diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index 8c05fbe0f..aca9c136d 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -239,6 +239,25 @@ ssh_private_key: If a user wishes to define an SSH private key as a string, this variable can be utilized which overrides the ssh_private_key_path setting. +### Changing Database Configuration + +Bifrost utilizes a nested data stucture for the configuration of database. +Simply put: + + - Values cannot be overrriden via set_fact. + - Values cannot be overrriden via the command line with ``-e``. + - The entire data structure must be defined if is modified. + +Please see defaults/main.yml file for the structure named ``ironic``. + +Please note, if the hostname is set to something besides``localhost``, +then the playbook will not attempt to create databases, database users, +and grant privileges. + +Similarly, if hardware introspection support is installed, the +nearly identical data structure for inspector can be found in the +same file named ``ironic_inspector``. + Notes ----- diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index 437f596e0..b04add11a 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -216,6 +216,11 @@ ironic: keystone: default_username: "bifrost_user" default_password: "ChangeThisPa55w0rd" + database: + name: "ironic" + username: "ironic" + password: "{{ ironic_db_password }}" + host: "localhost" ironic_inspector: service_catalog: @@ -226,9 +231,10 @@ ironic_inspector: keystone: default_username: "inspector_user" default_password: "ChangeThisPa55w0rd" -# public_url: "http://127.0.0.1:5050/" -# private_url: "http://127.0.0.1:5050/" -# internal_url: "http://127.0.0.1:5050/" -# TODO(TheJulia): Thinking outloud, I we ought to head in the -# direction of identifying the address of the conductor host -# in a more uniform fashion. What that is exactly, is TBD. + database: + name: "inspector" + username: "inspector" + password: "{{ ironic_db_password }}" + host: "localhost" + # DEPRECATED(TheJulia): Inheritance of ironic_db_password params + # should be removed in Queens. diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml index 67f632c25..aa5c3ea3e 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml @@ -26,10 +26,13 @@ set_fact: enable_venv: true when: lookup('env', 'VENV') | length > 0 + # NOTE(sean-k-mooney) only the RabbitMQ server and MySQL db are started # during bootstrapping. all other services are started in the Start phase. - name: "Start database service" service: name={{ mysql_service_name }} state=started enabled=yes + when: ironic.database.host == 'localhost' + - name: "RabbitMQ - Testing if hostname is defined in /etc/hosts" command: grep -i "{{ ansible_hostname }}" /etc/hosts ignore_errors: yes @@ -70,32 +73,39 @@ write_priv: ".*" read_priv: ".*" no_log: true + - name: "Set mysql_username if environment variable mysql_user is set" set_fact: mysql_username: "{{ lookup('env', 'mysql_user') }}" when: lookup('env', 'mysql_user') | length > 0 no_log: true + - name: "Set mysql_password if environment variable mysql_pass is set" set_fact: mysql_password: "{{ lookup('env', 'mysql_pass') }}" when: lookup('env', 'mysql_pass') | length > 0 no_log: true + - name: "MySQL - Creating DB" mysql_db: - name: "ironic" + name: "{{ ironic.database.name }}" state: present encoding: utf8 login_user: "{{ mysql_username | default(None) }}" login_password: "{{ mysql_password | default(None) }}" register: test_created_db + when: ironic.database.host == 'localhost' + - name: "MySQL - Creating user for Ironic" mysql_user: - name: "ironic" - password: "{{ ironic_db_password }}" - priv: "ironic.*:ALL" + name: "{{ ironic.database.username }}" + password: "{{ ironic.database.password }}" + priv: "{{ ironic.database.name }}.*:ALL" state: present login_user: "{{ mysql_username | default(None) }}" login_password: "{{ mysql_password | default(None) }}" + when: ironic.database.host == 'localhost' + - name: "Create an ironic service group" group: name: "ironic" @@ -147,14 +157,21 @@ owner: "ironic" group: "ironic" mode: 0644 + - name: "Create ironic DB Schema" command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" - when: test_created_db.changed | bool == true + when: > + ironic.database.host == 'localhost' and + test_created_db.changed | bool == true + - name: "Upgrade ironic DB Schema" command: ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" - when: test_created_db.changed | bool == false + when: > + ironic.database.host != 'localhost' or + test_created_db.changed | bool == false + - name: "Create service folder if systemd template is defined" file: path: "{{ init_dest_dir }}" diff --git a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml index b857df06f..c68817b70 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml @@ -15,20 +15,23 @@ --- - name: "MySQL - Create database" mysql_db: - login_user={{ mysql_username }} - login_password={{ mysql_password }} - name=inspector - state=present - encoding=utf8 - register: test_created_inspector_db + login_user: "{{ mysql_username }}" + login_password: "{{ mysql_password }}" + name: "{{ ironic_inspector.database.name }}" + state: present + encoding: utf8 + when: ironic_inspector.database.host == 'localhost' + - name: "MySQL - Create user for inspector" mysql_user: - login_user={{ mysql_username }} - login_password={{ mysql_password }} - name=inspector - password={{ ironic_db_password }} - priv=inspector.*:ALL - state=present + login_user: "{{ mysql_username }}" + login_password: "{{ mysql_password }}" + name: "{{ ironic_inspector.database.username }}" + password: "{{ ironic_inspector.database.password }}" + priv: "{{ ironic_inspector.database.name }}.*:ALL" + state: present + when: ironic_inspector.database.host == 'localhost' + - name: "Inspector - Ensure /etc/ironic-inspector/ exists" file: dest=/etc/ironic-inspector diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 index fb3f6db1f..107433fc7 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 @@ -12,7 +12,7 @@ auth_strategy = {{ inspector_auth | default('noauth') }} debug = {{ inspector_debug | bool }} [database] -connection=mysql+pymysql://inspector:{{ ironic_db_password }}@localhost/inspector?charset=utf8 +connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8 [firewall] manage_firewall = {{ inspector_manage_firewall | bool | default('false') }} diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 index d7e947dd6..9e372ebfe 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 @@ -45,7 +45,7 @@ clean_nodes = {{ cleaning | lower }} automated_clean = {{ cleaning | lower }} [database] -connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8 +connection = mysql+pymysql://{{ ironic.database.username }}:{{ ironic.database.password }}@{{ ironic.database.host }}/{{ ironic.database.name }}?charset=utf8 [dhcp] dhcp_provider = none diff --git a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml index 4c735a2d5..014e97da6 100644 --- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml @@ -78,6 +78,7 @@ login_user: "{{ mysql_username | default(None) }}" login_password: "{{ mysql_password | default(None) }}" register: test_created_keystone_db + when: keystone.database.host == 'localhost' - name: "MySQL - Creating user for keystone" mysql_user: @@ -87,6 +88,7 @@ state: present login_user: "{{ mysql_username | default(None) }}" login_password: "{{ mysql_password | default(None) }}" + when: keystone.database.host == 'localhost' - name: "Create an keystone service group" group: @@ -154,7 +156,8 @@ environment: "{{ bifrost_venv_env if enable_venv else '{}' }}" when: > test_created_keystone_db.changed | bool == true and - keystone.bootstrap.enabled | bool == true + keystone.bootstrap.enabled | bool == true and + keystone.database.host == 'localhost' - name: "Reserve keystone admin port" sysctl: diff --git a/releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml b/releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml new file mode 100644 index 000000000..1baad890c --- /dev/null +++ b/releasenotes/notes/mysql-database-separation-d6bf9a4f22cd8bbb.yaml @@ -0,0 +1,15 @@ +--- +features: + - | + Bifrost now supports the definition of a specific database server, + username, password, and database name for ironic and ironic-inspector. + - | + If the host for the database is not set to ``localhost``, then actions + such as database and user creation are skipped. This functionality + is present in both the bootstrapping for ironic, ironic-inspector, and + keystone, and applies to initial explicit database schema creation steps + where applicable. +deprecations: + - | + Use of the ``ironic_db_password`` variable as an available default will + be removed in the Queens release of bifrost.