Create mysql user for non-ha deployments

Currently health check for mysql container reports unhealthy container
because there is no 'mysql' user created. This patch creates the user
during mysql_bootstrap without any permission, just to allow health
check to connect to DB and run 'select 1'.

Change-Id: Iab26da0d30939b219189d4e7beb2a61d456ab7c3
Closes-Bug: #1718944
(cherry picked from commit 3a9cfaa992e92423461d64f84d701336322bdd10)

diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 402dc35..2425c74 100644 (file)
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -125,11 +125,26 @@ outputs:
             command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
         step_2:
           mysql_bootstrap:
+            start_order: 1
             detach: false
             image: *mysql_image
             net: host
+            user: root
             # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
-            command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
+            command:
+              - 'bash'
+              - '-ecx'
+              -
+                list_join:
+                  - "\n"
+                  - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
+                    - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
+                    - 'sudo -u mysql -E kolla_start'
+                    - 'mysqld_safe --skip-networking --wsrep-on=OFF &'
+                    - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
+                    - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''mysql''@''localhost'';"'
+                    - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "REVOKE ALL PRIVILEGES, GRANT OPTION FROM ''mysql''@''localhost'';"'
+                    - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
             volumes: &mysql_volumes
               list_concat:
               -
@@ -141,7 +156,7 @@ outputs:
                 - /var/log/containers/mysql:/var/log/mariadb
               - if:
                 - internal_tls_enabled
-                - 
+                -
                   - list_join:
                     - ':'
                     - - {get_param: InternalTLSCAFile}
@@ -149,12 +164,13 @@ outputs:
                       - 'ro'
                   - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
                   - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
-                - null 
+                - null
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
               - KOLLA_BOOTSTRAP=True
               # NOTE(mandre) skip wsrep cluster status check
               - KOLLA_KUBERNETES=True
+              - DB_MAX_TIMEOUT=60
               -
                 list_join:
                   - '='
@@ -189,7 +205,7 @@ outputs:
               - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
             - if:
               - internal_tls_enabled
-              - 
+              -
                 - list_join:
                   - ':'
                   - - {get_param: InternalTLSCAFile}
@@ -197,7 +213,7 @@ outputs:
                     - 'ro'
                 - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
                 - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
-              - null 
+              - null
       metadata_settings:
         get_attr: [MysqlPuppetBase, role_data, metadata_settings]
       host_prep_tasks: