Only deploy .my.cnf file on galera/utility containers
The original bug was opened because .my.cnf (with sensitive root credentials) was being deployed on compute hosts without needing to be there. This patch restricts the deployment of .my.cnf files to the galera/utility containers only. This improves security while still allowing deployers to diagnose galera server issues on the galera server containers themselves, and to access the database from the utility containers for diagnostic purposes. Closes-bug: 1510596 Implements: blueprint limit-mysql-config-distribution Change-Id: I42f39cbfcb02b97846894592d642ac0c58a82b02
This commit is contained in:
parent
abcb83914e
commit
e0d58a99de
|
@ -27,5 +27,6 @@
|
|||
dest: "/root/.my.cnf"
|
||||
config_overrides: "{{ galera_client_my_cnf_overrides }}"
|
||||
config_type: "ini"
|
||||
when: inventory_hostname in groups['galera_all'] or inventory_hostname in groups['utility_all']
|
||||
tags:
|
||||
- galera-client-user-config
|
||||
|
|
Loading…
Reference in New Issue