Sharing a DB user password among units of the app

Andreas Hasenack andreas at
Tue Oct 29 12:38:21 UTC 2013


There is this charm with a db-admin relation to postgresql. In this
relation, the charm gets access to a super user in postgresql and can do
whatever it wants with it.

When the first unit of the app comes up, it creates a random password and
uses the DB admin user to create an unprivileged DB user with that password.

Now I run add-unit, and another unit comes up. How can it get that password?

It can find out that the DB user already exists, but not get its password
(it's hashed on the DB side).

The first unit that came up and actually created the DB user can
relation-set this data, but that is not visible to the other unit.

I could have the password has a config key, and if empty that tells the
charm to randomize it. But then it don't be available in the "juju get"
output, because the charm itself cannot "juju set" it once it has the new
value. And as such the other unit would also not see it.

Is this a case for a peer relation?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Juju mailing list