aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/database/mysql/client.pp
blob: 1e55f05cd20599adf20008350809e5f278e7d030 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::haproxy
#
# Loadbalancer profile for tripleo
#
# === Parameters
#
# [*enable_ssl*]
#   (Optional) Whether SSL should be used for the connection to the server or
#   not.
#   Defaults to false
#
# [*mysql_read_default_file*]
#   (Optional) Name of the file that will be passed to pymysql connection strings
#   Defaults to '/etc/my.cnf.d/tripleo.cnf'
#
# [*mysql_read_default_group*]
#   (Optional) Name of the ini section to be passed to pymysql connection strings
#   Defaults to 'tripleo'
#
# [*mysql_client_bind_address*]
#   (Optional) Client IP address of the host that will be written in the mysql_read_default_file
#   Defaults to undef
#
# [*ssl_ca*]
#   (Optional) The SSL CA file to use to verify the MySQL server's certificate.
#   Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
#
# [*step*]
#   (Optional) The current step in deployment. See tripleo-heat-templates
#   for more details.
#   Defaults to hiera('step')
#
class tripleo::profile::base::database::mysql::client (
  $enable_ssl                = false,
  $mysql_read_default_file   = '/etc/my.cnf.d/tripleo.cnf',
  $mysql_read_default_group  = 'tripleo',
  $mysql_client_bind_address = undef,
  $ssl_ca                    = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
  $step                      = Integer(hiera('step')),
) {
  if $step >= 1 {
    # If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
    # present in the base image but installed as a package afterwards),
    # create it. We do not want to touch the permissions in case it already
    # exists due to the mariadb server package being pre-installed
    # Note: We use exec instead of file in the case that the mysql class is
    # included on this node as well (we'd get duplicate declaration in such a
    # situation when using file)
    if $mysql_client_bind_address {
      $client_bind_changes = [
        "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
      ]
    } else {
      $client_bind_changes = [
        "rm ${mysql_read_default_group}/bind-address"
      ]
    }

    if $enable_ssl {
      $changes_ssl = [
        "set ${mysql_read_default_group}/ssl '1'",
        "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'"
      ]
    } else {
      $changes_ssl = [
        "rm ${mysql_read_default_group}/ssl",
        "rm ${mysql_read_default_group}/ssl-ca"
      ]
    }

    $conf_changes = union($client_bind_changes, $changes_ssl)

    # Create /etc/my.cnf.d/tripleo.cnf
    exec { 'directory-create-etc-my.cnf.d':
      command => 'mkdir -p /etc/my.cnf.d',
      unless  => 'test -d /etc/my.cnf.d',
      path    => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
    } ->
    augeas { 'tripleo-mysql-client-conf':
      incl    => $mysql_read_default_file,
      lens    => 'Puppet.lns',
      changes => $conf_changes,
    }
  }
}