puppet/services/database/mysql.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   MySQL service deployment using puppet
   5
   6 parameters:
   7   #Parameters not used EndpointMap
   8   ServiceNetMap:
   9     default: {}
  10     description: Mapping of service_name -> network name. Typically set
  11                  via parameter_defaults in the resource registry.  This
  12                  mapping overrides those in ServiceNetMapDefaults.
  13     type: json
  14   DefaultPasswords:
  15     default: {}
  16     type: json
  17   RoleName:
  18     default: ''
  19     description: Role name on which the service is applied
  20     type: string
  21   RoleParameters:
  22     default: {}
  23     description: Parameters specific to the role
  24     type: json
  25   EndpointMap:
  26     default: {}
  27     description: Mapping of service endpoint -> protocol. Typically set
  28                  via parameter_defaults in the resource registry.
  29     type: json
  30   MysqlMaxConnections:
  31     description: Configures MySQL max_connections config setting
  32     type: number
  33     default: 4096
  34   MysqlIncreaseFileLimit:
  35     description: Flag to increase MySQL open-files-limit to 16384
  36     type: boolean
  37     default: true
  38   MysqlRootPassword:
  39     type: string
  40     hidden: true
  41     default: ''
  42   MysqlClustercheckPassword:
  43     type: string
  44     hidden: true
  45   EnableGalera:
  46     default: true
  47     description: Whether to use Galera instead of regular MariaDB.
  48     type: boolean
  49   NovaPassword:
  50     description: The password for the nova db account
  51     type: string
  52     hidden: true
  53   EnableInternalTLS:
  54     type: boolean
  55     default: false
  56
  57 conditions:
  58
  59   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  60
  61 outputs:
  62   role_data:
  63     description: Service MySQL using composable services.
  64     value:
  65       service_name: mysql
  66       config_settings:
  67         map_merge:
  68           -
  69             # The Galera package should work in cluster and
  70             # non-cluster modes based on the config file.
  71             # We set the package name here explicitly so
  72             # that it matches what we pre-install
  73             # in tripleo-puppet-elements.
  74             mysql::server::package_name: 'mariadb-galera-server'
  75             mysql::server::manage_config_file: true
  76             tripleo.mysql.firewall_rules:
  77               '104 mysql galera':
  78                 dport:
  79                   - 873
  80                   - 3306
  81                   - 4444
  82                   - 4567
  83                   - 4568
  84                   - 9200
  85             mysql_max_connections: {get_param: MysqlMaxConnections}
  86             mysql::server::root_password:
  87               yaql:
  88                 expression: $.data.passwords.where($ != '').first()
  89                 data:
  90                   passwords:
  91                     - {get_param: MysqlRootPassword}
  92                     - {get_param: [DefaultPasswords, mysql_root_password]}
  93             mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
  94             enable_galera: {get_param: EnableGalera}
  95             # for now, we don't want to manage these services which are enabled
  96             # by default with recent changes in puppet-systemd.
  97             systemd::manage_networkd: false
  98             systemd::manage_resolved: false
  99             # NOTE: bind IP is found in Heat replacing the network name with the
 100             # local node IP for the given network; replacement examples
 101             # (eg. for internal_api):
 102             # internal_api -> IP
 103             # internal_api_uri -> [IP]
 104             # internal_api_subnet - > IP/CIDR
 105             mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
 106             tripleo::profile::base::database::mysql::bind_address:
 107               str_replace:
 108                 template:
 109                   "%{hiera('fqdn_$NETWORK')}"
 110                 params:
 111                   $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 112             tripleo::profile::base::database::mysql::client_bind_address:
 113               {get_param: [ServiceNetMap, MysqlNetwork]}
 114             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
 115               {get_param: MysqlIncreaseFileLimit}
 116           - generate_service_certificates: true
 117             tripleo::profile::base::database::mysql::certificate_specs:
 118               service_certificate: '/etc/pki/tls/certs/mysql.crt'
 119               service_key: '/etc/pki/tls/private/mysql.key'
 120               hostname:
 121                 str_replace:
 122                   template: "%{hiera('cloud_name_NETWORK')}"
 123                   params:
 124                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 125               dnsnames:
 126                 - str_replace:
 127                     template: "%{hiera('cloud_name_NETWORK')}"
 128                     params:
 129                       NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 130                 - str_replace:
 131                     template:
 132                       "%{hiera('fqdn_$NETWORK')}"
 133                     params:
 134                       $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 135               principal:
 136                 str_replace:
 137                   template: "mysql/%{hiera('cloud_name_NETWORK')}"
 138                   params:
 139                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 140       step_config: |
 141         include ::tripleo::profile::base::database::mysql
 142       metadata_settings:
 143         if:
 144           - internal_tls_enabled
 145           -
 146             - service: mysql
 147               network: {get_param: [ServiceNetMap, MysqlNetwork]}
 148               type: vip
 149             - service: mysql
 150               network: {get_param: [ServiceNetMap, MysqlNetwork]}
 151               type: node
 152           - null
 153       upgrade_tasks:
 154         - name: Check for galera root password
 155           tags: step0
 156           file: path=/root/.my.cnf state=file
 157         - name: Stop service
 158           tags: step2
 159           service: name=mariadb state=stopped
 160         - name: Start service
 161           tags: step4
 162           service: name=mariadb state=started
 163         - name: Setup cell_v2 (create cell0 database)
 164           tags: step4
 165           mysql_db:
 166             name: nova_cell0
 167             state: present
 168         - name: Setup cell_v2 (grant access to the nova DB user)
 169           tags: step4
 170           mysql_user:
 171             str_replace:
 172               template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present"
 173               params:
 174                 PASSWORD: {get_param: NovaPassword}