docker/services/pacemaker/database/mysql.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   MySQL service deployment with pacemaker bundle
   5
   6 parameters:
   7   DockerMysqlImage:
   8     description: image
   9     type: string
  10   DockerMysqlConfigImage:
  11     description: The container image to use for the mysql config_volume
  12     type: string
  13   EndpointMap:
  14     default: {}
  15     description: Mapping of service endpoint -> protocol. Typically set
  16                  via parameter_defaults in the resource registry.
  17     type: json
  18   ServiceData:
  19     default: {}
  20     description: Dictionary packing service data
  21     type: json
  22   ServiceNetMap:
  23     default: {}
  24     description: Mapping of service_name -> network name. Typically set
  25                  via parameter_defaults in the resource registry.  This
  26                  mapping overrides those in ServiceNetMapDefaults.
  27     type: json
  28   DefaultPasswords:
  29     default: {}
  30     type: json
  31   MysqlRootPassword:
  32     type: string
  33     hidden: true
  34     default: ''
  35   RoleName:
  36     default: ''
  37     description: Role name on which the service is applied
  38     type: string
  39   RoleParameters:
  40     default: {}
  41     description: Parameters specific to the role
  42     type: json
  43   EnableInternalTLS:
  44     type: boolean
  45     default: false
  46   InternalTLSCAFile:
  47     default: '/etc/ipa/ca.crt'
  48     type: string
  49     description: Specifies the default CA cert to use if TLS is used for
  50                  services in the internal network.
  51
  52 resources:
  53
  54   ContainersCommon:
  55     type: ../../containers-common.yaml
  56
  57   MysqlPuppetBase:
  58     type: ../../../../puppet/services/pacemaker/database/mysql.yaml
  59     properties:
  60       EndpointMap: {get_param: EndpointMap}
  61       ServiceData: {get_param: ServiceData}
  62       ServiceNetMap: {get_param: ServiceNetMap}
  63       DefaultPasswords: {get_param: DefaultPasswords}
  64       RoleName: {get_param: RoleName}
  65       RoleParameters: {get_param: RoleParameters}
  66
  67 conditions:
  68
  69   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  70
  71 outputs:
  72   role_data:
  73     description: Containerized service MySQL using composable services.
  74     value:
  75       service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]}
  76       config_settings:
  77         map_merge:
  78           - {get_attr: [MysqlPuppetBase, role_data, config_settings]}
  79           - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
  80             tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
  81             tripleo.mysql.firewall_rules:
  82               '104 mysql galera-bundle':
  83                 dport:
  84                   - 873
  85                   - 3123
  86                   - 3306
  87                   - 4444
  88                   - 4567
  89                   - 4568
  90                   - 9200
  91           -
  92             if:
  93             - internal_tls_enabled
  94             -
  95               tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
  96                 get_param: InternalTLSCAFile
  97             - {}
  98       step_config: ""
  99       # BEGIN DOCKER SETTINGS #
 100       puppet_config:
 101         config_volume: mysql
 102         puppet_tags: file # set this even though file is the default
 103         step_config:
 104           list_join:
 105             - "\n"
 106             - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }"
 107               - "exec {'wait-for-settle': command => '/bin/true' }"
 108               - "include ::tripleo::profile::pacemaker::database::mysql_bundle"
 109         config_image: {get_param: DockerMysqlConfigImage}
 110       kolla_config:
 111         /var/lib/kolla/config_files/mysql.json:
 112           command: /usr/sbin/pacemaker_remoted
 113           config_files:
 114             - dest: /etc/libqb/force-filesystem-sockets
 115               source: /dev/null
 116               owner: root
 117               perm: '0644'
 118             - source: "/var/lib/kolla/config_files/src/*"
 119               dest: "/"
 120               merge: true
 121               preserve_properties: true
 122             - source: "/var/lib/kolla/config_files/src-tls/*"
 123               dest: "/"
 124               merge: true
 125               optional: true
 126               preserve_properties: true
 127           permissions:
 128             - path: /etc/pki/tls/certs/mysql.crt
 129               owner: mysql:mysql
 130               perm: '0600'
 131               optional: true
 132             - path: /etc/pki/tls/private/mysql.key
 133               owner: mysql:mysql
 134               perm: '0600'
 135               optional: true
 136       docker_config:
 137         step_1:
 138           mysql_data_ownership:
 139             start_order: 0
 140             detach: false
 141             image: *mysql_image
 142             net: host
 143             user: root
 144             # Kolla does only non-recursive chown
 145             command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
 146             volumes:
 147               - /var/lib/mysql:/var/lib/mysql
 148           mysql_bootstrap:
 149             start_order: 1
 150             detach: false
 151             image: *mysql_image
 152             net: host
 153             # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
 154             command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
 155             volumes: &mysql_volumes
 156               list_concat:
 157                 - {get_attr: [ContainersCommon, volumes]}
 158                 -
 159                   - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
 160                   - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
 161                   - /var/lib/mysql:/var/lib/mysql
 162             environment:
 163               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
 164               - KOLLA_BOOTSTRAP=True
 165               # NOTE(mandre) skip wsrep cluster status check
 166               - KOLLA_KUBERNETES=True
 167               -
 168                 list_join:
 169                   - '='
 170                   - - 'DB_ROOT_PASSWORD'
 171                     -
 172                       yaql:
 173                         expression: $.data.passwords.where($ != '').first()
 174                         data:
 175                           passwords:
 176                             - {get_param: MysqlRootPassword}
 177                             - {get_param: [DefaultPasswords, mysql_root_password]}
 178         step_2:
 179           mysql_init_bundle:
 180             start_order: 1
 181             detach: false
 182             net: host
 183             user: root
 184             command:
 185               - '/bin/bash'
 186               - '-c'
 187               - str_replace:
 188                   template:
 189                     list_join:
 190                       - '; '
 191                       - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
 192                         - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
 193                   params:
 194                     TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
 195                     CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
 196             image: *mysql_image
 197             volumes:
 198               - /etc/hosts:/etc/hosts:ro
 199               - /etc/localtime:/etc/localtime:ro
 200               - /etc/puppet:/tmp/puppet-etc:ro
 201               - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
 202               - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
 203               - /dev/shm:/dev/shm:rw
 204               - /var/lib/mysql:/var/lib/mysql:rw
 205       host_prep_tasks:
 206         - name: create /var/lib/mysql
 207           file:
 208             path: /var/lib/mysql
 209             state: directory
 210       metadata_settings:
 211         get_attr: [MysqlPuppetBase, role_data, metadata_settings]
 212       upgrade_tasks:
 213         - name: get bootstrap nodeid
 214           tags: common
 215           command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
 216           register: bootstrap_node
 217         - name: set is_bootstrap_node fact
 218           tags: common
 219           set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
 220         - name: Disable the galera cluster resource
 221           tags: step2
 222           pacemaker_resource:
 223             resource: galera
 224             state: disable
 225             wait_for_resource: true
 226           when: is_bootstrap_node
 227         - name: Delete the stopped galera cluster resource.
 228           tags: step2
 229           pacemaker_resource:
 230             resource: galera
 231             state: delete
 232             wait_for_resource: true
 233           when: is_bootstrap_node
 234         - name: Disable mysql service
 235           tags: step2
 236           service: name=mariadb enabled=no