X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fservices%2Fdatabase%2Fmysql.yaml;h=9b8386c101d9a071cdcd28c736b37b1d65218374;hb=07a5fe1ba66cbad5afafbbd30d2d78129cb90bae;hp=7078b60fc186685d706e136decf7b98aedd051bd;hpb=5bcfc8c2a758eced575cf5edf79ab3c19a96c952;p=apex-tripleo-heat-templates.git diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 7078b60f..9b8386c1 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -1,10 +1,14 @@ -heat_template_version: ocata +heat_template_version: pike description: > MySQL service deployment using puppet parameters: #Parameters not used EndpointMap + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -14,6 +18,14 @@ parameters: DefaultPasswords: default: {} type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -42,13 +54,13 @@ parameters: description: The password for the nova db account type: string hidden: true + EnableInternalTLS: + type: boolean + default: false -resources: +conditions: - MySQLTLS: - type: OS::TripleO::Services::MySQLTLS - properties: - ServiceNetMap: {get_param: ServiceNetMap} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -57,7 +69,6 @@ outputs: service_name: mysql config_settings: map_merge: - - get_attr: [MySQLTLS, role_data, config_settings] - # The Galera package should work in cluster and # non-cluster modes based on the config file. @@ -85,6 +96,10 @@ outputs: - {get_param: [DefaultPasswords, mysql_root_password]} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} + # for now, we don't want to manage these services which are enabled + # by default with recent changes in puppet-systemd. + systemd::manage_networkd: false + systemd::manage_resolved: false # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -102,10 +117,43 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::generate_dropin_file_limit: {get_param: MysqlIncreaseFileLimit} + - generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: - get_attr: [MySQLTLS, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: vip + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: node + - null upgrade_tasks: - name: Check for galera root password tags: step0