Improve MySQL Galera password handling - use dedicated not root credentials
Prod related PROD-23926 (PROD:23926)
Change-Id: I1c09b54e22ac274336597fff6582a5b997f13ea4
diff --git a/metadata/service/master/container.yml b/metadata/service/master/container.yml
index f4957a6..9711b48 100644
--- a/metadata/service/master/container.yml
+++ b/metadata/service/master/container.yml
@@ -3,6 +3,8 @@
galera_server_cluster_name: galeracluster
galera_server_bind_port: 3306
galera_server_admin_user: root
+ galera_server_sst_user: sstuser
+ galera_server_sst_password: ${_param:galera_server_admin_password}
galera_max_connections: 20000
galera_innodb_buffer_pool_size: 3138M
galera_innodb_read_io_threads: 8
@@ -29,6 +31,9 @@
admin:
user: ${_param:galera_server_admin_user}
password: ${_param:galera_server_admin_password}
+ sst:
+ user: ${_param:galera_server_sst_user}
+ password: ${_param:galera_server_sst_password}
members:
- host: ${_param:mysql_service_host01}
port: 4567
@@ -51,3 +56,12 @@
host: localhost
- name: haproxy
host: '%'
+ - name: ${_param:galera_server_sst_user}
+ password: ${_param:galera_server_sst_password}
+ host: localhost
+ database: '*.*'
+ grants:
+ - PROCESS
+ - RELOAD
+ - LOCK TABLES
+ - REPLICATION CLIENT