Move MySQL settings out of puppet/controller.yaml

This moves the config settings out of controller.yaml for MySQL
and into puppet/services/database/mysql.yaml.

The top leve MysqlRootPassword is still maintained by default
in overcloud.yaml so that users who upgrade won't get
broken. New users may optionally specify the MysqlRootPassword
as a parameter instead which will take priority over the top
level generated parameter.

We drop the top level MysqlClusterUniquePart because it is no
longer used (I think it was a remnant from t-i-e).

Related-Bug: #1604414

Change-Id: I06ebac0f4c87dabfccefb2e550a64650868c5b26

5 files changed, 43 insertions, 73 deletions

diff --git a/default_passwords.yaml b/default_passwords.yaml
index a7d9c978..7a47f443 100644
--- a/default_passwords.yaml
+++ b/default_passwords.yaml
@@ -5,8 +5,6 @@ description: Passwords we manage at the top level
 parameters:
   DefaultMysqlRootPassword:
     type: string
-  DefaultMysqlClusterPassword:
-    type: string
   DefaultRabbitCookie:
     type: string
   DefaultHeatAuthEncryptionKey:
@@ -21,7 +19,6 @@ outputs:
     description: Password data
     value:
       mysql_root_password: {get_param: DefaultMysqlRootPassword}
-      mysql_cluster_password: {get_param: DefaultMysqlClusterPassword}
       rabbit_cookie: {get_param: DefaultRabbitCookie}
       heat_auth_encryption_key: {get_param: DefaultHeatAuthEncryptionKey}
       pcsd_password: {get_param: DefaultPcsdPassword}
diff --git a/overcloud.yaml b/overcloud.yaml
index a4f8fee1..0e195a48 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -399,15 +399,12 @@ resources:
           controllerExtraConfig: {get_param: controllerExtraConfig}
           HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
           HorizonSecret: {get_resource: HorizonSecret}
-          MysqlClusterUniquePart: {get_attr: [MysqlClusterUniquePart, value]}
-          MysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
           PcsdPassword: {get_resource: PcsdPassword}
           RabbitCookie: {get_attr: [RabbitCookie, value]}
           RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
           RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
           ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
           EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
-          MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
           Hostname:
             str_replace:
               template: {get_param: ControllerHostnameFormat}
@@ -612,11 +609,6 @@ resources:
     properties:
       length: 10
 
-  MysqlClusterUniquePart:
-    type: OS::Heat::RandomString
-    properties:
-      length: 10
-
   RabbitCookie:
     type: OS::Heat::RandomString
     properties:
@@ -627,7 +619,6 @@ resources:
     type: OS::TripleO::DefaultPasswords
     properties:
       DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]}
-      DefaultMysqlClusterPassword: {get_attr: [MysqlClusterUniquePart, value]}
       DefaultRabbitCookie: {get_attr: [RabbitCookie, value]}
       DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]}
       DefaultPcsdPassword: {get_attr: [PcsdPassword, value]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index a1cc8dba..b63a01c3 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,10 +4,6 @@ description: >
   OpenStack controller node configured by Puppet.
 
 parameters:
-  AdminPassword:
-    description: The password for the keystone admin account, used for monitoring, querying neutron etc.
-    type: string
-    hidden: true
   AodhPassword:
     description: The password for the aodh services.
     type: string
@@ -47,10 +43,6 @@ parameters:
     default: false
     description: Whether to enable fencing in Pacemaker or not.
     type: boolean
-  EnableGalera:
-    default: true
-    description: Whether to use Galera instead of regular MariaDB.
-    type: boolean
   EnableLoadBalancer:
     default: true
     description: Whether to deploy a LoadBalancer on the Controller
@@ -149,31 +141,6 @@ parameters:
     default: false
     description: Whether IPtables rules should be purged before setting up the new ones.
     type: boolean
-  MysqlClusterUniquePart:
-    description: A unique identifier of the MySQL cluster the controller is in.
-    type: string
-    default: 'unset'  # Has to be here because of the ignored empty value bug
-    # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
-    # constraints:
-    # - length: {min: 4, max: 10}
-  MysqlInnodbBufferPoolSize:
-    description: >
-        Specifies the size of the buffer pool in megabytes. Setting to
-        zero should be interpreted as "no value" and will defer to the
-        lower level default.
-    type: number
-    default: 0
-  MysqlMaxConnections:
-    description: Configures MySQL max_connections config setting
-    type: number
-    default: 4096
-  MysqlClustercheckPassword:
-    type: string
-    hidden: true
-  MysqlRootPassword:
-    type: string
-    hidden: true
-    default: ''  # Has to be here because of the ignored empty value bug
   NeutronMetadataProxySharedSecret:
     description: Shared secret to prevent spoofing
     type: string
@@ -251,9 +218,6 @@ parameters:
     type: string
     description: Nova Compute upgrade level
     default: ''
-  MysqlVirtualIP:
-    type: string
-    default: ''
   ServiceNetMap:
     default: {}
     description: Mapping of service_name -> network name. Typically set
@@ -485,25 +449,14 @@ resources:
         haproxy_stats_user: {get_param: HAProxyStatsUser}
         heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
         horizon_secret: {get_param: HorizonSecret}
-        admin_password: {get_param: AdminPassword}
         debug: {get_param: Debug}
         keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
         keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
         keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
         enable_fencing: {get_param: EnableFencing}
-        enable_galera: {get_param: EnableGalera}
         enable_load_balancer: {get_param: EnableLoadBalancer}
         manage_firewall: {get_param: ManageFirewall}
         purge_firewall_rules: {get_param: PurgeFirewallRules}
-        mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
-        mysql_max_connections: {get_param: MysqlMaxConnections}
-        mysql_root_password: {get_param: MysqlRootPassword}
-        mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
-        mysql_cluster_name:
-          str_replace:
-            template: tripleo-CLUSTER
-            params:
-              CLUSTER: {get_param: MysqlClusterUniquePart}
         neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
         aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
         aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
@@ -569,8 +522,6 @@ resources:
         redis_vip: {get_param: RedisVirtualIP}
         sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
         memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
-        mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
-        mysql_virtual_ip: {get_param: MysqlVirtualIP}
         ceph_cluster_network:
           get_attr:
             - NetIpMap
@@ -680,17 +631,6 @@ resources:
                 # MongoDB
                 mongodb::server::bind_ip: {get_input: mongo_db_network}
 
-                # MySQL
-                admin_password: {get_input: admin_password}
-                enable_galera: {get_input: enable_galera}
-                mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
-                mysql_max_connections: {get_input: mysql_max_connections}
-                mysql::server::root_password: {get_input: mysql_root_password}
-                mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
-                mysql_cluster_name: {get_input: mysql_cluster_name}
-                mysql_bind_host: {get_input: mysql_network}
-                mysql_virtual_ip: {get_input: mysql_virtual_ip}
-
                 # Neutron
                 neutron::bind_host: {get_input: neutron_api_network}
                 neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 8d2185f6..b0eea481 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
 
 description: >
   MySQL service deployment using puppet
@@ -19,6 +19,21 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  MysqlMaxConnections:
+    description: Configures MySQL max_connections config setting
+    type: number
+    default: 4096
+  MysqlRootPassword:
+    type: string
+    hidden: true
+    default: ''
+  MysqlClustercheckPassword:
+    type: string
+    hidden: true
+  EnableGalera:
+    default: true
+    description: Whether to use Galera instead of regular MariaDB.
+    type: boolean
 
 outputs:
   role_data:
@@ -42,5 +57,22 @@ outputs:
               - 4567
               - 4568
               - 9200
+        mysql_max_connections: {get_param: MysqlMaxConnections}
+        mysql::server::root_password:
+          yaql:
+            expression: $.data.passwords.where($ != '').first()
+            data:
+              passwords:
+                - {get_param: MysqlRootPassword}
+                - {get_param: [DefaultPasswords, mysql_root_password]}
+        mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
+        enable_galera: {get_param: EnableGalera}
+        # NOTE: bind IP is found in Heat replacing the network name with the
+        # local node IP for the given network; replacement examples
+        # (eg. for internal_api):
+        # internal_api -> IP
+        # internal_api_uri -> [IP]
+        # internal_api_subnet - > IP/CIDR
+        mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
       step_config: |
         include ::tripleo::profile::base::database::mysql
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index e63a8f1e..d555ed0a 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -20,11 +20,21 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
 
+resources:
+
+  MysqlBase:
+    type: ../../database/mysql.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+
 outputs:
   role_data:
     description: Service MySQL with Pacemaker using composable services.
     value:
       service_name: mysql
       config_settings:
+        get_attr: [MysqlBase, role_data, config_settings]
       step_config: |
         include ::tripleo::profile::pacemaker::database::mysql