From 36ec620afd76dbd8aa4148a0b2c7d443f75bc750 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Fri, 1 Jun 2018 15:53:58 +0100
Subject: [PATCH] Move database creation into role

There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'horizon_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable horizon_galera_address which
has been used for a long time, but never documented.

Change-Id: I7946c325d87c74e2bd9b1dcc1f92ea09a5386729
---
 defaults/main.yml          |  2 ++
 examples/playbook.yml      |  5 ++++-
 tasks/horizon_db_setup.yml | 26 ++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index f8dc9006..b57fd3ff 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -78,6 +78,8 @@ horizon_service_region: RegionOne
 horizon_service_name: horizon
 
 ## Database info
+horizon_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+horizon_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 horizon_galera_database: dash
 horizon_galera_user: dash
 horizon_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
diff --git a/examples/playbook.yml b/examples/playbook.yml
index 89cf7abc..5301f5fa 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -11,7 +11,6 @@
     horizon_container_mysql_password: "SuperSecrete"
     horizon_secret_key: "SuperSecreteHorizonKey"
     horizon_external_ssl: true
-    galera_root_password: "secrete"
     rabbitmq_servers: 10.100.100.101
     rabbitmq_use_ssl: false
     rabbitmq_port: 5671
@@ -28,3 +27,7 @@
     openrc_os_domain_name: "Default"
     memcached_servers: 10.100.100.101
     memcached_encryption_key: "secrete"
+    galera_root_user: root
+  vars_prompt:
+    - name: "galera_root_password"
+      prompt: "What is galera_root_password?"
diff --git a/tasks/horizon_db_setup.yml b/tasks/horizon_db_setup.yml
index 80b65fc3..e2723479 100644
--- a/tasks/horizon_db_setup.yml
+++ b/tasks/horizon_db_setup.yml
@@ -13,6 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ horizon_galera_address }}"
+    name: "{{ horizon_galera_database }}"
+    state: "present"
+  delegate_to: "{{ horizon_db_setup_host }}"
+  no_log: True
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ horizon_galera_address }}"
+    name: "{{ horizon_galera_user }}"
+    password: "{{ horizon_container_mysql_password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ horizon_galera_database }}.*:ALL"
+  delegate_to: "{{ horizon_db_setup_host }}"
+  with_items:
+    - "localhost"
+    - "%"
+  no_log: True
+
 - name: Perform a horizon DB sync
   command: "{{ horizon_bin }}/horizon-manage.py migrate --noinput"
   become: yes