Browse Source

Skip hostname checks and drop IP-based ACLs

* A reliable DNS setup cannot be assumed in MicroStack installations so
  relying on the host cache behavior of MySQL is not reliable. MySQL resolves
  an IP address to a host name and resolves that host name back to an IP
  address (https://dev.mysql.com/doc/refman/8.0/en/host-cache.html);
* IP addresses are not guaranteed to be static in a MicroStack
  deployment although this is preferable. Likewise, for services like
  cinder-volume to access the database on secondary nodes they need to
  be allowed to do that at the MySQL ACL level.

Change-Id: Ib87ab0a71fa83dad8e8ddb40f34907ab24999423
changes/06/761906/1
Dmitrii Shcherbakov 2 weeks ago
parent
commit
6087f4cb3b
2 changed files with 4 additions and 2 deletions
  1. +2
    -0
      snap-wrappers/mysql/mysql-start-server
  2. +2
    -2
      tools/init/init/questions/__init__.py

+ 2
- 0
snap-wrappers/mysql/mysql-start-server View File

@@ -32,6 +32,8 @@ log-error=${LOGDIR}/error.log
secure-file-priv=${FILESDIR}
basedir=${BASEDIR}

skip-name-resolve

[mysql]
socket=${RUNDIR}/mysqld.sock
port=${PORT}


+ 2
- 2
tools/init/init/questions/__init__.py View File

@@ -381,11 +381,11 @@ class DatabaseSetup(Question):
('placement', 'placement')
):
db_password = db_creds[f'{service_user}-password']
sql("CREATE USER IF NOT EXISTS '{user}'@'{control_ip}'"
sql("CREATE USER IF NOT EXISTS '{user}'@'%'"
" IDENTIFIED BY '{db_password}';".format(
user=service_user, db_password=db_password, **_env))
sql("CREATE DATABASE IF NOT EXISTS `{db}`;".format(db=db_name))
sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'{control_ip}';"
sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'%';"
"".format(db=db_name, user=service_user, **_env))

def _bootstrap(self) -> None:


Loading…
Cancel
Save