mariadb/galera: debian.cnf still uses root+password

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/847537

I would say this bug should not be that critical. As mysqlclient will try socket auth first before trying password one.

By default file looks like this:

[client]
host = localhost
user = root
password =
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password =
socket = /var/run/mysqld/mysqld.sock

And even if you define any random password there, and pass it to client, connection will still succeed:

root@server-0624-01023:/home/ubuntu# cat /etc/mysql/debian.cnf
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = qwerty1234
#socket = /var/run/mysqld/mysqld.sock
root@server-0624-01023:/home/ubuntu# mysql --defaults-file=/etc/mysql/debian.cnf
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 54
Server version: 10.3.34-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> Bye
root@server-0624-01023:/home/ubuntu#

But I think we still should avoid placing this file for non-Debian distros and if our user is not root but admin.

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/847546

Change abandoned by "Adrien Cunin <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/847537
Reason: Abandoning in favor of https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/847546

Agreed it's not critical, I've not experienced any issue because of this, I just think it's good to fix it to avoid confusing users who will read the config file.

Reviewed: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/847546
Committed: https://opendev.org/openstack/openstack-ansible-galera_server/commit/72ffc6d565bea9a85efa9e1f0fef5a3f7366ecae
Submitter: "Zuul (22348)"
Branch: master

commit 72ffc6d565bea9a85efa9e1f0fef5a3f7366ecae
Author: Dmitriy Rabotyagov <email address hidden>
Date: Fri Jun 24 10:46:19 2022 +0200

    Do not place debian.cnf when root user not touched

    We used to overwrite /etc/mysql/debian.cnf file that is provided by
    package when we were resetting root password for mariadb. That was
    required as otherwise systemd couldn't manage service properly.
    Now, when galera_root_user can be different then root, we don't need to
    do this and can rely on defaults.

    Change-Id: Ia8305121900d28aca28a80c6c9d6a664aec40214
    Closes-Bug: #1979726