From b709ab0bad4a3f361c61617a12eaf1ceb586d190 Mon Sep 17 00:00:00 2001 From: burnalting Date: Sun, 1 Mar 2020 18:49:16 +1100 Subject: [PATCH] Add variables for passwords in configurations --- .../example_inventory/group_vars/all | 10 +++++++--- .../example_inventory/group_vars/all | 10 +++++++--- .../example_inventory/group_vars/all | 19 +++++++++++++++---- stroom/roles/setup/mysql/tasks/main.yml | 2 +- .../roles/stack/import_dump/defaults/main.yml | 6 +++--- 5 files changed, 33 insertions(+), 14 deletions(-) diff --git a/config/dump_2_source_db_migration/example_inventory/group_vars/all b/config/dump_2_source_db_migration/example_inventory/group_vars/all index fc39fcf..f0b8197 100644 --- a/config/dump_2_source_db_migration/example_inventory/group_vars/all +++ b/config/dump_2_source_db_migration/example_inventory/group_vars/all @@ -42,23 +42,27 @@ is_db_dump_file_dir_remote: false # Default dump was taken from a DB with this set to 0 mysql_lower_case_table_names: 0 +mysql_stroomuser_pw: "Str00mP@ssword1" +mysql_statsuser_pw: "Str00mP@ssword1" +mysql_authuser_pw: "Str00mP@ssword1" + # Define the locations of the dump files and the creds for the DBs db_dumps: - filename: stroom_v6.0.32_20200207144838.sql.gz db_name: stroom username: stroomuser - password: stroompassword1 + password: "{{ mysql_stroomuser_pw }}" - filename: stats_v6.0.32_20200207144838.sql.gz db_name: stats username: statsuser - password: stroompassword1 + password: "{{ mysql_statsuser_pw }}" - filename: auth_v6.0.32_20200207144838.sql.gz db_name: auth username: authuser - password: stroompassword1 + password: "{{ mysql_authuser_pw }}" # Key/value pairs to set in the stack env file. These will replace existing # values in the env file or add a new line if the name doesn't already exist. diff --git a/config/dump_2_stack_db_migration/example_inventory/group_vars/all b/config/dump_2_stack_db_migration/example_inventory/group_vars/all index a95396b..b48cc07 100644 --- a/config/dump_2_stack_db_migration/example_inventory/group_vars/all +++ b/config/dump_2_stack_db_migration/example_inventory/group_vars/all @@ -34,23 +34,27 @@ is_db_dump_file_dir_remote: false # Default dump was taken from a DB with this set to 0 mysql_lower_case_table_names: 0 +mysql_stroomuser_pw: "Str00mP@ssword1" +mysql_statsuser_pw: "Str00mP@ssword1" +mysql_authuser_pw: "Str00mP@ssword1" + # Define the locations of the dump files and the creds for the DBs db_dumps: - filename: stroom_v6.0.32-3_20200210112652.sql.gz db_name: stroom username: stroomuser - password: stroompassword1 + password: "{{ mysql_stroomuser_pw }}" - filename: stats_v6.0.32-3_20200210112652.sql.gz db_name: stats username: statsuser - password: stroompassword1 + password: "{{ mysql_statsuser_pw }}" - filename: auth_v6.0.32-3_20200210112652.sql.gz db_name: auth username: authuser - password: stroompassword1 + password: "{{ mysql_authuser_pw }}" # Key/value pairs to set in the stack env file. These will replace existing # values in the env file or add a new line if the name doesn't already exist. diff --git a/config/multi_node_mixed_cluster/example_inventory/group_vars/all b/config/multi_node_mixed_cluster/example_inventory/group_vars/all index 957b518..9f6656e 100644 --- a/config/multi_node_mixed_cluster/example_inventory/group_vars/all +++ b/config/multi_node_mixed_cluster/example_inventory/group_vars/all @@ -63,20 +63,24 @@ db_host: "{{ hostvars[groups['stroom_database'][0]]['public_ip_address'] db_port: 3306 # Database credentials -stroom_db_root_password: "my-secret-pw" +stroom_db_root_password: "Str00mP@ssword1_Poot" +mysql_stroomuser_pw: "Str00mP@ssword1" +mysql_statsuser_pw: "Str00mP@ssword1" +mysql_authuser_pw: "Str00mP@ssword1" + stroom_databases: - name: stroom user: stroomuser - password: stroompassword1 + password: "{{ mysql_stroomuser_pw }}" - name: stats user: statsuser - password: stroompassword1 + password: "{{ mysql_statsuser_pw }}" - name: auth user: authuser - password: stroompassword1 + password: "{{ mysql_authuser_pw }}" # Key/value pairs to set in the stack env file. These will replace existing # values in the env file or add a new line if the name doesn't already exist. @@ -92,6 +96,7 @@ stack_env_vars: DB_HOST_IP: "{{ db_host }}" STROOM_AUTH_DB_HOST: "{{ db_host }}" STROOM_AUTH_DB_PORT: "{{ db_port }}" + STROOM_AUTH_DB_PASSWORD: "{{ mysql_authuser_pw }}" NGINX_ADVERTISED_HOST: "{{ nginx_advertised_host }}" @@ -140,6 +145,12 @@ stroom_conf_values: - key: stroom.statistics.sql.jdbcDriverUrl value: jdbc:mysql://{{ db_host }}:{{ db_port }}/stats?useUnicode=yes&characterEncoding=UTF-8 + - key: stroom.jdbcDriverPassword + value: "{{ mysql_stroomuser_pw }}" + + - key: stroom.statistics.sql.jdbcDriverPassword + value: "{{ mysql_statsuser_pw }}" + # This should be set to the value of "stroomServiceUser's" token in Tools => API Keys # TODO the value below should be the default but won't be until 6.0.28 - key: stroom.security.apiToken diff --git a/stroom/roles/setup/mysql/tasks/main.yml b/stroom/roles/setup/mysql/tasks/main.yml index a7935cd..f2e25b0 100644 --- a/stroom/roles/setup/mysql/tasks/main.yml +++ b/stroom/roles/setup/mysql/tasks/main.yml @@ -121,7 +121,7 @@ - name: Setup MySQL users mysql_user: name: "{{ item.user }}" - password: "{{ item.password | default('stroompassword1') }}" + password: "{{ item.password | default('Str00mP@ssword1') }}" host: "{{ item.host | default('%') }}" priv: "{{ item.privs | default(item.name + '.*:ALL') }}" loop: "{{ stroom_databases | flatten(levels=1) }}" diff --git a/stroom/roles/stack/import_dump/defaults/main.yml b/stroom/roles/stack/import_dump/defaults/main.yml index 7f16345..00c8124 100644 --- a/stroom/roles/stack/import_dump/defaults/main.yml +++ b/stroom/roles/stack/import_dump/defaults/main.yml @@ -4,15 +4,15 @@ db_dumps: - filename: db_name: stroom username: stroomuser - password: password1 + password: "{{ mysql_stroomuser_pw }}" - filename: db_name: stats username: statsuser - password: password1 + password: "{{ mysql_statsuser_pw }}" - filename: db_name: auth username: authuser - password: password1 + password: "{{ mysql_authuser_pw }}" stack_dir: "{{ stack_install_root_dir }}/{{ stack_name }}/{{ stack_name }}-{{stack_version }}"