Actually I’d like to get rid of that part too. What I want to achieve is the cluster type being defined in a role and all nodes “just working” with each other if they’re in the same environment.
That means I don’t want to have the “data bag items for your various mysql clusters”. Well – at least not one that contains more information than just the vIP used by that cluster.
Cluster sizes can be known from a cluster type. Other addresses can be auto-discovered. Usernames / schemas can be taken care of on any host. It’s the automatic passwords assignment that I’d like to simplify.
With a single node that’s possible already using the standard mysql cookbook. Now I’d like to extend that level of automation to the HA setup.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Jay Feldblum
Sent: Friday, July 06, 2012 2:52 PM
Subject: [chef] Re: Setting up HA applications
You don’t have to manage data bag items, or the pre-generated passwords in them, by hand. You can certainly write an application, a CLI, or a knife plugin around describing the data bag items for your various mysql clusters. The tool can create the data bag item with a pre-generated password (and probably other details), without you having to do it by hand.
On Fri, Jul 6, 2012 at 9:11 AM, Pitucha, Stanislaw Izaak <email@example.com:firstname.lastname@example.org> wrote:
I’m trying to figure out if there’s a good way of reliably setting up configuration for HA services. Specifically - how to provision accounts / passwords in that setup.
Let’s say I’m setting up a master-master mysql setup. With one box, I’d just use my known users with randomly generated passwords and do the grants locally. Now with two servers, that’s not possible really. If I generate a random password, I cannot synchronise it with the other node, or at least cannot do that using node attributes without a possibility of collisions.
So it looks like I’m left with options I don’t like:
- create user from outside (would require remote login as a root)
- set up user creation only on a single node (what if I want to update the password and that node is down?)
- set the passwords beforehand in a data bag (would work, but can’t we do better? I don’t want to care about password generation)