Implement external MariaDB and pre-configured Databases support

This change allows the following use cases:

1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.

Update: added external mariadb precheck

Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121

ansible/group_vars/all.yml

@@ -733,3 +733,15 @@ xenserver_username: "root"
 xenserver_connect_protocol: "https"
 # File used to save XenAPI's facts variables formatted as json.
 xenapi_facts_file: "/etc/kolla/xenapi.json"
+
+#############################################
+# MariaDB component-specific database details
+#############################################
+# Whether to configure haproxy to load balance
+# the external MariaDB server(s)
+enable_external_mariadb_load_balancer: "no"
+# Whether to use pre-configured databases / users
+use_preconfigured_databases: "no"
+# whether to use a common, preconfigured user
+# for all component databases
+use_common_mariadb_user: "no"

ansible/roles/aodh/defaults/main.yml

@@ -45,7 +45,7 @@ aodh_services:
 # Database
 ####################
 aodh_database_name: "aodh"
-aodh_database_user: "aodh"
+aodh_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}aodh{% endif %}"
 aodh_database_address: "{{ database_address }}:{{ database_port }}"
 
 ####################

ansible/roles/aodh/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['aodh-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating aodh database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['aodh-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/aodh/templates/aodh.conf.j2

@@ -14,7 +14,6 @@ host = {{ api_interface_address }}
 [database]
 connection = mysql+pymysql://{{ aodh_database_user }}:{{ aodh_database_password }}@{{ aodh_database_address }}/{{ aodh_database_name }}
 
-
 [keystone_authtoken]
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}

ansible/roles/barbican/defaults/main.yml

@@ -35,7 +35,7 @@ barbican_services:
 # Database
 ####################
 barbican_database_name: "barbican"
-barbican_database_user: "barbican"
+barbican_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}barbican{% endif %}"
 barbican_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/barbican/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['barbican-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating barbican database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['barbican-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/cinder/defaults/main.yml

@@ -78,7 +78,7 @@ cinder_backup_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 # Database
 ####################
 cinder_database_name: "cinder"
-cinder_database_user: "cinder"
+cinder_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}cinder{% endif %}"
 cinder_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/cinder/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['cinder-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Cinder database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['cinder-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/cloudkitty/defaults/main.yml

@@ -26,7 +26,7 @@ cloudkitty_services:
 # Database
 ####################
 cloudkitty_database_name: "cloudkitty"
-cloudkitty_database_user: "cloudkitty"
+cloudkitty_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}cloudkitty{% endif %}"
 cloudkitty_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/cloudkitty/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['cloudkitty-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Cloudkitty database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['cloudkitty-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/congress/defaults/main.yml

@@ -35,7 +35,7 @@ congress_services:
 # Database
 ####################
 congress_database_name: "congress"
-congress_database_user: "congress"
+congress_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}congress{% endif %}"
 congress_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/congress/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['congress-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating congress database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['congress-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/designate/defaults/main.yml

@@ -72,11 +72,11 @@ designate_services:
 # Database
 ####################
 designate_database_name: "designate"
-designate_database_user: "designate"
+designate_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}designate{% endif %}"
 designate_database_address: "{{ database_address }}:{{ database_port }}"
 
 designate_pool_manager_database_name: "designate_pool_manager"
-designate_pool_manager_database_user: "designate_pool_manager"
+designate_pool_manager_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}designate_pool_manager{% endif %}"
 designate_pool_manager_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/designate/tasks/bootstrap.yml

@@ -14,6 +14,8 @@
   with_items:
     - "{{ designate_database_name }}"
     - "{{ designate_pool_manager_database_name }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Designate databases user and setting permissions
   kolla_toolbox:
@@ -37,6 +39,8 @@
     - database_name: "{{ designate_pool_manager_database_name }}"
       database_user: "{{ designate_pool_manager_database_user }}"
       database_password: "{{ designate_pool_manager_database_password }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/freezer/defaults/main.yml

@@ -18,7 +18,7 @@ freezer_services:
 # Database
 ####################
 freezer_database_name: "freezer"
-freezer_database_user: "freezer"
+freezer_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}freezer{% endif %}"
 freezer_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/glance/defaults/main.yml

@@ -43,7 +43,7 @@ glance_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 # Database
 ####################
 glance_database_name: "glance"
-glance_database_user: "glance"
+glance_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}glance{% endif %}"
 glance_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/glance/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['glance-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Glance database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['glance-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/gnocchi/defaults/main.yml

@@ -53,7 +53,7 @@ gnocchi_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 # Database
 ####################
 gnocchi_database_name: "gnocchi"
-gnocchi_database_user: "gnocchi"
+gnocchi_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}gnocchi{% endif %}"
 gnocchi_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/gnocchi/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['gnocchi-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating gnocchi database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['gnocchi-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/gnocchi/templates/gnocchi.conf.j2

@@ -35,7 +35,6 @@ workers = {{ openstack_service_workers }}
 [indexer]
 url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }}
 
-
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
 project_domain_id = {{ default_project_domain_id }}

ansible/roles/grafana/defaults/main.yml

@@ -17,7 +17,7 @@ grafana_services:
 # Database
 ####################
 grafana_database_name: "grafana"
-grafana_database_user: "grafana"
+grafana_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}grafana{% endif %}"
 grafana_database_address: "{{ database_address }}:{{ database_port }}"
 
 ####################

ansible/roles/grafana/tasks/bootstrap.yml

@@ -10,6 +10,8 @@
       name: "{{ grafana_database_name }}"
   run_once: True
   delegate_to: "{{ groups['grafana'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating grafana database user and setting permissions
   kolla_toolbox:
@@ -26,3 +28,5 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['grafana'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool

ansible/roles/haproxy/handlers/main.yml

@@ -60,3 +60,6 @@
   wait_for:
     host: "{{ kolla_internal_vip_address }}"
     port: "{{ database_port }}"
+  when:
+    - enable_mariadb | bool
+      or enable_external_mariadb_load_balancer | bool

ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -880,18 +880,24 @@ defaults
   timeout server {{ haproxy_server_timeout }}
   timeout check 10s
 
-{% if enable_mariadb | bool %}
+{% if enable_mariadb | bool or enable_external_mariadb_load_balancer | bool %}
 listen mariadb
   mode tcp
   timeout client 3600s
   timeout server 3600s
   option tcplog
   option tcpka
+{% if not enable_external_mariadb_load_balancer | bool %}
   option mysql-check user haproxy post-41
+{% endif %}
   bind {{ kolla_internal_vip_address }}:{{ mariadb_port }}
 {% for host in groups['mariadb'] %}
-  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}
 
+{% if not enable_external_mariadb_load_balancer | bool %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}
+{% else %}
+  server {{ host }} {{ host }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %}
+{% endif %}
 {% endfor %}
 {% endif %}
 

ansible/roles/heat/defaults/main.yml

@@ -37,7 +37,7 @@ heat_services:
 # Database
 ####################
 heat_database_name: "heat"
-heat_database_user: "heat"
+heat_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}heat{% endif %}"
 heat_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/heat/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['heat-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Heat database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['heat-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/horizon/defaults/main.yml

@@ -45,7 +45,7 @@ horizon_keystone_domain_choices:
 # Database
 ####################
 horizon_database_name: "horizon"
-horizon_database_user: "horizon"
+horizon_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}horizon{% endif %}"
 horizon_database_address: "{{ database_address }}:{{ database_port }}"
 
 ####################

ansible/roles/horizon/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['horizon'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Horizon database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['horizon'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/ironic/defaults/main.yml

@@ -5,11 +5,11 @@ project_name: "ironic"
 # Database
 ####################
 ironic_database_name: "ironic"
-ironic_database_user: "ironic"
+ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
 ironic_database_address: "{{ database_address }}:{{ database_port }}"
 
 ironic_inspector_database_name: "ironic_inspector"
-ironic_inspector_database_user: "ironic_inspector"
+ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
 ironic_inspector_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/ironic/tasks/bootstrap.yml

@@ -16,7 +16,9 @@
       group: "ironic-api"
     - database_name: "{{ ironic_inspector_database_name }}"
       group: "ironic-inspector"
-  when: inventory_hostname in groups[item.group]
+  when:
+    - not use_preconfigured_databases | bool
+    - inventory_hostname in groups[item.group]
 
 - name: Creating Ironic database user and setting permissions
   kolla_toolbox:
@@ -42,7 +44,9 @@
       database_user: "{{ ironic_inspector_database_user }}"
       database_password: "{{ ironic_inspector_database_password }}"
       group: "ironic-inspector"
-  when: inventory_hostname in groups[item.group]
+  when:
+    - not use_preconfigured_databases | bool
+    - inventory_hostname in groups[item.group]
 
 - include: bootstrap_service.yml
   when: database.changed

ansible/roles/karbor/defaults/main.yml

@@ -35,7 +35,7 @@ karbor_services:
 # Database
 ####################
 karbor_database_name: "karbor"
-karbor_database_user: "karbor"
+karbor_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}karbor{% endif %}"
 karbor_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/karbor/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['karbor-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Karbor database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['karbor-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database | changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/keystone/defaults/main.yml

@@ -39,7 +39,7 @@ keystone_services:
 # Database
 ####################
 keystone_database_name: "keystone"
-keystone_database_user: "keystone"
+keystone_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}keystone{% endif %}"
 keystone_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/keystone/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['keystone'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Keystone database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['keystone'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/magnum/defaults/main.yml

@@ -32,7 +32,7 @@ magnum_services:
 # Database
 ####################
 magnum_database_name: "magnum"
-magnum_database_user: "magnum"
+magnum_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}magnum{% endif %}"
 magnum_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/magnum/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['magnum-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Magnum database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['magnum-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/manila/defaults/main.yml

@@ -48,7 +48,7 @@ manila_services:
 ## Database
 #####################
 manila_database_name: "manila"
-manila_database_user: "manila"
+manila_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}manila{% endif %}"
 manila_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/manila/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['manila-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Manila database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['manila-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/mistral/defaults/main.yml

@@ -35,7 +35,7 @@ mistral_services:
 # Database
 ####################
 mistral_database_name: "mistral"
-mistral_database_user: "mistral"
+mistral_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}mistral{% endif %}"
 mistral_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/mistral/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['mistral-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Mistral database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['mistral-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/murano/defaults/main.yml

@@ -5,7 +5,7 @@ project_name: "murano"
 # Database
 ####################
 murano_database_name: "murano"
-murano_database_user: "murano"
+murano_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}murano{% endif %}"
 murano_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/murano/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['murano-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Murano database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['murano-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/neutron/defaults/main.yml

@@ -168,7 +168,7 @@ neutron_services:
 # Database
 ####################
 neutron_database_name: "neutron"
-neutron_database_user: "neutron"
+neutron_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}neutron{% endif %}"
 neutron_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/neutron/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['neutron-server'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Neutron database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['neutron-server'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/nova/defaults/main.yml

@@ -157,11 +157,11 @@ nova_hw_disk_discard: "unmap"
 # Database
 ####################
 nova_database_name: "nova"
-nova_database_user: "nova"
+nova_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova{% endif %}"
 nova_database_address: "{{ database_address }}:{{ database_port }}"
 
 nova_api_database_name: "nova_api"
-nova_api_database_user: "nova_api"
+nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}"
 nova_api_database_address: "{{ database_address }}:{{ database_port }}"
 
 ####################

ansible/roles/nova/tasks/bootstrap.yml

@@ -15,6 +15,8 @@
     - "{{ nova_database_name }}"
     - "{{ nova_database_name }}_cell0"
     - "{{ nova_api_database_name }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Nova databases user and setting permissions
   kolla_toolbox:
@@ -42,9 +44,10 @@
       database_password: "{{ nova_api_database_password }}"
   run_once: True
   delegate_to: "{{ groups['nova-api'][0] }}"
+  when: database.changed or not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool
 
 - include: bootstrap_xenapi.yml
   when:

ansible/roles/octavia/defaults/main.yml

@@ -44,7 +44,7 @@ octavia_services:
 # Database
 ####################
 octavia_database_name: "octavia"
-octavia_database_user: "octavia"
+octavia_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}octavia{% endif %}"
 octavia_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/octavia/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['octavia-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Octavia database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['octavia-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/panko/defaults/main.yml

@@ -17,7 +17,7 @@ panko_services:
 # Database
 ####################
 panko_database_name: "panko"
-panko_database_user: "panko"
+panko_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}panko{% endif %}"
 panko_database_port: "{{ mongodb_port if panko_database_type == 'mongodb' else database_port }}"
 panko_database_mongodb_address: "{% for host in groups['mongodb'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_database_port }}{% if not loop.last %},{% endif %}{% endfor %}"
 panko_database_mysql_address: "{{ database_address }}:{{ database_port }}"

ansible/roles/panko/tasks/bootstrap.yml

@@ -22,6 +22,7 @@
   run_once: True
   delegate_to: "{{ groups['panko-api'][0] }}"
   when:
+    - not use_preconfigured_databases | bool
     - panko_database_type == "mysql"
 
 - name: Creating Panko mysql database user and setting permissions
@@ -40,8 +41,10 @@
   run_once: True
   delegate_to: "{{ groups['panko-api'][0] }}"
   when:
+    - not use_preconfigured_databases | bool
     - panko_database_type == "mysql"
 
 - include: bootstrap_service.yml
   when: (panko_database_type == "mongodb" and mongodb_panko_database.changed)
          or (panko_database_type == "mysql" and mysql_panko_database.changed)
+         or use_preconfigured_databases | bool

ansible/roles/panko/templates/panko.conf.j2

@@ -16,7 +16,6 @@ event_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_p
 metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mysql_address }}:{{ panko_database_port }}/{{ panko_database_name }}
 {% endif %}
 
-
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 project_domain_name = {{ default_project_domain_name }}

ansible/roles/prechecks/tasks/database_checks.yml

@@ -0,0 +1,20 @@
+---
+- name: "Check if external mariadb hosts are reachable from the load balancer"
+  wait_for:
+    msg: "The {{ item }} host is not accessible from {{ inventory_hostname }}"
+    host: "{{ item }}"
+    port: "{{ database_port }}"
+  with_items: "{{ groups['mariadb'] }}"
+  when:
+      - not enable_mariadb | bool
+      - enable_external_mariadb_load_balancer | bool
+      - inventory_hostname in groups['haproxy']
+
+- name: "Check if external database address is reachable from all hosts"
+  wait_for:
+    msg: "The {{ database_address }} host is not accessible from {{ inventory_hostname }}"
+    host: "{{ database_address }}"
+    port: "{{ database_port }}"
+  when:
+      - not enable_mariadb | bool
+      - not enable_external_mariadb_load_balancer | bool

ansible/roles/prechecks/tasks/main.yml

@@ -11,3 +11,5 @@
 - include: package_checks.yml
 
 - include: user_checks.yml
+
+- include: database_checks.yml

ansible/roles/rally/defaults/main.yml

@@ -25,5 +25,5 @@ rally_image_full: "{{ rally_image }}:{{ rally_tag }}"
 # Database
 ####################
 rally_database_name: "rally"
-rally_database_user: "rally"
+rally_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}rally{% endif %}"
 rally_database_address: "{{ database_address }}:{{ database_port }}"

ansible/roles/rally/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['rally'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating rally database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['rally'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/sahara/defaults/main.yml

@@ -30,7 +30,7 @@ sahara_services:
 # Database
 ####################
 sahara_database_name: "sahara"
-sahara_database_user: "sahara"
+sahara_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}sahara{% endif %}"
 sahara_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/sahara/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['sahara-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating sahara database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['sahara-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/senlin/defaults/main.yml

@@ -25,7 +25,7 @@ senlin_services:
 # Database
 ####################
 senlin_database_name: "senlin"
-senlin_database_user: "senlin"
+senlin_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}senlin{% endif %}"
 senlin_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/senlin/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['senlin-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Senlin database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['senlin-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/solum/defaults/main.yml

@@ -44,7 +44,7 @@ solum_services:
 # Database
 ####################
 solum_database_name: "solum"
-solum_database_user: "solum"
+solum_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}solum{% endif %}"
 solum_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/solum/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['solum-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Solum database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['solum-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/solum/templates/solum.conf.j2

@@ -58,4 +58,3 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 
 [oslo_messaging_notifications]
 transport_url = {{ notify_transport_url }}
-

ansible/roles/tacker/defaults/main.yml

@@ -27,7 +27,7 @@ tacker_services:
 # Database
 ####################
 tacker_database_name: "tacker"
-tacker_database_user: "tacker"
+tacker_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}tacker{% endif %}"
 tacker_database_address: "{{ database_address }}:{{ database_port }}"
 
 ########

ansible/roles/tacker/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['tacker-server'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating tacker database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['tacker-server'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/telegraf/templates/telegraf.conf.j2

@@ -74,7 +74,7 @@
   username = "{{ outward_rabbitmq_user }}"
   password = "{{ outward_rabbitmq_password }}"
 {% endif %}
-{% if inventory_hostname in groups['mariadb'] and enable_mariadb | bool %}
+{% if inventory_hostname in groups['mariadb'] and (enable_mariadb or enable_external_mariadb_load_balancer) | bool %}
 [[inputs.mysql]]
   servers = ["{{ database_user }}:{{ database_password }}@{{ mariadb_proto }}({{ api_interface_address }}:{{ database_port }})/"]
   perf_events_statements_digest_text_limit  = 120

ansible/roles/trove/defaults/main.yml

@@ -38,7 +38,7 @@ trove_services:
 # Database
 ####################
 trove_database_name: "trove"
-trove_database_user: "trove"
+trove_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}trove{% endif %}"
 trove_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/trove/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['trove-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating trove database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['trove-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/vitrage/defaults/main.yml

@@ -52,8 +52,8 @@ vitrage_services:
 ## Database
 #####################
 vitrage_database_name: "vitrage"
-vitrage_database_user: "vitrage"
-vitrage_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+vitrage_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}vitrage{% endif %}"
+vitrage_database_address: "{{ database_address }}:{{ database_port }}"
 
 ####################
 # Docker

ansible/roles/vitrage/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['vitrage-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating vitrage database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['vitrage-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/watcher/defaults/main.yml

@@ -35,7 +35,7 @@ watcher_services:
 # Database
 ####################
 watcher_database_name: "watcher"
-watcher_database_user: "watcher"
+watcher_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}watcher{% endif %}"
 watcher_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/watcher/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['watcher-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Watcher database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['watcher-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

ansible/roles/zun/defaults/main.yml

@@ -28,7 +28,7 @@ zun_services:
 ## Database
 ####################
 zun_database_name: "zun"
-zun_database_user: "zun"
+zun_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}zun{% endif %}"
 zun_database_address: "{{ database_address }}:{{ database_port }}"
 
 

ansible/roles/zun/tasks/bootstrap.yml

@@ -11,6 +11,8 @@
   register: database
   run_once: True
   delegate_to: "{{ groups['zun-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - name: Creating Zun database user and setting permissions
   kolla_toolbox:
@@ -27,6 +29,8 @@
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['zun-api'][0] }}"
+  when:
+    - not use_preconfigured_databases | bool
 
 - include: bootstrap_service.yml
-  when: database.changed
+  when: database.changed or use_preconfigured_databases | bool

doc/source/reference/external-mariadb-guide.rst

@@ -0,0 +1,211 @@
+.. _external-mariadb-guide:
+
+================
+External MariaDB
+================
+
+Sometimes, for various reasons (Redundancy, organisational policies, etc.),
+it might be necessary to use an externally managed database.
+This use case can be achieved by simply taking some extra steps:
+
+Requirements
+============
+
+* An existing MariaDB cluster / server, reachable from all of your
+  nodes.
+* If you choose to use preconfigured databases and users
+  (**use_preconfigured_databases** is set to "yes"), databases and
+  user accounts for all enabled services should exist on the
+  database.
+* If you choose not to use preconfigured databases and users
+  (**use_preconfigured_databases** is set to "no"), root access to
+  the database must be available in order to configure databases and
+  user accounts for all enabled services.
+
+Enabling External MariaDB support
+=================================
+
+In order to enable external mariadb support,
+you will first need to disable mariadb deployment,
+by ensuring the following line exists within ``/etc/kolla/globals.yml`` :
+
+.. code-block:: yaml
+
+  enable_mariadb: "no"
+
+.. end
+
+There are two ways in which you can use
+external MariaDB:
+
+Using an already load-balanced MariaDB address (recommended)
+------------------------------------------------------------
+
+If your external database already has a
+load balancer, you will need to do the following:
+
+* Within your inventory file, just add the hostname
+  of the load balancer within the mariadb group,
+  described as below:
+
+Change the following
+
+.. code-block:: ini
+
+  [mariadb:children]
+  control
+
+.. end
+
+so that it looks like below:
+
+.. code-block:: ini
+
+  [mariadb]
+  myexternalmariadbloadbalancer.com
+
+.. end
+
+* Define **database_address** within ``/etc/kolla/globals.yml``
+
+.. code-block:: yaml
+
+  database_address: myexternalloadbalancer.com
+
+.. end
+
+Please note that if **enable_external_mariadb_load_balancer** is
+set to "no" - **default**, the external DB load balancer will need to be
+accessible from all nodes within your deployment, which might
+connect to it.
+
+Using an external MariaDB cluster:
+----------------------------------
+
+Then, you will need to adjust your inventory file:
+
+Change the following
+
+.. code-block:: ini
+
+  [mariadb:children]
+  control
+
+.. end
+
+so that it looks like below:
+
+.. code-block:: ini
+
+  [mariadb]
+  myexternaldbserver1.com
+  myexternaldbserver2.com
+  myexternaldbserver3.com
+
+.. end
+
+If you choose to use haproxy for load balancing between the
+members of the cluster, every node within this group
+needs to be resolvable and reachable and resolvable from all
+the hosts within the **[haproxy:children]**  group
+of your inventory (defaults to **[network]**).
+
+In addition to that, you also need to set the following within
+``/etc/kolla/globals.yml``:
+
+.. code-block:: yaml
+
+  enable_external_mariadb_load_balancer: yes
+
+.. end
+
+Using External MariaDB with a privileged user
+=============================================
+
+In case your MariaDB user is root, just leave
+everything as it is within globals.yml (Except the
+internal mariadb deployment, which should be disabled),
+and set the **database_password** field within
+``/etc/kolla/passwords.yml``
+
+.. code-block:: yaml
+
+  database_password: mySuperSecurePassword
+
+.. end
+
+In case your username is other than **root**, you will
+need to also set it, within ``/etc/kolla/globals.yml``
+
+.. code-block:: yaml
+
+  database_username: "privillegeduser"
+
+.. end
+
+Using preconfigured databases / users:
+======================================
+
+The first step you need to take is the following:
+
+Within ``/etc/kolla/globals.yml``, set the following:
+
+.. code-block:: yaml
+
+  use_preconfigured_databases: "yes"
+
+.. end
+
+Using External MariaDB with separated, preconfigured users and databases
+------------------------------------------------------------------------
+
+In order to achieve this, you will need to define the user names within
+``/etc/kolla/globals.yml``, as illustrated by the example below:
+
+
+.. code-block:: yaml
+
+  keystone_database_user: preconfigureduser1
+  nova_database_user: preconfigureduser2
+
+.. end
+
+You will need to also set the passwords for all databases within
+``/etc/kolla/passwords.yml``
+
+
+However, fortunately, using a common user across
+all databases is also possible.
+
+
+Using External MariaDB with a common user across databases
+----------------------------------------------------------
+
+In order to use a common, preconfigured user across all databases,
+all you need to do is the following:
+
+* Within ``/etc/kolla/globals.yml``, add the following:
+
+.. code-block:: yaml
+
+  use_common_mariadb_user: "yes"
+
+.. end
+
+* Set the database_user within ``/etc/kolla/globals.yml`` to
+  the one provided to you:
+
+.. code-block:: yaml
+
+  database_user: mycommondatabaseuser
+
+.. end
+
+* Set the common password for all components within ``/etc/kolla/passwords.yml```.
+  In order to achieve that you could use the following command:
+
+.. code-block:: console
+
+  sed -i -r -e 's/([a-z_]{0,}database_password:+)$/\1 mycommonpass/gi' /etc/kolla/passwords.yml
+
+.. end

doc/source/reference/index.rst

@@ -7,6 +7,7 @@ Reference
    ceph-guide
    central-logging-guide
    external-ceph-guide
+   external-mariadb-guide
    cinder-guide
    cinder-guide-hnas
    designate-guide

releasenotes/notes/external-mariadb-support-131440d3c984dd67.yaml

@@ -0,0 +1,8 @@
+---
+features:
+  - >
+    [`blueprint external-mariadb-support <https://blueprints.launchpad.net/kolla-ansible/+spec/external-mariadb-support>`_]
+    Added External MariaDB server/cluster support
+  - Added enable_external_mariadb_load_balancer flag
+  - Added use_preconfigured_databases flag in order to add support for previously created databases / users
+  - Added use_common_mariadb_user in order to allow the use of a common database user across all databases