Sharing a DB user password among units of the app

Gustavo Niemeyer gustavo.niemeyer at canonical.com
Wed Oct 30 12:22:49 UTC 2013


Hi James,

What is the inconsistency problem with trying to share the password
via relations?

On Wed, Oct 30, 2013 at 4:58 AM, James Page <james.page at ubuntu.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 29/10/13 17:12, Kapil Thangavelu wrote:
>> fwiw, the mysql charm tries to address this with a shared-db
>> interface, and a separate admin interface. ie the shared-db
>> interface shares out the same db user/password to multiple
>> services, and then for things that need admin access they can be
>> related to the admin interface.
>
> Right now the username/passwords are stored on the disk that the mysql
> datafiles reside on; currently in a clustered mysql with ceph backing
> volume this is always presented to the active mysql node so should be
> up-to-date.  Only the active node will dish out requests for passwords
> from related services.
>
> This won't work when we move to active/active mysql; in this case we
> will probably use the approach in the keystone charm where
> username/passwords are stored on local disk and synced out to peered
> service units via a unpriviledged SSH account and unison.
>
> Unless, of course, Juju grows a feature to allow peers to share data
> in a way which is more consistent that trying todo it via the peer
> relation.
>
> - --
> James Page
> Ubuntu and Debian Developer
> james.page at ubuntu.com
> jamespage at debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJScPRJAAoJEL/srsug59jDJ4EQALtxKhaJ/aMdRfBOctLOu8ZV
> i90Qxq8qz+HGLu7JNY43ITkyoNuzhYIRNZ82nwDkVNwTH3DQOhKEpK5e+fmMoaMZ
> CBJv0R+HibCWtSH4bZPDIdH+7emEJIamwkMkfMs2ie7AdC+t3LDhMM0OMJ4ZX2Tc
> aWenDjFsY1ZqgNERs7ZLw7VNOYIBSj042+9MJpEIDbAo1CTlhpgE/y0QrjRp7yzi
> LZksfm8CCVn4TJZb8m8ThHJkdzLkavRGrc/xe/tZWMBCwmxkwFfNDL/1ARjZ/lhc
> lo7PFXGBjI1jBbaQybjIV6thpy0pf4yjgU8n9o1I2io4BeF51yKO+lyKd+7yZJjS
> rVoeHhOGSrV3yQgHgFDG1vQWHtTrDVaozLxR7pdt0zPu7dM7xiXnOJKPdJR/ArLO
> OZ/YDK+3ZhcLa5x08levbjNqa++e8VMwHXVTP2bOXPx4hvkL0/8aoQblaauzRhX2
> c3Wg6ZuxbtE8mmD7zYB5HZXJzjKILlJpRLlnuS5FZuEiVqa/2sUX3Qmh0XkECmZh
> EuSaCqJLDGK3sdjhtsdjN/9v10ic5PE2+NCJ5v80YUkaMzKTRJb6Ia5/KMGFIKgc
> N9IMpPSMpfxvvu5GzcD4QLPzsSQnC+BqaMi5IMKr+OY9dFKMGzRqkESVHgr9Slcv
> +SHz7mvMAo12KDnky9BM
> =KcFr
> -----END PGP SIGNATURE-----
>
> --
> Juju mailing list
> Juju at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju

-- 
gustavo @ http://niemeyer.net



More information about the Juju mailing list