*: modify secret generate logic

radondb · Jul 9, 2021 · 635385c · 635385c
1 parent 301b930
commit 635385c
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 14 deletions.
diff --git a/api/v1alpha1/cluster_types.go b/api/v1alpha1/cluster_types.go
@@ -37,7 +37,7 @@ type ClusterSpec struct {
 
 	// MysqlOpts is the options of MySQL container.
 	// +optional
-	// +kubebuilder:default:={rootPassword: "", user: "qc_usr", password: "Qing@123", database: "qingcloud", initTokuDB: true, resources: {limits: {cpu: "500m", memory: "1Gi"}, requests: {cpu: "100m", memory: "256Mi"}}}
+	// +kubebuilder:default:={rootPassword: "", rootHost: "127.0.0.1", user: "qc_usr", password: "Qing@123", database: "qingcloud", initTokuDB: true, resources: {limits: {cpu: "500m", memory: "1Gi"}, requests: {cpu: "100m", memory: "256Mi"}}}
 	MysqlOpts MysqlOpts `json:"mysqlOpts,omitempty"`
 
 	// XenonOpts is the options of xenon container.
@@ -75,6 +75,12 @@ type MysqlOpts struct {
 	// +kubebuilder:default:=""
 	RootPassword string `json:"rootPassword,omitempty"`
 
+	// The root user's host.
+	// +optional
+	// +kubebuilder:validation:Enum="127.0.0.1";"%"
+	// +kubebuilder:default:="127.0.0.1"
+	RootHost string `json:"rootHost,omitempty"`
+
 	// Username of new user to create.
 	// +optional
 	// +kubebuilder:default:="qc_usr"

diff --git a/charts/mysql-operator/crds/mysql.radondb.com_clusters.yaml b/charts/mysql-operator/crds/mysql.radondb.com_clusters.yaml
@@ -118,6 +118,7 @@ spec:
                     requests:
                       cpu: 100m
                       memory: 256Mi
+                  rootHost: 127.0.0.1
                   rootPassword: ""
                   user: qc_usr
                 description: MysqlOpts is the options of MySQL container.
@@ -173,6 +174,13 @@ spec:
                           to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                         type: object
                     type: object
+                  rootHost:
+                    default: 127.0.0.1
+                    description: The root user's host.
+                    enum:
+                    - 127.0.0.1
+                    - '%'
+                    type: string
                   rootPassword:
                     default: ""
                     description: Password for the root user.

diff --git a/cluster/container/init_mysql.go b/cluster/container/init_mysql.go
@@ -56,7 +56,7 @@ func (c *initMysql) getEnvVars() []corev1.EnvVar {
 		},
 		{
 			Name:  "MYSQL_ROOT_HOST",
-			Value: "127.0.0.1",
+			Value: c.Spec.MysqlOpts.RootHost,
 		},
 		{
 			Name:  "MYSQL_INIT_ONLY",
@@ -68,9 +68,6 @@ func (c *initMysql) getEnvVars() []corev1.EnvVar {
 	envs = append(
 		envs,
 		getEnvVarFromSecret(sctName, "MYSQL_ROOT_PASSWORD", "root-password", false),
-		getEnvVarFromSecret(sctName, "MYSQL_DATABASE", "mysql-database", true),
-		getEnvVarFromSecret(sctName, "MYSQL_USER", "mysql-user", true),
-		getEnvVarFromSecret(sctName, "MYSQL_PASSWORD", "mysql-password", true),
 	)
 
 	if c.Spec.MysqlOpts.InitTokuDB {

diff --git a/cluster/container/init_sidecar.go b/cluster/container/init_sidecar.go
@@ -82,6 +82,9 @@ func (c *initSidecar) getEnvVars() []corev1.EnvVar {
 			Value: c.GetMySQLVersion(),
 		},
 		getEnvVarFromSecret(sctName, "MYSQL_ROOT_PASSWORD", "root-password", false),
+		getEnvVarFromSecret(sctName, "MYSQL_DATABASE", "mysql-database", true),
+		getEnvVarFromSecret(sctName, "MYSQL_USER", "mysql-user", true),
+		getEnvVarFromSecret(sctName, "MYSQL_PASSWORD", "mysql-password", true),
 		getEnvVarFromSecret(sctName, "MYSQL_REPL_USER", "replication-user", true),
 		getEnvVarFromSecret(sctName, "MYSQL_REPL_PASSWORD", "replication-password", true),
 		getEnvVarFromSecret(sctName, "METRICS_USER", "metrics-user", true),

diff --git a/cluster/syncer/secret.go b/cluster/syncer/secret.go
@@ -72,7 +72,13 @@ func NewSecretSyncer(cli client.Client, c *cluster.Cluster) syncer.Interface {
 			return err
 		}
 
-		secret.Data["root-password"] = []byte(c.Spec.MysqlOpts.RootPassword)
+		if c.Spec.MysqlOpts.RootHost == "%" && c.Spec.MysqlOpts.RootPassword == "" {
+			if err := addRandomPassword(secret.Data, "root-password"); err != nil {
+				return err
+			}
+		} else {
+			secret.Data["root-password"] = []byte(c.Spec.MysqlOpts.RootPassword)
+		}
 
 		secret.Data["mysql-user"] = []byte(c.Spec.MysqlOpts.User)
 		secret.Data["mysql-password"] = []byte(c.Spec.MysqlOpts.Password)

diff --git a/config/crd/bases/mysql.radondb.com_clusters.yaml b/config/crd/bases/mysql.radondb.com_clusters.yaml
@@ -118,6 +118,7 @@ spec:
                     requests:
                       cpu: 100m
                       memory: 256Mi
+                  rootHost: 127.0.0.1
                   rootPassword: ""
                   user: qc_usr
                 description: MysqlOpts is the options of MySQL container.
@@ -173,6 +174,13 @@ spec:
                           to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
                         type: object
                     type: object
+                  rootHost:
+                    default: 127.0.0.1
+                    description: The root user's host.
+                    enum:
+                    - 127.0.0.1
+                    - '%'
+                    type: string
                   rootPassword:
                     default: ""
                     description: Password for the root user.

diff --git a/sidecar/config.go b/sidecar/config.go
@@ -37,6 +37,13 @@ type Config struct {
 	// The password of the root user.
 	RootPassword string
 
+	// Username of new user to create.
+	User string
+	// Password for the new user.
+	Password string
+	// Name for new database to create.
+	Database string
+
 	// The name of replication user.
 	ReplicationUser string
 	// The password of the replication user.
@@ -93,6 +100,10 @@ func NewConfig() *Config {
 
 		RootPassword: getEnvValue("MYSQL_ROOT_PASSWORD"),
 
+		Database: getEnvValue("MYSQL_DATABASE"),
+		User:     getEnvValue("MYSQL_USER"),
+		Password: getEnvValue("MYSQL_PASSWORD"),
+
 		ReplicationUser:     getEnvValue("MYSQL_REPL_USER"),
 		ReplicationPassword: getEnvValue("MYSQL_REPL_PASSWORD"),
 

diff --git a/sidecar/init.go b/sidecar/init.go
@@ -229,15 +229,15 @@ func buildXenonConf(cfg *Config) []byte {
 // buildInitSql used to build init.sql. The file run after the mysql init.
 func buildInitSql(cfg *Config) []byte {
 	sql := fmt.Sprintf(`SET @@SESSION.SQL_LOG_BIN=0;
-DELETE FROM mysql.user WHERE user='%s';
-GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* to '%s'@'%%' IDENTIFIED BY '%s';
-DELETE FROM mysql.user WHERE user='%s';
-GRANT SELECT, PROCESS, REPLICATION CLIENT ON *.* to '%s'@'%%' IDENTIFIED BY '%s';
-DELETE FROM mysql.user WHERE user='%s';
-GRANT SUPER, PROCESS, RELOAD, CREATE, SELECT ON *.* to '%s'@'%%' IDENTIFIED BY '%s';
+CREATE DATABASE IF NOT EXISTS %s;
+DELETE FROM mysql.user WHERE user in ('%s', '%s', '%s', '%s');
+GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO '%s'@'%%' IDENTIFIED BY '%s';
+GRANT SELECT, PROCESS, REPLICATION CLIENT ON *.* TO '%s'@'%%' IDENTIFIED BY '%s';
+GRANT SUPER, PROCESS, RELOAD, CREATE, SELECT ON *.* TO '%s'@'%%' IDENTIFIED BY '%s';
+GRANT ALL ON %s.* TO '%s'@'%%' IDENTIFIED BY '%s';
 FLUSH PRIVILEGES;
-`, cfg.ReplicationUser, cfg.ReplicationUser, cfg.ReplicationPassword, cfg.MetricsUser, cfg.MetricsUser,
-		cfg.MetricsPassword, cfg.OperatorUser, cfg.OperatorUser, cfg.OperatorPassword)
+`, cfg.Database, cfg.ReplicationUser, cfg.MetricsUser, cfg.OperatorUser, cfg.User, cfg.ReplicationUser, cfg.ReplicationPassword,
+		cfg.MetricsUser, cfg.MetricsPassword, cfg.OperatorUser, cfg.OperatorPassword, cfg.Database, cfg.User, cfg.Password)
 
 	return utils.StringToBytes(sql)
 }