commit 7205cbfc4eaa7e77edc3f0496a468c7fdb61fcc7
author Stanislav Riazanov <sriazanov@mirantis.com> Tue Dec 18 14:38:29 2018 +0400
committer Stanislav Riazanov <sriazanov@mirantis.com> Fri Dec 28 21:31:20 2018 +0400
tree 0eb602aa63739230c23b2e19c50bede46e53b8da
parent d9b1e616e6f93a1d211796beb7e2ee4b503bd179

Improve MySQL Galera password handling - use dedicated not root credentials

Prod related PROD-23926 (PROD:23926)

Change-Id: I1c09b54e22ac274336597fff6582a5b997f13ea4

metadata/service/master/cluster.yml

diff --git a/metadata/service/master/cluster.yml b/metadata/service/master/cluster.yml
index 38c23c4..e66c3ae 100644
--- a/metadata/service/master/cluster.yml
+++ b/metadata/service/master/cluster.yml
@@ -8,6 +8,8 @@
     galera_server_bind_address: ${_param:cluster_local_address}
     galera_server_bind_port: 3306
     galera_server_admin_user: root
+    galera_server_sst_user: sstuser
+    galera_server_sst_password: ${_param:galera_server_admin_password}
     galera_max_connections: 20000
     galera_innodb_buffer_pool_size: 3138M
     galera_innodb_read_io_threads: 0
@@ -27,6 +29,9 @@
       admin:
         user: ${_param:galera_server_admin_user}
         password: ${_param:galera_server_admin_password}
+      sst:
+        user: ${_param:galera_server_sst_user}
+        password: ${_param:galera_server_sst_password}
       members:
       - host: ${_param:cluster_node01_address}
         port: 4567
@@ -51,3 +56,12 @@
         host: '%'
       - name: haproxy
         host: ${_param:cluster_local_address}
+      - name: ${_param:galera_server_sst_user}
+        password: ${_param:galera_server_sst_password}
+        host: localhost
+        database: '*.*'
+        grants:
+          - PROCESS
+          - RELOAD
+          - LOCK TABLES
+          - REPLICATION CLIENT