From 84f4a848d323360424e88feaf9e8bb4646001a1f Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Fri, 1 Jun 2018 16:05:08 +0100 Subject: [PATCH] Move database creation into role There is no record for why we implement the database creation outside of the role in the playbook, when we could do it inside the role. Implementing it inside the role allows us to reduce the quantity of group_vars duplicated from the role, and allows us to better document the required variables in the role. The delegation can still be done as it is done in the playbook too. In this patch we implement a new variable called 'ironic_db_setup_host' which is used in the role to allow delegation of the database setup task to any host, but defaults to the first member of the galera_all host group. We also document the variable ironic_galera_address which has been used for a long time, but never documented. Change-Id: I8502d4aba54870a54900c3218563d66b864a1876 --- defaults/main.yml | 6 ++++-- examples/playbook.yml | 7 ++++++- tasks/ironic_db_setup.yml | 26 ++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index d8429f65..0010e04a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -155,8 +155,12 @@ ironic_oneviewd_audit_map_file: "None" ironic_oneviewd_audit_output_file: "None" # Database +ironic_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}" +ironic_galera_address: "{{ galera_address | default('127.0.0.1') }}" ironic_galera_user: ironic ironic_galera_database: ironic +ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" +ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" ## Keystone authentication middleware ironic_keystone_auth_plugin: password @@ -181,8 +185,6 @@ ironic_openstack_auth_strategy: keystone #ironic_openstack_api_url: '' # Not required when we have keystone ironic_openstack_dhcp_provider: neutron ironic_openstack_sync_power_state_interval: 60 -ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" -ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic{% if ironic_galera_use_ssl | bool %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}" # Standalone Ironic configuration diff --git a/examples/playbook.yml b/examples/playbook.yml index ead2da61..c67b8a68 100644 --- a/examples/playbook.yml +++ b/examples/playbook.yml @@ -2,4 +2,9 @@ hosts: localhost remote_user: root roles: - - role: openstack-ansible-os_ironic + - role: "os_ironic" + vars: + galera_root_user: root + vars_prompt: + - name: "galera_root_password" + prompt: "What is galera_root_password?" diff --git a/tasks/ironic_db_setup.yml b/tasks/ironic_db_setup.yml index b0cf1cbc..cc22d0ed 100644 --- a/tasks/ironic_db_setup.yml +++ b/tasks/ironic_db_setup.yml @@ -13,6 +13,32 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Create DB for service + mysql_db: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ ironic_galera_address }}" + name: "{{ ironic_galera_database }}" + state: "present" + delegate_to: "{{ ironic_db_setup_host }}" + no_log: True + +- name: Grant access to the DB for the service + mysql_user: + login_user: "{{ galera_root_user }}" + login_password: "{{ galera_root_password }}" + login_host: "{{ ironic_galera_address }}" + name: "{{ ironic_galera_user }}" + password: "{{ ironic_container_mysql_password }}" + host: "{{ item }}" + state: "present" + priv: "{{ ironic_galera_database }}.*:ALL" + delegate_to: "{{ ironic_db_setup_host }}" + with_items: + - "localhost" + - "%" + no_log: True + - name: Update database schema command: "{{ ironic_bin }}/ironic-dbsync upgrade" become: yes