Add mysql-proxy to enable read-only access to a db

This commit adds a mysql_proxy module which will setup a read-only
proxy to a mysql db. This also configures a proxy to the subunit2sql
db to run on logstash.o.o to provide read only access to the data in
the database.

Change-Id: I478baca354354347fe50074a8e3b9f66ca890d55

manifests/site.pp

@@ -314,10 +314,10 @@ node 'wiki.openstack.org' {
 # Node-OS: precise
 node 'logstash.openstack.org' {
   class { 'openstack_project::logstash':
-    sysadmins           => hiera('sysadmins', []),
+    sysadmins               => hiera('sysadmins', []),
-    elasticsearch_nodes => $elasticsearch_nodes,
+    elasticsearch_nodes     => $elasticsearch_nodes,
-    gearman_workers     => $elasticsearch_clients,
+    gearman_workers         => $elasticsearch_clients,
-    discover_nodes      => [
+    discover_nodes          => [
       'elasticsearch02.openstack.org:9200',
       'elasticsearch03.openstack.org:9200',
       'elasticsearch04.openstack.org:9200',
@@ -325,8 +325,9 @@ node 'logstash.openstack.org' {
       'elasticsearch06.openstack.org:9200',
       'elasticsearch07.openstack.org:9200',
     ],
-    subunit2sql_db_host  => hiera('subunit2sql_db_host', ''),
+    subunit2sql_db_host     => hiera('subunit2sql_db_host', ''),
-    subunit2sql_db_pass  => hiera('subunit2sql_db_password', ''),
+    subunit2sql_db_pass     => hiera('subunit2sql_db_password', ''),
+    mysql_proxy_admin_pass  => hiera('subunit2sql_proxy_pass', ''),
   }
 }
 

modules/mysql_proxy/files/mysql-proxy

@@ -0,0 +1,2 @@
+ENABLED="true"
+OPTIONS="--defaults-file /etc/mysql-proxy/mysql-proxy.conf"

modules/mysql_proxy/manifests/init.pp

@@ -0,0 +1,40 @@
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: mysql_proxy
+#
+class mysql_proxy {
+
+    package { 'mysql-proxy':
+      ensure => present,
+    }
+
+    file { '/etc/mysql-proxy':
+      ensure   => directory,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      require  => Package['mysql-proxy'],
+
+    }
+
+    file { '/etc/default/mysql-proxy':
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      source   => 'puppet:///modules/mysql_proxy/mysql-proxy',
+      require  => Package['mysql-proxy'],
+    }
+
+}

modules/mysql_proxy/manifests/server.pp

@@ -0,0 +1,41 @@
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: mysql_proxy::server
+#
+class mysql_proxy::server (
+  $db_host,
+  $db_port='3306',
+  $lua_script = '/usr/share/mysql-proxy/rw-splitting.lua',
+  $admin_username = 'admin',
+  $admin_pass,
+) {
+
+  file { '/etc/mysql-proxy/mysql-proxy.conf':
+    ensure   => file,
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0600',
+    content  => template("mysql_proxy/mysql-proxy.conf.erb"),
+    require  => File['/etc/mysql-proxy']
+  }
+
+  service{ 'mysql-proxy':
+    ensure => running,
+    subscribe => [
+      Package['mysql-proxy'],
+      File['/etc/mysql-proxy/mysql-proxy.conf'],
+    ],
+  }
+}

modules/mysql_proxy/templates/mysql-proxy.conf.erb

@@ -0,0 +1,8 @@
+[mysql-proxy]
+log-file = /var/log/mysql-proxy.log
+log-level = message
+proxy-read-only-backend-addresses = <%= @db_host %>:<%= @db_port %>
+proxy-lua-script = <%= @lua_script %>
+admin-username = <%= @admin_username %>
+admin-password = <%= @admin_pass %>
+admin-lua-script = /usr/share/mysql-proxy/admin.lua

modules/openstack_project/manifests/logstash.pp

@@ -22,12 +22,13 @@ class openstack_project::logstash (
   $sysadmins = [],
   $subunit2sql_db_host,
   $subunit2sql_db_pass,
+  $mysql_proxy_admin_pass,
 ) {
   $iptables_es_rule = regsubst ($elasticsearch_nodes, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 9200:9400 -s \1 -j ACCEPT')
   $iptables_gm_rule = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
   $iptables_rule = flatten([$iptables_es_rule, $iptables_gm_rule])
   class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80],
+    iptables_public_tcp_ports => [22, 80, 4040],
     iptables_rules6           => $iptables_rule,
     iptables_rules4           => $iptables_rule,
     sysadmins                 => $sysadmins,
@@ -52,4 +53,12 @@ class openstack_project::logstash (
     db_host => $subunit2sql_db_host,
     db_pass => $subunit2sql_db_pass,
   }
+
+  include 'mysql_proxy'
+
+  class { 'mysql_proxy::server':
+    db_host            => $subunit2sql_db_host,
+    admin_username     => 'admin',
+    admin_pass         => $mysql_proxy_admin_pass,
+  }
 }