added user grant for cinder, glance, neutron, nova and keyston on mysql...

added user grant for cinder, glance, neutron, nova and keyston on mysql cluster temporarily from localhost and haproxy settings for nova and neutron. Cleaned up other haproxy unused (commented)

added user grant for cinder, glance, neutron, nova and keyston on mysql...
bf8c4c12 · Giovanni Zizzi · 59c2095a · bf8c4c12 · bf8c4c12
Commit bf8c4c12 authored 9 years ago by Giovanni Zizzi
--- a/manifests/profile/database.pp
+++ b/manifests/profile/database.pp
@@ -9,7 +9,6 @@ class iaas::profile::database (
 #
 #  $max_connections = 1024,
 ) {
-
   package{'xinetd':
 	ensure	=> installed,
   } ->
@@ -21,22 +20,65 @@ class iaas::profile::database (
 	mysql_cluster_servers => $mysql_cluster_servers,
 	mysql_port => $mysql_port,
 	master => $percona_master,
-   }
-#  class { 'galera':
-#    galera_servers => $servers,
-#    galera_master => $galera_master,
-#    root_password => $galera_password,
-#    configure_firewall => false,
-#    override_options => {
-#      'mysqld' => { 'max_connections' => "${max_connections}" }
-#    }
-#  } -> Service['mysqld'] -> anchor { 'database-service': }
-#
-  @@haproxy::balancermember { "percona_cluster_${::fqdn}":
-    listening_service => 'percona_cluster',
-    server_names      => $::hostname,
-    ipaddresses       => $::ipaddress,
-    ports             => '3306',
-#    options           => 'check port 9200 inter 2000 rise 2 fall 5 backup',
-  }
+   } ->
+#exec { 'init user sstuser':
+#      command => "mysql -u root -e \"CREATE USER \'${percona::wsrep_sst_user}\'@\'localhost\' IDENTIFIED BY \'${percona::wsrep_sst_passwo    rd}\';\"",
+#      path    => [ '/bin', '/usr/bin' ],
+#      unless  => "test -f ${percona::datadir}/first/db.opt",
+#      require => Exec[$percona::percona_service]
+#    } ->
+#    exec { 'grant privileges':
+#      command => "mysql -u root -e \"GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO \'${percona::wsrep_sst_user}\'@\'localhost\'    ;\"",
+#      path    => [ '/bin', '/usr/bin' ],
+#      unless  => "test -f ${percona::datadir}/first/db.opt",
+#      require => Exec[$percona::percona_service],
+#    } ~>
+#    exec { 'grant process':
+#      command => "mysql -u root -e \"GRANT USAGE ON *.* TO 'clustercheckuser'@'localhost' IDENTIFIED BY 'CLUSTERCHECK_PWD'; FLUSH PRIVILE    GES;\"",
+#      path    => [ '/bin', '/usr/bin' ],
+#      unless  => "test -f ${percona::datadir}/first/db.opt",
+#      require => Exec[$percona::percona_service],
+#    } ~>
+    exec { 'create a keystone database':
+      command => "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS keystone\"",
+      path    => [ '/bin', '/usr/bin' ],
+    }
+    exec { 'create keystone grant': 
+	command => "mysql -u root -e \"GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; FLUSH PRIVILEGES;\"",
+	path	=> ['/bin', '/usr/bin'],
+    }
+    exec { 'create a glance database':
+      command => "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS glance\"",
+      path    => [ '/bin', '/usr/bin' ],
+    }
+    exec { 'create glance grant': 
+	command => "mysql -u root -e \"GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; FLUSH PRIVILEGES;\"",
+	path	=> ['/bin', '/usr/bin'],
+    }
+    exec { 'create a nova database':
+      command => "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS nova\"",
+      path    => [ '/bin', '/usr/bin' ],
+    }
+    exec { 'create nova grant': 
+	command => "mysql -u root -e \"GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; FLUSH PRIVILEGES;\"",
+	path	=> ['/bin', '/usr/bin'],
+    }
+    exec { 'create a neutron database':
+      command => "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS neutron\"",
+      path    => [ '/bin', '/usr/bin' ],
+    }
+    exec { 'create neutron grant': 
+	command => "mysql -u root -e \"GRANT ALL ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; FLUSH PRIVILEGES;\"",
+	path	=> ['/bin', '/usr/bin'],
+    }
+    exec { 'create a cinder database':
+      command => "mysql -u root -e \"CREATE DATABASE IF NOT EXISTS cinder\"",
+      path    => [ '/bin', '/usr/bin' ],
+    }
+    exec { 'create cinder grant': 
+	command => "mysql -u root -e \"GRANT ALL ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder'; FLUSH PRIVILEGES;\"",
+	path	=> ['/bin', '/usr/bin'],
+    }
+ 
+
 }
--- a/manifests/profile/haproxy.pp
+++ b/manifests/profile/haproxy.pp
@@ -74,130 +74,185 @@ class iaas::profile::haproxy (
       options           => 'check port 9200 backup',
     }
  }
-# haproxy::listen { 'rabbitmq':
- #   ipaddress => '0.0.0.0',
- #   mode => 'tcp',
- #   ports => '5672',
- #   options => {
- #     'option' => ['tcpka'],
- #     'timeout' => [
- #       'client 7d',
- #       'server 7d',
- #     ]
- #   }
- # }
-
-  haproxy::listen { 'keystone_admin_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '35357',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'keystone_public_internal_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '5000',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'glance_api_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '9292',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'glance_registry_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '9191',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-      'http-check' => 'expect status 401',
-    }
-  }
-
-  haproxy::listen { 'cinder_api_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '8776',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'nova_api_cluster':
+  
+  haproxy::listen { 'mysql_cluster_nova':
    ipaddress => '0.0.0.0',
-    ports => '8774',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'nova_metadata_api_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '8775',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
-
-  haproxy::listen { 'nova_novncproxy':
-    ipaddress => '0.0.0.0',
-    ports => '6080',
+    mode => 'tcp',
+    ports => '7306',
    options => {
-      'option' => ['tcpka', 'tcplog'],
+      'option' => ['httpchk','tcpka'],
+      'balance' => 'leastconn',
    }
  }

-  haproxy::listen { 'neutron_api_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '9696',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
+  if $servers != undef { 
+     haproxy::balancermember { 'mysql_cluster_nova_prior':
+       listening_service => 'mysql_cluster_nova',
+       ports             => '3307',
+       server_names      => $servers[priority_hostname],
+       ipaddresses       => $servers[priority_ip],
+       options           => 'check port 9200',
+     }
+     haproxy::balancermember { 'mysql_cluster_nova_secondaries':
+       listening_service => 'mysql_cluster_nova',
+       ports             => '3307',
+       server_names      => $servers[hostnames], 
+       ipaddresses       => $servers[ips], 
+       options           => 'check port 9200 backup',
+     }
  }
-
-  haproxy::listen { 'heat_api_cluster':
+  
+  haproxy::listen { 'mysql_cluster_neutron':
    ipaddress => '0.0.0.0',
-    ports => '8004',
+    mode => 'tcp',
+    ports => '9306',
    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
+      'option' => ['httpchk','tcpka'],
+      'balance' => 'leastconn',
    }
  }

-  haproxy::listen { 'heat_api_cfn_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '8000',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
+  if $servers != undef { 
+     haproxy::balancermember { 'mysql_cluster_neutron_prior':
+       listening_service => 'mysql_cluster_neutron',
+       ports             => '3307',
+       server_names      => $servers[priority_hostname],
+       ipaddresses       => $servers[priority_ip],
+       options           => 'check port 9200',
+     }
+     haproxy::balancermember { 'mysql_cluster_neutron_secondaries':
+       listening_service => 'mysql_cluster_neutron',
+       ports             => '3307',
+       server_names      => $servers[hostnames], 
+       ipaddresses       => $servers[ips], 
+       options           => 'check port 9200 backup',
+     }
  }

-  haproxy::listen { 'heat_api_cw_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '8003',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
+# haproxy::listen { 'rabbitmq':
+ #   ipaddress => '0.0.0.0',
+ #   mode => 'tcp',
+ #   ports => '5672',
+ #   options => {
+ #     'option' => ['tcpka'],
+ #     'timeout' => [
+ #       'client 7d',
+ #       'server 7d',
+ #     ]
+ #   }
+ # }

-  haproxy::listen { 'horizon_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '80',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-    }
-  }
+#  haproxy::listen { 'keystone_admin_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '35357',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'keystone_public_internal_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '5000',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }

-  haproxy::listen { 'ceilometer_api_cluster':
-    ipaddress => '0.0.0.0',
-    ports => '8777',
-    options => {
-      'option' => ['tcpka', 'httpchk', 'tcplog'],
-      'http-check' => 'expect status 401',
-    }
-  }
+#  haproxy::listen { 'glance_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '9292',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'glance_registry_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '9191',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#      'http-check' => 'expect status 401',
+#    }
+#  }
+#
+#  haproxy::listen { 'cinder_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8776',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'nova_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8774',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'nova_metadata_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8775',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'nova_novncproxy':
+#    ipaddress => '0.0.0.0',
+#    ports => '6080',
+#    options => {
+#      'option' => ['tcpka', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'neutron_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '9696',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'heat_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8004',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'heat_api_cfn_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8000',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'heat_api_cw_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8003',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'horizon_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '80',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#    }
+#  }
+#
+#  haproxy::listen { 'ceilometer_api_cluster':
+#    ipaddress => '0.0.0.0',
+#    ports => '8777',
+#    options => {
+#      'option' => ['tcpka', 'httpchk', 'tcplog'],
+#      'http-check' => 'expect status 401',
+#    }
+#  }
 }