From 48157625981848fae97e24dc01da213ea7e3fb4a Mon Sep 17 00:00:00 2001 From: Martin Mágr Date: Fri, 29 Sep 2017 14:07:46 +0200 Subject: Create mysql user for non-ha deployments Currently health check for mysql container reports unhealthy container because there is no 'mysql' user created. This patch creates the user during mysql_bootstrap without any permission, just to allow health check to connect to DB and run 'select 1'. Change-Id: Iab26da0d30939b219189d4e7beb2a61d456ab7c3 Closes-Bug: #1718944 (cherry picked from commit 3a9cfaa992e92423461d64f84d701336322bdd10) --- docker/services/database/mysql.yaml | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 402dc351..2425c74c 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -125,11 +125,26 @@ outputs: command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb'] step_2: mysql_bootstrap: + start_order: 1 detach: false image: *mysql_image net: host + user: root # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ecx' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf' + - 'sudo -u mysql -E kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''mysql''@''localhost'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ''mysql''@''localhost'';"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - @@ -141,7 +156,7 @@ outputs: - /var/log/containers/mysql:/var/log/mariadb - if: - internal_tls_enabled - - + - - list_join: - ':' - - {get_param: InternalTLSCAFile} @@ -149,12 +164,13 @@ outputs: - 'ro' - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro - - null + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 - list_join: - '=' @@ -189,7 +205,7 @@ outputs: - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf - if: - internal_tls_enabled - - + - - list_join: - ':' - - {get_param: InternalTLSCAFile} @@ -197,7 +213,7 @@ outputs: - 'ro' - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro - - null + - null metadata_settings: get_attr: [MysqlPuppetBase, role_data, metadata_settings] host_prep_tasks: -- cgit 1.2.3-korg