Move database creation into role

There is no record for why we implement the database creation outside of the role in the playbook, when we could do it inside the role. Implementing it inside the role allows us to reduce the quantity of group_vars duplicated from the role, and allows us to better document the required variables in the role. The delegation can still be done as it is done in the playbook too. In this patch we implement a new variable called 'keystone_db_setup_host' which is used in the role to allow delegation of the database setup task to any host, but defaults to the first member of the galera_all host group. We also document the variable keystone_galera_address which has been used for a long time, but never documented. Change-Id: I2e4ca01a849a907558caec2dc05aa0b7ae009333
2018-06-01 17:25:04 +01:00 · 2018-06-01 17:25:04 +01:00 · 9653ed70a7
parent 7b165f69f4
commit 9653ed70a7
3 changed files with 65 additions and 60 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -92,10 +92,12 @@ keystone_resource_driver: sql
 keystone_bind_address: 0.0.0.0

 ## Database info
-keystone_database_connection_string: >-
-  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
+keystone_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+keystone_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 keystone_galera_user: keystone
 keystone_galera_database: keystone
+keystone_database_connection_string: >-
+  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
 ## Database SSL
 keystone_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 keystone_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -1,59 +1,36 @@
 ---
-    - name: Installation and setup of Keystone
-      hosts: keystone_all
-      user: root
-      pre_tasks:
-        - name: Create DB for service
-          mysql_db:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            state: "present"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-        - name: Grant access to the DB for the service
-          mysql_user:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            password: "{{ keystone_container_mysql_password }}"
-            host: "{{ item }}"
-            state: "present"
-            priv: "{{ keystone_galera_database }}.*:ALL"
-          with_items:
-            - "localhost"
-            - "%"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-      roles:
-        - { role: "os_keystone", tags: [ "os-keystone" ] }
-      vars:
-        external_lb_vip_address: 10.100.100.102
-        internal_lb_vip_address: 10.100.100.102
-        keystone_galera_address: 10.100.100.101
-        keystone_galera_database: keystone
-        keystone_venv_tag: "testing"
-        keystone_developer_mode: true
-        keystone_git_install_branch: master
-        keystone_auth_admin_password: "SuperSecretePassword"
-        keystone_service_password: "secrete"
-        keystone_oslomsg_rpc_password: "secrete"
-        keystone_oslomsg_notify_password: "secrete"
-        keystone_container_mysql_password: "SuperSecrete"
-        keystone_oslomsg_rpc_transport: rabbit
-        keystone_oslomsg_rpc_servers: 10.100.100.101
-        keystone_oslomsg_rpc_port: 5671
-        keystone_oslomsg_rpc_use_ssl: true
-        keystone_oslomsg_rpc_userid: keystone
-        keystone_oslomsg_rpc_vhost: /keystone
-        keystone_oslomsg_notify_transport: rabbit
-        keystone_oslomsg_notify_servers: 10.100.100.101
-        keystone_oslomsg_notify_port: 5671
-        keystone_oslomsg_notify_use_ssl: true
-        keystone_oslomsg_notify_userid: keystone
-        keystone_oslomsg_notify_vhost: /keystone
-        galera_client_drop_config_file: false
+- name: Installation and setup of Keystone
+  hosts: keystone_all
+  user: root
+  roles:
+    - { role: "os_keystone", tags: [ "os-keystone" ] }
+  vars:
+    external_lb_vip_address: 10.100.100.102
+    internal_lb_vip_address: 10.100.100.102
+    keystone_galera_address: 10.100.100.101
+    keystone_galera_database: keystone
+    keystone_venv_tag: "testing"
+    keystone_developer_mode: true
+    keystone_git_install_branch: master
+    keystone_auth_admin_password: "SuperSecretePassword"
+    keystone_service_password: "secrete"
+    keystone_oslomsg_rpc_password: "secrete"
+    keystone_oslomsg_notify_password: "secrete"
+    keystone_container_mysql_password: "SuperSecrete"
+    keystone_oslomsg_rpc_transport: rabbit
+    keystone_oslomsg_rpc_servers: 10.100.100.101
+    keystone_oslomsg_rpc_port: 5671
+    keystone_oslomsg_rpc_use_ssl: true
+    keystone_oslomsg_rpc_userid: keystone
+    keystone_oslomsg_rpc_vhost: /keystone
+    keystone_oslomsg_notify_transport: rabbit
+    keystone_oslomsg_notify_servers: 10.100.100.101
+    keystone_oslomsg_notify_port: 5671
+    keystone_oslomsg_notify_use_ssl: true
+    keystone_oslomsg_notify_userid: keystone
+    keystone_oslomsg_notify_vhost: /keystone
+    galera_client_drop_config_file: false
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
--- a/tasks/keystone_db_setup.yml
+++ b/tasks/keystone_db_setup.yml
@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_database }}"
+    state: "present"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_user }}"
+    password: "{{ keystone_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ keystone_galera_database }}.*:ALL"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Check current state of Keystone DB
  command: "{{ keystone_bin }}/keystone-manage db_sync --check"
  become: yes