Migrate mysql backend to use openstacklib::db::mysql

Implements: blueprint commmon-openstack-database-resource
Change-Id: I5dc293c1b8033000523fae504f789199599cf447

Author: Colleen Murphy

.fixtures.yml

@@ -5,7 +5,8 @@ fixtures:
     'apt': 'git://github.com/puppetlabs/puppetlabs-apt.git'
     'mysql':
       repo: 'git://github.com/puppetlabs/puppetlabs-mysql.git'
-      ref:  'origin/0.x'
+      ref:  'origin/2.2.x'
+    'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git'
     'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
     'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile'
     'postgresql':

Modulefile

@@ -9,5 +9,5 @@ source       'https://github.com/stackforge/puppet-keystone'
 
 dependency 'puppetlabs/apache', '>=1.0.0 <2.0.0'
 dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0'
-dependency 'puppetlabs/mysql', '>=0.9.0 <3.0.0'
 dependency 'puppetlabs/stdlib', '>= 3.2.0'
+dependency 'stackforge/openstacklib', '>=5.0.0'

README.md

@@ -148,8 +148,6 @@ Limitations
 
 * If you've setup Openstack using previous versions of this module you need to be aware that it used UUID as the dedault to the token_format parameter but now defaults to PKI.  If you're using this module to manage a Grizzly Openstack deployment that was set up using a development release of the modules or are attempting an upgrade from Folsom then you'll need to make sure you set the token_format to UUID at classification time.
 
-* The Keystone Openstack service depends on a sqlalchemy database. If you are using puppetlabs-mysql to achieve this, there is a parameter called mysql_module that can be used to swap between the two supported versions: 0.9 and 2.2. This is needed because the puppetlabs-mysql module was rewritten and the custom type names have changed between versions.
-
 Development
 -----------
 

manifests/db/mysql.pp

@@ -1,5 +1,4 @@
-#
-# implements mysql backend for keystone
+# The keystone::db::mysql class implements mysql backend for keystone
 #
 # This class can be used to create tables, users and grant
 # privelege for a mysql keystone database.
@@ -18,10 +17,7 @@
 #
 # [allowed_hosts] Hosts allowed to use the database
 #
-#   [*mysql_module*]
-#   (optional) The mysql puppet module version to use
-#   Tested versions include 0.9 and 2.2
-#   Default to '0.9'
+# [*mysql_module*] Deprecated. Does nothing.
 #
 # == Dependencies
 #   Class['mysql::server']
@@ -42,52 +38,25 @@
   $host          = '127.0.0.1',
   $charset       = 'utf8',
   $collate       = 'utf8_unicode_ci',
-  $mysql_module  = '0.9',
+  $mysql_module  = undef,
   $allowed_hosts = undef
 ) {
 
-  Class['keystone::db::mysql'] -> Exec<| title == 'keystone-manage db_sync' |>
-  Class['keystone::db::mysql'] -> Service<| title == 'keystone' |>
-  Mysql::Db[$dbname] ~> Exec<| title == 'keystone-manage db_sync' |>
-
-  if ($mysql_module >= 2.2) {
-    mysql::db { $dbname:
-      user     => $user,
-      password => $password,
-      host     => $host,
-      charset  => $charset,
-      collate  => $collate,
-      require  => Class['mysql::server'],
-    }
-  } else {
-    require mysql::python
-
-    mysql::db { $dbname:
-      user     => $user,
-      password => $password,
-      host     => $host,
-      charset  => $charset,
-      require  => Class['mysql::config'],
-    }
+  if $mysql_module {
+    warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
   }
 
-  # Check allowed_hosts to avoid duplicate resource declarations
-  if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] {
-    $real_allowed_hosts = delete($allowed_hosts,$host)
-  } elsif is_string($allowed_hosts) and ($allowed_hosts != $host) {
-    $real_allowed_hosts = $allowed_hosts
-  }
-
-  if $real_allowed_hosts {
-    keystone::db::mysql::host_access { $real_allowed_hosts:
-      user          => $user,
-      password      => $password,
-      database      => $dbname,
-      mysql_module  => $mysql_module,
-    }
-
-    Keystone::Db::Mysql::Host_access[$real_allowed_hosts] -> Exec<| title == 'keystone-manage db_sync' |>
+  validate_string($password)
 
+  ::openstacklib::db::mysql { 'keystone':
+    user          => $user,
+    password_hash => mysql_password($password),
+    dbname        => $dbname,
+    host          => $host,
+    charset       => $charset,
+    collate       => $collate,
+    allowed_hosts => $allowed_hosts,
   }
 
+  ::Openstacklib::Db::Mysql['keystone'] ~> Exec<| title == 'keystone-manage db_sync' |>
 }

manifests/db/mysql/host_access.pp

@@ -9,4 +9,6 @@
     subscribe   => [Package['keystone'], Keystone_config['database/connection']],
     require     => User['keystone'],
   }
+
+  Exec['keystone-manage db_sync'] ~> Service<| title == 'keystone' |>
 }

manifests/db/sync.pp

@@ -166,9 +166,7 @@
 #   Defaults to '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost'
 #
 #   [*mysql_module*]
-#   (optional) The mysql puppet module version to use
-#   Tested versions include 0.9 and 2.2
-#   Default to '0.9'
+#   (optional) Deprecated. Does nothing.
 #
 #   [*validate_service*]
 #   (optional) Whether to validate keystone connections after
@@ -251,7 +249,6 @@
   $signing_keyfile       = '/etc/keystone/ssl/private/signing_key.pem',
   $signing_ca_certs      = '/etc/keystone/ssl/certs/ca.pem',
   $signing_ca_key        = '/etc/keystone/ssl/private/cakey.pem',
-  $mysql_module          = '0.9',
   $rabbit_host           = 'localhost',
   $rabbit_hosts          = false,
   $rabbit_password       = 'guest',
@@ -271,6 +268,7 @@
   $validate_cacert       = undef,
   $service_provider      = $::keystone::params::service_provider,
   # DEPRECATED PARAMETERS
+  $mysql_module          = undef,
   $sql_connection        = undef,
   $idle_timeout          = undef,
 ) {
@@ -279,6 +277,10 @@
     validate_re($catalog_type, 'template|sql')
   }
 
+  if $mysql_module {
+    warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.')
+  }
+
   if $sql_connection {
     warning('The sql_connection parameter is deprecated, use database_connection instead.')
     $database_connection_real = $sql_connection
@@ -417,12 +419,8 @@
   }
 
   if($database_connection_real =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
-    if ($mysql_module >= 2.2) {
-      require 'mysql::bindings'
-      require 'mysql::bindings::python'
-    } else {
-      require 'mysql::python'
-    }
+    require 'mysql::bindings'
+    require 'mysql::bindings::python'
   } elsif($database_connection_real =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
 
   } elsif($database_connection_real =~ /sqlite:\/\//) {

manifests/init.pp

@@ -13,48 +13,22 @@
     { :osfamily => 'Debian' }
   end
 
-  let :param_defaults do
+  let :params do
     {
       'password'      => 'keystone_default_password',
-      'dbname'        => 'keystone',
-      'user'          => 'keystone',
-      'charset'       => 'utf8',
-      'collate'       => 'utf8_unicode_ci',
-      'host'          => '127.0.0.1',
-      'allowed_hosts' => ['127.0.0.%', '192.168.1.%']
     }
   end
 
-  [
-    {},
-    {
-      'password' => 'password',
-      'dbname'   => 'not_keystone',
-      'user'     => 'dan',
-      'host'     => '127.0.0.2',
-      'charset'  => 'utf8'
-    }
-  ].each do |p|
-
-    let :params do
-      p
-    end
-
-    let :param_values do
-      param_defaults.merge(p)
-    end
-
-    it { should contain_class('mysql::python') }
-
-    it { should contain_mysql__db(param_values['dbname']).with(
-      'user'     => param_values['user'],
-      'password' => param_values['password'],
-      'host'     => param_values['host'],
-      'charset'  => param_values['charset'],
-      'require'  => 'Class[Mysql::Config]'
+  describe 'with only required params' do
+    it { should contain_openstacklib__db__mysql('keystone').with(
+      'user'          => 'keystone',
+      'password_hash' => '*B552157B14BCEDDCEAA06767A012F31BDAA9CE3D',
+      'dbname'        => 'keystone',
+      'host'          => '127.0.0.1',
+      'charset'       => 'utf8'
     )}
-
   end
+
   describe "overriding allowed_hosts param to array" do
     let :params do
       {
@@ -63,16 +37,6 @@
       }
     end
 
-    it {should_not contain_keystone__db__mysql__host_access("127.0.0.1").with(
-      :user     => 'keystone',
-      :password => 'keystonepass',
-      :database => 'keystone'
-    )}
-    it {should contain_keystone__db__mysql__host_access("%").with(
-      :user     => 'keystone',
-      :password => 'keystonepass',
-      :database => 'keystone'
-    )}
   end
   describe "overriding allowed_hosts param to string" do
     let :params do
@@ -82,11 +46,6 @@
       }
     end
 
-    it {should contain_keystone__db__mysql__host_access("192.168.1.1").with(
-      :user     => 'keystone',
-      :password => 'keystonepass2',
-      :database => 'keystone'
-    )}
   end
 
   describe "overriding allowed_hosts param equals to host param " do
@@ -97,11 +56,6 @@
       }
     end
 
-    it {should_not contain_keystone__db__mysql__host_access("127.0.0.1").with(
-      :user     => 'keystone',
-      :password => 'keystonepass2',
-      :database => 'keystone'
-    )}
   end
 
 end

spec/classes/keystone_db_mysql_spec.rb

@@ -36,7 +36,6 @@
       'signing_keyfile'       => '/etc/keystone/ssl/private/signing_key.pem',
       'signing_ca_certs'      => '/etc/keystone/ssl/certs/ca.pem',
       'signing_ca_key'        => '/etc/keystone/ssl/private/cakey.pem',
-      'mysql_module'          => '0.9',
       'rabbit_host'           => 'localhost',
       'rabbit_password'       => 'guest',
       'rabbit_userid'         => 'guest',