Comment 1 for bug 1925042

Yes, it's definitely broken. I'm pretty sure that this change breaks it (ironically, I added it): https://github.com/openstack/charm-percona-cluster/commit/d55dcdebc9049c509e2f5ab40c8d497dc0a3236d

This issue is that the codepath now creates a new password in leader-settings, and then tries to connect to the database using that password that it hasn't yet set for that user.

i.e. the call to nagios_password() here in create_nagios_user(): (line 1830 in hooks/percona_utils.py):

    # NOTE (rgildein): Update the user's password if it has changed.
    m_helper.set_mysql_password('nagios', nagios_password())

where nagios_password() is (line 1057):

nagios_password = partial(_get_password, 'nagios-password')

and _get_password (line 1033):

def _get_password(key):
    _password = leader_get(key)
    if not _password and is_leader():
        _password = config(key) or pwgen()
        leader_set({key: _password})
    return _password

means that set_mysql_password() (charmhelpers/contrib/database/mysql.py at 328) has this bit of code:

        if not current_password:
            current_password = self.get_mysql_password(rel_username)

        # password that needs to be set
        new_passwd = password

        # update password for all users (e.g. root@localhost, root@::1, etc)
        try:
            self.connect(user=username, password=current_password)
            cursor = self.connection.cursor()
        except MySQLdb.OperationalError as ex:
            raise MySQLSetPasswordError(('Cannot connect using password in '
                                         'leader settings (%s)') % ex, ex)

where get_mysql_password() looks up the password from leader_settings! And thus it fails, as there is no password set against the user.

I'll unpick what is happening, and workout where to set the actual password.