Sharing a DB user password among units of the app

James Page james.page at ubuntu.com
Wed Oct 30 11:58:01 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 29/10/13 17:12, Kapil Thangavelu wrote:
> fwiw, the mysql charm tries to address this with a shared-db
> interface, and a separate admin interface. ie the shared-db
> interface shares out the same db user/password to multiple
> services, and then for things that need admin access they can be
> related to the admin interface.

Right now the username/passwords are stored on the disk that the mysql
datafiles reside on; currently in a clustered mysql with ceph backing
volume this is always presented to the active mysql node so should be
up-to-date.  Only the active node will dish out requests for passwords
from related services.

This won't work when we move to active/active mysql; in this case we
will probably use the approach in the keystone charm where
username/passwords are stored on local disk and synced out to peered
service units via a unpriviledged SSH account and unison.

Unless, of course, Juju grows a feature to allow peers to share data
in a way which is more consistent that trying todo it via the peer
relation.

- -- 
James Page
Ubuntu and Debian Developer
james.page at ubuntu.com
jamespage at debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJScPRJAAoJEL/srsug59jDJ4EQALtxKhaJ/aMdRfBOctLOu8ZV
i90Qxq8qz+HGLu7JNY43ITkyoNuzhYIRNZ82nwDkVNwTH3DQOhKEpK5e+fmMoaMZ
CBJv0R+HibCWtSH4bZPDIdH+7emEJIamwkMkfMs2ie7AdC+t3LDhMM0OMJ4ZX2Tc
aWenDjFsY1ZqgNERs7ZLw7VNOYIBSj042+9MJpEIDbAo1CTlhpgE/y0QrjRp7yzi
LZksfm8CCVn4TJZb8m8ThHJkdzLkavRGrc/xe/tZWMBCwmxkwFfNDL/1ARjZ/lhc
lo7PFXGBjI1jBbaQybjIV6thpy0pf4yjgU8n9o1I2io4BeF51yKO+lyKd+7yZJjS
rVoeHhOGSrV3yQgHgFDG1vQWHtTrDVaozLxR7pdt0zPu7dM7xiXnOJKPdJR/ArLO
OZ/YDK+3ZhcLa5x08levbjNqa++e8VMwHXVTP2bOXPx4hvkL0/8aoQblaauzRhX2
c3Wg6ZuxbtE8mmD7zYB5HZXJzjKILlJpRLlnuS5FZuEiVqa/2sUX3Qmh0XkECmZh
EuSaCqJLDGK3sdjhtsdjN/9v10ic5PE2+NCJ5v80YUkaMzKTRJb6Ia5/KMGFIKgc
N9IMpPSMpfxvvu5GzcD4QLPzsSQnC+BqaMi5IMKr+OY9dFKMGzRqkESVHgr9Slcv
+SHz7mvMAo12KDnky9BM
=KcFr
-----END PGP SIGNATURE-----



More information about the Juju mailing list