[MariaDB] Fix non-default setting for admin user

This allows the database administration username to be changed in addition to the password (the configuration and documentation implies this is possible, but the current implementation assumes root in a few places). Remove some unused env declarations. Tested with and without Prometheus exporter enabled. Change-Id: I8a48dac7a84fe583c7dc5ff0644ca14b1e5190d8
2018-10-29 16:55:31 +00:00 · 2018-10-29 16:55:31 +00:00 · b15605029e
commit b15605029e
parent b30012a616
5 changed files with 15 additions and 20 deletions
--- a/mariadb/templates/bin/_start.py.tpl
+++ b/mariadb/templates/bin/_start.py.tpl
@ -89,8 +89,10 @@ if check_env_var("DISCOVERY_DOMAIN"):
    discovery_domain = os.environ['DISCOVERY_DOMAIN']
 if check_env_var("WSREP_PORT"):
    wsrep_port = os.environ['WSREP_PORT']
-if check_env_var("MYSQL_ROOT_PASSWORD"):
-    mysql_root_password = os.environ['MYSQL_ROOT_PASSWORD']
+if check_env_var("MYSQL_DBADMIN_USERNAME"):
+    mysql_dbadmin_username = os.environ['MYSQL_DBADMIN_USERNAME']
+if check_env_var("MYSQL_DBADMIN_PASSWORD"):
+    mysql_dbadmin_password = os.environ['MYSQL_DBADMIN_PASSWORD']

 # Set some variables for tuneables
 cluster_leader_ttl = 120
@ -240,11 +242,11 @@ def mysqld_bootstrap():
        ], logger)
        template = (
            "DELETE FROM mysql.user ;\n"
-            "CREATE OR REPLACE USER 'root'@'%' IDENTIFIED BY \'{0}\' ;\n"
-            "GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;\n"
+            "CREATE OR REPLACE USER '{0}'@'%' IDENTIFIED BY \'{1}\' ;\n"
+            "GRANT ALL ON *.* TO '{0}'@'%' WITH GRANT OPTION ;\n"
            "DROP DATABASE IF EXISTS test ;\n"
            "FLUSH PRIVILEGES ;\n"
-            "SHUTDOWN ;".format(mysql_root_password))
+            "SHUTDOWN ;".format(mysql_dbadmin_username, mysql_dbadmin_password))
        bootstrap_sql_file = tempfile.NamedTemporaryFile(suffix='.sql').name
        with open(bootstrap_sql_file, 'w') as f:
            f.write(template)
--- a/mariadb/templates/etc/_00-base.cnf.tpl
+++ b/mariadb/templates/etc/_00-base.cnf.tpl
@ -95,7 +95,7 @@ wsrep_on=1
 wsrep_provider=/usr/lib/galera/libgalera_smm.so
 wsrep_provider_options="gmcast.listen_addr=tcp://0.0.0.0:{{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
 wsrep_slave_threads=12
-wsrep_sst_auth=root:{{ .Values.endpoints.oslo_db.auth.admin.password }}
+wsrep_sst_auth={{ .Values.endpoints.oslo_db.auth.admin.username }}:{{ .Values.endpoints.oslo_db.auth.admin.password }}
 # FIXME(portdirect): use rsync for compatibility between image variations
 wsrep_sst_method=rsync

--- a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
+++ b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
@ -54,15 +54,6 @@ spec:
                secretKeyRef:
                  name: mysql-exporter-secrets
                  key: EXPORTER_PASSWORD
-            - name: MYSQL_SERVICE
-              value: {{ tuple "oslo_db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-            - name: MYSQL_ROOT_USER
-              value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: mariadb-db-root-password
-                  key: MYSQL_ROOT_PASSWORD
          volumeMounts:
            - name: mysql-exporter-bin
              mountPath: /tmp/create-mysql-user.sh
--- a/mariadb/templates/secret-dbadmin-password.yaml
+++ b/mariadb/templates/secret-dbadmin-password.yaml
@ -20,8 +20,8 @@ limitations under the License.
 apiVersion: v1
 kind: Secret
 metadata:
-  name: mariadb-db-root-password
+  name: mariadb-dbadmin-password
 type: Opaque
 data:
-  MYSQL_ROOT_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }}
+  MYSQL_DBADMIN_PASSWORD: {{ .Values.endpoints.oslo_db.auth.admin.password | b64enc }}
 {{- end }}
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@ -135,11 +135,13 @@ spec:
              value: {{ tuple "oslo_db" "direct" "wsrep" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
            - name: STATE_CONFIGMAP
              value: {{ printf "%s-%s" .Release.Name "mariadb-state" | quote }}
-            - name: MYSQL_ROOT_PASSWORD
+            - name: MYSQL_DBADMIN_USERNAME
+              value: {{ .Values.endpoints.oslo_db.auth.admin.username }}
+            - name: MYSQL_DBADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: mariadb-db-root-password
-                  key: MYSQL_ROOT_PASSWORD
+                  name: mariadb-dbadmin-password
+                  key: MYSQL_DBADMIN_PASSWORD
          ports:
            - name: mysql
              protocol: TCP