mysql: sync credentials in running container on password change

Since 8e67ec833173920ac60b5548a711885a4d28e16f, docker-puppet doesn't change mysql password config file on password update. It only notifies of config change and paunch restarts some containers accordingly. In non-HA mysql service, when a stack update changes the mysql password, a docker-puppet task updates the root password config file at step 2. However, the mysql container is started before the docker-puppet task, which means that it gets the old root password config file from kolla and it is never updated afterwards. This discrepancy between the updated password and the password config file in the mysql container makes it impossible to connect to mysql without using a password at command line. This also breaks mysql's post upgrade tasks which require the proper root credentials in the file. Fix that discrepancy by adding a synchronization action at step3, which will be triggered by paunch whenever a config change happens, and make the docker-puppet task modify the config file shared with the mysql container (from /var/lib/config-data/puppet-generated) Note: this discrepancy does not happen for the HA version of the mysql service, because we already have a container that is in charge of restarting mysql on config change (mysql_restart_bundle). Change-Id: I9cc725c77fd9a2f9e55c4878cd2125f99f35c06d Closes-Bug: #1814514
2019-02-04 08:44:08 +00:00 · 2019-02-04 08:44:08 +00:00 · dd54e32d11
commit dd54e32d11
parent 9c887d2340
1 changed files with 11 additions and 1 deletions
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@ -199,6 +199,16 @@ outputs:
            volumes: *mysql_volumes
            environment:
              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+        step_3:
+          # sync credentials config on the running container if it was
+          # changed by the docker_puppet_task during step 2
+          mysql_sync_credentials:
+            config_volume: mysql
+            start_order: 1
+            action: exec
+            user: root
+            command:
+              [ 'mysql', '/bin/bash', '-c', 'cp /var/lib/kolla/config_files/src/root/.my.cnf /root' ]
      docker_puppet_tasks:
        # MySQL database initialization occurs only on single node
        step_2:
@ -211,7 +221,7 @@ outputs:
            -
              - /var/lib/mysql:/var/lib/mysql/:rw
              - /var/log/containers/mysql:/var/log/mariadb
-              - /var/lib/config-data/mysql/root:/root:rw #provides .my.cnf for puppet, changed on password update
+              - /var/lib/config-data/puppet-generated/mysql/root:/root:rw #provides .my.cnf for puppet, changed on password update
            - if:
              - internal_tls_enabled
              -