openstack/puppet-openstacklib
Code Issues Proposed changes
5ecdc92222
puppet-openstacklib/manifests/db/mysql.pp

91 lines
2.6 KiB
ObjectPascal
Raw Normal View History

Add db::mysql and db::mysql::host_access to openstacklib The openstacklib::db::mysql resource is a library resource that can be used by nova, cinder, ceilometer, etc., rather than replicating equivalent functionality across all of these modules. This resource reimplements most of the functionality of the puppetlabs mysql::db resource. The primary purpose of writing this code from scratch rather than using the mysql::db resource is to allow the use of a password hash rather than a plaintext password as a parameter. Other differences from the mysql::db implementation are: * It does not have an ensure parameter, we will assume the db should be present * It does not accept and execute arbitrary SQL because the db sync exec manages the state of the db * It does not use ensure_resource because the database and user should only be created from within this resource and creating them elsewhere should be an error Implements: blueprint commmon-openstack-database-resource Change-Id: I76bd93d1579179932d1f48cea4bb80a2576a7fba
2014-07-07 14:03:47 -07:00
# == Definition: openstacklib::db::mysql
#
# This resource configures a mysql database for an OpenStack service
#
# == Parameters:
#
# [*password_hash*]
# Password hash to use for the database user for this service;
# string; required
#
# [*dbname*]
# The name of the database
# string; optional; default to the $title of the resource, i.e. 'nova'
#
# [*user*]
# The database user to create;
# string; optional; default to the $title of the resource, i.e. 'nova'
#
# [*host*]
# The IP address or hostname of the user in mysql_grant;
# string; optional; default to '127.0.0.1'
#
# [*charset*]
# The charset to use for the database;
# string; optional; default to 'utf8'
#
# [*collate*]
# The collate to use for the database;
# string; optional; default to 'utf8_unicode_ci'
#
# [*allowed_hosts*]
# Additional hosts that are allowed to access this database;
# array or string; optional; default to undef
#
# [*privileges*]
# Privileges given to the database user;
# string or array of strings; optional; default to 'ALL'
define openstacklib::db::mysql (
$password_hash,
$dbname = $title,
$user = $title,
$host = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_unicode_ci',
$allowed_hosts = undef,
$privileges = 'ALL',
) {
include ::mysql::client
mysql_database { $dbname:
ensure => present,
charset => $charset,
collate => $collate,
require => [ Class['mysql::server'], Class['mysql::client'] ],
}
mysql_user { "${user}@${host}":
ensure => present,
password_hash => $password_hash,
require => Class['mysql::server'],
}
mysql_grant { "${user}@${host}/${dbname}.*":
privileges => $privileges,
user => "${user}@${host}",
table => "${dbname}.*",
require => [Mysql_database[$dbname], Mysql_user["${user}@${host}"], Class['mysql::server'] ],
}
# Check allowed_hosts to avoid duplicate resource declarations
if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {
$real_allowed_hosts = delete($allowed_hosts,$host)
$unique_real_allowed_hosts = prefix($real_allowed_hosts, "${dbname}_")
} elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {
$real_allowed_hosts = $allowed_hosts
$unique_real_allowed_hosts = "${dbname}_${real_allowed_hosts}"
}
if $real_allowed_hosts {
openstacklib::db::mysql::host_access { $unique_real_allowed_hosts:
user => $user,
password_hash => $password_hash,
database => $dbname,
privileges => $privileges,
}
}
}
Copy Permalink