Move database creation into role

There is no record for why we implement the database creation outside of the role in the playbook, when we could do it inside the role. Implementing it inside the role allows us to reduce the quantity of group_vars duplicated from the role, and allows us to better document the required variables in the role. The delegation can still be done as it is done in the playbook too. In this patch we implement a new variable called 'keystone_db_setup_host' which is used in the role to allow delegation of the database setup task to any host, but defaults to the first member of the galera_all host group. We also document the variable keystone_galera_address which has been used for a long time, but never documented. Change-Id: I2e4ca01a849a907558caec2dc05aa0b7ae009333
2018-06-01 17:25:04 +01:00 · 2018-06-01 17:25:04 +01:00 · 9653ed70a7
commit 9653ed70a7
parent 7b165f69f4
3 changed files with 65 additions and 60 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -92,10 +92,12 @@ keystone_resource_driver: sql
 keystone_bind_address: 0.0.0.0
 ## Database info
-keystone_database_connection_string: >-
+keystone_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
-  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
+keystone_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 keystone_galera_user: keystone
 keystone_galera_database: keystone
 keystone_database_connection_string: >-
  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
 ## Database SSL
 keystone_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 keystone_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -1,59 +1,36 @@
 ---
-    - name: Installation and setup of Keystone
+- name: Installation and setup of Keystone
-      hosts: keystone_all
+  hosts: keystone_all
-      user: root
+  user: root
-      pre_tasks:
+  roles:
-        - name: Create DB for service
+    - { role: "os_keystone", tags: [ "os-keystone" ] }
-          mysql_db:
+  vars:
-            login_user: "root"
+    external_lb_vip_address: 10.100.100.102
-            login_password: "secrete"
+    internal_lb_vip_address: 10.100.100.102
-            login_host: "localhost"
+    keystone_galera_address: 10.100.100.101
-            name: "{{ keystone_galera_database }}"
+    keystone_galera_database: keystone
-            state: "present"
+    keystone_venv_tag: "testing"
-          delegate_to: "{{ keystone_galera_address }}"
+    keystone_developer_mode: true
-          when: inventory_hostname == groups['keystone_all'][0]
+    keystone_git_install_branch: master
-          no_log: true
+    keystone_auth_admin_password: "SuperSecretePassword"
-        - name: Grant access to the DB for the service
+    keystone_service_password: "secrete"
-          mysql_user:
+    keystone_oslomsg_rpc_password: "secrete"
-            login_user: "root"
+    keystone_oslomsg_notify_password: "secrete"
-            login_password: "secrete"
+    keystone_container_mysql_password: "SuperSecrete"
-            login_host: "localhost"
+    keystone_oslomsg_rpc_transport: rabbit
-            name: "{{ keystone_galera_database }}"
+    keystone_oslomsg_rpc_servers: 10.100.100.101
-            password: "{{ keystone_container_mysql_password }}"
+    keystone_oslomsg_rpc_port: 5671
-            host: "{{ item }}"
+    keystone_oslomsg_rpc_use_ssl: true
-            state: "present"
+    keystone_oslomsg_rpc_userid: keystone
-            priv: "{{ keystone_galera_database }}.*:ALL"
+    keystone_oslomsg_rpc_vhost: /keystone
-          with_items:
+    keystone_oslomsg_notify_transport: rabbit
-            - "localhost"
+    keystone_oslomsg_notify_servers: 10.100.100.101
-            - "%"
+    keystone_oslomsg_notify_port: 5671
-          delegate_to: "{{ keystone_galera_address }}"
+    keystone_oslomsg_notify_use_ssl: true
-          when: inventory_hostname == groups['keystone_all'][0]
+    keystone_oslomsg_notify_userid: keystone
-          no_log: true
+    keystone_oslomsg_notify_vhost: /keystone
-      roles:
+    galera_client_drop_config_file: false
-        - { role: "os_keystone", tags: [ "os-keystone" ] }
+    galera_root_user: root
-      vars:
+  vars_prompt:
-        external_lb_vip_address: 10.100.100.102
+    - name: "galera_root_password"
-        internal_lb_vip_address: 10.100.100.102
+      prompt: "What is galera_root_password?"
        keystone_galera_address: 10.100.100.101
        keystone_galera_database: keystone
        keystone_venv_tag: "testing"
        keystone_developer_mode: true
        keystone_git_install_branch: master
        keystone_auth_admin_password: "SuperSecretePassword"
        keystone_service_password: "secrete"
        keystone_oslomsg_rpc_password: "secrete"
        keystone_oslomsg_notify_password: "secrete"
        keystone_container_mysql_password: "SuperSecrete"
        keystone_oslomsg_rpc_transport: rabbit
        keystone_oslomsg_rpc_servers: 10.100.100.101
        keystone_oslomsg_rpc_port: 5671
        keystone_oslomsg_rpc_use_ssl: true
        keystone_oslomsg_rpc_userid: keystone
        keystone_oslomsg_rpc_vhost: /keystone
        keystone_oslomsg_notify_transport: rabbit
        keystone_oslomsg_notify_servers: 10.100.100.101
        keystone_oslomsg_notify_port: 5671
        keystone_oslomsg_notify_use_ssl: true
        keystone_oslomsg_notify_userid: keystone
        keystone_oslomsg_notify_vhost: /keystone
        galera_client_drop_config_file: false
--- a/tasks/keystone_db_setup.yml
+++ b/tasks/keystone_db_setup.yml
@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - name: Create DB for service
  mysql_db:
    login_user: "{{ galera_root_user }}"
    login_password: "{{ galera_root_password }}"
    login_host: "{{ keystone_galera_address }}"
    name: "{{ keystone_galera_database }}"
    state: "present"
  delegate_to: "{{ keystone_db_setup_host }}"
  no_log: True
 - name: Grant access to the DB for the service
  mysql_user:
    login_user: "{{ galera_root_user }}"
    login_password: "{{ galera_root_password }}"
    login_host: "{{ keystone_galera_address }}"
    name: "{{ keystone_galera_user }}"
    password: "{{ keystone_container_mysql_password }}"
    host: "{{ item }}"
    state: "present"
    priv: "{{ keystone_galera_database }}.*:ALL"
  delegate_to: "{{ keystone_db_setup_host }}"
  with_items:
    - "localhost"
    - "%"
  no_log: True
 - name: Check current state of Keystone DB
  command: "{{ keystone_bin }}/keystone-manage db_sync --check"
  become: yes