{"heat_template_version": "wallaby", "description": "MySQL service deployment using puppet\n", "parameters": {"ServiceData": {"default": {}, "description": "Dictionary packing service data", "type": "json"}, "ServiceNetMap": {"default": {}, "description": "Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults.", "type": "json"}, "RoleName": {"default": "", "description": "Role name on which the service is applied", "type": "string"}, "RoleParameters": {"default": {}, "description": "Parameters specific to the role", "type": "json"}, "EndpointMap": {"default": {}, "description": "Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.", "type": "json"}, "MysqlMaxConnections": {"description": "Configures MySQL max_connections config setting", "type": "number", "default": 4096}, "MysqlIncreaseFileLimit": {"description": "Flag to increase MySQL open-files-limit to 16384", "type": "boolean", "default": true}, "MysqlRootPassword": {"type": "string", "hidden": true, "default": ""}, "MysqlClustercheckPassword": {"type": "string", "hidden": true}, "EnableGalera": {"default": true, "description": "Whether to use Galera instead of regular MariaDB.", "type": "boolean"}, "EnableInternalTLS": {"type": "boolean", "default": false}, "EnableMysqlAuthEd25519": {"type": "boolean", "description": "Whether to configure MySQL users to connect to the server using the Ed25519-based client authentication.", "default": false}, "MysqlIPv6": {"default": false, "description": "Enable IPv6 in MySQL", "type": "boolean"}, "MysqlInnodbBufferPoolSize": {"type": "string", "description": "Buffer pool size for MySQL database; this needs to be larger for at-scale deployments", "default": "1G"}, "CertificateKeySize": {"type": "string", "default": "2048", "description": "Specifies the private key size used when creating the certificate."}, "MysqlCertificateKeySize": {"type": "string", "default": "", "description": "Override the private key size used when creating the certificate for this service"}}, "parameter_groups": [{"label": "deprecated", "description": "The following parameters are deprecated and will be removed. They should not\nbe relied on for new deployments. If you have concerns regarding deprecated\nparameters, please contact the TripleO development team on IRC or the\nOpenStack mailing list.\n", "parameters": ["MysqlIPv6"]}], "conditions": {"is_ipv6": {"equals": [{"get_param": ["ServiceData", "net_ip_version_map", {"get_param": ["ServiceNetMap", "MysqlNetwork"]}]}, 6]}, "innodb_buffer_pool_set": {"not": {"equals": [{"get_param": "MysqlInnodbBufferPoolSize"}, ""]}}, "key_size_override_set": {"not": {"equals": [{"get_param": "MysqlCertificateKeySize"}, ""]}}}, "outputs": {"container_config_scripts": {"description": "Shared docker config scripts", "value": {"mysql_upgrade_db.sh": {"mode": "0755", "content": {"get_file": "file:///usr/share/openstack-tripleo-heat-templates/container_config_scripts/mysql_upgrade_db.sh"}}}}, "mysql_drop_unused_users": {"description": "Ansible block to clean up unusued Openstack DB users", "value": [{"name": "Drop unused OpenStack DB users", "when": ["step|int == 1", "mysql_short_bootstrap_node_name|lower == ansible_facts['hostname']|lower"], "block": [{"name": "mysql container id", "command": "podman ps -q --filter name={{ mysql_container_name }} --filter status=running", "register": "mysql_container_id"}, {"name": "set mysql container id fact", "set_fact": {"mysql_container": "{{ mysql_container_id.stdout }}"}}, {"name": "Mysql script to drop unused DB users", "when": "( mysql_container | length ) > 0", "block": [{"name": "Get the list of all OpenStack DB users", "shell": "jq -r 'to_entries[] | select(.key|endswith(\"::db::mysql::user\")) | .value' /etc/puppet/hieradata/service_configs.json", "register": "openstack_db_users"}, {"name": "List all DB users that match the DB users to be dropped", "shell": "for u in {{ openstack_db_users.stdout_lines | join(' ') }}; do podman exec -u root -it \"{{ mysql_container }}\" mysql -sNe \"select concat('\\`',user,'\\`@\\`',host,'\\`') from mysql.user where user = '$u' and host != '%';\"; done", "register": "mysql_db_users"}, {"name": "resulting DB users to be dropped", "debug": {"msg": "{{ mysql_db_users.stdout_lines }}"}}, {"name": "Drop all unneeded Openstack DB users", "shell": "podman exec -u root -it \"{{ mysql_container }}\" mysql -sNe 'drop user {{ item }};'", "loop": "{{ mysql_db_users.stdout_lines }}"}]}]}]}, "role_data": {"description": "Service MySQL using composable services.", "value": {"service_name": "mysql", "config_settings": {"mysql::server::package_name": "mariadb-galera-server", "mysql::server::manage_config_file": true, "mysql_ipv6": {"if": ["is_ipv6", true, false]}, "mysql_max_connections": {"get_param": "MysqlMaxConnections"}, "mysql::server::root_password": {"get_param": "MysqlRootPassword"}, "mysql_clustercheck_password": {"get_param": "MysqlClustercheckPassword"}, "enable_galera": {"get_param": "EnableGalera"}, "mysql_auth_ed25519": {"get_param": "EnableMysqlAuthEd25519"}, "mysql_bind_host": {"str_replace": {"template": "%{hiera('$NETWORK')}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}, "tripleo::profile::base::database::mysql::bind_address": {"str_replace": {"template": "%{hiera('fqdn_$NETWORK')}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}, "tripleo::profile::base::database::mysql::client_bind_address": {"str_replace": {"template": "%{hiera('$NETWORK')}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}, "tripleo::profile::base::database::mysql::generate_dropin_file_limit": {"get_param": "MysqlIncreaseFileLimit"}, "tripleo::profile::base::database::mysql::certificate_specs": {"if": [{"get_param": "EnableInternalTLS"}, {"service_certificate": "/etc/pki/tls/certs/mysql.crt", "service_key": "/etc/pki/tls/private/mysql.key"}]}, "innodb_buffer_pool_size": {"if": ["innodb_buffer_pool_set", {"get_param": "MysqlInnodbBufferPoolSize"}]}}, "step_config": "include tripleo::profile::base::database::mysql\n", "metadata_settings": {"if": [{"get_param": "EnableInternalTLS"}, [{"service": "mysql", "network": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}, "type": "vip"}, {"service": "mysql", "network": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}, "type": "node"}]]}, "deploy_steps_tasks": [{"name": "Certificate generation", "when": ["step|int == 1", "enable_internal_tls"], "block": [{"include_role": {"name": "linux-system-roles.certificate"}, "vars": {"certificate_requests": [{"name": "mysql", "dns": [{"str_replace": {"template": "{{fqdn_$NETWORK}}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}, {"str_replace": {"template": "{{cloud_names.cloud_name_NETWORK}}", "params": {"NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}], "principal": {"str_replace": {"template": "mysql/{{fqdn_$NETWORK}}@{{idm_realm}}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "MysqlNetwork"]}}}}, "key_size": {"if": ["key_size_override_set", {"get_param": "MysqlCertificateKeySize"}, {"get_param": "CertificateKeySize"}]}, "ca": "ipa"}]}}]}]}}}}