diff --git a/mariadb/templates/bin/_start.py.tpl b/mariadb/templates/bin/_start.py.tpl index 4d4428c6f..e8b4028e1 100644 --- a/mariadb/templates/bin/_start.py.tpl +++ b/mariadb/templates/bin/_start.py.tpl @@ -89,8 +89,10 @@ if check_env_var("DISCOVERY_DOMAIN"): discovery_domain = os.environ['DISCOVERY_DOMAIN'] if check_env_var("WSREP_PORT"): wsrep_port = os.environ['WSREP_PORT'] -if check_env_var("MYSQL_ROOT_PASSWORD"): - mysql_root_password = os.environ['MYSQL_ROOT_PASSWORD'] +if check_env_var("MYSQL_DBADMIN_USERNAME"): + mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME'] +if check_env_var("MYSQL_DBADMIN_PASSWORD"): + mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD'] # Set some variables for tuneables cluster_leader_ttl = 120 @@ -240,11 +242,11 @@ def mysqld_bootstrap(): ], logger) template = ( "DELETE FROM mysql.user ;\n" - "CREATE OR REPLACE USER 'root'@'%' IDENTIFIED BY \'{0}\' ;\n" - "GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;\n" + "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n" + "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n" "DROP DATABASE IF EXISTS test ;\n" "FLUSH PRIVILEGES ;\n" - "SHUTDOWN ;".format(mysql_root_password)) + "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password)) bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name with open(bootstrap_sql_file, 'w') as f: f.write(template) diff --git a/mariadb/templates/etc/_00-base.cnf.tpl b/mariadb/templates/etc/_00-base.cnf.tpl index 949d86753..76cd155b3 100644 --- a/mariadb/templates/etc/_00-base.cnf.tpl +++ b/mariadb/templates/etc/_00-base.cnf.tpl @@ -95,7 +95,7 @@ wsrep_on=1 wsrep_provider=/usr/lib/galera/libgalera_smm.so wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" wsrep_slave_threads=12 -wsrep_sst_auth=root:{{ .Values.endpoints.oslo_db.auth.admin.password }} +wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }} # FIXME(portdirect): use rsync for compatibility between image variations wsrep_sst_method=rsync diff --git a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml index b9f7b5674..9f67ac1bd 100644 --- a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml +++ b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml @@ -54,15 +54,6 @@ spec: secretKeyRef: name: mysql-exporter-secrets key: EXPORTER_PASSWORD - - name: MYSQL_SERVICE - value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - - name: MYSQL_ROOT_USER - value: {{ .Values.endpoints.oslo_db.auth.admin.username }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mariadb-db-root-password - key: MYSQL_ROOT_PASSWORD volumeMounts: - name: mysql-exporter-bin mountPath: /tmp/create-mysql-user.sh diff --git a/mariadb/templates/secret-db-root-password.yaml b/mariadb/templates/secret-dbadmin-password.yaml similarity index 85% rename from mariadb/templates/secret-db-root-password.yaml rename to mariadb/templates/secret-dbadmin-password.yaml index e99f30b4e..033fa5b90 100644 --- a/mariadb/templates/secret-db-root-password.yaml +++ b/mariadb/templates/secret-dbadmin-password.yaml @@ -20,8 +20,8 @@ limitations under the License. apiVersion: v1 kind: Secret metadata: - name: mariadb-db-root-password + name: mariadb-dbadmin-password type: Opaque data: - MYSQL_ROOT_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }} + MYSQL_DBADMIN_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }} {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index c6aa45185..677b19e66 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -135,11 +135,13 @@ spec: value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} - name: STATE_CONFIGMAP value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }} - - name: MYSQL_ROOT_PASSWORD + - name: MYSQL_DBADMIN_USERNAME + value: {{ .Values.endpoints.oslo_db.auth.admin.username }} + - name: MYSQL_DBADMIN_PASSWORD valueFrom: secretKeyRef: - name: mariadb-db-root-password - key: MYSQL_ROOT_PASSWORD + name: mariadb-dbadmin-password + key: MYSQL_DBADMIN_PASSWORD ports: - name: mysql protocol: TCP