Setting up HA applications

Chef Infra (archive)
1

Hi all,
I’m trying to figure out if there’s a good way of reliably setting up configuration for HA services. Specifically - how to provision accounts / passwords in that setup.

Let’s say I’m setting up a master-master mysql setup. With one box, I’d just use my known users with randomly generated passwords and do the grants locally. Now with two servers, that’s not possible really. If I generate a random password, I cannot synchronise it with the other node, or at least cannot do that using node attributes without a possibility of collisions.

So it looks like I’m left with options I don’t like:

  • create user from outside (would require remote login as a root)
  • set up user creation only on a single node (what if I want to update the password and that node is down?)
  • set the passwords beforehand in a data bag (would work, but can’t we do better? I don’t want to care about password generation)

Regards,
Stanisław Pitucha
Cloud Services
Hewlett Packard

2

Stanisław,

You don't have to manage data bag items, or the pre-generated passwords in
them, by hand. You can certainly write an application, a CLI, or a knife
plugin around describing the data bag items for your various mysql
clusters. The tool can create the data bag item with a pre-generated
password (and probably other details), without you having to do it by hand.

Cheers,
Jay

On Fri, Jul 6, 2012 at 9:11 AM, Pitucha, Stanislaw Izaak <
stanislaw.pitucha@hp.com> wrote:

Hi all,
I'm trying to figure out if there's a good way of reliably setting up
configuration for HA services. Specifically - how to provision accounts /
passwords in that setup.

Let's say I'm setting up a master-master mysql setup. With one box, I'd
just use my known users with randomly generated passwords and do the grants
locally. Now with two servers, that's not possible really. If I generate a
random password, I cannot synchronise it with the other node, or at least
cannot do that using node attributes without a possibility of collisions.

So it looks like I'm left with options I don't like:

  • create user from outside (would require remote login as a root)
  • set up user creation only on a single node (what if I want to update the
    password and that node is down?)
  • set the passwords beforehand in a data bag (would work, but can't we do
    better? I don't want to care about password generation)

Regards,
Stanisław Pitucha
Cloud Services
Hewlett Packard

3

Actually I’d like to get rid of that part too. What I want to achieve is the cluster type being defined in a role and all nodes “just working” with each other if they’re in the same environment.

That means I don’t want to have the “data bag items for your various mysql clusters”. Well – at least not one that contains more information than just the vIP used by that cluster.

Cluster sizes can be known from a cluster type. Other addresses can be auto-discovered. Usernames / schemas can be taken care of on any host. It’s the automatic passwords assignment that I’d like to simplify.

With a single node that’s possible already using the standard mysql cookbook. Now I’d like to extend that level of automation to the HA setup.

Regards,

Stanisław Pitucha

Cloud Services
Hewlett Packard

From: yfeldblum@gmail.com [mailto:yfeldblum@gmail.com] On Behalf Of Jay Feldblum
Sent: Friday, July 06, 2012 2:52 PM
To: chef@lists.opscode.com
Subject: [chef] Re: Setting up HA applications

Stanisław,

You don’t have to manage data bag items, or the pre-generated passwords in them, by hand. You can certainly write an application, a CLI, or a knife plugin around describing the data bag items for your various mysql clusters. The tool can create the data bag item with a pre-generated password (and probably other details), without you having to do it by hand.

Cheers,

Jay

On Fri, Jul 6, 2012 at 9:11 AM, Pitucha, Stanislaw Izaak <stanislaw.pitucha@hp.commailto:stanislaw.pitucha@hp.com> wrote:

Hi all,
I’m trying to figure out if there’s a good way of reliably setting up configuration for HA services. Specifically - how to provision accounts / passwords in that setup.

Let’s say I’m setting up a master-master mysql setup. With one box, I’d just use my known users with randomly generated passwords and do the grants locally. Now with two servers, that’s not possible really. If I generate a random password, I cannot synchronise it with the other node, or at least cannot do that using node attributes without a possibility of collisions.

So it looks like I’m left with options I don’t like:

  • create user from outside (would require remote login as a root)
  • set up user creation only on a single node (what if I want to update the password and that node is down?)
  • set the passwords beforehand in a data bag (would work, but can’t we do better? I don’t want to care about password generation)

Regards,
Stanisław Pitucha
Cloud Services
Hewlett Packard