Add mysql-proxy to enable read-only access to a db
This commit adds a mysql_proxy module which will setup a read-only proxy to a mysql db. This also configures a proxy to the subunit2sql db to run on logstash.o.o to provide read only access to the data in the database. Change-Id: I478baca354354347fe50074a8e3b9f66ca890d55
This commit is contained in:
parent
5941f835ac
commit
364e5ca681
@ -327,6 +327,7 @@ node 'logstash.openstack.org' {
|
|||||||
],
|
],
|
||||||
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
|
||||||
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
|
||||||
|
mysql_proxy_admin_pass => hiera('subunit2sql_proxy_pass', ''),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
modules/mysql_proxy/files/mysql-proxy
Normal file
2
modules/mysql_proxy/files/mysql-proxy
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
ENABLED="true"
|
||||||
|
OPTIONS="--defaults-file /etc/mysql-proxy/mysql-proxy.conf"
|
40
modules/mysql_proxy/manifests/init.pp
Normal file
40
modules/mysql_proxy/manifests/init.pp
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# == Class: mysql_proxy
|
||||||
|
#
|
||||||
|
class mysql_proxy {
|
||||||
|
|
||||||
|
package { 'mysql-proxy':
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/mysql-proxy':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0644',
|
||||||
|
require => Package['mysql-proxy'],
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/default/mysql-proxy':
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0644',
|
||||||
|
source => 'puppet:///modules/mysql_proxy/mysql-proxy',
|
||||||
|
require => Package['mysql-proxy'],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
41
modules/mysql_proxy/manifests/server.pp
Normal file
41
modules/mysql_proxy/manifests/server.pp
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# == Class: mysql_proxy::server
|
||||||
|
#
|
||||||
|
class mysql_proxy::server (
|
||||||
|
$db_host,
|
||||||
|
$db_port='3306',
|
||||||
|
$lua_script = '/usr/share/mysql-proxy/rw-splitting.lua',
|
||||||
|
$admin_username = 'admin',
|
||||||
|
$admin_pass,
|
||||||
|
) {
|
||||||
|
|
||||||
|
file { '/etc/mysql-proxy/mysql-proxy.conf':
|
||||||
|
ensure => file,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0600',
|
||||||
|
content => template("mysql_proxy/mysql-proxy.conf.erb"),
|
||||||
|
require => File['/etc/mysql-proxy']
|
||||||
|
}
|
||||||
|
|
||||||
|
service{ 'mysql-proxy':
|
||||||
|
ensure => running,
|
||||||
|
subscribe => [
|
||||||
|
Package['mysql-proxy'],
|
||||||
|
File['/etc/mysql-proxy/mysql-proxy.conf'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
}
|
8
modules/mysql_proxy/templates/mysql-proxy.conf.erb
Normal file
8
modules/mysql_proxy/templates/mysql-proxy.conf.erb
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
[mysql-proxy]
|
||||||
|
log-file = /var/log/mysql-proxy.log
|
||||||
|
log-level = message
|
||||||
|
proxy-read-only-backend-addresses = <%= @db_host %>:<%= @db_port %>
|
||||||
|
proxy-lua-script = <%= @lua_script %>
|
||||||
|
admin-username = <%= @admin_username %>
|
||||||
|
admin-password = <%= @admin_pass %>
|
||||||
|
admin-lua-script = /usr/share/mysql-proxy/admin.lua
|
@ -22,12 +22,13 @@ class openstack_project::logstash (
|
|||||||
$sysadmins = [],
|
$sysadmins = [],
|
||||||
$subunit2sql_db_host,
|
$subunit2sql_db_host,
|
||||||
$subunit2sql_db_pass,
|
$subunit2sql_db_pass,
|
||||||
|
$mysql_proxy_admin_pass,
|
||||||
) {
|
) {
|
||||||
$iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
$iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
|
||||||
$iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
$iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
||||||
$iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
|
$iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
|
||||||
class { 'openstack_project::server':
|
class { 'openstack_project::server':
|
||||||
iptables_public_tcp_ports => [22, 80],
|
iptables_public_tcp_ports => [22, 80, 4040],
|
||||||
iptables_rules6 => $iptables_rule,
|
iptables_rules6 => $iptables_rule,
|
||||||
iptables_rules4 => $iptables_rule,
|
iptables_rules4 => $iptables_rule,
|
||||||
sysadmins => $sysadmins,
|
sysadmins => $sysadmins,
|
||||||
@ -52,4 +53,12 @@ class openstack_project::logstash (
|
|||||||
db_host => $subunit2sql_db_host,
|
db_host => $subunit2sql_db_host,
|
||||||
db_pass => $subunit2sql_db_pass,
|
db_pass => $subunit2sql_db_pass,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
include 'mysql_proxy'
|
||||||
|
|
||||||
|
class { 'mysql_proxy::server':
|
||||||
|
db_host => $subunit2sql_db_host,
|
||||||
|
admin_username => 'admin',
|
||||||
|
admin_pass => $mysql_proxy_admin_pass,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user