[MariaDB] Fix non-default setting for admin user

This allows the database administration username to be changed in
addition to the password (the configuration and documentation implies
this is possible, but the current implementation assumes root in a few
places).

Remove some unused env declarations.

Tested with and without Prometheus exporter enabled.

Change-Id: I8a48dac7a84fe583c7dc5ff0644ca14b1e5190d8
This commit is contained in:
Chris Wedgwood 2018-10-29 16:55:31 +00:00
parent b30012a616
commit b15605029e
5 changed files with 15 additions and 20 deletions

View File

@ -89,8 +89,10 @@ if check_env_var("DISCOVERY_DOMAIN"):
discovery_domain = os.environ['DISCOVERY_DOMAIN'] discovery_domain = os.environ['DISCOVERY_DOMAIN']
if check_env_var("WSREP_PORT"): if check_env_var("WSREP_PORT"):
wsrep_port = os.environ['WSREP_PORT'] wsrep_port = os.environ['WSREP_PORT']
if check_env_var("MYSQL_ROOT_PASSWORD"): if check_env_var("MYSQL_DBADMIN_USERNAME"):
mysql_root_password = os.environ['MYSQL_ROOT_PASSWORD'] mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
if check_env_var("MYSQL_DBADMIN_PASSWORD"):
mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']
# Set some variables for tuneables # Set some variables for tuneables
cluster_leader_ttl = 120 cluster_leader_ttl = 120
@ -240,11 +242,11 @@ def mysqld_bootstrap():
], logger) ], logger)
template = ( template = (
"DELETE FROM mysql.user ;\n" "DELETE FROM mysql.user ;\n"
"CREATE OR REPLACE USER 'root'@'%' IDENTIFIED BY \'{0}\' ;\n" "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
"GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;\n" "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
"DROP DATABASE IF EXISTS test ;\n" "DROP DATABASE IF EXISTS test ;\n"
"FLUSH PRIVILEGES ;\n" "FLUSH PRIVILEGES ;\n"
"SHUTDOWN ;".format(mysql_root_password)) "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password))
bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
with open(bootstrap_sql_file, 'w') as f: with open(bootstrap_sql_file, 'w') as f:
f.write(template) f.write(template)

View File

@ -95,7 +95,7 @@ wsrep_on=1
wsrep_provider=/usr/lib/galera/libgalera_smm.so wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
wsrep_slave_threads=12 wsrep_slave_threads=12
wsrep_sst_auth=root:{{ .Values.endpoints.oslo_db.auth.admin.password }} wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
# FIXME(portdirect): use rsync for compatibility between image variations # FIXME(portdirect): use rsync for compatibility between image variations
wsrep_sst_method=rsync wsrep_sst_method=rsync

View File

@ -54,15 +54,6 @@ spec:
secretKeyRef: secretKeyRef:
name: mysql-exporter-secrets name: mysql-exporter-secrets
key: EXPORTER_PASSWORD key: EXPORTER_PASSWORD
- name: MYSQL_SERVICE
value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- name: MYSQL_ROOT_USER
value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-db-root-password
key: MYSQL_ROOT_PASSWORD
volumeMounts: volumeMounts:
- name: mysql-exporter-bin - name: mysql-exporter-bin
mountPath: /tmp/create-mysql-user.sh mountPath: /tmp/create-mysql-user.sh

View File

@ -20,8 +20,8 @@ limitations under the License.
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: mariadb-db-root-password name: mariadb-dbadmin-password
type: Opaque type: Opaque
data: data:
MYSQL_ROOT_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }} MYSQL_DBADMIN_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }}
{{- end }} {{- end }}

View File

@ -135,11 +135,13 @@ spec:
value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: STATE_CONFIGMAP - name: STATE_CONFIGMAP
value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }} value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }}
- name: MYSQL_ROOT_PASSWORD - name: MYSQL_DBADMIN_USERNAME
value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
- name: MYSQL_DBADMIN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: mariadb-db-root-password name: mariadb-dbadmin-password
key: MYSQL_ROOT_PASSWORD key: MYSQL_DBADMIN_PASSWORD
ports: ports:
- name: mysql - name: mysql
protocol: TCP protocol: TCP