Use admin user instead of root for galera

It's bad practise to adjust root by setting password for it because it might result in broken operations. Also it's not recommended thing to do by MariaDB developers. Thus we change default `galera_root_user` value to `admin` and remove previously created root as the upgrade step. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/775893 Change-Id: I71618be1fee281f399f78058bd83dc3d3c904f74
2021-02-15 19:54:30 +02:00 · 2021-02-15 19:54:30 +02:00 · bbc554bbe3
commit bbc554bbe3
parent 25097d578e
5 changed files with 12 additions and 3 deletions
--- a/inventory/group_vars/all/infra.yml
+++ b/inventory/group_vars/all/infra.yml
@ -33,7 +33,7 @@ rabbitmq_policies:
 ## Galera options
 galera_client_package_state: "{{ package_state }}"
 galera_address: "{{ internal_lb_vip_address }}"
-galera_root_user: "root"
+galera_root_user: "admin"

 ## Memcached options
 memcached_port: 11211
--- a/playbooks/galera-install.yml
+++ b/playbooks/galera-install.yml
@ -49,7 +49,7 @@
      when: "groups['haproxy'] | default([]) | length > 0"
    - role: "galera_server"
      vars:
-        galera_install_client: true
+        galera_install_client: "{{ (galera_root_user == 'root') }}"
        galera_install_server: true
    - role: haproxy_endpoints
      haproxy_state: enabled
--- a/playbooks/healthcheck-infrastructure.yml
+++ b/playbooks/healthcheck-infrastructure.yml
@ -164,6 +164,7 @@
        - name: Wait for cluster ready state
          command: |
            mysql -h {{ ansible_host }} \
+                  -u "{{ galera_root_user | default('root') }}" \
                  -p"{{ galera_root_password }}" \
                  -e "show status like 'wsrep_incoming_addresses';" \
                  --silent \
@ -181,6 +182,7 @@
        - name: Wait for cluster ready state
          command: |
            mysql -h {{ ansible_host }} \
+                  -u "{{ galera_root_user | default('root') }}" \
                  -p"{{ galera_root_password }}" \
                  -e "show status like 'wsrep_incoming_addresses';" \
                  --silent \
@ -194,6 +196,7 @@
    - name: Check cluster local state
      command: |
        mysql -h {{ ansible_host }} \
+              -u "{{ galera_root_user | default('root') }}" \
              -p"{{ galera_root_password }}" \
              -e "show status like 'wsrep_local_state_comment';" \
              --silent \
@ -206,6 +209,7 @@
    - name: Check cluster evs state
      command: |
        mysql -h {{ ansible_host }} \
+              -u "{{ galera_root_user | default('root') }}" \
              -p"{{ galera_root_password }}" \
              -e "show status like 'wsrep_evs_state';" \
              --silent \
--- a/playbooks/setup-infrastructure.yml
+++ b/playbooks/setup-infrastructure.yml
@ -16,11 +16,11 @@
 - import_playbook: unbound-install.yml
 - import_playbook: repo-install.yml
 - import_playbook: haproxy-install.yml
- import_playbook: utility-install.yml
 - import_playbook: memcached-install.yml
 - import_playbook: galera-install.yml
 - import_playbook: qdrouterd-install.yml
 - import_playbook: rabbitmq-install.yml
+- import_playbook: utility-install.yml
 - import_playbook: etcd-install.yml
 - import_playbook: ceph-install.yml
 - import_playbook: ceph-nfs-install.yml
--- a/releasenotes/notes/galera_root_user-43c292688ddc4f1d.yaml
+++ b/releasenotes/notes/galera_root_user-43c292688ddc4f1d.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Galera privileged username has changed from ``root`` to ``admin``. Old
+    'root'@'%' user can be removed after upgrade process.