Merge "[Wallaby only] Drop unused openstack DB users in mysql" into stable/wallaby

This commit is contained in:
Zuul 2021-09-28 00:07:48 +00:00 committed by Gerrit Code Review
commit 0753056603
3 changed files with 47 additions and 0 deletions

View File

@ -101,6 +101,34 @@ outputs:
mysql_upgrade_db.sh:
mode: "0755"
content: { get_file: ../../container_config_scripts/mysql_upgrade_db.sh }
mysql_drop_unused_users:
description: Ansible block to clean up unusued Openstack DB users
value:
- name: Drop unused OpenStack DB users
when: step|int == 1
block:
- name: mysql container id
command: "podman ps -q --filter name={{ mysql_container_name }} --filter status=running"
register: mysql_container_id
- name: set mysql container id fact
set_fact:
mysql_container: "{{ mysql_container_id.stdout }}"
- name: Mysql script to drop unused DB users
when: ( mysql_container | length ) > 0
block:
- name: Get the list of all OpenStack DB users
shell: jq -r 'to_entries[] | select(.key|endswith("::db::mysql::user")) | .value' /etc/puppet/hieradata/service_configs.json
register: openstack_db_users
- name: List all DB users that match the DB users to be dropped
shell: for u in {{ openstack_db_users.stdout_lines | join(' ') }}; do podman exec -u root -it "{{ mysql_container }}" mysql -sNe "select concat('\`',user,'\`@\`',host,'\`') from mysql.user where user = '$u' and host != '%';"; done
register: mysql_db_users
- name: resulting DB users to be dropped
debug:
msg: "{{ mysql_db_users.stdout_lines }}"
- name: Drop all unneeded Openstack DB users
shell: podman exec -u root -it "{{ mysql_container }}" mysql -sNe 'drop user {{ item }};'
loop: "{{ mysql_db_users.stdout_lines }}"
role_data:
description: Service MySQL using composable services.
value:

View File

@ -264,6 +264,15 @@ outputs:
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
upgrade_tasks:
list_concat:
-
- name: set mysql container name fact
when:
- step|int == 1
set_fact:
mysql_container_name: mysql
- {get_attr: [MysqlBase, mysql_drop_unused_users]}
-
# When mariadb is upgraded to a new major release, one must run
# mysql_upgrade to upgrade the DB's system tables, and potentially
# run other storage upgrade. We want to that as early as possible

View File

@ -391,10 +391,20 @@ outputs:
tripleo_ha_wrapper_minor_update: true
upgrade_tasks:
list_concat:
-
- name: Tear-down non-HA mysql container
when:
- step|int == 0
block: *mysql_teardown_nonha
-
- name: set mysql container name fact
when:
- step|int == 1
set_fact:
mysql_container_name: galera-bundle
- {get_attr: [MysqlBase, mysql_drop_unused_users]}
-
- vars:
mysql_upgrade_persist: {get_param: MysqlUpgradePersist}
when: