Use admin user instead of root for galera

It's bad practise to adjust root by setting password for it because it
might result in broken operations. Also it's not recommended thing
to do by MariaDB developers.
Thus we change default `galera_root_user` value to `admin` and remove
previously created root as the upgrade step.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/775893
Change-Id: I71618be1fee281f399f78058bd83dc3d3c904f74

inventory/group_vars/all/infra.yml

@@ -33,7 +33,7 @@ rabbitmq_policies:
 ## Galera options
 galera_client_package_state: "{{ package_state }}"
 galera_address: "{{ internal_lb_vip_address }}"
-galera_root_user: "root"
+galera_root_user: "admin"
 
 ## Memcached options
 memcached_port: 11211

playbooks/galera-install.yml

@@ -49,7 +49,7 @@
       when: "groups['haproxy'] | default([]) | length > 0"
     - role: "galera_server"
       vars:
-        galera_install_client: true
+        galera_install_client: "{{ (galera_root_user == 'root') }}"
         galera_install_server: true
     - role: haproxy_endpoints
       haproxy_state: enabled

playbooks/healthcheck-infrastructure.yml

@@ -164,6 +164,7 @@
         - name: Wait for cluster ready state
           command: |
             mysql -h {{ ansible_host }} \
+                  -u "{{ galera_root_user | default('root') }}" \
                   -p"{{ galera_root_password }}" \
                   -e "show status like 'wsrep_incoming_addresses';" \
                   --silent \
@@ -181,6 +182,7 @@
         - name: Wait for cluster ready state
           command: |
             mysql -h {{ ansible_host }} \
+                  -u "{{ galera_root_user | default('root') }}" \
                   -p"{{ galera_root_password }}" \
                   -e "show status like 'wsrep_incoming_addresses';" \
                   --silent \
@@ -194,6 +196,7 @@
     - name: Check cluster local state
       command: |
         mysql -h {{ ansible_host }} \
+              -u "{{ galera_root_user | default('root') }}" \
               -p"{{ galera_root_password }}" \
               -e "show status like 'wsrep_local_state_comment';" \
               --silent \
@@ -206,6 +209,7 @@
     - name: Check cluster evs state
       command: |
         mysql -h {{ ansible_host }} \
+              -u "{{ galera_root_user | default('root') }}" \
               -p"{{ galera_root_password }}" \
               -e "show status like 'wsrep_evs_state';" \
               --silent \

playbooks/setup-infrastructure.yml

@@ -16,11 +16,11 @@
 - import_playbook: unbound-install.yml
 - import_playbook: repo-install.yml
 - import_playbook: haproxy-install.yml
-- import_playbook: utility-install.yml
 - import_playbook: memcached-install.yml
 - import_playbook: galera-install.yml
 - import_playbook: qdrouterd-install.yml
 - import_playbook: rabbitmq-install.yml
+- import_playbook: utility-install.yml
 - import_playbook: etcd-install.yml
 - import_playbook: ceph-install.yml
 - import_playbook: ceph-nfs-install.yml

releasenotes/notes/galera_root_user-43c292688ddc4f1d.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Galera privileged username has changed from ``root`` to ``admin``. Old
+    'root'@'%' user can be removed after upgrade process.