_address={{ api_interface_address }}:{{ mariadb_wsrep_port }}
+wsrep_sst_receive_address={{ api_interface_address }}:{{ mariadb_sst_port }}
 
 wsrep_provider={{ wsrep_driver }}
 wsrep_cluster_name="{{ database_cluster_name }}"
diff --git a/ansible/roles/mariadb/templates/wsrep-notify.sh.j2 b/ansible/roles/mariadb/templates/wsrep-notify.sh.j2
index babd29e86e..73acde3fe6 100644
--- a/ansible/roles/mariadb/templates/wsrep-notify.sh.j2
+++ b/ansible/roles/mariadb/templates/wsrep-notify.sh.j2
@@ -3,7 +3,7 @@
 # Edit parameters below to specify the address and login to server.
 USER={{ database_user }}
 PSWD={{ database_password }}
-HOST={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+HOST={{ api_interface_address }}
 PORT={{ mariadb_port }}
 LB_USER=haproxy