Puppet Class: profile::openstack::base::pdns::auth::db

Defined in:
modules/profile/manifests/openstack/base/pdns/auth/db.pp

Overview

Parameters:

  • designate_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('profile::openstack::base::designate_hosts'))
  • pdns_db_pass (Any) (defaults to: hiera('profile::openstack::base::pdns:db_pass'))
  • pdns_admin_db_pass (Any) (defaults to: hiera('profile::openstack::base::pdns::db_admin_pass'))
  • mysql_root_clients (Array[String]) (defaults to: hiera('mysql_root_clients', []))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'modules/profile/manifests/openstack/base/pdns/auth/db.pp', line 1

class profile::openstack::base::pdns::auth::db(
    Array[Stdlib::Fqdn] $designate_hosts = lookup('profile::openstack::base::designate_hosts'),
    $pdns_db_pass = hiera('profile::openstack::base::pdns:db_pass'),
    $pdns_admin_db_pass = hiera('profile::openstack::base::pdns::db_admin_pass'),
    Array[String] $mysql_root_clients = hiera('mysql_root_clients', []),
    ) {

    $designate_host_ips = $designate_hosts.map |$host| { ipresolve($host, 4) }

    # install mysql locally on all dns servers
    include ::profile::mariadb::monitor::dba
    # for DBA admin root purposes
    $mysql_root_clients_str = join($mysql_root_clients, ' ')
    ferm::rule { 'mariadb_dba':
        rule => "saddr (${mysql_root_clients_str}) proto tcp dport (3306) ACCEPT;",
    }

    # Note:  This will install mariadb but won't set up the
    #  pdns database.  Manual steps are:
    #
    #  $ /opt/wmf/mariadb/scripts/mysql_install_db
    #  Then export the 'pdns' db from a working labservices host and import
    #  Then, run 'designate-manage powerdns sync' for the new host
    #
    #  The by-hand bootstrap instructions can be found at
    #   https://computingforgeeks.com/install-powerdns-and-powerdns-admin-on-ubuntu-18-04-debian-9-mariadb-backend/
    #

    # this override/split should probably go elsewhere, but hey
    if $::lsbdistcodename == 'buster' {
        $mariadb_pkg = 'wmf-mariadb104'
        $mysql_client_pkg = 'default-mysql-client'
    } elsif $::lsbdistcodename == 'stretch' {
        $mariadb_pkg = 'wmf-mariadb101'
        $mysql_client_pkg = 'mysql-client'
    } else {
        $mariadb_pkg = 'wmf-mariadb10'
        $mysql_client_pkg = 'mysql-client'
    }

    package { $mysql_client_pkg:
        ensure => present,
    }

    class { 'mariadb::packages_wmf':
        package => $mariadb_pkg,
    }

    class { 'mariadb::service':
        ensure  => 'running',
        package => $mariadb_pkg,
        manage  => true,
        enable  => true,
    }

    class { 'mariadb::config':
        config    => 'role/mariadb/mysqld_config/dns.my.cnf.erb',
        datadir   => '/srv/sqldata',
        tmpdir    => '/srv/tmp',
        read_only => 'off',
        basedir   => "/opt/${mariadb_pkg}",
    }

    file { '/etc/mysql/production-grants-dns.sql':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0400',
        content => template('role/mariadb/grants/dns.sql.erb'),
    }

    # Allow mysql access from the designate host so it can send domain updates.
    ferm::service { 'mysql_designate':
        proto  => 'tcp',
        port   => '3306',
        srange => "(@resolve((${join($designate_hosts,' ')}))
                   @resolve((${join($designate_hosts,' ')}), AAAA))"
    }
}