From 3048970324e74c6881879ddc7737a988657c03f2 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Fri, 1 Jun 2018 18:15:17 +0100
Subject: [PATCH] Move database creation into role

There is no record for why we implement the database creation outside
of the role in the playbook, when we could do it inside the role.

Implementing it inside the role allows us to reduce the quantity of
group_vars duplicated from the role, and allows us to better document
the required variables in the role. The delegation can still be done
as it is done in the playbook too.

In this patch we implement a new variable called 'nova_db_setup_host'
which is used in the role to allow delegation of the database setup
task to any host, but defaults to the first member of the galera_all
host group. We also document the variable nova_galera_address which
has been used for a long time, but never documented.

Change-Id: I7f977b2c24dcd20a4a7e8d32c13fb6c66127ce9c
---
 defaults/main.yml       |  3 +++
 examples/playbook.yml   |  8 ++++--
 tasks/nova_db_setup.yml | 54 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index efc43de0..deda5c1a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -77,6 +77,8 @@ nova_lock_path: "/var/lock/nova"
 # nova_system_group_gid = <GID>
 
 ## Database info
+nova_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
+nova_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 nova_galera_user: nova
 nova_galera_database: nova
 nova_db_max_overflow: 10
@@ -88,6 +90,7 @@ nova_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 nova_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
 
 ## DB API
+nova_api_galera_address: "{{ nova_galera_address }}"
 nova_api_galera_user: nova_api
 nova_api_galera_database: nova_api
 nova_api_db_max_overflow: 10
diff --git a/examples/playbook.yml b/examples/playbook.yml
index 90346659..03defba9 100644
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@@ -1,9 +1,13 @@
 .. code-block:: yaml
 
-    - name: Installation and setup of Neutron
-      hosts: neutron_all
+    - name: Installation and setup of Nova
+      hosts: nova_all
       user: root
       roles:
         - { role: "os_neutron", tags: [ "os-neutron" ] }
       vars:
         neutron_galera_address: "{{ internal_lb_vip_address }}"
+        galera_root_user: root
+      vars_prompt:
+        - name: "galera_root_password"
+          prompt: "What is galera_root_password?"
diff --git a/tasks/nova_db_setup.yml b/tasks/nova_db_setup.yml
index defa0cf3..003c0ea8 100644
--- a/tasks/nova_db_setup.yml
+++ b/tasks/nova_db_setup.yml
@@ -13,6 +13,60 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ nova_galera_address }}"
+    name: "{{ item }}"
+    state: "present"
+  delegate_to: "{{ nova_db_setup_host }}"
+  no_log: True
+  with_items:
+    - "{{ nova_galera_database }}"
+    - "{{ nova_api_galera_database }}"
+
+- name: Grant access to DB's for the services
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ nova_galera_address }}"
+    name: "{{ item['name'] }}"
+    password: "{{ item['password'] }}"
+    host: "{{ item['host'] }}"
+    state: "present"
+    priv: "{{ item['database'] }}.*:ALL"
+    append_privs: "{{ db_append_privs | default(omit) }}"
+  delegate_to: "{{ nova_db_setup_host }}"
+  with_items:
+    - name: "nova_galera_user"
+      password: "nova_container_mysql_password"
+      host: "localhost"
+      database: "nova_galera_database"
+    - name: "nova_galera_user"
+      password: "nova_container_mysql_password"
+      host: "%"
+      database: "nova_galera_database"
+    - name: "nova_api_galera_user"
+      password: "nova_api_container_mysql_password"
+      host: "localhost"
+      database: "nova_api_galera_database"
+    - name: "nova_api_galera_user"
+      password: "nova_api_container_mysql_password"
+      host: "%"
+      database: "nova_api_galera_database"
+    - name: "nova_api_galera_user"
+      password: "nova_api_container_mysql_password"
+      host: "localhost"
+      database: "nova_cell0_database"
+      db_append_privs: "yes"
+    - name: "nova_api_galera_user"
+      password: "nova_api_container_mysql_password"
+      host: "%"
+      database: "nova_cell0_database"
+      db_append_privs: "yes"
+  no_log: True
+
 - name: Synchronize the nova API DB schema
   command: "{{ nova_bin }}/nova-manage api_db sync"
   become: yes