Add db::mysql and db::mysql::host_access to openstacklib

The db::mysql resource is a library resource that can be used by nova, cinder, ceilometer, etc., rather than replicating equivalent functionality across all of these modules. See https://review.openstack.org/#/c/104289 Change-Id: I76bd93d1579179932d1f48cea4bb80a2576a7fba
2014-07-07 14:03:47 -07:00 · 2014-07-07 14:03:47 -07:00 · 2434cab922
parent e72605f500
commit 2434cab922
2 changed files with 122 additions and 0 deletions
--- a/manifests/db/mysql.pp
+++ b/manifests/db/mysql.pp
@ -0,0 +1,85 @@
+# == Definition: openstacklib::db::mysql
+#
+# This resource configures a mysql database for an OpenStack service
+#
+# == Parameters:
+#
+#  [*dbname*]
+#    The name of the database
+#    string; optional; default to the $title of the resource, i.e. 'nova'
+#
+#  [*user*]
+#    The database user to create;
+#    string; optional; default to the $title of the resource, i.e. 'nova'
+#
+#  [*password_hash*]
+#    Password hash to use for the database user for this service;
+#    string; required
+#
+#  [*host*]
+#    The IP address or hostname of the user in mysql_grant;
+#    string; optional; default to '127.0.0.1'
+#
+#  [*charset*]
+#    The charset to use for the database;
+#    string; optional; default to 'utf8'
+#
+#  [*collate*]
+#    The collate to use for the database;
+#    string; optional; default to 'utf8_unicode_ci'
+#
+#  [*allowed_hosts*]
+#    Additional hosts that are allowed to access this database;
+#    array or string; optional; default to undef
+#
+#  [*grant*]
+#    Privileges given to the database user;
+#    string or array of strings; optional; default to 'ALL'
+
+define openstacklib::db::mysql (
+  $password_hash,
+  $user           = $title,
+  $dbname         = $title,
+  $host           = '127.0.0.1',
+  $charset        = 'utf8',
+  $collate        = 'utf8_unicode_ci',
+  $allowed_hosts  = undef,
+  $grant          = 'ALL',
+) {
+  mysql_database { $dbname:
+    ensure  => present,
+    charset => $charset,
+    collate => $collate,
+    require => [ Class['mysql::server'], Class['mysql::client'] ],
+  }
+
+  mysql_user { "${user}@${host}":
+    ensure        => present,
+    password_hash => $password_hash,
+    require       => Class['mysql::server'],
+  }
+
+  mysql_grant { "${user}@${host}/${dbname}.*":
+    privileges => $grant,
+    user       => "${user}@${host}",
+    table      => "${dbname}.*",
+    require    => [Mysql_database[$dbname], Mysql_user["${user}@${host}"], Class['mysql::server'] ],
+  }
+
+  # Check allowed_hosts to avoid duplicate resource declarations
+  if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {
+    $real_allowed_hosts = delete($allowed_hosts,$host)
+  } elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {
+    $real_allowed_hosts = $allowed_hosts
+  }
+
+  if $real_allowed_hosts {
+    openstacklib::db::mysql::host_access { $real_allowed_hosts:
+      user          => $user,
+      password_hash => $password_hash,
+      database      => $dbname,
+      grant         => $grant,
+    }
+  }
+
+}
--- a/manifests/db/mysql/host_access.pp
+++ b/manifests/db/mysql/host_access.pp
@ -0,0 +1,37 @@
+# Allow a user to access the database for the service
+#
+# == Namevar
+#  The host to allow
+#
+# == Parameters
+#  [*user*]
+#    username to allow
+#
+#  [*password_hash*]
+#    user password hash
+#
+#  [*database*]
+#    the database name
+#
+#  [*grant*]
+#    the privileges to grant to this user
+#
+define openstacklib::db::mysql::host_access (
+  $user,
+  $password_hash,
+  $database,
+  $grant,
+) {
+  mysql_user { "${user}@${title}":
+    password_hash => $password_hash,
+    require       => Mysql_database[$database],
+  }
+
+  mysql_grant { "${user}@${title}/${database}.*":
+    privileges => $grant,
+    options    => ['GRANT'],
+    table      => "${database}.*",
+    require    => Mysql_user["${user}@${name}"],
+    user       => "${user}@${name}",
+  }
+}