Add an initialization file to create a replication user
For database replication a dedicated user has to be created in the
master database. So far this had to be done manually in the reviewdb
chart.
This change adds a template for an initialization file to the
'values.yaml'-file of the reviewdb-chart that can be used to create this
user during startup of the deployment, removing this manual step.
Change-Id: Ib8b92c18b18faec4df052c70e4d6e1aef9b30cbf
diff --git a/helm-charts/reviewdb/README.md b/helm-charts/reviewdb/README.md
index d04a6b9..6298c0d 100644
--- a/helm-charts/reviewdb/README.md
+++ b/helm-charts/reviewdb/README.md
@@ -91,8 +91,8 @@
| `mysql.replication` | Only used, if `isSlave` is `true` | `{}` |
| `mysql.replication.config.masterHost` | Hostname of the Mysql database master | `mysql.example.com` |
| `mysql.replication.config.masterPort` | Port of the Mysql database master | `3306` |
-| `mysql.replication.config.masterUser` | Username of technical user created for [replication](#Create-technical-user) | `repl` |
-| `mysql.replication.config.masterPassword` | Password of technical user created for [replication](#Create-technical-user) | `password` |
+| `mysql.replication.config.masterUser` | Username of technical user created for replication | `repl` |
+| `mysql.replication.config.masterPassword` | Password of technical user created for replication | `password` |
| `mysql.replication.config.masterLogFile` | Transaction log file at timepoint of dump as retrieved [here](#Create-database-dump-and-note-database-state) | `mysql-bin.000001` |
| `mysql.replication.config.masterLogPos` | Transaction log position at timepoint of dump as retrieved [here](#Create-database-dump-and-note-database-state) | `111` |
| `mysql.replication.dbDumpAcceptPath` | Path, where the replication init script will expect the database dump file to appear | `/var/data/db/master_dump.sql` |
@@ -120,7 +120,7 @@
| | | `limits.cpu: 250m` |
| | | `limits.memory: 1Gi` |
| `mysql.configurationFiles` | Add configuration files for MySQL | `{}` (check the [Configuration files-section](#Configuration-files) for configuration options) |
-| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `initialize_reviewdb.sql` (Should not be changed) |
+| `mysql.initializationFiles` | Add scripts that are executed, when the database is started the first time | `{}` (check the [Initialization files-section](#Initialization-files) for details) |
| `mysql.service.type` | Type of the Service used to expose the database | `NodePort` |
| `mysql.service.port` | The port used to expose the database | `3306` |
| `mysql.ssl.enabled` | Setup and use SSL for MySQL connections | `false` |
@@ -177,6 +177,20 @@
Comment out the contents of the file, that is not needed, depending on installing
a master or slave database.
+##### Initialization files
+
+- `initialize_reviewdb.sql`
+
+Creates a database called 'reviewdb', that can be used by Gerrit for the ReviewDB.
+Leave this file unchanged.
+
+- `create_repl_user.sql`
+
+Creates a user, that can be used for database replication. This user is only needed
+on the master database and only, when the data is supposed to be replicated to
+slaves. To use it, uncomment the code and change the username, password and
+certificate subject as needed.
+
## Aditional configuration steps
### Create certificates for SSL-encrypted communication
@@ -246,26 +260,6 @@
necessary steps are detailed in this section. If it is not planned to replicate
the master database, skip this section.
-#### Create technical user
-
-Connect to the MySQL database master and create a technical user to handle the
-replication:
-
-```sql
-CREATE USER 'repl' IDENTIFIED BY 'password';
-GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repl'
- IDENTIFIED BY 'password'
- REQUIRE SUBJECT '/C=DE/O=Gerrit/CN=gerrit-db-slave';
-FLUSH PRIVILEGES;
-```
-
-The username and password have to be the same as configured in the database slave's
-`values.yaml` under `mysql.replication.config.masterUser` and
-`mysql.replication.config.masterPassword`.
-
-The subject string has to be the same as the one used for the slave's certificate
-signing request. If SSL is not used, omit the subject requirement.
-
#### Create database dump and note database state
In the next steps the content of the database has to be retrieved and the corresponding
diff --git a/helm-charts/reviewdb/values.yaml b/helm-charts/reviewdb/values.yaml
index c147e80..33658f9 100644
--- a/helm-charts/reviewdb/values.yaml
+++ b/helm-charts/reviewdb/values.yaml
@@ -150,6 +150,17 @@
GRANT ALL ON reviewdb.* TO 'gerrit';
FLUSH PRIVILEGES;
+ # Uncomment this, if you plan to run this database instance as master and
+ # plan to replicate data to a slave. This will create a user that can be used
+ # for replication. Change username, password and certificate subject as needed.
+ #
+ # create_repl_user.sql: |-
+ # CREATE USER 'repl' IDENTIFIED BY 'password';
+ # GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repl'
+ # IDENTIFIED BY 'password'
+ # REQUIRE SUBJECT '/C=DE/O=Gerrit/CN=db-slave-mysql';
+ # FLUSH PRIVILEGES;
+
service:
type: NodePort
port: 3306