openstack/tripleo-heat-templates
Code Issues Proposed changes

Move db::mysql into service_config_settings

Browse Source 
This patch movs the various db::mysql hiera settings into a
'mysql' specific service_config_settings section for each
service so that these will only get applied on the MySQL service
node. This follows a similar puppet-tripleo change where we
create the actual databases for all services locally on
the MySQL service node to avoid permission issues.

Change-Id: Ic0692b1f7aa8409699630ef3924c4be98ca6ffb2
Closes-bug: #1620595
Depends-On: I05cc0afa9373429a3197c194c3e8f784ae96de5f
Depends-On: I5e1ef2dc6de6f67d7c509e299855baec371f614d
This commit is contained in:
Dan Prince 2016-09-26 13:52:46 -04:00
parent 7c39f66d1c
commit 7ba5525207
23 changed files with 111 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
puppet/services/aodh-api.yaml
View File

@ -75,6 +75,6 @@ outputs:
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api

15
puppet/services/aodh-base.yaml
View File

@ -87,13 +87,6 @@ outputs:
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::db::mysql::user: aodh
aodh::db::mysql::password: {get_param: AodhPassword}
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
aodh::db::mysql::dbname: aodh
aodh::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
service_config_settings:
@ -104,3 +97,11 @@ outputs:
aodh::keystone::auth::password: {get_param: AodhPassword}
aodh::keystone::auth::region: {get_param: KeystoneRegion}
aodh::keystone::auth::tenant: 'service'
mysql:
aodh::db::mysql::user: aodh
aodh::db::mysql::password: {get_param: AodhPassword}
aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
aodh::db::mysql::dbname: aodh
aodh::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

2
puppet/services/ceilometer-api.yaml
View File

@ -78,6 +78,6 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api

15
puppet/services/ceilometer-base.yaml
View File

@ -101,7 +101,6 @@ outputs:
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::db::mysql::password: {get_param: CeilometerPassword}
ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
@ -111,12 +110,6 @@ outputs:
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
ceilometer::rabbit_port: {get_param: RabbitClientPort}
ceilometer::db::mysql::user: ceilometer
ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ceilometer::db::mysql::dbname: ceilometer
ceilometer::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
ceilometer::rabbit_heartbeat_timeout_threshold: 60
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
@ -129,3 +122,11 @@ outputs:
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
ceilometer::keystone::auth::tenant: 'service'
mysql:
ceilometer::db::mysql::password: {get_param: CeilometerPassword}
ceilometer::db::mysql::user: ceilometer
ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ceilometer::db::mysql::dbname: ceilometer
ceilometer::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

2
puppet/services/ceilometer-collector.yaml
View File

@ -55,5 +55,7 @@ outputs:
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::collector

8
puppet/services/cinder-api.yaml
View File

@ -101,3 +101,11 @@ outputs:
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
cinder::keystone::auth::password: {get_param: CinderPassword}
cinder::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
cinder::db::mysql::password: {get_param: CinderPassword}
cinder::db::mysql::user: cinder
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
cinder::db::mysql::dbname: cinder
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

7
puppet/services/cinder-base.yaml
View File

@ -60,18 +60,11 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/cinder'
cinder::db::mysql::password: {get_param: CinderPassword}
cinder::debug: {get_param: Debug}
cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
cinder::rabbit_userid: {get_param: RabbitUserName}
cinder::rabbit_password: {get_param: RabbitPassword}
cinder::rabbit_port: {get_param: RabbitClientPort}
cinder::db::mysql::user: cinder
cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
cinder::db::mysql::dbname: cinder
cinder::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
cinder::rabbit_heartbeat_timeout_threshold: 60
cinder::host: hostgroup
cinder::cron::db_purge::destination: '/dev/null'

1
puppet/services/glance-api.yaml
View File

@ -130,7 +130,6 @@ outputs:
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
glance::db::mysql::password: {get_param: GlancePassword}
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}

15
puppet/services/glance-registry.yaml
View File

@ -72,12 +72,6 @@ outputs:
glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
glance::db::mysql::user: glance
glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
glance::db::mysql::dbname: glance
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
tripleo.glance_registry.firewall_rules:
@ -93,3 +87,12 @@ outputs:
glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
service_config_settings:
mysql:
glance::db::mysql::password: {get_param: GlancePassword}
glance::db::mysql::user: glance
glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
glance::db::mysql::dbname: glance
glance::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

8
puppet/services/gnocchi-api.yaml
View File

@ -112,3 +112,11 @@ outputs:
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
mysql:
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::mysql::user: gnocchi
gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
gnocchi::db::mysql::dbname: gnocchi
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

7
puppet/services/gnocchi-base.yaml
View File

@ -66,7 +66,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
gnocchi::storage::coordination_url:
list_join:
@ -94,9 +93,3 @@ outputs:
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
gnocchi::statsd::flush_delay: 10
gnocchi::statsd::archive_policy_name: 'low'
gnocchi::db::mysql::user: gnocchi
gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
gnocchi::db::mysql::dbname: gnocchi
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

17
puppet/services/heat-engine.yaml
View File

@ -83,14 +83,7 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
heat::db::mysql::password: {get_param: HeatPassword}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::db::mysql::user: heat
heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
heat::db::mysql::dbname: heat
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
heat::engine::auth_encryption_key:
yaql:
expression: $.data.passwords.where($ != '').first()
@ -100,3 +93,13 @@ outputs:
- {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine
service_config_settings:
mysql:
heat::db::mysql::password: {get_param: HeatPassword}
heat::db::mysql::user: heat
heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
heat::db::mysql::dbname: heat
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

8
puppet/services/ironic-api.yaml
View File

@ -73,3 +73,11 @@ outputs:
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ironic::db::mysql::dbname: ironic
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

7
puppet/services/ironic-base.yaml
View File

@ -65,12 +65,5 @@ outputs:
ironic::rabbit_password: {get_param: RabbitPassword}
ironic::rabbit_port: {get_param: RabbitClientPort}
ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ironic::db::mysql::dbname: ironic
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::ironic

16
puppet/services/keystone.yaml
View File

@ -141,7 +141,6 @@ outputs:
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
keystone::debug: {get_param: Debug}
keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
@ -155,12 +154,6 @@ outputs:
keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
keystone::endpoint::region: {get_param: KeystoneRegion}
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
keystone::db::mysql::user: keystone
keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
keystone::db::mysql::dbname: keystone
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
keystone::rabbit_heartbeat_timeout_threshold: 60
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
@ -208,3 +201,12 @@ outputs:
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
service_config_settings:
mysql:
keystone::db::mysql::password: {get_param: AdminToken}
keystone::db::mysql::user: keystone
keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
keystone::db::mysql::dbname: keystone
keystone::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

8
puppet/services/manila-api.yaml
View File

@ -72,3 +72,11 @@ outputs:
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword}
manila::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
manila::db::mysql::password: {get_param: ManilaPassword}
manila::db::mysql::user: manila
manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
manila::db::mysql::dbname: manila
manila::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

6
puppet/services/manila-base.yaml
View File

@ -52,11 +52,5 @@ outputs:
manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
manila::rabbit_port: {get_param: RabbitClientPort}
manila::debug: {get_param: Debug}
manila::db::mysql::user: manila
manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
manila::db::mysql::dbname: manila
manila::db::database_db_max_retries: -1
manila::db::database_max_retries: -1
manila::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

1
puppet/services/manila-scheduler.yaml
View File

@ -54,7 +54,6 @@ outputs:
- manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
manila::compute::nova::nova_admin_tenant_name: 'service'
manila::db::mysql::password: {get_param: ManilaPassword}
manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}

15
puppet/services/neutron-api.yaml
View File

@ -145,13 +145,6 @@ outputs:
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
neutron::db::mysql::dbname: ovs_neutron
neutron::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
tripleo.neutron_server.firewall_rules:
'114 neutron server':
dport:
@ -179,3 +172,11 @@ outputs:
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
neutron::db::mysql::dbname: ovs_neutron
neutron::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

15
puppet/services/nova-api.yaml
View File

@ -115,3 +115,18 @@ outputs:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

26
puppet/services/nova-base.yaml
View File

@ -95,20 +95,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
@ -123,18 +109,6 @@ outputs:
nova::notify_on_state_change: 'vm_and_task_state'
nova::notification_driver: messagingv2
nova::network::neutron::neutron_auth_type: 'v3password'
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
nova::db::mysql_api::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}

8
puppet/services/sahara-api.yaml
View File

@ -82,3 +82,11 @@ outputs:
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara::keystone::auth::password: {get_param: SaharaPassword }
sahara::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
sahara::db::mysql::password: {get_param: SaharaPassword}
sahara::db::mysql::user: sahara
sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
sahara::db::mysql::dbname: sahara
sahara::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"

7
puppet/services/sahara-base.yaml
View File

@ -60,13 +60,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/sahara'
sahara::db::mysql::password: {get_param: SaharaPassword}
sahara::db::mysql::user: sahara
sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
sahara::db::mysql::dbname: sahara
sahara::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}