puppet/services/database/mysql.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   MySQL service deployment using puppet
   5
   6 parameters:
   7   #Parameters not used EndpointMap
   8   ServiceData:
   9     default: {}
  10     description: Dictionary packing service data
  11     type: json
  12   ServiceNetMap:
  13     default: {}
  14     description: Mapping of service_name -> network name. Typically set
  15                  via parameter_defaults in the resource registry.  This
  16                  mapping overrides those in ServiceNetMapDefaults.
  17     type: json
  18   DefaultPasswords:
  19     default: {}
  20     type: json
  21   RoleName:
  22     default: ''
  23     description: Role name on which the service is applied
  24     type: string
  25   RoleParameters:
  26     default: {}
  27     description: Parameters specific to the role
  28     type: json
  29   EndpointMap:
  30     default: {}
  31     description: Mapping of service endpoint -> protocol. Typically set
  32                  via parameter_defaults in the resource registry.
  33     type: json
  34   MysqlMaxConnections:
  35     description: Configures MySQL max_connections config setting
  36     type: number
  37     default: 4096
  38   MysqlIncreaseFileLimit:
  39     description: Flag to increase MySQL open-files-limit to 16384
  40     type: boolean
  41     default: true
  42   MysqlRootPassword:
  43     type: string
  44     hidden: true
  45     default: ''
  46   MysqlClustercheckPassword:
  47     type: string
  48     hidden: true
  49   EnableGalera:
  50     default: true
  51     description: Whether to use Galera instead of regular MariaDB.
  52     type: boolean
  53   NovaPassword:
  54     description: The password for the nova db account
  55     type: string
  56     hidden: true
  57   EnableInternalTLS:
  58     type: boolean
  59     default: false
  60
  61 conditions:
  62
  63   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
  64
  65 outputs:
  66   role_data:
  67     description: Service MySQL using composable services.
  68     value:
  69       service_name: mysql
  70       config_settings:
  71         map_merge:
  72           -
  73             # The Galera package should work in cluster and
  74             # non-cluster modes based on the config file.
  75             # We set the package name here explicitly so
  76             # that it matches what we pre-install
  77             # in tripleo-puppet-elements.
  78             mysql::server::package_name: 'mariadb-galera-server'
  79             mysql::server::manage_config_file: true
  80             tripleo.mysql.firewall_rules:
  81               '104 mysql galera':
  82                 dport:
  83                   - 873
  84                   - 3306
  85                   - 4444
  86                   - 4567
  87                   - 4568
  88                   - 9200
  89             mysql_max_connections: {get_param: MysqlMaxConnections}
  90             mysql::server::root_password:
  91               yaql:
  92                 expression: $.data.passwords.where($ != '').first()
  93                 data:
  94                   passwords:
  95                     - {get_param: MysqlRootPassword}
  96                     - {get_param: [DefaultPasswords, mysql_root_password]}
  97             mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
  98             enable_galera: {get_param: EnableGalera}
  99             # for now, we don't want to manage these services which are enabled
 100             # by default with recent changes in puppet-systemd.
 101             systemd::manage_networkd: false
 102             systemd::manage_resolved: false
 103             # NOTE: bind IP is found in Heat replacing the network name with the
 104             # local node IP for the given network; replacement examples
 105             # (eg. for internal_api):
 106             # internal_api -> IP
 107             # internal_api_uri -> [IP]
 108             # internal_api_subnet - > IP/CIDR
 109             mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
 110             tripleo::profile::base::database::mysql::bind_address:
 111               str_replace:
 112                 template:
 113                   "%{hiera('fqdn_$NETWORK')}"
 114                 params:
 115                   $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 116             tripleo::profile::base::database::mysql::client_bind_address:
 117               {get_param: [ServiceNetMap, MysqlNetwork]}
 118             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
 119               {get_param: MysqlIncreaseFileLimit}
 120           - generate_service_certificates: true
 121             tripleo::profile::base::database::mysql::certificate_specs:
 122               service_certificate: '/etc/pki/tls/certs/mysql.crt'
 123               service_key: '/etc/pki/tls/private/mysql.key'
 124               hostname:
 125                 str_replace:
 126                   template: "%{hiera('cloud_name_NETWORK')}"
 127                   params:
 128                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 129               dnsnames:
 130                 - str_replace:
 131                     template: "%{hiera('cloud_name_NETWORK')}"
 132                     params:
 133                       NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 134                 - str_replace:
 135                     template:
 136                       "%{hiera('fqdn_$NETWORK')}"
 137                     params:
 138                       $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 139               principal:
 140                 str_replace:
 141                   template: "mysql/%{hiera('cloud_name_NETWORK')}"
 142                   params:
 143                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
 144       step_config: |
 145         include ::tripleo::profile::base::database::mysql
 146       metadata_settings:
 147         if:
 148           - internal_tls_enabled
 149           -
 150             - service: mysql
 151               network: {get_param: [ServiceNetMap, MysqlNetwork]}
 152               type: vip
 153             - service: mysql
 154               network: {get_param: [ServiceNetMap, MysqlNetwork]}
 155               type: node
 156           - null
 157       upgrade_tasks:
 158         - name: Check for galera root password
 159           tags: step0
 160           file: path=/root/.my.cnf state=file
 161         - name: Stop service
 162           tags: step2
 163           service: name=mariadb state=stopped
 164         - name: Start service
 165           tags: step4
 166           service: name=mariadb state=started
 167         - name: Setup cell_v2 (create cell0 database)
 168           tags: step4
 169           mysql_db:
 170             name: nova_cell0
 171             state: present
 172         - name: Setup cell_v2 (grant access to the nova DB user)
 173           tags: step4
 174           mysql_user:
 175             str_replace:
 176               template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present"
 177               params:
 178                 PASSWORD: {get_param: NovaPassword}