Move database creation into role

There is no record for why we implement the database creation outside of the role in the playbook, when we could do it inside the role. Implementing it inside the role allows us to reduce the quantity of group_vars duplicated from the role, and allows us to better document the required variables in the role. The delegation can still be done as it is done in the playbook too. In this patch we implement a new variable called 'ironic_db_setup_host' which is used in the role to allow delegation of the database setup task to any host, but defaults to the first member of the galera_all host group. We also document the variable ironic_galera_address which has been used for a long time, but never documented. Change-Id: I8502d4aba54870a54900c3218563d66b864a1876
2018-06-01 16:05:08 +01:00 · 2018-06-01 16:05:08 +01:00 · 84f4a848d3
parent 58f575843d
commit 84f4a848d3
3 changed files with 36 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -155,8 +155,12 @@ ironic_oneviewd_audit_map_file: "None"
 ironic_oneviewd_audit_output_file: "None"

 # Database
+ironic_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+ironic_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 ironic_galera_user: ironic
 ironic_galera_database: ironic
+ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
+ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

 ## Keystone authentication middleware
 ironic_keystone_auth_plugin: password
@ -181,8 +185,6 @@ ironic_openstack_auth_strategy: keystone
 #ironic_openstack_api_url: ''  # Not required when we have keystone
 ironic_openstack_dhcp_provider: neutron
 ironic_openstack_sync_power_state_interval: 60
-ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
-ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
 ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic{% if ironic_galera_use_ssl | bool %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}"

 # Standalone Ironic configuration
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -2,4 +2,9 @@
  hosts: localhost
  remote_user: root
  roles:
-    - role: openstack-ansible-os_ironic
+    - role: "os_ironic"
+  vars:
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
--- a/tasks/ironic_db_setup.yml
+++ b/tasks/ironic_db_setup.yml
@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ ironic_galera_address }}"
+    name: "{{ ironic_galera_database }}"
+    state: "present"
+  delegate_to: "{{ ironic_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ ironic_galera_address }}"
+    name: "{{ ironic_galera_user }}"
+    password: "{{ ironic_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ ironic_galera_database }}.*:ALL"
+  delegate_to: "{{ ironic_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Update database schema
  command: "{{ ironic_bin }}/ironic-dbsync upgrade"
  become: yes