Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Add manual ovs upgrade script for workaround ovs upgrade issue"
[apex-tripleo-heat-templates.git] / puppet / services / database / mysql.yaml
1 heat_template_version: ocata
2
3 description: >
4   MySQL service deployment using puppet
5
6 parameters:
7   #Parameters not used EndpointMap
8   ServiceNetMap:
9     default: {}
10     description: Mapping of service_name -> network name. Typically set
11                  via parameter_defaults in the resource registry.  This
12                  mapping overrides those in ServiceNetMapDefaults.
13     type: json
14   DefaultPasswords:
15     default: {}
16     type: json
17   EndpointMap:
18     default: {}
19     description: Mapping of service endpoint -> protocol. Typically set
20                  via parameter_defaults in the resource registry.
21     type: json
22   MysqlMaxConnections:
23     description: Configures MySQL max_connections config setting
24     type: number
25     default: 4096
26   MysqlIncreaseFileLimit:
27     description: Flag to increase MySQL open-files-limit to 16384
28     type: boolean
29     default: true
30   MysqlRootPassword:
31     type: string
32     hidden: true
33     default: ''
34   MysqlClustercheckPassword:
35     type: string
36     hidden: true
37   EnableGalera:
38     default: true
39     description: Whether to use Galera instead of regular MariaDB.
40     type: boolean
41   NovaPassword:
42     description: The password for the nova db account
43     type: string
44     hidden: true
45   EnableInternalTLS:
46     type: boolean
47     default: false
48
49 conditions:
50
51   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
52
53 outputs:
54   role_data:
55     description: Service MySQL using composable services.
56     value:
57       service_name: mysql
58       config_settings:
59         map_merge:
60           -
61             # The Galera package should work in cluster and
62             # non-cluster modes based on the config file.
63             # We set the package name here explicitly so
64             # that it matches what we pre-install
65             # in tripleo-puppet-elements.
66             mysql::server::package_name: 'mariadb-galera-server'
67             mysql::server::manage_config_file: true
68             tripleo.mysql.firewall_rules:
69               '104 mysql galera':
70                 dport:
71                   - 873
72                   - 3306
73                   - 4444
74                   - 4567
75                   - 4568
76                   - 9200
77             mysql_max_connections: {get_param: MysqlMaxConnections}
78             mysql::server::root_password:
79               yaql:
80                 expression: $.data.passwords.where($ != '').first()
81                 data:
82                   passwords:
83                     - {get_param: MysqlRootPassword}
84                     - {get_param: [DefaultPasswords, mysql_root_password]}
85             mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
86             enable_galera: {get_param: EnableGalera}
87             # NOTE: bind IP is found in Heat replacing the network name with the
88             # local node IP for the given network; replacement examples
89             # (eg. for internal_api):
90             # internal_api -> IP
91             # internal_api_uri -> [IP]
92             # internal_api_subnet - > IP/CIDR
93             mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
94             tripleo::profile::base::database::mysql::bind_address:
95               str_replace:
96                 template:
97                   "%{hiera('fqdn_$NETWORK')}"
98                 params:
99                   $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
100             tripleo::profile::base::database::mysql::client_bind_address:
101               {get_param: [ServiceNetMap, MysqlNetwork]}
102             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
103               {get_param: MysqlIncreaseFileLimit}
104           - generate_service_certificates: true
105             tripleo::profile::base::database::mysql::certificate_specs:
106               service_certificate: '/etc/pki/tls/certs/mysql.crt'
107               service_key: '/etc/pki/tls/private/mysql.key'
108               hostname:
109                 str_replace:
110                   template: "%{hiera('cloud_name_NETWORK')}"
111                   params:
112                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
113               principal:
114                 str_replace:
115                   template: "mysql/%{hiera('cloud_name_NETWORK')}"
116                   params:
117                     NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
118       step_config: |
119         include ::tripleo::profile::base::database::mysql
120       metadata_settings:
121         if:
122           - internal_tls_enabled
123           -
124             - service: mysql
125               network: {get_param: [ServiceNetMap, MysqlNetwork]}
126               type: vip
127           - null
128       upgrade_tasks:
129         - name: Check for galera root password
130           tags: step0
131           file: path=/root/.my.cnf state=file
132         - name: Stop service
133           tags: step2
134           service: name=mariadb state=stopped
135         - name: Start service
136           tags: step4
137           service: name=mariadb state=started
138         - name: Setup cell_v2 (create cell0 database)
139           tags: step4
140           mysql_db:
141             name: nova_cell0
142             state: present
143         - name: Setup cell_v2 (grant access to the nova DB user)
144           tags: step4
145           mysql_user:
146             str_replace:
147               template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present"
148               params:
149                 PASSWORD: {get_param: NovaPassword}