heat_template_version: wallaby description: > MySQL service deployment using puppet parameters: #Parameters not used EndpointMap ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json MysqlMaxConnections: description: Configures MySQL max_connections config setting type: number default: 4096 MysqlIncreaseFileLimit: description: Flag to increase MySQL open-files-limit to 16384 type: boolean default: true MysqlRootPassword: type: string hidden: true default: '' MysqlClustercheckPassword: type: string hidden: true EnableGalera: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean EnableInternalTLS: type: boolean default: false EnableMysqlAuthEd25519: type: boolean description: Whether to configure MySQL users to connect to the server using the Ed25519-based client authentication. default: false MysqlIPv6: default: false description: Enable IPv6 in MySQL type: boolean MysqlInnodbBufferPoolSize: type: string description: Buffer pool size for MySQL database; this needs to be larger for at-scale deployments default: '1G' CertificateKeySize: type: string default: '2048' description: Specifies the private key size used when creating the certificate. MysqlCertificateKeySize: type: string default: '' description: Override the private key size used when creating the certificate for this service parameter_groups: - label: deprecated description: | The following parameters are deprecated and will be removed. They should not be relied on for new deployments. If you have concerns regarding deprecated parameters, please contact the TripleO development team on IRC or the OpenStack mailing list. parameters: - MysqlIPv6 - MysqlIncreaseFileLimit conditions: is_ipv6: equals: - {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - 6 innodb_buffer_pool_set: {not: {equals: [{get_param: MysqlInnodbBufferPoolSize}, '']}} key_size_override_set: not: {equals: [{get_param: MysqlCertificateKeySize}, '']} outputs: container_config_scripts: description: Shared docker config scripts value: mysql_upgrade_db.sh: mode: "0755" content: { get_file: ../../container_config_scripts/mysql_upgrade_db.sh } role_data: description: Service MySQL using composable services. value: service_name: mysql config_settings: # The Galera package should work in cluster and # non-cluster modes based on the config file. # We set the package name here explicitly so # that it matches what we pre-install # in tripleo-puppet-elements. mysql::server::package_name: 'mariadb-galera-server' mysql::server::manage_config_file: true mysql_ipv6: {if: [is_ipv6, true, false]} mysql_max_connections: {get_param: MysqlMaxConnections} mysql::server::root_password: {get_param: MysqlRootPassword} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} mysql_auth_ed25519: {get_param: EnableMysqlAuthEd25519} # NOTE: bind IP is found in hiera replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: str_replace: template: "%{lookup('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::bind_address: str_replace: template: "%{lookup('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::certificate_specs: if: - {get_param: EnableInternalTLS} - service_certificate: '/etc/pki/tls/certs/mysql.crt' service_key: '/etc/pki/tls/private/mysql.key' innodb_buffer_pool_size: if: - innodb_buffer_pool_set - {get_param: MysqlInnodbBufferPoolSize} step_config: | include tripleo::profile::base::database::mysql metadata_settings: if: - {get_param: EnableInternalTLS} - - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: vip - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: node deploy_steps_tasks: - name: Certificate generation when: - step|int == 1 - enable_internal_tls block: - include_role: name: linux-system-roles.certificate vars: certificate_requests: - name: mysql dns: - str_replace: template: "{{fqdn_$NETWORK}}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - str_replace: template: "{{cloud_names.cloud_name_NETWORK}}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} principal: str_replace: template: "mysql/{{fqdn_$NETWORK}}@{{idm_realm}}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} key_size: if: - key_size_override_set - {get_param: MysqlCertificateKeySize} - {get_param: CertificateKeySize} ca: ipa