From 6087f4cb3bc73148f12084188f76335f4ffd8685 Mon Sep 17 00:00:00 2001 From: Dmitrii Shcherbakov Date: Mon, 9 Nov 2020 13:30:41 +0300 Subject: [PATCH] Skip hostname checks and drop IP-based ACLs * A reliable DNS setup cannot be assumed in MicroStack installations so relying on the host cache behavior of MySQL is not reliable. MySQL resolves an IP address to a host name and resolves that host name back to an IP address (https://dev.mysql.com/doc/refman/8.0/en/host-cache.html); * IP addresses are not guaranteed to be static in a MicroStack deployment although this is preferable. Likewise, for services like cinder-volume to access the database on secondary nodes they need to be allowed to do that at the MySQL ACL level. Change-Id: Ib87ab0a71fa83dad8e8ddb40f34907ab24999423 --- snap-wrappers/mysql/mysql-start-server | 2 ++ tools/init/init/questions/__init__.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/snap-wrappers/mysql/mysql-start-server b/snap-wrappers/mysql/mysql-start-server index a1a7574..f94ceff 100755 --- a/snap-wrappers/mysql/mysql-start-server +++ b/snap-wrappers/mysql/mysql-start-server @@ -32,6 +32,8 @@ log-error=${LOGDIR}/error.log secure-file-priv=${FILESDIR} basedir=${BASEDIR} +skip-name-resolve + [mysql] socket=${RUNDIR}/mysqld.sock port=${PORT} diff --git a/tools/init/init/questions/__init__.py b/tools/init/init/questions/__init__.py index f2b8a9e..f179ee8 100644 --- a/tools/init/init/questions/__init__.py +++ b/tools/init/init/questions/__init__.py @@ -381,11 +381,11 @@ class DatabaseSetup(Question): ('placement', 'placement') ): db_password = db_creds[f'{service_user}-password'] - sql("CREATE USER IF NOT EXISTS '{user}'@'{control_ip}'" + sql("CREATE USER IF NOT EXISTS '{user}'@'%'" " IDENTIFIED BY '{db_password}';".format( user=service_user, db_password=db_password, **_env)) sql("CREATE DATABASE IF NOT EXISTS `{db}`;".format(db=db_name)) - sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'{control_ip}';" + sql("GRANT ALL PRIVILEGES ON {db}.* TO '{user}'@'%';" "".format(db=db_name, user=service_user, **_env)) def _bootstrap(self) -> None: