Separate InfluxDB administration from configuration

This change adds a class to be able to create an admin user and it also
creates a defined type to create database and its associated user.
This allows the creation of the LMA database when InfluxDB cluster is
up and ready.

Implements: blueprint influxdb-clustering
Change-Id: I5e40ff510385f867d26b77a2af5ed278a0f9cc15
This commit is contained in:
Guillaume Thouvenin 2016-01-07 09:59:34 +01:00
parent 93588e55ad
commit a876bbc80e
19 changed files with 376 additions and 118 deletions

View File

@ -22,12 +22,12 @@ if ! $network_metadata['vips'][$vip_name] {
fail('InfluxDB VIP is not defined')
}
$influxdb_nodes = get_nodes_hash_by_roles($network_metadata, [$plugin_name])
$influxdb_nodes = get_nodes_hash_by_roles($network_metadata, [$plugin_name, "primary-${plugin_name}"])
$influxdb_address_map = get_node_to_ipaddr_map_by_network_role($influxdb_nodes, 'influxdb_vip')
$influxdb_vip = $network_metadata['vips'][$vip_name]['ipaddr']
$corosync_roles = [$plugin_name]
$corosync_roles = [$plugin_name, "primary-${plugin_name}"]
###################
$calculated_content = inline_template('

View File

@ -29,24 +29,11 @@ file { $directory:
require => User['influxdb'],
}
# retention period value is expressd in days
if $influxdb_grafana['retention_period'] == 0 {
$retention_period = 'INF'
} else {
$retention_period = sprintf('%dd', $influxdb_grafana['retention_period'])
}
# We cannot mix IP addresses and hostnames otherwise the Raft cluster won't
# start. We decide to stick with hostnames because they are more meaningful.
class { 'lma_monitoring_analytics::influxdb':
influxdb_rootpass => $influxdb_grafana['influxdb_rootpass'],
influxdb_dbname => $influxdb_grafana['influxdb_dbname'],
influxdb_username => $influxdb_grafana['influxdb_username'],
influxdb_userpass => $influxdb_grafana['influxdb_userpass'],
influxdb_dir => $influxdb_grafana['data_dir'],
retention_period => $retention_period,
replication_factor => $influxdb_grafana['replication_factor'],
require => File[$directory],
raft_hostname => hiera('node_name'),
raft_nodes => keys($raft_nodes),
base_directory => $influxdb_grafana['data_dir'],
raft_hostname => hiera('node_name'),
raft_nodes => keys($raft_nodes),
require => File[$directory],
}

View File

@ -0,0 +1,49 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
$influxdb_grafana = hiera('influxdb_grafana')
$admin_user = 'root'
$admin_password = $influxdb_grafana['influxdb_rootpass']
$username = $influxdb_grafana['influxdb_username']
$password = $influxdb_grafana['influxdb_userpass']
$retention_period = $influxdb_grafana['retention_period']
$replication_factor = $influxdb_grafana['replication_factor']
lma_monitoring_analytics::influxdb_user { $admin_user:
password => $admin_password,
admin_role => true,
# We are using localhost instead of VIP to avoid race condition between
# the creation of the admin user and the normal user.
influxdb_url => 'http://127.0.0.1:8086',
}
lma_monitoring_analytics::influxdb_user { $username:
admin_user => $admin_user,
admin_password => $admin_password,
password => $password,
influxdb_url => 'http://127.0.0.1:8086',
require => Lma_monitoring_analytics::Influxdb_user[$admin_user],
}
lma_monitoring_analytics::influxdb_database { 'lma':
admin_user => $admin_user,
admin_password => $admin_password,
influxdb_url => 'http://127.0.0.1:8086',
db_user => $username,
db_password => $password,
retention_period => $retention_period,
replication_factor => $replication_factor,
require => Lma_monitoring_analytics::Influxdb_user[$username],
}

View File

@ -6,5 +6,9 @@ fixtures:
grafana:
repo: "git://github.com/bfraser/puppet-grafana"
ref: "v2.1.0"
inifile:
repo: "git://github.com/puppetlabs/puppetlabs-inifile"
ref: "1.4.1"
symlinks:
influxdb: "#{source_dir}/../influxdb"
lma_monitoring_analytics: "#{source_dir}"

View File

@ -15,44 +15,19 @@
# == Class: lma_monitoring_analytics::influxdb
class lma_monitoring_analytics::influxdb (
$influxdb_dbname = undef,
$influxdb_username = undef,
$influxdb_userpass = undef,
$influxdb_rootpass = undef,
$influxdb_dir = $lma_monitoring_analytics::params::influxdb_dir,
$retention_period = $lma_monitoring_analytics::params::influxdb_retention_period,
$replication_factor = $lma_monitoring_analytics::params::influxdb_replication_factor,
$raft_hostname = undef,
$raft_nodes = undef,
$base_directory = $lma_monitoring_analytics::params::influxdb_dir,
$raft_hostname = undef,
$raft_nodes = undef,
) inherits lma_monitoring_analytics::params {
$configure_influxdb = $lma_monitoring_analytics::params::influxdb_script
if $retention_period == 0 {
$real_retention_period = 'INF'
} else {
$real_retention_period = $retention_period
}
validate_array($raft_nodes)
class { '::influxdb':
data_dir => "${influxdb_dir}/data",
meta_dir => "${influxdb_dir}/meta",
hh_dir => "${influxdb_dir}/hh",
wal_dir => "${influxdb_dir}/wal",
data_dir => "${base_directory}/data",
meta_dir => "${base_directory}/meta",
hh_dir => "${base_directory}/hh",
wal_dir => "${base_directory}/wal",
raft_hostname => $raft_hostname,
raft_nodes => $raft_nodes,
}
file { $configure_influxdb:
owner => 'root',
group => 'root',
mode => '0740',
content => template('lma_monitoring_analytics/configure_influxdb.sh.erb'),
}
exec { 'configure_influxdb_script':
command => $configure_influxdb,
require => [File[$configure_influxdb], Service['influxdb']],
}
}

View File

@ -0,0 +1,65 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: lma_monitoring_analytics::influxdb_database
define lma_monitoring_analytics::influxdb_database (
$admin_user,
$admin_password,
$influxdb_url,
$db_user,
$db_password,
$retention_period = undef,
$replication_factor = undef,
) {
include lma_monitoring_analytics::params
$db_name = $title
$create_db_script = "/tmp/create_db_${db_name}"
if ! $retention_period {
$real_retention_period = $lma_monitoring_analytics::params::influxdb_retention_period
} else {
# retention period value is expressd in days
if $retention_period == 0 {
$real_retention_period = 'INF'
} else {
$real_retention_period = sprintf('%dd', $retention_period)
}
}
if ! $replication_factor {
$real_replication_factor = $lma_monitoring_analytics::params::influxdb_replication_factor
} else {
$real_replication_factor = $replication_factor
}
file { $create_db_script:
owner => 'root',
group => 'root',
mode => '0740',
content => template('lma_monitoring_analytics/create_db.sh.erb'),
}
exec { "run_${create_db_script}":
command => $create_db_script,
require => File[$create_db_script],
}
exec { "remove_${create_db_script}":
command => "/bin/rm -f ${create_db_script}",
require => Exec["run_${create_db_script}"],
}
}

View File

@ -0,0 +1,44 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: lma_monitoring_analytics::influxdb_user
define lma_monitoring_analytics::influxdb_user (
$influxdb_url,
$password,
$admin_role = false,
$admin_user = undef,
$admin_password = undef,
) {
$username = $title
$create_user_script = "/tmp/create_user_${username}"
file { $create_user_script:
owner => 'root',
group => 'root',
mode => '0740',
content => template('lma_monitoring_analytics/create_user.sh.erb'),
}
exec { "run_${create_user_script}":
command => $create_user_script,
require => File[$create_user_script],
}
exec { "remove_${create_user_script}":
command => "/bin/rm -f ${create_user_script}",
require => Exec["run_${create_user_script}"],
}
}

View File

@ -17,9 +17,8 @@
class lma_monitoring_analytics::params {
$listen_port = 8000
$influxdb_url = 'http://localhost:8086'
$influxdb_script = '/usr/local/bin/configure_influxdb.sh'
$influxdb_dir = '/var/lib/influxdb'
$influxdb_retention_period = 0
$influxdb_retention_period = 'INF'
$influxdb_replication_factor = 1
$grafana_domain = 'localhost'
}

View File

@ -1,16 +1,16 @@
# Copyright 2015 Mirantis, Inc.
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'spec_helper'
describe 'lma_monitoring_analytics::grafana', :type => :class do

View File

@ -0,0 +1,30 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'spec_helper'
describe 'lma_monitoring_analytics::influxdb', :type => :class do
let(:facts) do
{ :kernel => 'Linux',
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian' }
end
describe 'with defaults' do
let(:params) do
{:raft_nodes => ['node-1', 'node-2'] }
end
it { is_expected.to compile }
it { is_expected.to contain_class('influxdb') }
end
end

View File

@ -0,0 +1,36 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'spec_helper'
describe 'lma_monitoring_analytics::influxdb_database' do
let(:title) { :adb }
let(:facts) do
{ :kernel => 'Linux',
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian'
}
end
describe 'with title = adb' do
let(:params) do
{ :admin_user => 'adminuser',
:admin_password => 'adminpass',
:influxdb_url => '127.0.0.1',
:db_user => 'dbuser',
:db_password => 'dbpass'
}
end
it { is_expected.to contain_file('/tmp/create_db_adb') }
end
end

View File

@ -0,0 +1,30 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'spec_helper'
describe 'lma_monitoring_analytics::influxdb_user' do
let(:title) { :auser }
let(:facts) do
{ :kernel => 'Linux',
:operatingsystem => 'Ubuntu',
:osfamily => 'Debian' }
end
describe 'with title = auser' do
let(:params) do
{ :influxdb_url => '127.0.0.1', :password => 'pass' }
end
it { is_expected.to contain_file('/tmp/create_user_auser') }
end
end

View File

@ -1,46 +0,0 @@
#!/bin/bash
# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eux
INFLUXDB_URL="http://127.0.0.1:8086"
# Setup the admin user
curl -G "${INFLUXDB_URL}/query" \
--data-urlencode "q=CREATE USER root WITH PASSWORD '<%= @influxdb_rootpass %>' WITH ALL PRIVILEGES"
# Create LMA user
curl -G "${INFLUXDB_URL}/query" \
--data-urlencode "u=root" \
--data-urlencode "p=<%= @influxdb_rootpass %>" \
--data-urlencode "q=CREATE USER <%= @influxdb_username %> WITH PASSWORD '<%= @influxdb_userpass %>'"
# Create LMA database
curl -G "${INFLUXDB_URL}/query" \
--data-urlencode "u=root" \
--data-urlencode "p=<%= @influxdb_rootpass %>" \
--data-urlencode "q=CREATE DATABASE <%= @influxdb_dbname %>"
# Give all privileges to LMA for LMA DB
curl -G "${INFLUXDB_URL}/query" \
--data-urlencode "u=root" \
--data-urlencode "p=<%= @influxdb_rootpass %>" \
--data-urlencode "q=GRANT ALL ON <%= @influxdb_dbname %> TO <%= @influxdb_username %>"
# Define the retentation policy
curl -G "${INFLUXDB_URL}/query" \
--data-urlencode "u=root" \
--data-urlencode "p=<%= @influxdb_rootpass %>" \
--data-urlencode "q=ALTER RETENTION POLICY default ON <%= @influxdb_dbname %> DURATION <%= @retention_period %> REPLICATION <%= @replication_factor %>"

View File

@ -0,0 +1,34 @@
#!/bin/bash
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eux
# Create the database
curl -G "<%= @influxdb_url %>/query" \
--data-urlencode "u=<%= @admin_user %>" \
--data-urlencode "p=<%= @admin_password %>" \
--data-urlencode "q=CREATE DATABASE <%= @db_name %>"
# Give all privileges to user for the DB
curl -G "<%= @influxdb_url %>/query" \
--data-urlencode "u=<%= @admin_user %>" \
--data-urlencode "p=<%= @admin_password %>" \
--data-urlencode "q=GRANT ALL ON <%= @db_name %> TO <%= @db_user %>"
# Define the retentation policy
curl -G "<%= @influxdb_url %>/query" \
--data-urlencode "u=<%= @admin_user %>" \
--data-urlencode "p=<%= @admin_password %>" \
--data-urlencode "q=ALTER RETENTION POLICY default ON <%= @db_name %> DURATION <%= @real_retention_period %> REPLICATION <%= @real_replication_factor %>"

View File

@ -0,0 +1,23 @@
#!/bin/bash
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eux
curl -G "<%= @influxdb_url %>/query" \
<% if @admin_user -%>
--data-urlencode "u=<%= @admin_user %>" \
--data-urlencode "p=<%= @admin_password %>" \
<% end -%>
--data-urlencode "q=CREATE USER <%= @username %> WITH PASSWORD '<%= @password %>' <% if @admin_role -%>WITH ALL PRIVILEGES<% end -%>"

View File

@ -1,6 +1,6 @@
- id: influxdb_grafana
- id: primary-influxdb_grafana
type: group
role: [influxdb_grafana]
role: [primary-influxdb_grafana]
tasks:
- fuel_pkgs
- hiera
@ -17,9 +17,28 @@
strategy:
type: parallel
- id: influxdb_grafana
type: group
role: [influxdb_grafana]
tasks:
- fuel_pkgs
- hiera
- globals
- tools
- logging
- netconfig
- hosts
- cluster
- cluster-haproxy
required_for: [deploy_end]
requires: [deploy_start, primary-influxdb_grafana]
parameters:
strategy:
type: parallel
- id: influxdb-firewall
type: puppet
groups: [influxdb_grafana]
groups: [primary-influxdb_grafana, influxdb_grafana]
required_for: [cluster]
requires: [netconfig]
parameters:
@ -29,7 +48,7 @@
- id: influxdb-vip
type: puppet
groups: [influxdb_grafana]
groups: [primary-influxdb_grafana, influxdb_grafana]
requires: [cluster]
parameters:
puppet_manifest: "/etc/puppet/modules/osnailyfacter/modular/virtual_ips/virtual_ips.pp"
@ -38,7 +57,7 @@
- id: influxdb-haproxy
type: puppet
groups: [influxdb_grafana]
groups: [primary-influxdb_grafana, influxdb_grafana]
required_for: [deploy_end]
requires: [cluster-haproxy, influxdb-vip]
parameters:
@ -48,7 +67,7 @@
- id: influxdb-hiera-override
type: puppet
groups: [influxdb_grafana]
groups: [primary-influxdb_grafana, influxdb_grafana]
requires: [globals]
required_for: [logging]
parameters:

View File

@ -16,3 +16,4 @@
alias: "influxdb"
node_roles:
- "influxdb_grafana"
- "primary-influxdb_grafana"

View File

@ -1,7 +1,7 @@
influxdb_grafana:
name: 'InfluxDB Grafana'
description: 'Install InfluxDB and Grafana'
has_primary: false
has_primary: true
public_ip_required: false
weight: 100
limits:

View File

@ -2,7 +2,7 @@
# Priorities are important, this ensure that this plugin is deployed before
# LMA Collector (priority 8200).
- role: [influxdb_grafana]
- role: ['influxdb_grafana', 'primary-influxdb_grafana']
stage: post_deployment/8100
type: puppet
parameters:
@ -10,10 +10,18 @@
puppet_modules: puppet/modules
timeout: 600
- role: [influxdb_grafana]
- role: ['influxdb_grafana', 'primary-influxdb_grafana']
stage: post_deployment/8100
type: puppet
parameters:
puppet_manifest: puppet/manifests/grafana.pp
puppet_modules: puppet/modules
timeout: 600
- role: ['primary-influxdb_grafana']
stage: post_deployment/8100
type: puppet
parameters:
puppet_manifest: puppet/manifests/influxdb_configuration.pp
puppet_modules: puppet/modules
timeout: 600