kolla-ansible

Kolla-ansible deployments using haproxy user for monitor MariaDB without password

Bug #1912489 reported by Michal Arbet
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Undecided
Unassigned

Bug Description

Kolla-ansible deployments using haproxy user for monitor MariaDB without password.

- This was reason maybe when native mysql-check in haproxy was used (not supporting password)
- Now there is no reason to use haproxy (monitor) user without password as haproxy is checking
  backends via mariadb_clustercheck (password can be configured via env var MYSQL_PASSWORD )

No password here :

ansible/roles/mariadb/defaults/main.yml:

  mariadb-clustercheck:
    container_name: mariadb_clustercheck
    group: "{{ mariadb_shard }}"
    enabled: "{{ enable_mariadb_clustercheck | bool }}"
    image: "{{ mariadb_clustercheck_image_full }}"
    volumes: "{{ mariadb_clustercheck_default_volumes + mariadb_clustercheck_extra_volumes }}"
    dimensions: "{{ mariadb_clustercheck_dimensions }}"
    environment:
      MYSQL_USERNAME: "haproxy"
      MYSQL_PASSWORD: ""
      MYSQL_HOST: "{{ api_interface_address }}"
      AVAILABLE_WHEN_DONOR: "1"

ansible/roles/mariadb/handlers/main.yml:

- name: Creating haproxy mysql user
  become: true
  kolla_toolbox:
    module_name: mysql_user
    module_args:
      login_host: "{{ api_interface_address }}"
      login_port: "{{ mariadb_port }}"
      login_user: "{{ database_user }}"
      login_password: "{{ database_password }}"
      name: "haproxy"
      password: ""
      host: "%"
      priv: "*.*:USAGE"
  listen: Bootstrap MariaDB cluster

Revision history for this message
Radosław Piliszek (yoctozepto) wrote :

Fixed with proxysql.

Changed in kolla-ansible:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.