Move database creation into role

There is no record for why we implement the database creation outside of the role in the playbook, when we could do it inside the role. Implementing it inside the role allows us to reduce the quantity of group_vars duplicated from the role, and allows us to better document the required variables in the role. The delegation can still be done as it is done in the playbook too. In this patch we implement a new variable called 'barbican_db_setup_host' which is used in the role to allow delegation of the database setup task to any host, but defaults to the first member of the galera_all host group. We also document the variable barbican_galera_address which has been used for a long time, but never documented. Change-Id: I6257a172cf52e61cb8219f3698c17821270c3ffb
2018-06-12 19:30:39 +01:00 · 2018-06-12 19:30:39 +01:00 · 33d5e31717
parent d2b93e12f5
commit 33d5e31717
4 changed files with 43 additions and 35 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -91,6 +91,8 @@ barbican_venv_download: "{{ not barbican_developer_mode | bool }}"
 barbican_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/barbican.tgz

 # Database vars
+barbican_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+barbican_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 barbican_galera_database: barbican
 barbican_galera_user: barbican
 barbican_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -4,12 +4,16 @@
  roles:
   - role: "os_barbican"
  vars:
-   external_lb_vip_address: 172.16.24.1
-   internal_lb_vip_address: 192.168.0.1
-   barbican_galera_address: "{{ internal_lb_vip_address }}"
-   barbican_service_password: SuperSecretePassword1
-   barbican_galera_password: SuperSecretePassword2
-   barbican_rabbitmq_password: SuperSecretePassword3
-   keystone_admin_user_name: admin
-   keystone_auth_admin_password: SuperSecretePassword4
-   keystone_admin_tenant_name: admin
+    external_lb_vip_address: 172.16.24.1
+    internal_lb_vip_address: 192.168.0.1
+    barbican_galera_address: "{{ internal_lb_vip_address }}"
+    barbican_service_password: SuperSecretePassword1
+    barbican_galera_password: SuperSecretePassword2
+    barbican_rabbitmq_password: SuperSecretePassword3
+    keystone_admin_user_name: admin
+    keystone_auth_admin_password: SuperSecretePassword4
+    keystone_admin_tenant_name: admin
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
--- a/tasks/barbican_db_setup.yml
+++ b/tasks/barbican_db_setup.yml
@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ barbican_galera_address }}"
+    name: "{{ barbican_galera_database }}"
+    state: "present"
+  delegate_to: "{{ barbican_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ barbican_galera_address }}"
+    name: "{{ barbican_galera_user }}"
+    password: "{{ barbican_galera_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ barbican_galera_database }}.*:ALL"
+  delegate_to: "{{ barbican_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Perform a synchronization of the Barbican database
  command: "{{ barbican_bin }}/barbican-manage db upgrade"
  become: yes
--- a/tests/test-install-barbican.yml
+++ b/tests/test-install-barbican.yml
@ -24,6 +24,7 @@
        state: "present"
      delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}"
      when: inventory_hostname == groups['barbican_all'][0]
+
    - name: Ensure rabbitmq user
      rabbitmq_user:
        user: "{{ barbican_rabbitmq_userid }}"
@ -36,32 +37,7 @@
      delegate_to: "{{ hostvars[groups['rabbitmq_all'][0]]['ansible_host'] }}"
      when: inventory_hostname == groups['barbican_all'][0]
      no_log: true
-    - name: Create DB for service
-      mysql_db:
-        login_user: "root"
-        login_password: "secrete"
-        login_host: "localhost"
-        name: "{{ barbican_galera_database }}"
-        state: "present"
-      delegate_to: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
-      when: inventory_hostname == groups['barbican_all'][0]
-      no_log: true
-    - name: Grant access to the DB for the service
-      mysql_user:
-        login_user: "root"
-        login_password: "secrete"
-        login_host: "localhost"
-        name: "{{ barbican_galera_database }}"
-        password: "{{ barbican_galera_password }}"
-        host: "{{ item }}"
-        state: "present"
-        priv: "{{ barbican_galera_database }}.*:ALL"
-      with_items:
-        - "localhost"
-        - "%"
-      delegate_to: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
-      when: inventory_hostname == groups['barbican_all'][0]
-      no_log: true
+
  roles:
    - role: "os_barbican"
  vars_files: