Make ironic database use more configurable

Basic changes to allow for greater flexibility in detailed configurations that may scale beyond a single coductor host, or cases where a remote database server may need to be utilized. Also removed a note from the defaults file which no longer made sense. I think it was an incomplete thought that I had accidently committed at some point. Change-Id: Ieea8e4c6a847eebfb80001d301da22e8e562b9bb
2017-03-02 15:04:47 +00:00 · 2017-03-02 15:04:47 +00:00 · ff75b0cf4b
parent 2600d546ed
commit ff75b0cf4b
8 changed files with 90 additions and 27 deletions
--- a/playbooks/roles/bifrost-ironic-install/README.md
+++ b/playbooks/roles/bifrost-ironic-install/README.md
@ -239,6 +239,25 @@ ssh_private_key: If a user wishes to define an SSH private key as a string,
                 this variable can be utilized which overrides the
                 ssh_private_key_path setting.

+### Changing Database Configuration
+
+Bifrost utilizes a nested data stucture for the configuration of database.
+Simply put:
+
+  - Values cannot be overrriden via set_fact.
+  - Values cannot be overrriden via the command line with ``-e``.
+  - The entire data structure must be defined if is modified.
+
+Please see defaults/main.yml file for the structure named ``ironic``.
+
+Please note, if the hostname is set to something besides``localhost``,
+then the playbook will not attempt to create databases, database users,
+and grant privileges.
+
+Similarly, if hardware introspection support is installed, the
+nearly identical data structure for inspector can be found in the
+same file named ``ironic_inspector``.
+
 Notes
 -----

--- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml
+++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml
@ -216,6 +216,11 @@ ironic:
  keystone:
    default_username: "bifrost_user"
    default_password: "ChangeThisPa55w0rd"
+  database:
+    name: "ironic"
+    username: "ironic"
+    password: "{{ ironic_db_password }}"
+    host: "localhost"

 ironic_inspector:
  service_catalog:
@ -226,9 +231,10 @@ ironic_inspector:
  keystone:
    default_username: "inspector_user"
    default_password: "ChangeThisPa55w0rd"
-#    public_url: "http://127.0.0.1:5050/"
-#    private_url: "http://127.0.0.1:5050/"
-#    internal_url: "http://127.0.0.1:5050/"
-# TODO(TheJulia): Thinking outloud, I we ought to head in the
-# direction of identifying the address of the conductor host
-# in a more uniform fashion. What that is exactly, is TBD.
+  database:
+    name: "inspector"
+    username: "inspector"
+    password: "{{ ironic_db_password }}"
+    host: "localhost"
+    # DEPRECATED(TheJulia): Inheritance of ironic_db_password params
+    # should be removed in Queens.
--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@ -26,10 +26,13 @@
  set_fact:
    enable_venv: true
  when: lookup('env', 'VENV') | length > 0
+
 # NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started
 # during bootstrapping. all other services are started in the Start phase.
 - name: "Start database service"
  service: name={{ mysql_service_name }} state=started enabled=yes
+  when: ironic.database.host == 'localhost'
+
 - name: "RabbitMQ - Testing if hostname is defined in /etc/hosts"
  command: grep -i "{{ ansible_hostname }}" /etc/hosts
  ignore_errors: yes
@ -70,32 +73,39 @@
    write_priv: ".*"
    read_priv: ".*"
  no_log: true
+
 - name: "Set mysql_username if environment variable mysql_user is set"
  set_fact:
    mysql_username: "{{ lookup('env', 'mysql_user') }}"
  when: lookup('env', 'mysql_user') | length > 0
  no_log: true
+
 - name: "Set mysql_password if environment variable mysql_pass is set"
  set_fact:
    mysql_password: "{{ lookup('env', 'mysql_pass') }}"
  when: lookup('env', 'mysql_pass') | length > 0
  no_log: true
+
 - name: "MySQL - Creating DB"
  mysql_db:
-    name: "ironic"
+    name: "{{ ironic.database.name }}"
    state: present
    encoding: utf8
    login_user: "{{ mysql_username | default(None) }}"
    login_password: "{{ mysql_password | default(None) }}"
  register: test_created_db
+  when: ironic.database.host == 'localhost'
+
 - name: "MySQL - Creating user for Ironic"
  mysql_user:
-    name: "ironic"
-    password: "{{ ironic_db_password }}"
-    priv: "ironic.*:ALL"
+    name: "{{ ironic.database.username }}"
+    password: "{{ ironic.database.password }}"
+    priv: "{{ ironic.database.name }}.*:ALL"
    state: present
    login_user: "{{ mysql_username | default(None) }}"
    login_password: "{{ mysql_password | default(None) }}"
+  when: ironic.database.host == 'localhost'
+
 - name: "Create an ironic service group"
  group:
    name: "ironic"
@ -147,14 +157,21 @@
    owner: "ironic"
    group: "ironic"
    mode: 0644
+
 - name: "Create ironic DB Schema"
  command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
  environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
-  when: test_created_db.changed | bool == true
+  when: >
+      ironic.database.host == 'localhost' and
+      test_created_db.changed | bool == true
+
 - name: "Upgrade ironic DB Schema"
  command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade
  environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
-  when: test_created_db.changed | bool == false
+  when: >
+      ironic.database.host != 'localhost' or
+      test_created_db.changed | bool == false
+
 - name: "Create service folder if systemd template is defined"
  file:
    path: "{{ init_dest_dir }}"
--- a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml
@ -15,20 +15,23 @@
 ---
 - name: "MySQL - Create database"
  mysql_db:
-    login_user={{ mysql_username }}
-    login_password={{ mysql_password }}
-    name=inspector
-    state=present
-    encoding=utf8
-  register: test_created_inspector_db
+    login_user: "{{ mysql_username }}"
+    login_password: "{{ mysql_password }}"
+    name: "{{ ironic_inspector.database.name }}"
+    state: present
+    encoding: utf8
+  when: ironic_inspector.database.host == 'localhost'
+
 - name: "MySQL - Create user for inspector"
  mysql_user:
-    login_user={{ mysql_username }}
-    login_password={{ mysql_password }}
-     name=inspector
-     password={{ ironic_db_password }}
-     priv=inspector.*:ALL
-     state=present
+    login_user: "{{ mysql_username }}"
+    login_password: "{{ mysql_password }}"
+    name: "{{ ironic_inspector.database.username }}"
+    password: "{{ ironic_inspector.database.password }}"
+    priv: "{{ ironic_inspector.database.name }}.*:ALL"
+    state: present
+  when: ironic_inspector.database.host == 'localhost'
+
 - name: "Inspector - Ensure /etc/ironic-inspector/ exists"
  file:
    dest=/etc/ironic-inspector
--- a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2
+++ b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2
@ -12,7 +12,7 @@ auth_strategy = {{ inspector_auth | default('noauth') }}
 debug = {{ inspector_debug | bool }}

 [database]
-connection=mysql+pymysql://inspector:{{ ironic_db_password }}@localhost/inspector?charset=utf8
+connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8

 [firewall]
 manage_firewall = {{ inspector_manage_firewall | bool | default('false') }}
--- a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2
+++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2
@ -45,7 +45,7 @@ clean_nodes = {{ cleaning | lower }}
 automated_clean = {{ cleaning | lower }}

 [database]
-connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8
+connection = mysql+pymysql://{{ ironic.database.username }}:{{ ironic.database.password }}@{{ ironic.database.host }}/{{ ironic.database.name }}?charset=utf8

 [dhcp]
 dhcp_provider = none
--- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
@ -78,6 +78,7 @@
    login_user: "{{ mysql_username | default(None) }}"
    login_password: "{{ mysql_password | default(None) }}"
  register: test_created_keystone_db
+  when: keystone.database.host == 'localhost'

 - name: "MySQL - Creating user for keystone"
  mysql_user:
@ -87,6 +88,7 @@
    state: present
    login_user: "{{ mysql_username | default(None) }}"
    login_password: "{{ mysql_password | default(None) }}"
+  when: keystone.database.host == 'localhost'

 - name: "Create an keystone service group"
  group:
@ -154,7 +156,8 @@
  environment: "{{ bifrost_venv_env if enable_venv else '{}' }}"
  when: >
    test_created_keystone_db.changed | bool == true and
-    keystone.bootstrap.enabled | bool == true
+    keystone.bootstrap.enabled | bool == true and
+    keystone.database.host == 'localhost'

 - name: "Reserve keystone admin port"
  sysctl:
--- a/releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml
+++ b/releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml
@ -0,0 +1,15 @@
+---
+features:
+  - |
+    Bifrost now supports the definition of a specific database server,
+    username, password, and database name for ironic and ironic-inspector.
+  - |
+    If the host for the database is not set to ``localhost``, then actions
+    such as database and user creation are skipped. This functionality
+    is present in both the bootstrapping for ironic, ironic-inspector, and
+    keystone, and applies to initial explicit database schema creation steps
+    where applicable.
+deprecations:
+  - |
+    Use of the ``ironic_db_password`` variable as an available default will
+    be removed in the Queens release of bifrost.