Add the ability to specify custom additional galera users

This provides the capability to add and remove additional users in the Galera database which may be used by external resource monitoring systems (for example). The Ansible mysql 'resource_limits' variable is also exposed to enable setting connection limits against individual users. Change-Id: Idcc9251340215baf5e6f550a9ca844c8c097d353
2022-09-12 13:24:37 +01:00 · 2022-09-12 13:24:37 +01:00 · 5200b50cf6
parent ae0e53a9be
commit 5200b50cf6
4 changed files with 40 additions and 21 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -81,6 +81,14 @@ galera_monitoring_max_connections: 10
 #
 #galera_monitoring_allowed_source: "0.0.0.0/0"

+# Additional users to add or remove
+galera_additional_users: []
+#  - name: "my_username"
+#    host: '%'
+#    password: "my_password"
+#    priv: "*.*:USAGE"
+#    state: present
+
 # Enable or disable the installation of galera development packages
 galera_install_devel: false

--- a/releasenotes/notes/additional-users-6158ff502c2289ee.yaml
+++ b/releasenotes/notes/additional-users-6158ff502c2289ee.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Additional user-specified username and password pairs can now be set up
+    during the Galera installation process by defining them in the
+    'galera_additional_users' list.
--- a/tasks/galera_server_setup.yml
+++ b/tasks/galera_server_setup.yml
@ -38,29 +38,10 @@
    password: "{{ item.password }}"
    priv: "{{ item.priv }}"
    state: "{{ item.state }}"
+    resource_limits: "{{ item.resource_limits | default(omit) }}"
    login_unix_socket: "{{ galera_unix_socket }}"
    check_hostname: false
-  with_items:
-    - name: "{{ galera_root_user }}"
-      host: "%"
-      password: "{{ galera_root_password }}"
-      priv: "*.*:ALL,GRANT"
-      state: present
-    - name: "{{ galera_root_user }}"
-      host: "localhost"
-      password: "{{ galera_root_password }}"
-      priv: "*.*:ALL,GRANT"
-      state: present
-    - name: "{{ galera_monitoring_user }}"
-      host: '%'
-      password: "{{ galera_monitoring_user_password }}"
-      priv: "*.*:USAGE"
-      state: present
-    - name: "{{ galera_monitoring_user }}"
-      host: 'localhost'
-      password: "{{ galera_monitoring_user_password }}"
-      priv: "*.*:USAGE"
-      state: present
+  with_items: "{{ galera_setup_users }}"
  register: galera_users
  until: galera_users is success
  retries: 3
--- a/vars/main.yml
+++ b/vars/main.yml
@ -27,3 +27,27 @@ galera_init_defaults:
    TimeoutStartSec: "{{ galera_startup_timeout }}"
    PrivateDevices: "{{ galera_disable_privatedevices | bool | ternary('false', 'true') }}"
    OOMScoreAdjust: "-1000"
+
+_galera_base_users:
+  - name: "{{ galera_root_user }}"
+    host: "%"
+    password: "{{ galera_root_password }}"
+    priv: "*.*:ALL,GRANT"
+    state: present
+  - name: "{{ galera_root_user }}"
+    host: "localhost"
+    password: "{{ galera_root_password }}"
+    priv: "*.*:ALL,GRANT"
+    state: present
+  - name: "{{ galera_monitoring_user }}"
+    host: '%'
+    password: "{{ galera_monitoring_user_password }}"
+    priv: "*.*:USAGE"
+    state: present
+  - name: "{{ galera_monitoring_user }}"
+    host: 'localhost'
+    password: "{{ galera_monitoring_user_password }}"
+    priv: "*.*:USAGE"
+    state: present
+
+galera_setup_users: "{{ _galera_base_users + galera_additional_users }}"