External DB

packetfence/roles/packetfence_install/README.md

@@ -20,6 +20,7 @@ Role Variables
 | `packetfence_install__deb_sources_dir`         | `/etc/apt/sources.list.d`                                                                      | Directory to store packetfence.list                                     |
 | `packetfence_install__deb_packages`            | `[packetfence]`                                                                                | List of Debian packages to install, `packetfence=8.3` syntax allowed    |
 | `packetfence_install__shell_rc_file`           | `/root/.bashrc`                                                                                | File where to add common PacketFence aliases                            |
+| `packetfence_install__database_host`           | `localhost`                                                                                    | Database host, if external to Packetfence server
 | `packetfence_install__database_db`             | `pf`                                                                                           | Database name                                                           |
 | `packetfence_install__database_root_user`      | `root`                                                                                         | `root` user of DB                                                       |
 | `packetfence_install__database_root_pass`      | `secret`                                                                                       | Default database password for `packetfence_install__database_root_user` |

packetfence/roles/packetfence_install/defaults/main.yml

@@ -31,6 +31,7 @@ packetfence_install__deb_packages:
 packetfence_install__shell_rc_file: /root/.bashrc
 
 ### database
+packetfence_install__database_host: localhost
 packetfence_install__database_db: pf
 packetfence_install__database_root_user: root
 packetfence_install__database_root_pass: secret
@@ -39,12 +40,12 @@ packetfence_install__database_default_user: 'pf'
 packetfence_install__database_users:
   - name: '{{ packetfence_install__database_default_user }}'
     password: "{{ packetfence_install__database_pass }}"
-    priv: "pf.*:SELECT,INSERT,UPDATE,DELETE,LOCK TABLES,EXECUTE,CREATE TEMPORARY TABLES/mysql.proc:SELECT/pf.radius_nas:DROP"
+    priv: "{{ packetfence_install__database_db }}.*:SELECT,INSERT,UPDATE,DELETE,LOCK TABLES,EXECUTE,CREATE TEMPORARY TABLES/mysql.proc:SELECT/{{ packetfence_install__database_db }}.radius_nas:DROP"
     append_privs: no
     host: "localhost"
   - name: '{{ packetfence_install__database_default_user }}'
     password: "{{ packetfence_install__database_pass }}"
-    priv: "pf.*:SELECT,INSERT,UPDATE,DELETE,LOCK TABLES,EXECUTE,CREATE TEMPORARY TABLES/mysql.proc:SELECT/pf.radius_nas:DROP"
+    priv: "{{ packetfence_install__database_db }}.*:SELECT,INSERT,UPDATE,DELETE,LOCK TABLES,EXECUTE,CREATE TEMPORARY TABLES/mysql.proc:SELECT/{{ packetfence_install__database_db }}.radius_nas:DROP"
     append_privs: no
     host: "%"
 

packetfence/roles/packetfence_install/tasks/config.yml

@@ -1,12 +1,12 @@
 ---
 - name: Generate PacketFence config files
   template:
-    src: 'usr/local/pf/conf/template.conf.j2'
-    dest: '{{ packetfence_install__conf_dir }}/{{ item.name }}'
+    src: "usr/local/pf/conf/template.conf.j2"
+    dest: "{{ packetfence_install__conf_dir }}/{{ item.name }}"
     mode: 0664
     owner: "{{ packetfence_install__user }}"
     group: "{{ packetfence_install__group }}"
-  loop: '{{ packetfence_install__configuration }}'
+  loop: "{{ packetfence_install__configuration }}"
   register: packetfence_install__register_config_files
   no_log: True
 
@@ -19,12 +19,12 @@
     name: packetfence-config
     state: restarted
   when: packetfence_install__register_config_files is changed
-    
+
 - name: configure fingerbank API key
   ini_file:
     path: "{{ packetfence_install__fingerbank_conf_dir }}/fingerbank.conf"
-    section: 'upstream'
-    option: 'api_key'
+    section: "upstream"
+    option: "api_key"
     value: "{{ packetfence_install__fingerbank_setting['upstream']['api_key'] }}"
     mode: 0664
     owner: "{{ packetfence_install__fingerbank_user }}"
@@ -46,18 +46,18 @@
   service:
     name: packetfence-config
     state: restarted
-  when: packetfence_install__register_packages is changed
+  when: packetfence_install__register_config_files is changed
 
 - name: restart haproxy-admin service
   command: "{{ packetfence_install__pfcmd }} service haproxy-admin restart"
-  when: packetfence_install__register_packages is changed
+  when: packetfence_install__register_config_files is changed
 
 - name: start pf services
   command: "{{ packetfence_install__pfcmd }} service pf start"
-  when: packetfence_install__register_packages is changed
+  when: packetfence_install__register_config_files is changed
 
 # to be sure all changes made in pf.conf have been taken into account
 # after we start services for the first time
 - name: restart pf services
   command: "{{ packetfence_install__pfcmd }} service pf restart"
-  when: packetfence_install__register_packages is changed
+  when: packetfence_install__register_config_files is changed

packetfence/roles/packetfence_install/tasks/db_external.yml

@@ -0,0 +1,56 @@
+---
+# code from ansible-role-openio-galera (secure_install.yml)
+- name: delete anonymous connections
+  mysql_user:
+    login_user: "{{ packetfence_install__database_root_user }}"
+    login_password: "{{ packetfence_install__database_root_pass }}"
+    login_host: "{{ packetfence_install__database_host }}"
+    name: ""
+    state: absent
+  ignore_errors: yes
+
+- name: remove the mariadb test database
+  mysql_db:
+    name: test
+    login_user: "{{ packetfence_install__database_root_user }}"
+    login_password: "{{ packetfence_install__database_root_pass }}"
+    login_host: "{{ packetfence_install__database_host }}"
+    state: absent
+  ignore_errors: yes
+
+- name: ensure pf db is present
+  mysql_db:
+    name: "{{ packetfence_install__database_db }}"
+    login_user: "{{ packetfence_install__database_root_user }}"
+    login_password: "{{ packetfence_install__database_root_pass }}"
+    login_host: "{{ packetfence_install__database_host }}"
+    state: present
+  register: packetfence_install__register_db_database
+
+- name: ensure pf tables are present
+  mysql_db:
+    name: "{{ packetfence_install__database_db }}"
+    login_user: "{{ packetfence_install__database_root_user }}"
+    login_password: "{{ packetfence_install__database_root_pass }}"
+    login_host: "{{ packetfence_install__database_host }}"
+    state: import
+    target: "{{ packetfence_install__db_dir }}/pf-schema.sql"
+  when: packetfence_install__register_db_database is changed
+
+
+# user need to be create after tables
+- name: ensure pf user created with rights on db
+  mysql_user:
+    login_user: "{{ packetfence_install__database_root_user }}"
+    login_password: "{{ packetfence_install__database_root_pass }}"
+    login_host: "{{ packetfence_install__database_host }}"
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    priv: "{{ item.priv }}"
+    append_privs: "{{ item.append_privs }}"
+    host: "{{ item.host }}"
+    state: present
+  loop: "{{ packetfence_install__database_users }}"
+  # avoid display password for each item of the loop
+  loop_control:
+    label: "host: {{ item['host'] }}, name: {{ item['name'] }}, priv: {{ item['priv'] }}"

packetfence/roles/packetfence_install/tasks/main.yml

@@ -10,10 +10,14 @@
 - name: include utils tasks
   include_tasks: utils.yml
 
-- name: include database tasks
-  include_tasks: db.yml
-  when: packetfence_install__configurator_status == 'disabled'
-
+- name: include internal database tasks
+  include_tasks: db_local.yml
+  when: packetfence_install__configurator_status == 'disabled' and packetfence_install__database_host == 'localhost'
+
+- name: include external database tasks
+  include_tasks: db_external.yml
+  when: packetfence_install__configurator_status == 'disabled' and packetfence_install__database_host != 'localhost'
+
 - name: include config tasks
   include_tasks: config.yml
   when: packetfence_install__configurator_status == 'disabled'