Add mysql-proxy to enable read-only access to a db

This commit adds a mysql_proxy module which will setup a read-only
proxy to a mysql db. This also configures a proxy to the subunit2sql
db to run on logstash.o.o to provide read only access to the data in
the database.

Change-Id: I478baca354354347fe50074a8e3b9f66ca890d55
This commit is contained in:
Matthew Treinish 2014-09-17 23:36:56 -04:00
parent 5941f835ac
commit 364e5ca681
6 changed files with 108 additions and 7 deletions

View File

@ -327,6 +327,7 @@ node 'logstash.openstack.org' {
], ],
subunit2sql_db_host => hiera('subunit2sql_db_host', ''), subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
subunit2sql_db_pass => hiera('subunit2sql_db_password', ''), subunit2sql_db_pass => hiera('subunit2sql_db_password', ''),
mysql_proxy_admin_pass => hiera('subunit2sql_proxy_pass', ''),
} }
} }

View File

@ -0,0 +1,2 @@
ENABLED="true"
OPTIONS="--defaults-file /etc/mysql-proxy/mysql-proxy.conf"

View File

@ -0,0 +1,40 @@
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: mysql_proxy
#
class mysql_proxy {
package { 'mysql-proxy':
ensure => present,
}
file { '/etc/mysql-proxy':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0644',
require => Package['mysql-proxy'],
}
file { '/etc/default/mysql-proxy':
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/mysql_proxy/mysql-proxy',
require => Package['mysql-proxy'],
}
}

View File

@ -0,0 +1,41 @@
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: mysql_proxy::server
#
class mysql_proxy::server (
$db_host,
$db_port='3306',
$lua_script = '/usr/share/mysql-proxy/rw-splitting.lua',
$admin_username = 'admin',
$admin_pass,
) {
file { '/etc/mysql-proxy/mysql-proxy.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0600',
content => template("mysql_proxy/mysql-proxy.conf.erb"),
require => File['/etc/mysql-proxy']
}
service{ 'mysql-proxy':
ensure => running,
subscribe => [
Package['mysql-proxy'],
File['/etc/mysql-proxy/mysql-proxy.conf'],
],
}
}

View File

@ -0,0 +1,8 @@
[mysql-proxy]
log-file = /var/log/mysql-proxy.log
log-level = message
proxy-read-only-backend-addresses = <%= @db_host %>:<%= @db_port %>
proxy-lua-script = <%= @lua_script %>
admin-username = <%= @admin_username %>
admin-password = <%= @admin_pass %>
admin-lua-script = /usr/share/mysql-proxy/admin.lua

View File

@ -22,12 +22,13 @@ class openstack_project::logstash (
$sysadmins = [], $sysadmins = [],
$subunit2sql_db_host, $subunit2sql_db_host,
$subunit2sql_db_pass, $subunit2sql_db_pass,
$mysql_proxy_admin_pass,
) { ) {
$iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT') $iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
$iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT') $iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
$iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule]) $iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80], iptables_public_tcp_ports => [22, 80, 4040],
iptables_rules6 => $iptables_rule, iptables_rules6 => $iptables_rule,
iptables_rules4 => $iptables_rule, iptables_rules4 => $iptables_rule,
sysadmins => $sysadmins, sysadmins => $sysadmins,
@ -52,4 +53,12 @@ class openstack_project::logstash (
db_host => $subunit2sql_db_host, db_host => $subunit2sql_db_host,
db_pass => $subunit2sql_db_pass, db_pass => $subunit2sql_db_pass,
} }
include 'mysql_proxy'
class { 'mysql_proxy::server':
db_host => $subunit2sql_db_host,
admin_username => 'admin',
admin_pass => $mysql_proxy_admin_pass,
}
} }