From e7a4cee7b92ff8119be34d750b08624b348d739f Mon Sep 17 00:00:00 2001
From: Damien Ciabrini <dciabrin@redhat.com>
Date: Thu, 12 Mar 2020 17:06:14 +0100
Subject: [PATCH] HA: drop spurious mysql user on stack deploy

In HA deployments, puppet-mysql is not in charge of deleting
all default users in the DB, so we end up keeping an extra
root@<controller-x> user that is never used nor supported for
password update. Make sure we delete it at creation time.

Change-Id: I0dbe6bd43ad0e6bcb884798912d195e94738c344
Closes-Bug: #1867165
(cherry picked from commit a67cfd0ba9b0900bc276c5c667dafe2824f54a47)
---
 deployment/database/mysql-pacemaker-puppet.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/deployment/database/mysql-pacemaker-puppet.yaml b/deployment/database/mysql-pacemaker-puppet.yaml
index dc27a15d91..23b4e83085 100644
--- a/deployment/database/mysql-pacemaker-puppet.yaml
+++ b/deployment/database/mysql-pacemaker-puppet.yaml
@@ -240,6 +240,7 @@ outputs:
                     - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
                     - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
                     - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
+                    - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "DELETE FROM mysql.user WHERE user = ''root'' AND host NOT IN (''%'',''localhost'');"'
                     - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown'
             volumes: &mysql_volumes
               list_concat: