Avoid using Packer for database deployment

Change-Id: I2907e3bc01fdcb7adbc0cccfa47bc662d96dd264

4 files changed, 15 insertions, 133 deletions

diff --git a/README.mdwn b/README.mdwn
index 3b2501ff..26388d71 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -202,13 +202,12 @@ because Storyboard only supports MariaDB.
 
 To deploy this system to production:
 
-    packer build -only=production database/packer_template.json
     nova boot database-mariadb \
         --key-name=$keyname \
         --flavor dc1.1x1 \
-        --image 'database-mariadb' \
-        --nic='net-id=d079fa3e-2558-4bcb-ad5a-279040c202b5,v4-fixed-ip=192.168.222.30' \
-        --security-groups default,database-mariadb
+        --image=$fedora_image_id \
+        --nic="net-id=$network_id,v4-fixed-ip=192.168.222.30" \
+        --security-groups default,database-mysql \
         --user-data ./baserock-ops-team.cloud-config
     nova volume-create \
         --display-name database-volume \
@@ -217,6 +216,7 @@ To deploy this system to production:
         100
     nova volume-attach database-mariadb <volume ID> /dev/vdb
 
+    ansible-playbook -i hosts database/image-config.yml
     ansible-playbook -i hosts database/instance-config.yml
 
 To add the required users and databases, run the following playbook. This can
diff --git a/baserock_database/develop.sh b/baserock_database/develop.sh
deleted file mode 100755
index 140092b1..00000000
--- a/baserock_database/develop.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/sh
-
-# Start up a development instance of 'database', which will be accessible on
-# the local machine. (To stop it again, use `docker stop baserock-database`).
-
-# Note that this container works in a different way to the official Docker
-# MariaDB image (<https://registry.hub.docker.com/_/mariadb/>). That's
-# intentional: the official image is for use when Docker is being used as a
-# production environment and the official Docker images are considered trusted.
-# Here I am using Docker as a tool to locally test out trusted(ish) images that
-# I create with Packer, before deploying them to an OpenStack cloud.
-
-set -eu
-
-# These lines of SQL are needed to authorize the container host for accessing
-# the database remotely. (It actually grants access to any host, but since
-# this is a development instance that's OK!)
-CREATE_REMOTE_ROOT_USER_SQL="CREATE USER 'root'@'%' IDENTIFIED BY 'insecure' ;"
-ALLOW_REMOTE_ROOT_USER_SQL="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION ;"
-
-docker run --detach \
-    --name=baserock-database \
-    --publish=127.0.0.1:3306:3306 \
-    baserock/database \
-    /bin/sh -c " \
-      echo \"$CREATE_REMOTE_ROOT_USER_SQL\" > /tmp/mariadb-init.sql && \
-      echo \"$ALLOW_REMOTE_ROOT_USER_SQL\" >> /tmp/mariadb-init.sql && \
-      /usr/libexec/mariadb-prepare-db-dir mariadb && \
-      /usr/bin/mysqld_safe --basedir=/usr --init-file=/tmp/mariadb-init.sql"
-
-trap 'docker rm -f baserock-database > /dev/null' ERR
-
-# Create some dummy accounts (in production deployments, this is done using the
-# 'service-config.yml' Ansible playbook). We expect that there exists a 'root'
-# user with no password set already.
-
-create_without_overwriting() {
-    target_file="$1"
-    content="$2"
-    if [ -e "$target_file" -a "$(cat "$target_file")" != "$content" ]; then
-        echo >&2 "Not overwriting existing file $target_file"
-        # Don't let the user create a development environment using files that
-        # could contain the real passwords, to avoid them being used in an
-        # insecure deployment.
-        exit 1
-    fi
-    echo "$content" > "$target_file"
-}
-
-create_without_overwriting "database/root.database_password.yml" "root_password: insecure"
-create_without_overwriting "database/baserock_openid_provider.database_password.yml" "baserock_openid_provider_password: openid_insecure"
-
-# Ouch! Would be nice if you could get the 'docker run' command to wait until
-# the database server is ready, or poll somehow until it is.
-echo "Waiting 30 seconds for database server to be ready"
-sleep 30
-
-# Note that the Python 'mysqldb' module is required on the machine Ansible
-# connects to for this playbook. For development deployments that is *your*
-# machine (since we cannot and should not SSH into the Docker container). On
-# Red Hat OSes the package you need is called 'MySQL-python'.
-ansible-playbook database/user_config.yml
-
-echo "You have a container named 'baserock-database' listening on port 3306."
-echo
-echo "Pass '--link baserock-database:mysql' to 'docker run' when starting "
-echo "other containers if you want to give them access to this instance."
-echo
-echo "Run 'docker stop baserock-database; docker rm baserock-database' when "
-echo "you are done with it (all data will then be lost)."
diff --git a/baserock_database/image-config.yml b/baserock_database/image-config.yml
index a6ba9866..1bac0b96 100644
--- a/baserock_database/image-config.yml
+++ b/baserock_database/image-config.yml
@@ -1,10 +1,10 @@
 # System configuration for Baserock database server.
 #
-# Packer runs this playbook inside the system at 'build' time, using the
-# command `sudo ansible-playbook`.
+# This Ansible playbook expects to be run on a Fedora 21 Cloud image.
 ---
 - hosts: localhost
   gather_facts: False
+  sudo: True
   tasks:
   - name: enable persistant journal
     shell: mkdir /var/log/journal
@@ -20,3 +20,12 @@
         - mariadb
         - mariadb-server
         - MySQL-python
+
+  - name: install libselinux-python, so Ansible can control selinux
+    yum: name=libselinux-python state=latest
+
+  - name: disable SELinux on subsequent boots
+    selinux: state=disabled
+
+  - name: disable SELinux on current boot
+    command: setenforce 0
diff --git a/baserock_database/packer_template.json b/baserock_database/packer_template.json
deleted file mode 100644
index 2afd78ef..00000000
--- a/baserock_database/packer_template.json
+++ /dev/null
@@ -1,57 +0,0 @@
-{
-    "builders": [
-        {
-            "name": "development",
-            "type": "docker",
-            "image": "fedora:20",
-            "commit": true,
-            "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"]
-        },
-        {
-            "name": "production",
-            "type": "openstack",
-            "image_name": "database-mariadb",
-            "flavor": "f0577618-9125-4948-b450-474e225bbc4c",
-            "source_image": "742e0414-c985-4994-b307-4aafade942b3",
-            "networks": ["d079fa3e-2558-4bcb-ad5a-279040c202b5"],
-            "floating_ip": "85.199.252.164",
-            "use_floating_ip": true,
-            "ssh_username": "fedora"
-        }
-    ],
-    "provisioners": [
-        {
-            "type": "shell",
-            "inline": [ "sudo yum install -y ansible"]
-        },
-        {
-            "type": "ansible-local",
-            "playbook_file": "database/image-config.yml",
-            "command": "sudo ansible-playbook"
-        },
-        {
-            "type": "shell",
-            "inline": [
-                "sudo yum install -y libselinux-python",
-                "sudo ansible localhost -m selinux -a state=disabled",
-                "sudo setenforce 0",
-            ],
-            "only": ["production"]
-        },
-        {
-            "type": "shell",
-            "inline": [ "sync; sync; sleep 10; sync" ],
-            "only": ["production"]
-        }
-    ],
-    "post-processors": [
-        [
-            {
-                "type": "docker-tag",
-                "repository": "baserock/database",
-                "tag": "latest",
-                "only": ["development"]
-            }
-        ]
-    ]
-}