Only deploy .my.cnf file on galera/utility containers

The original bug was opened because .my.cnf (with sensitive root credentials) was being deployed on compute hosts without needing to be there. This patch restricts the deployment of .my.cnf files to the galera/utility containers only. This improves security while still allowing deployers to diagnose galera server issues on the galera server containers themselves, and to access the database from the utility containers for diagnostic purposes. Closes-bug: 1510596 Implements: blueprint limit-mysql-config-distribution Change-Id: I42f39cbfcb02b97846894592d642ac0c58a82b02
2015-11-03 19:44:56 -06:00 · 2015-11-03 19:44:56 -06:00 · e0d58a99de
parent abcb83914e
commit e0d58a99de
1 changed files with 1 additions and 0 deletions
--- a/playbooks/roles/galera_client/tasks/galera_client_post_install.yml
+++ b/playbooks/roles/galera_client/tasks/galera_client_post_install.yml
@ -27,5 +27,6 @@
      dest: "/root/.my.cnf"
      config_overrides: "{{ galera_client_my_cnf_overrides }}"
      config_type: "ini"
+  when: inventory_hostname in groups['galera_all'] or inventory_hostname in groups['utility_all']
  tags:
    - galera-client-user-config