Browse Source

Remove password hash generation in each puppet modules

... and migrate it to openstacklib so that all logics about database
configuration are implemented in one common place.

Depends-on: https://review.opendev.org/#/c/728595/
Change-Id: I0f7d05983a6d8bc6808f8595bc9d94c6aa4f7800
changes/65/728665/9
Takashi Kajinami 1 year ago
parent
commit
c6b53de070
  1. 4
      manifests/db/mysql.pp
  2. 2
      manifests/db/mysql_api.pp
  3. 20
      manifests/db/postgresql.pp
  4. 10
      manifests/db/postgresql_api.pp
  5. 6
      metadata.json
  6. 26
      spec/classes/nova_db_mysql_api_spec.rb
  7. 38
      spec/classes/nova_db_mysql_spec.rb
  8. 12
      spec/classes/nova_db_postgresql_api_spec.rb
  9. 20
      spec/classes/nova_db_postgresql_spec.rb

4
manifests/db/mysql.pp

@ -51,7 +51,7 @@ class nova::db::mysql(
::openstacklib::db::mysql { 'nova':
user => $user,
password_hash => mysql::password($password),
password => $password,
dbname => $dbname,
host => $host,
charset => $charset,
@ -63,7 +63,7 @@ class nova::db::mysql(
# need for cell_v2
::openstacklib::db::mysql { 'nova_cell0':
user => $user,
password_hash => mysql::password($password),
password => $password,
dbname => "${dbname}_cell0",
host => $host,
charset => $charset,

2
manifests/db/mysql_api.pp

@ -45,7 +45,7 @@ class nova::db::mysql_api(
::openstacklib::db::mysql { 'nova_api':
user => $user,
password_hash => mysql::password($password),
password => $password,
dbname => $dbname,
host => $host,
charset => $charset,

20
manifests/db/postgresql.pp

@ -41,21 +41,21 @@ class nova::db::postgresql(
include nova::deps
::openstacklib::db::postgresql { 'nova':
password_hash => postgresql_password($user, $password),
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
password => $password,
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
}
if $setup_cell0 {
# need for cell_v2
::openstacklib::db::postgresql { 'nova_cell0':
password_hash => postgresql_password($user, $password),
dbname => "${dbname}_cell0",
user => $user,
encoding => $encoding,
privileges => $privileges,
password => $password,
dbname => "${dbname}_cell0",
user => $user,
encoding => $encoding,
privileges => $privileges,
}
}

10
manifests/db/postgresql_api.pp

@ -35,11 +35,11 @@ class nova::db::postgresql_api(
include nova::deps
::openstacklib::db::postgresql { 'nova_api':
password_hash => postgresql_password($user, $password),
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
password => $password,
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
}
Anchor['nova::db::begin']

6
metadata.json

@ -33,10 +33,6 @@
"name": "puppet/rabbitmq",
"version_requirement": ">=8.4.0 <11.0.0"
},
{
"name": "puppetlabs/mysql",
"version_requirement": ">=6.0.0 <11.0.0"
},
{
"name": "puppetlabs/stdlib",
"version_requirement": ">=5.0.0 <7.0.0"
@ -96,4 +92,4 @@
"source": "git://github.com/openstack/puppet-nova.git",
"summary": "Puppet module for OpenStack Nova",
"version": "17.0.0"
}
}

26
spec/classes/nova_db_mysql_api_spec.rb

@ -9,7 +9,7 @@ describe 'nova::db::mysql_api' do
end
let :required_params do
{ :password => "qwerty" }
{ :password => "novapass" }
end
context 'with only required params' do
@ -17,23 +17,21 @@ describe 'nova::db::mysql_api' do
required_params
end
it { is_expected.to contain_openstacklib__db__mysql('nova_api').with(
:user => 'nova_api',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:user => 'nova_api',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
)}
end
context 'overriding allowed_hosts param to array' do
let :params do
{ :password => 'novapass',
:allowed_hosts => ['127.0.0.1','%'],
}.merge(required_params)
{ :allowed_hosts => ['127.0.0.1','%'] }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova_api').with(
:user => 'nova_api',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:allowed_hosts => ['127.0.0.1','%'],
@ -42,14 +40,12 @@ describe 'nova::db::mysql_api' do
context 'overriding allowed_hosts param to string' do
let :params do
{ :password => 'novapass2',
:allowed_hosts => '192.168.1.1',
}.merge(required_params)
{ :allowed_hosts => '192.168.1.1' }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova_api').with(
:user => 'nova_api',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:allowed_hosts => '192.168.1.1',
@ -58,9 +54,7 @@ describe 'nova::db::mysql_api' do
context 'when overriding charset' do
let :params do
{ :password => 'novapass',
:charset => 'latin1',
}.merge(required_params)
{ :charset => 'latin1' }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova_api').with(

38
spec/classes/nova_db_mysql_spec.rb

@ -9,7 +9,7 @@ describe 'nova::db::mysql' do
end
let :required_params do
{ :password => "qwerty" }
{ :password => "novapass" }
end
context 'with only required params' do
@ -17,31 +17,29 @@ describe 'nova::db::mysql' do
required_params
end
it { is_expected.to contain_openstacklib__db__mysql('nova').with(
:user => 'nova',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:user => 'nova',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
)}
it { is_expected.to contain_openstacklib__db__mysql('nova_cell0').with(
:user => 'nova',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:create_user => false,
:user => 'nova',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:create_user => false,
)}
end
context 'overriding allowed_hosts param to array' do
let :params do
{ :password => 'novapass',
:allowed_hosts => ['127.0.0.1','%'],
}.merge(required_params)
{ :allowed_hosts => ['127.0.0.1','%'] }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova').with(
:user => 'nova',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:allowed_hosts => ['127.0.0.1','%'],
@ -50,14 +48,12 @@ describe 'nova::db::mysql' do
context 'overriding allowed_hosts param to string' do
let :params do
{ :password => 'novapass2',
:allowed_hosts => '192.168.1.1',
}.merge(required_params)
{ :allowed_hosts => '192.168.1.1' }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova').with(
:user => 'nova',
:password_hash => '*AA1420F182E88B9E5F874F6FBE7459291E8F4601',
:password => 'novapass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
:allowed_hosts => '192.168.1.1',
@ -66,9 +62,7 @@ describe 'nova::db::mysql' do
context 'when overriding charset' do
let :params do
{ :password => 'novapass',
:charset => 'latin1',
}.merge(required_params)
{ :charset => 'latin1' }.merge(required_params)
end
it { is_expected.to contain_openstacklib__db__mysql('nova').with(
@ -78,7 +72,7 @@ describe 'nova::db::mysql' do
context 'when disabling cell0 setup' do
let :params do
{ :setup_cell0 => false}.merge(required_params)
{ :setup_cell0 => false }.merge(required_params)
end
it { is_expected.to_not contain_openstacklib__db__mysql('nova_cell0') }

12
spec/classes/nova_db_postgresql_api_spec.rb

@ -4,7 +4,7 @@ describe 'nova::db::postgresql_api' do
shared_examples_for 'nova::db::postgresql' do
let :req_params do
{ :password => 'pw' }
{ :password => 'novapass' }
end
let :pre_condition do
@ -16,12 +16,14 @@ describe 'nova::db::postgresql_api' do
req_params
end
it { is_expected.to contain_postgresql__server__db('nova_api').with(
:user => 'nova_api',
:password => 'md581802bf81b206888b50950e640d70549'
it { is_expected.to contain_openstacklib__db__postgresql('nova_api').with(
:user => 'nova_api',
:password => 'novapass',
:dbname => 'nova_api',
:encoding => nil,
:privileges => 'ALL',
)}
end
end
on_supported_os({

20
spec/classes/nova_db_postgresql_spec.rb

@ -17,19 +17,19 @@ describe 'nova::db::postgresql' do
end
it { should contain_openstacklib__db__postgresql('nova').with(
:password_hash => 'md557ae0608fad632bf0155cb9502a6b454',
:dbname => 'nova',
:user => 'nova',
:encoding => nil,
:privileges => 'ALL',
:password => 'pw',
:dbname => 'nova',
:user => 'nova',
:encoding => nil,
:privileges => 'ALL',
)}
it { should contain_openstacklib__db__postgresql('nova_cell0').with(
:password_hash => 'md557ae0608fad632bf0155cb9502a6b454',
:dbname => 'nova_cell0',
:user => 'nova',
:encoding => nil,
:privileges => 'ALL',
:password => 'pw',
:dbname => 'nova_cell0',
:user => 'nova',
:encoding => nil,
:privileges => 'ALL',
)}
end

Loading…
Cancel
Save