Skip hostname checks and drop IP-based ACLs

* A reliable DNS setup cannot be assumed in MicroStack installations so relying on the host cache behavior of MySQL is not reliable. MySQL resolves an IP address to a host name and resolves that host name back to an IP address (https://dev.mysql.com/doc/refman/8.0/en/host-cache.html); * IP addresses are not guaranteed to be static in a MicroStack deployment although this is preferable. Likewise, for services like cinder-volume to access the database on secondary nodes they need to be allowed to do that at the MySQL ACL level. Change-Id: Ib87ab0a71fa83dad8e8ddb40f34907ab24999423
2020-11-09 13:30:41 +03:00 · 2020-11-09 13:30:41 +03:00 · 6087f4cb3b
commit 6087f4cb3b
parent d7f3c1229f
2 changed files with 4 additions and 2 deletions
--- a/snap-wrappers/mysql/mysql-start-server
+++ b/snap-wrappers/mysql/mysql-start-server
@ -32,6 +32,8 @@ log-error=${LOGDIR}/error.log
 secure-file-priv=${FILESDIR}
 basedir=${BASEDIR}

+skip-name-resolve
+
 [mysql]
 socket=${RUNDIR}/mysqld.sock
 port=${PORT}
--- a/tools/init/init/questions/init.py
+++ b/tools/init/init/questions/init.py
@ -381,11 +381,11 @@ class DatabaseSetup(Question):
            ('placement', 'placement')
        ):
            db_password = db_creds[f'{service_user}-password']
-            sql("CREATE USER IF NOT EXISTS '{user}'@'{control_ip}'"
+            sql("CREATE USER IF NOT EXISTS '{user}'@'%'"
                " IDENTIFIED BY '{db_password}';".format(
                    user=service_user, db_password=db_password, **_env))
            sql("CREATE DATABASE IF NOT EXISTS `{db}`;".format(db=db_name))
-            sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'{control_ip}';"
+            sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'%';"
                "".format(db=db_name, user=service_user, **_env))

    def _bootstrap(self) -> None: