puppet-keystone/manifests/db/mysql.pp

#
# implements mysql backend for keystone
#
# This class can be used to create tables, users and grant
# privelege for a mysql keystone database.
#
# == parameters
#
# [password] Password that will be used for the keystone db user.
#   Optional. Defaults to: 'keystone_default_password'
#
# [dbname] Name of keystone database. Optional. Defaults to keystone.
#
# [user] Name of keystone user. Optional. Defaults to keystone.
#
# [host] Host where user should be allowed all priveleges for database.
# Optional. Defaults to 127.0.0.1.
#
# [allowed_hosts] Hosts allowed to use the database
#
#   [*mysql_module*]
#   (optional) The mysql puppet module version to use
#   Tested versions include 0.9 and 2.2
#   Default to '0.9'
#
# == Dependencies
#   Class['mysql::server']
#
# == Examples
# == Authors
#
#   Dan Bode dan@puppetlabs.com
#
# == Copyright
#
# Copyright 2012 Puppetlabs Inc, unless otherwise noted.
#
class keystone::db::mysql(
  $password,
  $dbname        = 'keystone',
  $user          = 'keystone',
  $host          = '127.0.0.1',
  $charset       = 'latin1',
  $collate       = 'latin1_swedish_ci',
  $mysql_module  = '0.9',
  $allowed_hosts = undef
) {

  Class['keystone::db::mysql'] -> Exec<| title == 'keystone-manage db_sync' |>
  Class['keystone::db::mysql'] -> Service<| title == 'keystone' |>
  Mysql::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>

  if ($mysql_module >= 2.2) {
    mysql::db { $dbname:
      user     => $user,
      password => $password,
      host     => $host,
      charset  => $charset,
      collate  => $collate,
      require  => Service['mysql'],
    }
  } else {
    require mysql::python

    mysql::db { $dbname:
      user     => $user,
      password => $password,
      host     => $host,
      charset  => $charset,
      require  => Class['mysql::config'],
    }
  }

  # Check allowed_hosts to avoid duplicate resource declarations
  if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {
    $real_allowed_hosts = delete($allowed_hosts,$host)
  } elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {
    $real_allowed_hosts = $allowed_hosts
  }

  if $real_allowed_hosts {
    keystone::db::mysql::host_access { $real_allowed_hosts:
      user          => $user,
      password      => $password,
      database      => $dbname,
      mysql_module  => $mysql_module,
    }

    Keystone::Db::Mysql::Host_access[$real_allowed_hosts] -> Exec<| title == 'keystone-manage db_sync' |>

  }

}
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`#`
			`# implements mysql backend for keystone`
			`#`
Add inline docs and comments 2012-04-06 15:48:05 -07:00			`# This class can be used to create tables, users and grant`
			`# privelege for a mysql keystone database.`
			`#`
Updates modules documentation. 2012-10-31 12:33:09 -07:00			`# == parameters`
Add inline docs and comments 2012-04-06 15:48:05 -07:00			`#`
			`# [password] Password that will be used for the keystone db user.`
			`# Optional. Defaults to: 'keystone_default_password'`
			`#`
			`# [dbname] Name of keystone database. Optional. Defaults to keystone.`
			`#`
Update default db username to keystone The current default db username for keystone is keystone_admin. This is inconsistent with the default db username for every other service which use the same name as the name of the service. The documented installation instruction for keystone also use keystone as the database user. This commit updates the default to use keystone instead of keyston_admin. Change-Id: I1cfaf3fbbc691ff9dbef415b69492f9f965dc113 2013-09-10 22:54:49 -07:00			`# [user] Name of keystone user. Optional. Defaults to keystone.`
Add inline docs and comments 2012-04-06 15:48:05 -07:00			`#`
			`# [host] Host where user should be allowed all priveleges for database.`
			`# Optional. Defaults to 127.0.0.1.`
			`#`
Allow the database to be on another host Without any keystone package Handling allowed_hosts 2012-04-17 17:16:48 +02:00			`# [allowed_hosts] Hosts allowed to use the database`
Add inline docs and comments 2012-04-06 15:48:05 -07:00			`#`
Add support for puppetlabs-mysql 2.2 Puppetlabs-mysql has been rewritten to be much cleaner. This patch adds a new parameter for the keystone mysql and init classes allowing users to use the new version. Previous behavior will continue as normal when using the old version (0.9) Change-Id: Idf7c46d9aab8db7cca7d8377431c60b24ae4c9c6 Closes-bug: #1266241 2014-02-26 22:31:47 +11:00			`# [mysql_module]`
			`# (optional) The mysql puppet module version to use`
			`# Tested versions include 0.9 and 2.2`
			`# Default to '0.9'`
			`#`
Add inline docs and comments 2012-04-06 15:48:05 -07:00			`# == Dependencies`
			`# Class['mysql::server']`
			`#`
			`# == Examples`
			`# == Authors`
			`#`
			`# Dan Bode dan@puppetlabs.com`
			`#`
			`# == Copyright`
			`#`
			`# Copyright 2012 Puppetlabs Inc, unless otherwise noted.`
			`#`
Move mysql to db::mysql Since keystone can use different databases, it makes sense to move the mysql classes to db::mysql. This way there is a clear standard for where other DB implementations should be located. This commit moves keystone::mysql to keystone::db::mysql and keystone::mysql::access to keystone::db::mysql::host_access. 2012-04-21 21:52:11 -07:00			`class keystone::db::mysql(`
unset password defaults. setting passwords by default in the keystone manifest is a potential security risk. This commit unsets them to force users to set their own. 2012-10-14 11:51:45 -07:00			`$password,`
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`$dbname = 'keystone',`
Update default db username to keystone The current default db username for keystone is keystone_admin. This is inconsistent with the default db username for every other service which use the same name as the name of the service. The documented installation instruction for keystone also use keystone as the database user. This commit updates the default to use keystone instead of keyston_admin. Change-Id: I1cfaf3fbbc691ff9dbef415b69492f9f965dc113 2013-09-10 22:54:49 -07:00			`$user = 'keystone',`
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`$host = '127.0.0.1',`
Allow override of mysql charset. 2012-05-16 09:31:37 -05:00			`$charset = 'latin1',`
Add support for puppetlabs-mysql 2.2 Puppetlabs-mysql has been rewritten to be much cleaner. This patch adds a new parameter for the keystone mysql and init classes allowing users to use the new version. Previous behavior will continue as normal when using the old version (0.9) Change-Id: Idf7c46d9aab8db7cca7d8377431c60b24ae4c9c6 Closes-bug: #1266241 2014-02-26 22:31:47 +11:00			`$collate = 'latin1_swedish_ci',`
			`$mysql_module = '0.9',`
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`$allowed_hosts = undef`
			`) {`

Various Puppet lint fixes * Fixes following warnings: * indentation of => is not properly aligned * string containing only a variable * Fixes following errors: * tab character found * two-space soft tabs not used * Remove quotes around class in include/require statements Change-Id: I7e17d9153d413792e32f9d7c430dfbd37852ba51 2013-07-01 17:03:01 -04:00			`Class['keystone::db::mysql'] -> Exec<\| title == 'keystone-manage db_sync' \|>`
Move mysql to db::mysql Since keystone can use different databases, it makes sense to move the mysql classes to db::mysql. This way there is a clear standard for where other DB implementations should be located. This commit moves keystone::mysql to keystone::db::mysql and keystone::mysql::access to keystone::db::mysql::host_access. 2012-04-21 21:52:11 -07:00			`Class['keystone::db::mysql'] -> Service<\| title == 'keystone' \|>`
minor style refactor move reps to top of manifest 2012-10-14 11:52:08 -07:00			`Mysql::Db[$dbname] ~> Exec<\| title == 'keystone-manage db_sync' \|>`
Ensure that Mysql is installed before service is started. This commit creates a conditional dependency that the keystone db should be setup before the service is started. 2012-04-09 23:43:27 -07:00
Add support for puppetlabs-mysql 2.2 Puppetlabs-mysql has been rewritten to be much cleaner. This patch adds a new parameter for the keystone mysql and init classes allowing users to use the new version. Previous behavior will continue as normal when using the old version (0.9) Change-Id: Idf7c46d9aab8db7cca7d8377431c60b24ae4c9c6 Closes-bug: #1266241 2014-02-26 22:31:47 +11:00			`if ($mysql_module >= 2.2) {`
			`mysql::db { $dbname:`
			`user => $user,`
			`password => $password,`
			`host => $host,`
			`charset => $charset,`
			`collate => $collate,`
			`require => Service['mysql'],`
			`}`
			`} else {`
			`require mysql::python`
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00
Add support for puppetlabs-mysql 2.2 Puppetlabs-mysql has been rewritten to be much cleaner. This patch adds a new parameter for the keystone mysql and init classes allowing users to use the new version. Previous behavior will continue as normal when using the old version (0.9) Change-Id: Idf7c46d9aab8db7cca7d8377431c60b24ae4c9c6 Closes-bug: #1266241 2014-02-26 22:31:47 +11:00			`mysql::db { $dbname:`
			`user => $user,`
			`password => $password,`
			`host => $host,`
			`charset => $charset,`
			`require => Class['mysql::config'],`
			`}`
Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`}`

Update allowed_hosts conditional statement In the origin keystone::db::mysql, if the value of $allowed_hosts contains or equals to $host, then puppet will complain duplicate declaration error. This patch is aim to update the allowed_hosts conditonal statement in keystone::db::mysql. There are two cases to pass $allowed_hosts to $real_allowed_hosts: - If $allowed_hosts is array,then remove $host from $allowed_hosts; - elsif $allowed_hosts is string and not equivalent to $host; At last, if $real_allowed_hosts is not undef, then run keystone::db::mysql::host_access Fix bug 1206444 Change-Id: I8701aea9344a9151ce3d7ac8fa5792895a5aac6c 2013-07-30 18:03:22 +08:00			`# Check allowed_hosts to avoid duplicate resource declarations`
			`if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {`
			`$real_allowed_hosts = delete($allowed_hosts,$host)`
			`} elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {`
			`$real_allowed_hosts = $allowed_hosts`
			`}`

			`if $real_allowed_hosts {`
			`keystone::db::mysql::host_access { $real_allowed_hosts:`
Add support for puppetlabs-mysql 2.2 Puppetlabs-mysql has been rewritten to be much cleaner. This patch adds a new parameter for the keystone mysql and init classes allowing users to use the new version. Previous behavior will continue as normal when using the old version (0.9) Change-Id: Idf7c46d9aab8db7cca7d8377431c60b24ae4c9c6 Closes-bug: #1266241 2014-02-26 22:31:47 +11:00			`user => $user,`
			`password => $password,`
			`database => $dbname,`
			`mysql_module => $mysql_module,`
Allow the database to be on another host Without any keystone package Handling allowed_hosts 2012-04-17 17:16:48 +02:00			`}`
remove trailing whitespace Change-Id: I1982e0deac14a829daacbc64a1d89a2277e18a93 2013-05-08 14:13:17 -07:00
Use correct variable for host_access dependency The keystone::db::mysql resource declares resources using `$real_allowed_hosts` which is a copy of `$allowed_hosts` minus `$host`. But then it declares dependencies using `$allowed_hosts` which includes `$host` and will fail catalog compilation due to a missing dependency This bug only affects users if the value of `$host` is included in the array of `$allowed_hosts` Change-Id: Ifdd8793bcf36178efd1a083ee35649d56dc3d768 2014-03-26 17:46:01 -07:00			`Keystone::Db::Mysql::Host_access[$real_allowed_hosts] -> Exec<\| title == 'keystone-manage db_sync' \|>`
remove trailing whitespace Change-Id: I1982e0deac14a829daacbc64a1d89a2277e18a93 2013-05-08 14:13:17 -07:00
Fix Mysql support Previously, the mysql support for keystone was not completely working. This commit resolves the following issues: - Adds a define that can authorize db users. - Ensures that keystone-manage db_sync is called when db is created. - Ensure that keystone::mysql is only configured after the keystone class. 2012-04-05 23:53:18 -07:00			`}`

Add puppet manifests to support fragments This commit adds Puppet code to allow for keystone.conf to be composed of fragments. 2012-03-29 14:39:59 -07:00			`}`