Merge "[MariaDB] Fix non-default setting for admin user"

mariadb/templates/bin/_start.py.tpl

@@ -89,8 +89,10 @@ if check_env_var("DISCOVERY_DOMAIN"):
     discovery_domain = os.environ['DISCOVERY_DOMAIN']
 if check_env_var("WSREP_PORT"):
     wsrep_port = os.environ['WSREP_PORT']
-if check_env_var("MYSQL_ROOT_PASSWORD"):
-    mysql_root_password = os.environ['MYSQL_ROOT_PASSWORD']
+if check_env_var("MYSQL_DBADMIN_USERNAME"):
+    mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
+if check_env_var("MYSQL_DBADMIN_PASSWORD"):
+    mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
 
 # Set some variables for tuneables
 cluster_leader_ttl = 120
@@ -240,11 +242,11 @@ def mysqld_bootstrap():
         ], logger)
         template = (
             "DELETE FROM mysql.user ;\n"
-            "CREATE OR REPLACE USER 'root'@'%' IDENTIFIED BY \'{0}\' ;\n"
-            "GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;\n"
+            "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
+            "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
             "DROP DATABASE IF EXISTS test ;\n"
             "FLUSH PRIVILEGES ;\n"
-            "SHUTDOWN ;".format(mysql_root_password))
+            "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password))
         bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
         with open(bootstrap_sql_file, 'w') as f:
             f.write(template)

mariadb/templates/etc/_00-base.cnf.tpl

@@ -95,7 +95,7 @@ wsrep_on=1
 wsrep_provider=/usr/lib/galera/libgalera_smm.so
 wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
 wsrep_slave_threads=12
-wsrep_sst_auth=root:{{ .Values.endpoints.oslo_db.auth.admin.password }}
+wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
 # FIXME(portdirect): use rsync for compatibility between image variations
 wsrep_sst_method=rsync
 

mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml

@@ -54,15 +54,6 @@ spec:
                 secretKeyRef:
                   name: mysql-exporter-secrets
                   key: EXPORTER_PASSWORD
-            - name: MYSQL_SERVICE
-              value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-            - name: MYSQL_ROOT_USER
-              value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: mariadb-db-root-password
-                  key: MYSQL_ROOT_PASSWORD
           volumeMounts:
             - name: mysql-exporter-bin
               mountPath: /tmp/create-mysql-user.sh

mariadb/templates/secret-dbadmin-password.yaml

@@ -20,8 +20,8 @@ limitations under the License.
 apiVersion: v1
 kind: Secret
 metadata:
-  name: mariadb-db-root-password
+  name: mariadb-dbadmin-password
 type: Opaque
 data:
-  MYSQL_ROOT_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }}
+  MYSQL_DBADMIN_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }}
 {{- end }}

mariadb/templates/statefulset.yaml

@@ -135,11 +135,13 @@ spec:
               value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
             - name: STATE_CONFIGMAP
               value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }}
-            - name: MYSQL_ROOT_PASSWORD
+            - name: MYSQL_DBADMIN_USERNAME
+              value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
+            - name: MYSQL_DBADMIN_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: mariadb-db-root-password
-                  key: MYSQL_ROOT_PASSWORD
+                  name: mariadb-dbadmin-password
+                  key: MYSQL_DBADMIN_PASSWORD
           ports:
             - name: mysql
               protocol: TCP