Move database creation into role

There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'keystone_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable keystone_galera_address which
has been used for a long time, but never documented.

Change-Id: I2e4ca01a849a907558caec2dc05aa0b7ae009333

defaults/main.yml

@@ -92,10 +92,12 @@ keystone_resource_driver: sql
 keystone_bind_address: 0.0.0.0
 
 ## Database info
-keystone_database_connection_string: >-
-  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
+keystone_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+keystone_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 keystone_galera_user: keystone
 keystone_galera_database: keystone
+keystone_database_connection_string: >-
+  mysql+pymysql://{{ keystone_galera_user }}:{{ keystone_container_mysql_password }}@{{ keystone_galera_address }}/{{ keystone_galera_database }}?charset=utf8{% if keystone_galera_use_ssl | bool %}&ssl_ca={{ keystone_galera_ssl_ca_cert }}{% endif %}
 ## Database SSL
 keystone_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 keystone_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

examples/playbook.yml

@@ -1,59 +1,36 @@
 ---
-    - name: Installation and setup of Keystone
-      hosts: keystone_all
-      user: root
-      pre_tasks:
-        - name: Create DB for service
-          mysql_db:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            state: "present"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-        - name: Grant access to the DB for the service
-          mysql_user:
-            login_user: "root"
-            login_password: "secrete"
-            login_host: "localhost"
-            name: "{{ keystone_galera_database }}"
-            password: "{{ keystone_container_mysql_password }}"
-            host: "{{ item }}"
-            state: "present"
-            priv: "{{ keystone_galera_database }}.*:ALL"
-          with_items:
-            - "localhost"
-            - "%"
-          delegate_to: "{{ keystone_galera_address }}"
-          when: inventory_hostname == groups['keystone_all'][0]
-          no_log: true
-      roles:
-        - { role: "os_keystone", tags: [ "os-keystone" ] }
-      vars:
-        external_lb_vip_address: 10.100.100.102
-        internal_lb_vip_address: 10.100.100.102
-        keystone_galera_address: 10.100.100.101
-        keystone_galera_database: keystone
-        keystone_venv_tag: "testing"
-        keystone_developer_mode: true
-        keystone_git_install_branch: master
-        keystone_auth_admin_password: "SuperSecretePassword"
-        keystone_service_password: "secrete"
-        keystone_oslomsg_rpc_password: "secrete"
-        keystone_oslomsg_notify_password: "secrete"
-        keystone_container_mysql_password: "SuperSecrete"
-        keystone_oslomsg_rpc_transport: rabbit
-        keystone_oslomsg_rpc_servers: 10.100.100.101
-        keystone_oslomsg_rpc_port: 5671
-        keystone_oslomsg_rpc_use_ssl: true
-        keystone_oslomsg_rpc_userid: keystone
-        keystone_oslomsg_rpc_vhost: /keystone
-        keystone_oslomsg_notify_transport: rabbit
-        keystone_oslomsg_notify_servers: 10.100.100.101
-        keystone_oslomsg_notify_port: 5671
-        keystone_oslomsg_notify_use_ssl: true
-        keystone_oslomsg_notify_userid: keystone
-        keystone_oslomsg_notify_vhost: /keystone
-        galera_client_drop_config_file: false
+- name: Installation and setup of Keystone
+  hosts: keystone_all
+  user: root
+  roles:
+    - { role: "os_keystone", tags: [ "os-keystone" ] }
+  vars:
+    external_lb_vip_address: 10.100.100.102
+    internal_lb_vip_address: 10.100.100.102
+    keystone_galera_address: 10.100.100.101
+    keystone_galera_database: keystone
+    keystone_venv_tag: "testing"
+    keystone_developer_mode: true
+    keystone_git_install_branch: master
+    keystone_auth_admin_password: "SuperSecretePassword"
+    keystone_service_password: "secrete"
+    keystone_oslomsg_rpc_password: "secrete"
+    keystone_oslomsg_notify_password: "secrete"
+    keystone_container_mysql_password: "SuperSecrete"
+    keystone_oslomsg_rpc_transport: rabbit
+    keystone_oslomsg_rpc_servers: 10.100.100.101
+    keystone_oslomsg_rpc_port: 5671
+    keystone_oslomsg_rpc_use_ssl: true
+    keystone_oslomsg_rpc_userid: keystone
+    keystone_oslomsg_rpc_vhost: /keystone
+    keystone_oslomsg_notify_transport: rabbit
+    keystone_oslomsg_notify_servers: 10.100.100.101
+    keystone_oslomsg_notify_port: 5671
+    keystone_oslomsg_notify_use_ssl: true
+    keystone_oslomsg_notify_userid: keystone
+    keystone_oslomsg_notify_vhost: /keystone
+    galera_client_drop_config_file: false
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"

tasks/keystone_db_setup.yml

@@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_database }}"
+    state: "present"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ keystone_galera_address }}"
+    name: "{{ keystone_galera_user }}"
+    password: "{{ keystone_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ keystone_galera_database }}.*:ALL"
+  delegate_to: "{{ keystone_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Check current state of Keystone DB
   command: "{{ keystone_bin }}/keystone-manage db_sync --check"
   become: yes