From 9653ed70a721c211729689f763660d31a16a2c4f Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Fri, 1 Jun 2018 17:25:04 +0100
Subject: [PATCH] Move database creation into role

There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'keystone_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable keystone_galera_address which
has been used for a long time, but never documented.

Change-Id: I2e4ca01a849a907558caec2dc05aa0b7ae009333
---
 defaults/main.yml           |  6 ++-
 examples/playbook.yml       | 93 ++++++++++++++-----------------------
 tasks/keystone_db_setup.yml | 26 +++++++++++
 3 files changed, 65 insertions(+), 60 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a9153184..95a5b18e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -92,10 +92,12 @@ keystone_resource_driver: sql
 keystone_bind_address: 0.0.0.0
 
 ## Database info
-keystone_database_connection_string: >-
-  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
+keystone_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+keystone_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 keystone_galera_user: keystone
 keystone_galera_database: keystone
+keystone_database_connection_string: >-
+  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
 ## Database SSL
 keystone_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 keystone_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
diff --git a/examples/playbook.yml b/examples/playbook.yml
index c3ae817c..203595d1 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -1,59 +1,36 @@
 ---
-    - name: Installation and setup of Keystone
-      hosts: keystone_all
-      user: root
-      pre_tasks:
-        - name: Create DB for service
-          mysql_db:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            state: "present"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-        - name: Grant access to the DB for the service
-          mysql_user:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            password: "{{ keystone_container_mysql_password }}"
-            host: "{{ item }}"
-            state: "present"
-            priv: "{{ keystone_galera_database }}.*:ALL"
-          with_items:
-            - "localhost"
-            - "%"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-      roles:
-        - { role: "os_keystone", tags: [ "os-keystone" ] }
-      vars:
-        external_lb_vip_address: 10.100.100.102
-        internal_lb_vip_address: 10.100.100.102
-        keystone_galera_address: 10.100.100.101
-        keystone_galera_database: keystone
-        keystone_venv_tag: "testing"
-        keystone_developer_mode: true
-        keystone_git_install_branch: master
-        keystone_auth_admin_password: "SuperSecretePassword"
-        keystone_service_password: "secrete"
-        keystone_oslomsg_rpc_password: "secrete"
-        keystone_oslomsg_notify_password: "secrete"
-        keystone_container_mysql_password: "SuperSecrete"
-        keystone_oslomsg_rpc_transport: rabbit
-        keystone_oslomsg_rpc_servers: 10.100.100.101
-        keystone_oslomsg_rpc_port: 5671
-        keystone_oslomsg_rpc_use_ssl: true
-        keystone_oslomsg_rpc_userid: keystone
-        keystone_oslomsg_rpc_vhost: /keystone
-        keystone_oslomsg_notify_transport: rabbit
-        keystone_oslomsg_notify_servers: 10.100.100.101
-        keystone_oslomsg_notify_port: 5671
-        keystone_oslomsg_notify_use_ssl: true
-        keystone_oslomsg_notify_userid: keystone
-        keystone_oslomsg_notify_vhost: /keystone
-        galera_client_drop_config_file: false
+- name: Installation and setup of Keystone
+  hosts: keystone_all
+  user: root
+  roles:
+    - { role: "os_keystone", tags: [ "os-keystone" ] }
+  vars:
+    external_lb_vip_address: 10.100.100.102
+    internal_lb_vip_address: 10.100.100.102
+    keystone_galera_address: 10.100.100.101
+    keystone_galera_database: keystone
+    keystone_venv_tag: "testing"
+    keystone_developer_mode: true
+    keystone_git_install_branch: master
+    keystone_auth_admin_password: "SuperSecretePassword"
+    keystone_service_password: "secrete"
+    keystone_oslomsg_rpc_password: "secrete"
+    keystone_oslomsg_notify_password: "secrete"
+    keystone_container_mysql_password: "SuperSecrete"
+    keystone_oslomsg_rpc_transport: rabbit
+    keystone_oslomsg_rpc_servers: 10.100.100.101
+    keystone_oslomsg_rpc_port: 5671
+    keystone_oslomsg_rpc_use_ssl: true
+    keystone_oslomsg_rpc_userid: keystone
+    keystone_oslomsg_rpc_vhost: /keystone
+    keystone_oslomsg_notify_transport: rabbit
+    keystone_oslomsg_notify_servers: 10.100.100.101
+    keystone_oslomsg_notify_port: 5671
+    keystone_oslomsg_notify_use_ssl: true
+    keystone_oslomsg_notify_userid: keystone
+    keystone_oslomsg_notify_vhost: /keystone
+    galera_client_drop_config_file: false
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
diff --git a/tasks/keystone_db_setup.yml b/tasks/keystone_db_setup.yml
index 8d655642..80f91710 100644
--- a/tasks/keystone_db_setup.yml
+++ b/tasks/keystone_db_setup.yml
@@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_database }}"
+    state: "present"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_user }}"
+    password: "{{ keystone_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ keystone_galera_database }}.*:ALL"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Check current state of Keystone DB
   command: "{{ keystone_bin }}/keystone-manage db_sync --check"
   become: yes