summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/database
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/base/database')
-rw-r--r--manifests/profile/base/database/mysql.pp78
-rw-r--r--manifests/profile/base/database/mysql/client.pp72
2 files changed, 140 insertions, 10 deletions
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 9da1456..d3c3f21 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -26,6 +26,28 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to {}.
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
+# [*generate_service_certificates*]
+# (Optional) Whether or not certmonger will generate certificates for
+# MySQL. This could be as many as specified by the $certificates_specs
+# variable.
+# Defaults to hiera('generate_service_certificate', false).
+#
# [*manage_resources*]
# (Optional) Whether or not manage root user, root my.cnf, and service.
# Defaults to true
@@ -44,13 +66,17 @@
# for more details.
# Defaults to hiera('step')
#
+#
class tripleo::profile::base::database::mysql (
- $bind_address = $::hostname,
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $manage_resources = true,
- $mysql_server_options = {},
- $remove_default_accounts = true,
- $step = hiera('step'),
+ $bind_address = $::hostname,
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $certificate_specs = {},
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $generate_service_certificates = hiera('generate_service_certificates', false),
+ $manage_resources = true,
+ $mysql_server_options = {},
+ $remove_default_accounts = true,
+ $step = hiera('step'),
) {
if $::hostname == downcase($bootstrap_node) {
@@ -60,6 +86,18 @@ class tripleo::profile::base::database::mysql (
}
validate_hash($mysql_server_options)
+ validate_hash($certificate_specs)
+
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resource('class', 'tripleo::certmonger::mysql', $certificate_specs)
+ }
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
# non-ha scenario
if $manage_resources {
@@ -81,9 +119,14 @@ class tripleo::profile::base::database::mysql (
# MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
$mysql_server_default = {
'mysqld' => {
- 'bind-address' => $bind_address,
- 'max_connections' => hiera('mysql_max_connections'),
- 'open_files_limit' => '-1',
+ 'bind-address' => $bind_address,
+ 'max_connections' => hiera('mysql_max_connections'),
+ 'open_files_limit' => '-1',
+ 'innodb_file_per_table' => 'ON',
+ 'ssl' => $enable_internal_tls,
+ 'ssl-key' => $tls_keyfile,
+ 'ssl-cert' => $tls_certfile,
+ 'ssl-ca' => undef,
}
}
$mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options)
@@ -109,7 +152,10 @@ class tripleo::profile::base::database::mysql (
if hiera('cinder_api_enabled', false) {
include ::cinder::db::mysql
}
- if hiera('glance_registry_enabled', false) {
+ if hiera('congress_enabled', false) {
+ include ::congress::db::mysql
+ }
+ if hiera('glance_api_enabled', false) {
include ::glance::db::mysql
}
if hiera('gnocchi_api_enabled', false) {
@@ -137,12 +183,24 @@ class tripleo::profile::base::database::mysql (
include ::nova::db::mysql
include ::nova::db::mysql_api
}
+ if hiera('nova_placement_enabled', false) {
+ include ::nova::db::mysql_placement
+ }
if hiera('sahara_api_enabled', false) {
include ::sahara::db::mysql
}
+ if hiera('tacker_enabled', false) {
+ include ::tacker::db::mysql
+ }
if hiera('trove_api_enabled', false) {
include ::trove::db::mysql
}
+ if hiera('panko_api_enabled', false) {
+ include ::panko::db::mysql
+ }
+ if hiera('ec2_api_enabled', false) {
+ include ::ec2api::db::mysql
+ }
}
}
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
new file mode 100644
index 0000000..f23b97d
--- /dev/null
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -0,0 +1,72 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::haproxy
+#
+# Loadbalancer profile for tripleo
+#
+# === Parameters
+#
+# [*mysql_read_default_file*]
+# (Optional) Name of the file that will be passed to pymysql connection strings
+# Defaults to hiera('tripleo::profile::base:database::mysql::read_default_file', '/etc/my.cnf.d/tripleo.cnf')
+#
+# [*mysql_read_default_group*]
+# (Optional) Name of the ini section to be passed to pymysql connection strings
+# Defaults to hiera('tripleo::profile::base:database::mysql::read_default_group', 'tripleo')
+#
+# [*mysql_client_bind_address*]
+# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
+# Defaults to hiera('tripleo::profile::base:database::mysql::client_bind_address', undef)
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::database::mysql::client (
+ $mysql_read_default_file = hiera('tripleo::profile::base:database::mysql::read_default_file', '/etc/my.cnf.d/tripleo.cnf'),
+ $mysql_read_default_group = hiera('tripleo::profile::base:database::mysql::read_default_group', 'tripleo'),
+ $mysql_client_bind_address = hiera('tripleo::profile::base:database::mysql::client_bind_address', undef),
+ $step = hiera('step'),
+) {
+ if $step >= 1 {
+ # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
+ # present in the base image but installed as a package afterwards),
+ # create it. We do not want to touch the permissions in case it already
+ # exists due to the mariadb server package being pre-installed
+ # Note: We use exec instead of file in the case that the mysql class is
+ # included on this node as well (we'd get duplicate declaration in such a
+ # situation when using file)
+ if $mysql_client_bind_address {
+ $changes = [
+ "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
+ ]
+ } else {
+ $changes = [
+ "rm ${mysql_read_default_group}/bind-address"
+ ]
+ }
+ exec { 'directory-create-etc-my.cnf.d':
+ command => 'mkdir -p /etc/my.cnf.d',
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+ } ->
+ # Create /etc/my.cnf.d/tripleo.cnf with the [tripleo]bind-address=<IP of the node in the mysql network>
+ augeas { 'mysql-bind-address':
+ incl => $mysql_read_default_file,
+ lens => 'Puppet.lns',
+ changes => $changes,
+ }
+ }
+}