Currently openstacklib only accepts password_hash instead of password
for db credentials, thus we should implement hashing process in each
modules, with including puppet-mysql and puppet-postgresql.
This patch migrates that hash generation to puppet-openstacklib, so
that all logics related to db is gathered in one module.
In addition, because postgresql_password function was deprecated in
favor of postgresql::postgresql_password in puppet-postgresql
6.5.0[1], this patch also deals with that deprecation.
[1] 700d2c5bb5
Change-Id: I898d31e88188bfd3476412a37f48fc918122a98a
MySQL users can be configured to require a specific authentication
method when connecting to the MySQL server, e.g. GSSAPI, SHA-256
or ed25519.
Expose a new attribute $plugin, that is passed to puppetlabs-mysql
When creating/updating a user in the MySQL database.
Change-Id: I1c7b40d110190eba861ed466d2644c2f1abbf7b0
Related-Bug: #1866093
This enables us to set several TLS requirements for the users created
by the host_access resource.
Change-Id: If550f184f85f8fdbc197fc9f930d4446de67090a
Previously if you wanted to use the openstack::db::mysql for to create a
database and use the same user for multiple databases, the catalog would
fail due to a duplicate mysql_user definition. This change adds the
ability to disable the user creation as well as the grant if the user
does not need it.
Change-Id: Id04a622cc900254fe60bc257a9e42d16c676bf40
Related-Bug: 1649341
This change updates the tests to use rspec-puppet-facts when doing
different OS testing. Additionally as part of this change, there are
improvements to the openstacklib::policycrd testing which uncovered
issues with the verify_contents catalog test. The verify_contents calls
have been replaced with heredocs to better test when multiple services
are excluded.
Change-Id: I86bae2b16026e15b6e4445f3749419b8802bc94d
This patch aim to update our specs test in order to work with the rspec-puppet
release 2.0.0, in the mean time, we update rspec syntax order to be prepared
for rspec 3.x move.
In details:
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of
puppetlabs_spec_helper)
Change-Id: Ice356e35a65204a62e47f49dd4f5816208a6dace
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
* Add tests for openstacklib::db::mysql::host_access
* Add tests for other overridable parameters in db::mysql
* Do not test implementation details of host_access from
within openstacklib::db::mysql tests.
Change-Id: Ifcf3820a575f932313a62b9d294ebd92a5055cf5
Improve logic to be able to reuse host_access for both the initial
mysql user/grant and the additional ones for allowed_hosts.
Change-Id: Ia42833a99ee0fab41a571cccaeb31f740176fce3
The openstacklib::db::mysql resource is a library resource that can be used by
nova, cinder, ceilometer, etc., rather than replicating equivalent
functionality across all of these modules.
This resource reimplements most of the functionality of the puppetlabs
mysql::db resource. The primary purpose of writing this code from scratch
rather than using the mysql::db resource is to allow the use of a password
hash rather than a plaintext password as a parameter. Other differences from
the mysql::db implementation are:
* It does not have an ensure parameter, we will assume the db should be present
* It does not accept and execute arbitrary SQL because the db sync exec manages
the state of the db
* It does not use ensure_resource because the database and user should only be
created from within this resource and creating them elsewhere should be an
error
Implements: blueprint commmon-openstack-database-resource
Change-Id: I76bd93d1579179932d1f48cea4bb80a2576a7fba
