diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index eb1d6e436c..679a951e6c 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -733,3 +733,15 @@ xenserver_username: "root" xenserver_connect_protocol: "https" # File used to save XenAPI's facts variables formatted as json. xenapi_facts_file: "/etc/kolla/xenapi.json" + +############################################# +# MariaDB component-specific database details +############################################# +# Whether to configure haproxy to load balance +# the external MariaDB server(s) +enable_external_mariadb_load_balancer: "no" +# Whether to use pre-configured databases / users +use_preconfigured_databases: "no" +# whether to use a common, preconfigured user +# for all component databases +use_common_mariadb_user: "no" diff --git a/ansible/roles/aodh/defaults/main.yml b/ansible/roles/aodh/defaults/main.yml index cc16b2ab72..b1646e28b1 100644 --- a/ansible/roles/aodh/defaults/main.yml +++ b/ansible/roles/aodh/defaults/main.yml @@ -45,7 +45,7 @@ aodh_services: # Database #################### aodh_database_name: "aodh" -aodh_database_user: "aodh" +aodh_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}aodh{% endif %}" aodh_database_address: "{{ database_address }}:{{ database_port }}" #################### diff --git a/ansible/roles/aodh/tasks/bootstrap.yml b/ansible/roles/aodh/tasks/bootstrap.yml index c743a3a459..c4d38ef409 100644 --- a/ansible/roles/aodh/tasks/bootstrap.yml +++ b/ansible/roles/aodh/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['aodh-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating aodh database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['aodh-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index b16d4fc311..e256fa9185 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -14,7 +14,6 @@ host = {{ api_interface_address }} [database] connection = mysql+pymysql://{{ aodh_database_user }}:{{ aodh_database_password }}@{{ aodh_database_address }}/{{ aodh_database_name }} - [keystone_authtoken] memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} diff --git a/ansible/roles/barbican/defaults/main.yml b/ansible/roles/barbican/defaults/main.yml index d235d32ae1..199303f052 100644 --- a/ansible/roles/barbican/defaults/main.yml +++ b/ansible/roles/barbican/defaults/main.yml @@ -35,7 +35,7 @@ barbican_services: # Database #################### barbican_database_name: "barbican" -barbican_database_user: "barbican" +barbican_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}barbican{% endif %}" barbican_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/barbican/tasks/bootstrap.yml b/ansible/roles/barbican/tasks/bootstrap.yml index b9ffb8f1d8..adecdf0faf 100644 --- a/ansible/roles/barbican/tasks/bootstrap.yml +++ b/ansible/roles/barbican/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['barbican-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating barbican database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['barbican-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index 2696353483..57302319e9 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -78,7 +78,7 @@ cinder_backup_pool_pgp_num: "{{ ceph_pool_pgp_num }}" # Database #################### cinder_database_name: "cinder" -cinder_database_user: "cinder" +cinder_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}cinder{% endif %}" cinder_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/cinder/tasks/bootstrap.yml b/ansible/roles/cinder/tasks/bootstrap.yml index 7a453a76cc..59f2a0ec15 100644 --- a/ansible/roles/cinder/tasks/bootstrap.yml +++ b/ansible/roles/cinder/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['cinder-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Cinder database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['cinder-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/cloudkitty/defaults/main.yml b/ansible/roles/cloudkitty/defaults/main.yml index 24b1b0e5b1..aa8f3f33da 100644 --- a/ansible/roles/cloudkitty/defaults/main.yml +++ b/ansible/roles/cloudkitty/defaults/main.yml @@ -26,7 +26,7 @@ cloudkitty_services: # Database #################### cloudkitty_database_name: "cloudkitty" -cloudkitty_database_user: "cloudkitty" +cloudkitty_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}cloudkitty{% endif %}" cloudkitty_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/cloudkitty/tasks/bootstrap.yml b/ansible/roles/cloudkitty/tasks/bootstrap.yml index 32e3605a98..14aeeeceb4 100644 --- a/ansible/roles/cloudkitty/tasks/bootstrap.yml +++ b/ansible/roles/cloudkitty/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['cloudkitty-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Cloudkitty database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['cloudkitty-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/congress/defaults/main.yml b/ansible/roles/congress/defaults/main.yml index e0747bca3c..4d2bac2e92 100644 --- a/ansible/roles/congress/defaults/main.yml +++ b/ansible/roles/congress/defaults/main.yml @@ -35,7 +35,7 @@ congress_services: # Database #################### congress_database_name: "congress" -congress_database_user: "congress" +congress_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}congress{% endif %}" congress_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/congress/tasks/bootstrap.yml b/ansible/roles/congress/tasks/bootstrap.yml index 054b688f4e..90de9d8ece 100644 --- a/ansible/roles/congress/tasks/bootstrap.yml +++ b/ansible/roles/congress/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['congress-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating congress database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['congress-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml index 33398b39ad..db8e85021e 100644 --- a/ansible/roles/designate/defaults/main.yml +++ b/ansible/roles/designate/defaults/main.yml @@ -72,11 +72,11 @@ designate_services: # Database #################### designate_database_name: "designate" -designate_database_user: "designate" +designate_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}designate{% endif %}" designate_database_address: "{{ database_address }}:{{ database_port }}" designate_pool_manager_database_name: "designate_pool_manager" -designate_pool_manager_database_user: "designate_pool_manager" +designate_pool_manager_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}designate_pool_manager{% endif %}" designate_pool_manager_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/designate/tasks/bootstrap.yml b/ansible/roles/designate/tasks/bootstrap.yml index cd3934e86a..ec69c45d72 100644 --- a/ansible/roles/designate/tasks/bootstrap.yml +++ b/ansible/roles/designate/tasks/bootstrap.yml @@ -14,6 +14,8 @@ with_items: - "{{ designate_database_name }}" - "{{ designate_pool_manager_database_name }}" + when: + - not use_preconfigured_databases | bool - name: Creating Designate databases user and setting permissions kolla_toolbox: @@ -37,6 +39,8 @@ - database_name: "{{ designate_pool_manager_database_name }}" database_user: "{{ designate_pool_manager_database_user }}" database_password: "{{ designate_pool_manager_database_password }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/freezer/defaults/main.yml b/ansible/roles/freezer/defaults/main.yml index 002af65d8e..157ecb91c2 100644 --- a/ansible/roles/freezer/defaults/main.yml +++ b/ansible/roles/freezer/defaults/main.yml @@ -18,7 +18,7 @@ freezer_services: # Database #################### freezer_database_name: "freezer" -freezer_database_user: "freezer" +freezer_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}freezer{% endif %}" freezer_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index 4fa18ec816..af772b5fda 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -43,7 +43,7 @@ glance_pool_pgp_num: "{{ ceph_pool_pgp_num }}" # Database #################### glance_database_name: "glance" -glance_database_user: "glance" +glance_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}glance{% endif %}" glance_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/glance/tasks/bootstrap.yml b/ansible/roles/glance/tasks/bootstrap.yml index 73dc2fe62a..2ec00fc28e 100644 --- a/ansible/roles/glance/tasks/bootstrap.yml +++ b/ansible/roles/glance/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['glance-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Glance database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['glance-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/gnocchi/defaults/main.yml b/ansible/roles/gnocchi/defaults/main.yml index 02d83b1c87..6fd320c461 100644 --- a/ansible/roles/gnocchi/defaults/main.yml +++ b/ansible/roles/gnocchi/defaults/main.yml @@ -53,7 +53,7 @@ gnocchi_pool_pgp_num: "{{ ceph_pool_pgp_num }}" # Database #################### gnocchi_database_name: "gnocchi" -gnocchi_database_user: "gnocchi" +gnocchi_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}gnocchi{% endif %}" gnocchi_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/gnocchi/tasks/bootstrap.yml b/ansible/roles/gnocchi/tasks/bootstrap.yml index 8dcf250225..e8292f56e4 100644 --- a/ansible/roles/gnocchi/tasks/bootstrap.yml +++ b/ansible/roles/gnocchi/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['gnocchi-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating gnocchi database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['gnocchi-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 index 1f7d6b6e2f..40955035be 100644 --- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 @@ -35,7 +35,6 @@ workers = {{ openstack_service_workers }} [indexer] url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }} - [keystone_authtoken] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 project_domain_id = {{ default_project_domain_id }} diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml index 4826612940..1ece342728 100644 --- a/ansible/roles/grafana/defaults/main.yml +++ b/ansible/roles/grafana/defaults/main.yml @@ -17,7 +17,7 @@ grafana_services: # Database #################### grafana_database_name: "grafana" -grafana_database_user: "grafana" +grafana_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}grafana{% endif %}" grafana_database_address: "{{ database_address }}:{{ database_port }}" #################### diff --git a/ansible/roles/grafana/tasks/bootstrap.yml b/ansible/roles/grafana/tasks/bootstrap.yml index 2f744080ef..97727dab7f 100644 --- a/ansible/roles/grafana/tasks/bootstrap.yml +++ b/ansible/roles/grafana/tasks/bootstrap.yml @@ -10,6 +10,8 @@ name: "{{ grafana_database_name }}" run_once: True delegate_to: "{{ groups['grafana'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating grafana database user and setting permissions kolla_toolbox: @@ -26,3 +28,5 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['grafana'][0] }}" + when: + - not use_preconfigured_databases | bool diff --git a/ansible/roles/haproxy/handlers/main.yml b/ansible/roles/haproxy/handlers/main.yml index 22cd1fa075..d81ab5d315 100644 --- a/ansible/roles/haproxy/handlers/main.yml +++ b/ansible/roles/haproxy/handlers/main.yml @@ -60,3 +60,6 @@ wait_for: host: "{{ kolla_internal_vip_address }}" port: "{{ database_port }}" + when: + - enable_mariadb | bool + or enable_external_mariadb_load_balancer | bool diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 24a08f78d9..ee59d67b16 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -880,18 +880,24 @@ defaults timeout server {{ haproxy_server_timeout }} timeout check 10s -{% if enable_mariadb | bool %} +{% if enable_mariadb | bool or enable_external_mariadb_load_balancer | bool %} listen mariadb mode tcp timeout client 3600s timeout server 3600s option tcplog option tcpka +{% if not enable_external_mariadb_load_balancer | bool %} option mysql-check user haproxy post-41 +{% endif %} bind {{ kolla_internal_vip_address }}:{{ mariadb_port }} {% for host in groups['mariadb'] %} - server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %} +{% if not enable_external_mariadb_load_balancer | bool %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %} +{% else %} + server {{ host }} {{ host }}:{{ mariadb_port }} check inter 2000 rise 2 fall 5 {% if not loop.first %}backup{% endif %} +{% endif %} {% endfor %} {% endif %} diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index 315fe2a10b..d82363d2c5 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -37,7 +37,7 @@ heat_services: # Database #################### heat_database_name: "heat" -heat_database_user: "heat" +heat_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}heat{% endif %}" heat_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/heat/tasks/bootstrap.yml b/ansible/roles/heat/tasks/bootstrap.yml index 1f2daba39d..f47b4305e0 100644 --- a/ansible/roles/heat/tasks/bootstrap.yml +++ b/ansible/roles/heat/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['heat-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Heat database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['heat-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/horizon/defaults/main.yml b/ansible/roles/horizon/defaults/main.yml index e3a6b03b6d..58a2894043 100644 --- a/ansible/roles/horizon/defaults/main.yml +++ b/ansible/roles/horizon/defaults/main.yml @@ -45,7 +45,7 @@ horizon_keystone_domain_choices: # Database #################### horizon_database_name: "horizon" -horizon_database_user: "horizon" +horizon_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}horizon{% endif %}" horizon_database_address: "{{ database_address }}:{{ database_port }}" #################### diff --git a/ansible/roles/horizon/tasks/bootstrap.yml b/ansible/roles/horizon/tasks/bootstrap.yml index 05142ae646..5de5496ec2 100644 --- a/ansible/roles/horizon/tasks/bootstrap.yml +++ b/ansible/roles/horizon/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['horizon'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Horizon database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['horizon'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 3aae604132..2240f06a07 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -5,11 +5,11 @@ project_name: "ironic" # Database #################### ironic_database_name: "ironic" -ironic_database_user: "ironic" +ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}" ironic_database_address: "{{ database_address }}:{{ database_port }}" ironic_inspector_database_name: "ironic_inspector" -ironic_inspector_database_user: "ironic_inspector" +ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}" ironic_inspector_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/ironic/tasks/bootstrap.yml b/ansible/roles/ironic/tasks/bootstrap.yml index 5ad3ebf5e7..17d85f8aaf 100644 --- a/ansible/roles/ironic/tasks/bootstrap.yml +++ b/ansible/roles/ironic/tasks/bootstrap.yml @@ -16,7 +16,9 @@ group: "ironic-api" - database_name: "{{ ironic_inspector_database_name }}" group: "ironic-inspector" - when: inventory_hostname in groups[item.group] + when: + - not use_preconfigured_databases | bool + - inventory_hostname in groups[item.group] - name: Creating Ironic database user and setting permissions kolla_toolbox: @@ -42,7 +44,9 @@ database_user: "{{ ironic_inspector_database_user }}" database_password: "{{ ironic_inspector_database_password }}" group: "ironic-inspector" - when: inventory_hostname in groups[item.group] + when: + - not use_preconfigured_databases | bool + - inventory_hostname in groups[item.group] - include: bootstrap_service.yml when: database.changed diff --git a/ansible/roles/karbor/defaults/main.yml b/ansible/roles/karbor/defaults/main.yml index fe98ff19a0..2be3cc6b4f 100644 --- a/ansible/roles/karbor/defaults/main.yml +++ b/ansible/roles/karbor/defaults/main.yml @@ -35,7 +35,7 @@ karbor_services: # Database #################### karbor_database_name: "karbor" -karbor_database_user: "karbor" +karbor_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}karbor{% endif %}" karbor_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/karbor/tasks/bootstrap.yml b/ansible/roles/karbor/tasks/bootstrap.yml index 9eab028069..f770733746 100644 --- a/ansible/roles/karbor/tasks/bootstrap.yml +++ b/ansible/roles/karbor/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['karbor-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Karbor database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['karbor-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database | changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index fae9122f78..4f55a40b56 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -39,7 +39,7 @@ keystone_services: # Database #################### keystone_database_name: "keystone" -keystone_database_user: "keystone" +keystone_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}keystone{% endif %}" keystone_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/keystone/tasks/bootstrap.yml b/ansible/roles/keystone/tasks/bootstrap.yml index 7401563e27..c4cd3f70c5 100644 --- a/ansible/roles/keystone/tasks/bootstrap.yml +++ b/ansible/roles/keystone/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['keystone'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Keystone database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['keystone'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml index 1c2c0d9d19..faef6b827c 100644 --- a/ansible/roles/magnum/defaults/main.yml +++ b/ansible/roles/magnum/defaults/main.yml @@ -32,7 +32,7 @@ magnum_services: # Database #################### magnum_database_name: "magnum" -magnum_database_user: "magnum" +magnum_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}magnum{% endif %}" magnum_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/magnum/tasks/bootstrap.yml b/ansible/roles/magnum/tasks/bootstrap.yml index aeefb0b9c8..7ae82fdf4f 100644 --- a/ansible/roles/magnum/tasks/bootstrap.yml +++ b/ansible/roles/magnum/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['magnum-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Magnum database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['magnum-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index 989009eac1..0d4a5d876e 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -48,7 +48,7 @@ manila_services: ## Database ##################### manila_database_name: "manila" -manila_database_user: "manila" +manila_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}manila{% endif %}" manila_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/manila/tasks/bootstrap.yml b/ansible/roles/manila/tasks/bootstrap.yml index 38bc70d12f..fb0d3e7452 100644 --- a/ansible/roles/manila/tasks/bootstrap.yml +++ b/ansible/roles/manila/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['manila-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Manila database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['manila-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/mistral/defaults/main.yml b/ansible/roles/mistral/defaults/main.yml index be70331279..7fa09e23f9 100644 --- a/ansible/roles/mistral/defaults/main.yml +++ b/ansible/roles/mistral/defaults/main.yml @@ -35,7 +35,7 @@ mistral_services: # Database #################### mistral_database_name: "mistral" -mistral_database_user: "mistral" +mistral_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}mistral{% endif %}" mistral_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/mistral/tasks/bootstrap.yml b/ansible/roles/mistral/tasks/bootstrap.yml index ddd5c83bba..a53df2f6b3 100644 --- a/ansible/roles/mistral/tasks/bootstrap.yml +++ b/ansible/roles/mistral/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['mistral-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Mistral database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['mistral-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/murano/defaults/main.yml b/ansible/roles/murano/defaults/main.yml index 3f58e5a1c7..72429829d6 100644 --- a/ansible/roles/murano/defaults/main.yml +++ b/ansible/roles/murano/defaults/main.yml @@ -5,7 +5,7 @@ project_name: "murano" # Database #################### murano_database_name: "murano" -murano_database_user: "murano" +murano_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}murano{% endif %}" murano_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/murano/tasks/bootstrap.yml b/ansible/roles/murano/tasks/bootstrap.yml index 8c6e833422..434e50cb21 100644 --- a/ansible/roles/murano/tasks/bootstrap.yml +++ b/ansible/roles/murano/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['murano-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Murano database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['murano-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 2efce3c0d3..1f2d2e0e24 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -168,7 +168,7 @@ neutron_services: # Database #################### neutron_database_name: "neutron" -neutron_database_user: "neutron" +neutron_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}neutron{% endif %}" neutron_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/neutron/tasks/bootstrap.yml b/ansible/roles/neutron/tasks/bootstrap.yml index fde1004a36..16242365d6 100644 --- a/ansible/roles/neutron/tasks/bootstrap.yml +++ b/ansible/roles/neutron/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['neutron-server'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Neutron database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['neutron-server'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 28701c42a4..ebf9404a27 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -157,11 +157,11 @@ nova_hw_disk_discard: "unmap" # Database #################### nova_database_name: "nova" -nova_database_user: "nova" +nova_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova{% endif %}" nova_database_address: "{{ database_address }}:{{ database_port }}" nova_api_database_name: "nova_api" -nova_api_database_user: "nova_api" +nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}" nova_api_database_address: "{{ database_address }}:{{ database_port }}" #################### diff --git a/ansible/roles/nova/tasks/bootstrap.yml b/ansible/roles/nova/tasks/bootstrap.yml index 076ddca3d6..19e768371b 100644 --- a/ansible/roles/nova/tasks/bootstrap.yml +++ b/ansible/roles/nova/tasks/bootstrap.yml @@ -15,6 +15,8 @@ - "{{ nova_database_name }}" - "{{ nova_database_name }}_cell0" - "{{ nova_api_database_name }}" + when: + - not use_preconfigured_databases | bool - name: Creating Nova databases user and setting permissions kolla_toolbox: @@ -42,9 +44,10 @@ database_password: "{{ nova_api_database_password }}" run_once: True delegate_to: "{{ groups['nova-api'][0] }}" + when: database.changed or not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool - include: bootstrap_xenapi.yml when: diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml index 46c06fe605..8ddf478411 100644 --- a/ansible/roles/octavia/defaults/main.yml +++ b/ansible/roles/octavia/defaults/main.yml @@ -44,7 +44,7 @@ octavia_services: # Database #################### octavia_database_name: "octavia" -octavia_database_user: "octavia" +octavia_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}octavia{% endif %}" octavia_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/octavia/tasks/bootstrap.yml b/ansible/roles/octavia/tasks/bootstrap.yml index 23c609c2f3..26a94c674b 100644 --- a/ansible/roles/octavia/tasks/bootstrap.yml +++ b/ansible/roles/octavia/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['octavia-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Octavia database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['octavia-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/panko/defaults/main.yml b/ansible/roles/panko/defaults/main.yml index 87ce0f6960..ce22d3a369 100644 --- a/ansible/roles/panko/defaults/main.yml +++ b/ansible/roles/panko/defaults/main.yml @@ -17,7 +17,7 @@ panko_services: # Database #################### panko_database_name: "panko" -panko_database_user: "panko" +panko_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}panko{% endif %}" panko_database_port: "{{ mongodb_port if panko_database_type == 'mongodb' else database_port }}" panko_database_mongodb_address: "{% for host in groups['mongodb'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ panko_database_port }}{% if not loop.last %},{% endif %}{% endfor %}" panko_database_mysql_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/panko/tasks/bootstrap.yml b/ansible/roles/panko/tasks/bootstrap.yml index 71d3d156ba..fdfc5b16de 100644 --- a/ansible/roles/panko/tasks/bootstrap.yml +++ b/ansible/roles/panko/tasks/bootstrap.yml @@ -22,6 +22,7 @@ run_once: True delegate_to: "{{ groups['panko-api'][0] }}" when: + - not use_preconfigured_databases | bool - panko_database_type == "mysql" - name: Creating Panko mysql database user and setting permissions @@ -40,8 +41,10 @@ run_once: True delegate_to: "{{ groups['panko-api'][0] }}" when: + - not use_preconfigured_databases | bool - panko_database_type == "mysql" - include: bootstrap_service.yml when: (panko_database_type == "mongodb" and mongodb_panko_database.changed) or (panko_database_type == "mysql" and mysql_panko_database.changed) + or use_preconfigured_databases | bool diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2 index 56a315cb3d..05034db1bb 100644 --- a/ansible/roles/panko/templates/panko.conf.j2 +++ b/ansible/roles/panko/templates/panko.conf.j2 @@ -16,7 +16,6 @@ event_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_p metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_database_password }}@{{ panko_database_mysql_address }}:{{ panko_database_port }}/{{ panko_database_name }} {% endif %} - [keystone_authtoken] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} project_domain_name = {{ default_project_domain_name }} diff --git a/ansible/roles/prechecks/tasks/database_checks.yml b/ansible/roles/prechecks/tasks/database_checks.yml new file mode 100644 index 0000000000..883a462b8c --- /dev/null +++ b/ansible/roles/prechecks/tasks/database_checks.yml @@ -0,0 +1,20 @@ +--- +- name: "Check if external mariadb hosts are reachable from the load balancer" + wait_for: + msg: "The {{ item }} host is not accessible from {{ inventory_hostname }}" + host: "{{ item }}" + port: "{{ database_port }}" + with_items: "{{ groups['mariadb'] }}" + when: + - not enable_mariadb | bool + - enable_external_mariadb_load_balancer | bool + - inventory_hostname in groups['haproxy'] + +- name: "Check if external database address is reachable from all hosts" + wait_for: + msg: "The {{ database_address }} host is not accessible from {{ inventory_hostname }}" + host: "{{ database_address }}" + port: "{{ database_port }}" + when: + - not enable_mariadb | bool + - not enable_external_mariadb_load_balancer | bool diff --git a/ansible/roles/prechecks/tasks/main.yml b/ansible/roles/prechecks/tasks/main.yml index 8065afb7ff..ae2fbd1808 100644 --- a/ansible/roles/prechecks/tasks/main.yml +++ b/ansible/roles/prechecks/tasks/main.yml @@ -11,3 +11,5 @@ - include: package_checks.yml - include: user_checks.yml + +- include: database_checks.yml diff --git a/ansible/roles/rally/defaults/main.yml b/ansible/roles/rally/defaults/main.yml index f3bf0d4a11..c6227150f8 100644 --- a/ansible/roles/rally/defaults/main.yml +++ b/ansible/roles/rally/defaults/main.yml @@ -25,5 +25,5 @@ rally_image_full: "{{ rally_image }}:{{ rally_tag }}" # Database #################### rally_database_name: "rally" -rally_database_user: "rally" +rally_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}rally{% endif %}" rally_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/rally/tasks/bootstrap.yml b/ansible/roles/rally/tasks/bootstrap.yml index 691f75ec7d..d75360c33b 100644 --- a/ansible/roles/rally/tasks/bootstrap.yml +++ b/ansible/roles/rally/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['rally'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating rally database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['rally'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/sahara/defaults/main.yml b/ansible/roles/sahara/defaults/main.yml index 5bf9dcc974..929f9fc36a 100644 --- a/ansible/roles/sahara/defaults/main.yml +++ b/ansible/roles/sahara/defaults/main.yml @@ -30,7 +30,7 @@ sahara_services: # Database #################### sahara_database_name: "sahara" -sahara_database_user: "sahara" +sahara_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}sahara{% endif %}" sahara_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/sahara/tasks/bootstrap.yml b/ansible/roles/sahara/tasks/bootstrap.yml index 09206f435a..d82ae2ec6e 100644 --- a/ansible/roles/sahara/tasks/bootstrap.yml +++ b/ansible/roles/sahara/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['sahara-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating sahara database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['sahara-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/senlin/defaults/main.yml b/ansible/roles/senlin/defaults/main.yml index 0c27dafd41..65ebf3b7e1 100644 --- a/ansible/roles/senlin/defaults/main.yml +++ b/ansible/roles/senlin/defaults/main.yml @@ -25,7 +25,7 @@ senlin_services: # Database #################### senlin_database_name: "senlin" -senlin_database_user: "senlin" +senlin_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}senlin{% endif %}" senlin_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/senlin/tasks/bootstrap.yml b/ansible/roles/senlin/tasks/bootstrap.yml index f9a44bda7e..cece215d46 100644 --- a/ansible/roles/senlin/tasks/bootstrap.yml +++ b/ansible/roles/senlin/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['senlin-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Senlin database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['senlin-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/solum/defaults/main.yml b/ansible/roles/solum/defaults/main.yml index e720d4d1e3..434d03bfca 100644 --- a/ansible/roles/solum/defaults/main.yml +++ b/ansible/roles/solum/defaults/main.yml @@ -44,7 +44,7 @@ solum_services: # Database #################### solum_database_name: "solum" -solum_database_user: "solum" +solum_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}solum{% endif %}" solum_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/solum/tasks/bootstrap.yml b/ansible/roles/solum/tasks/bootstrap.yml index 2df4f7c73e..e8975bbdaa 100644 --- a/ansible/roles/solum/tasks/bootstrap.yml +++ b/ansible/roles/solum/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['solum-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Solum database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['solum-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2 index 116cc8332d..ba1fa3c30b 100644 --- a/ansible/roles/solum/templates/solum.conf.j2 +++ b/ansible/roles/solum/templates/solum.conf.j2 @@ -58,4 +58,3 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} - diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml index f12b40157e..833c014958 100644 --- a/ansible/roles/tacker/defaults/main.yml +++ b/ansible/roles/tacker/defaults/main.yml @@ -27,7 +27,7 @@ tacker_services: # Database #################### tacker_database_name: "tacker" -tacker_database_user: "tacker" +tacker_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}tacker{% endif %}" tacker_database_address: "{{ database_address }}:{{ database_port }}" ######## diff --git a/ansible/roles/tacker/tasks/bootstrap.yml b/ansible/roles/tacker/tasks/bootstrap.yml index 2cf830713b..642d791b55 100644 --- a/ansible/roles/tacker/tasks/bootstrap.yml +++ b/ansible/roles/tacker/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['tacker-server'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating tacker database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['tacker-server'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/telegraf/templates/telegraf.conf.j2 b/ansible/roles/telegraf/templates/telegraf.conf.j2 index 9040f95f86..52e67f0ff4 100644 --- a/ansible/roles/telegraf/templates/telegraf.conf.j2 +++ b/ansible/roles/telegraf/templates/telegraf.conf.j2 @@ -74,7 +74,7 @@ username = "{{ outward_rabbitmq_user }}" password = "{{ outward_rabbitmq_password }}" {% endif %} -{% if inventory_hostname in groups['mariadb'] and enable_mariadb | bool %} +{% if inventory_hostname in groups['mariadb'] and (enable_mariadb or enable_external_mariadb_load_balancer) | bool %} [[inputs.mysql]] servers = ["{{ database_user }}:{{ database_password }}@{{ mariadb_proto }}({{ api_interface_address }}:{{ database_port }})/"] perf_events_statements_digest_text_limit = 120 diff --git a/ansible/roles/trove/defaults/main.yml b/ansible/roles/trove/defaults/main.yml index a4fe29b429..0c2ff8959e 100644 --- a/ansible/roles/trove/defaults/main.yml +++ b/ansible/roles/trove/defaults/main.yml @@ -38,7 +38,7 @@ trove_services: # Database #################### trove_database_name: "trove" -trove_database_user: "trove" +trove_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}trove{% endif %}" trove_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/trove/tasks/bootstrap.yml b/ansible/roles/trove/tasks/bootstrap.yml index 9e79da98a8..f88c95b6ff 100644 --- a/ansible/roles/trove/tasks/bootstrap.yml +++ b/ansible/roles/trove/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['trove-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating trove database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['trove-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/vitrage/defaults/main.yml b/ansible/roles/vitrage/defaults/main.yml index 51996e37d6..eb0ba109ad 100644 --- a/ansible/roles/vitrage/defaults/main.yml +++ b/ansible/roles/vitrage/defaults/main.yml @@ -52,8 +52,8 @@ vitrage_services: ## Database ##################### vitrage_database_name: "vitrage" -vitrage_database_user: "vitrage" -vitrage_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" +vitrage_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}vitrage{% endif %}" +vitrage_database_address: "{{ database_address }}:{{ database_port }}" #################### # Docker diff --git a/ansible/roles/vitrage/tasks/bootstrap.yml b/ansible/roles/vitrage/tasks/bootstrap.yml index aa267e1d07..d29120c20e 100644 --- a/ansible/roles/vitrage/tasks/bootstrap.yml +++ b/ansible/roles/vitrage/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['vitrage-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating vitrage database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['vitrage-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/watcher/defaults/main.yml b/ansible/roles/watcher/defaults/main.yml index a59d573fd2..854afe1bae 100644 --- a/ansible/roles/watcher/defaults/main.yml +++ b/ansible/roles/watcher/defaults/main.yml @@ -35,7 +35,7 @@ watcher_services: # Database #################### watcher_database_name: "watcher" -watcher_database_user: "watcher" +watcher_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}watcher{% endif %}" watcher_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/watcher/tasks/bootstrap.yml b/ansible/roles/watcher/tasks/bootstrap.yml index 3060cbe40d..3f80a50239 100644 --- a/ansible/roles/watcher/tasks/bootstrap.yml +++ b/ansible/roles/watcher/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['watcher-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Watcher database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['watcher-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml index 5c962045fa..840a60c4bc 100644 --- a/ansible/roles/zun/defaults/main.yml +++ b/ansible/roles/zun/defaults/main.yml @@ -28,7 +28,7 @@ zun_services: ## Database #################### zun_database_name: "zun" -zun_database_user: "zun" +zun_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}zun{% endif %}" zun_database_address: "{{ database_address }}:{{ database_port }}" diff --git a/ansible/roles/zun/tasks/bootstrap.yml b/ansible/roles/zun/tasks/bootstrap.yml index 98d0799b38..1c727c7149 100644 --- a/ansible/roles/zun/tasks/bootstrap.yml +++ b/ansible/roles/zun/tasks/bootstrap.yml @@ -11,6 +11,8 @@ register: database run_once: True delegate_to: "{{ groups['zun-api'][0] }}" + when: + - not use_preconfigured_databases | bool - name: Creating Zun database user and setting permissions kolla_toolbox: @@ -27,6 +29,8 @@ append_privs: "yes" run_once: True delegate_to: "{{ groups['zun-api'][0] }}" + when: + - not use_preconfigured_databases | bool - include: bootstrap_service.yml - when: database.changed + when: database.changed or use_preconfigured_databases | bool diff --git a/doc/source/reference/external-mariadb-guide.rst b/doc/source/reference/external-mariadb-guide.rst new file mode 100644 index 0000000000..cd812148a8 --- /dev/null +++ b/doc/source/reference/external-mariadb-guide.rst @@ -0,0 +1,211 @@ +.. _external-mariadb-guide: + +================ +External MariaDB +================ + +Sometimes, for various reasons (Redundancy, organisational policies, etc.), +it might be necessary to use an externally managed database. +This use case can be achieved by simply taking some extra steps: + +Requirements +============ + +* An existing MariaDB cluster / server, reachable from all of your + nodes. +* If you choose to use preconfigured databases and users + (**use_preconfigured_databases** is set to "yes"), databases and + user accounts for all enabled services should exist on the + database. +* If you choose not to use preconfigured databases and users + (**use_preconfigured_databases** is set to "no"), root access to + the database must be available in order to configure databases and + user accounts for all enabled services. + +Enabling External MariaDB support +================================= + +In order to enable external mariadb support, +you will first need to disable mariadb deployment, +by ensuring the following line exists within ``/etc/kolla/globals.yml`` : + +.. code-block:: yaml + + enable_mariadb: "no" + +.. end + +There are two ways in which you can use +external MariaDB: + +Using an already load-balanced MariaDB address (recommended) +------------------------------------------------------------ + +If your external database already has a +load balancer, you will need to do the following: + +* Within your inventory file, just add the hostname + of the load balancer within the mariadb group, + described as below: + +Change the following + +.. code-block:: ini + + [mariadb:children] + control + +.. end + +so that it looks like below: + +.. code-block:: ini + + [mariadb] + myexternalmariadbloadbalancer.com + +.. end + +* Define **database_address** within ``/etc/kolla/globals.yml`` + +.. code-block:: yaml + + database_address: myexternalloadbalancer.com + +.. end + +Please note that if **enable_external_mariadb_load_balancer** is +set to "no" - **default**, the external DB load balancer will need to be +accessible from all nodes within your deployment, which might +connect to it. + +Using an external MariaDB cluster: +---------------------------------- + +Then, you will need to adjust your inventory file: + +Change the following + +.. code-block:: ini + + [mariadb:children] + control + +.. end + +so that it looks like below: + +.. code-block:: ini + + [mariadb] + myexternaldbserver1.com + myexternaldbserver2.com + myexternaldbserver3.com + +.. end + +If you choose to use haproxy for load balancing between the +members of the cluster, every node within this group +needs to be resolvable and reachable and resolvable from all +the hosts within the **[haproxy:children]** group +of your inventory (defaults to **[network]**). + +In addition to that, you also need to set the following within +``/etc/kolla/globals.yml``: + +.. code-block:: yaml + + enable_external_mariadb_load_balancer: yes + +.. end + +Using External MariaDB with a privileged user +============================================= + +In case your MariaDB user is root, just leave +everything as it is within globals.yml (Except the +internal mariadb deployment, which should be disabled), +and set the **database_password** field within +``/etc/kolla/passwords.yml`` + +.. code-block:: yaml + + database_password: mySuperSecurePassword + +.. end + +In case your username is other than **root**, you will +need to also set it, within ``/etc/kolla/globals.yml`` + +.. code-block:: yaml + + database_username: "privillegeduser" + +.. end + +Using preconfigured databases / users: +====================================== + +The first step you need to take is the following: + +Within ``/etc/kolla/globals.yml``, set the following: + +.. code-block:: yaml + + use_preconfigured_databases: "yes" + +.. end + +Using External MariaDB with separated, preconfigured users and databases +------------------------------------------------------------------------ + +In order to achieve this, you will need to define the user names within +``/etc/kolla/globals.yml``, as illustrated by the example below: + + +.. code-block:: yaml + + keystone_database_user: preconfigureduser1 + nova_database_user: preconfigureduser2 + +.. end + +You will need to also set the passwords for all databases within +``/etc/kolla/passwords.yml`` + + +However, fortunately, using a common user across +all databases is also possible. + + +Using External MariaDB with a common user across databases +---------------------------------------------------------- + +In order to use a common, preconfigured user across all databases, +all you need to do is the following: + +* Within ``/etc/kolla/globals.yml``, add the following: + +.. code-block:: yaml + + use_common_mariadb_user: "yes" + +.. end + +* Set the database_user within ``/etc/kolla/globals.yml`` to + the one provided to you: + +.. code-block:: yaml + + database_user: mycommondatabaseuser + +.. end + +* Set the common password for all components within ``/etc/kolla/passwords.yml```. + In order to achieve that you could use the following command: + +.. code-block:: console + + sed -i -r -e 's/([a-z_]{0,}database_password:+)$/\1 mycommonpass/gi' /etc/kolla/passwords.yml + +.. end diff --git a/doc/source/reference/index.rst b/doc/source/reference/index.rst index aa819df04b..7c9dbaa5bd 100644 --- a/doc/source/reference/index.rst +++ b/doc/source/reference/index.rst @@ -7,6 +7,7 @@ Reference ceph-guide central-logging-guide external-ceph-guide + external-mariadb-guide cinder-guide cinder-guide-hnas designate-guide diff --git a/releasenotes/notes/external-mariadb-support-131440d3c984dd67.yaml b/releasenotes/notes/external-mariadb-support-131440d3c984dd67.yaml new file mode 100644 index 0000000000..fe3f8dcf4e --- /dev/null +++ b/releasenotes/notes/external-mariadb-support-131440d3c984dd67.yaml @@ -0,0 +1,8 @@ +--- +features: + - > + [`blueprint external-mariadb-support `_] + Added External MariaDB server/cluster support + - Added enable_external_mariadb_load_balancer flag + - Added use_preconfigured_databases flag in order to add support for previously created databases / users + - Added use_common_mariadb_user in order to allow the use of a common database user across all databases