Add an initialization file to create a replication user For database replication a dedicated user has to be created in the master database. So far this had to be done manually in the reviewdb chart. This change adds a template for an initialization file to the 'values.yaml'-file of the reviewdb-chart that can be used to create this user during startup of the deployment, removing this manual step. Change-Id: Ib8b92c18b18faec4df052c70e4d6e1aef9b30cbf
diff --git a/helm-charts/reviewdb/README.md b/helm-charts/reviewdb/README.md index d04a6b9..6298c0d 100644 --- a/helm-charts/reviewdb/README.md +++ b/helm-charts/reviewdb/README.md
@@ -91,8 +91,8 @@ | `mysql.replication` | Only used, if `isSlave` is `true` | `{}` | | `mysql.replication.config.masterHost` | Hostname of the Mysql database master | `mysql.example.com` | | `mysql.replication.config.masterPort` | Port of the Mysql database master | `3306` | -| `mysql.replication.config.masterUser` | Username of technical user created for [replication](#Create-technical-user) | `repl` | -| `mysql.replication.config.masterPassword` | Password of technical user created for [replication](#Create-technical-user) | `password` | +| `mysql.replication.config.masterUser` | Username of technical user created for replication | `repl` | +| `mysql.replication.config.masterPassword` | Password of technical user created for replication | `password` | | `mysql.replication.config.masterLogFile` | Transaction log file at timepoint of dump as retrieved [here](#Create-database-dump-and-note-database-state) | `mysql-bin.000001` | | `mysql.replication.config.masterLogPos` | Transaction log position at timepoint of dump as retrieved [here](#Create-database-dump-and-note-database-state) | `111` | | `mysql.replication.dbDumpAcceptPath` | Path, where the replication init script will expect the database dump file to appear | `/var/data/db/master_dump.sql` | @@ -120,7 +120,7 @@ | | | `limits.cpu: 250m` | | | | `limits.memory: 1Gi` | | `mysql.configurationFiles` | Add configuration files for MySQL | `{}` (check the [Configuration files-section](#Configuration-files) for configuration options) | -| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `initialize_reviewdb.sql` (Should not be changed) | +| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `{}` (check the [Initialization files-section](#Initialization-files) for details) | | `mysql.service.type` | Type of the Service used to expose the database | `NodePort` | | `mysql.service.port` | The port used to expose the database | `3306` | | `mysql.ssl.enabled` | Setup and use SSL for MySQL connections | `false` | @@ -177,6 +177,20 @@ Comment out the contents of the file, that is not needed, depending on installing a master or slave database. +##### Initialization files + +- `initialize_reviewdb.sql` + +Creates a database called 'reviewdb', that can be used by Gerrit for the ReviewDB. +Leave this file unchanged. + +- `create_repl_user.sql` + +Creates a user, that can be used for database replication. This user is only needed +on the master database and only, when the data is supposed to be replicated to +slaves. To use it, uncomment the code and change the username, password and +certificate subject as needed. + ## Aditional configuration steps ### Create certificates for SSL-encrypted communication @@ -246,26 +260,6 @@ necessary steps are detailed in this section. If it is not planned to replicate the master database, skip this section. -#### Create technical user - -Connect to the MySQL database master and create a technical user to handle the -replication: - -```sql -CREATE USER 'repl' IDENTIFIED BY 'password'; -GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repl' - IDENTIFIED BY 'password' - REQUIRE SUBJECT '/C=DE/O=Gerrit/CN=gerrit-db-slave'; -FLUSH PRIVILEGES; -``` - -The username and password have to be the same as configured in the database slave's -`values.yaml` under `mysql.replication.config.masterUser` and -`mysql.replication.config.masterPassword`. - -The subject string has to be the same as the one used for the slave's certificate -signing request. If SSL is not used, omit the subject requirement. - #### Create database dump and note database state In the next steps the content of the database has to be retrieved and the corresponding
diff --git a/helm-charts/reviewdb/values.yaml b/helm-charts/reviewdb/values.yaml index c147e80..33658f9 100644 --- a/helm-charts/reviewdb/values.yaml +++ b/helm-charts/reviewdb/values.yaml
@@ -150,6 +150,17 @@ GRANT ALL ON reviewdb.* TO 'gerrit'; FLUSH PRIVILEGES; + # Uncomment this, if you plan to run this database instance as master and + # plan to replicate data to a slave. This will create a user that can be used + # for replication. Change username, password and certificate subject as needed. + # + # create_repl_user.sql: |- + # CREATE USER 'repl' IDENTIFIED BY 'password'; + # GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repl' + # IDENTIFIED BY 'password' + # REQUIRE SUBJECT '/C=DE/O=Gerrit/CN=db-slave-mysql'; + # FLUSH PRIVILEGES; + service: type: NodePort port: 3306