Jcrespo has uploaded a new change for review.
https://gerrit.wikimedia.org/r/301350
Change subject: Puppetize servermon m1 database user
......................................................................
Puppetize servermon m1 database user
It had been added manually to the database, and that created issues
when changing hosts.
Change-Id: Idacb17cc3d77f9179b2c436f9f6393830c985ba2
---
M manifests/role/mariadb.pp
M templates/mariadb/production-grants-m1.sql.erb
2 files changed, 26 insertions(+), 5 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/50/301350/1
diff --git a/manifests/role/mariadb.pp b/manifests/role/mariadb.pp
index f0ae007..31e4c77 100644
--- a/manifests/role/mariadb.pp
+++ b/manifests/role/mariadb.pp
@@ -26,9 +26,6 @@
$nagios_pass = $passwords::misc::scripts::nagios_sql_pass
$tendril_user = $passwords::tendril::db_user
$tendril_pass = $passwords::tendril::db_pass
- $racktables_user = $passwords::racktables::racktables_db_user
- $racktables_pass = $passwords::racktables::racktables_db_pass
- $prometheus_pass = $passwords::prometheus::db_pass
file { '/etc/mysql/production-grants.sql':
ensure => present,
@@ -42,6 +39,10 @@
$nodepool_pass = $passwords::nodepool::nodepooldb_pass
$testreduce_pass = $passwords::testreduce::mysql::db_pass
$testreduce_cli_pass = $passwords::testreduce::mysql::mysql_client_pass
+ $racktables_user = $passwords::racktables::racktables_db_user
+ $racktables_pass = $passwords::racktables::racktables_db_pass
+ $prometheus_pass = $passwords::prometheus::db_pass
+ $servermon_pass = $passwords::servermon::db_password
file { '/etc/mysql/production-grants-shard.sql':
ensure => present,
diff --git a/templates/mariadb/production-grants-m1.sql.erb
b/templates/mariadb/production-grants-m1.sql.erb
index 8b592a6..144652d 100644
--- a/templates/mariadb/production-grants-m1.sql.erb
+++ b/templates/mariadb/production-grants-m1.sql.erb
@@ -91,5 +91,25 @@
-- racktables
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX,
ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW,
-CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `racktables`.* TO
-'<%=@racktables_user%>'@'%' IDENTIFIED BY '<%=@racktables_pass%>';
+CREATE ROUTINE, ALTER ROUTINE, TRIGGER
+ ON `racktables`.* TO '<%=@racktables_user%>'@'%'
+ IDENTIFIED BY '<%=@racktables_pass%>';
+
+-- servermon
+GRANT USAGE
+ ON *.* TO 'servermon'@'10.64.0.165'
+ IDENTIFIED BY '<%=@servermon_pass%>';
+
+GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT,
+SELECT, TRIGGER, UPDATE
+ ON `puppet`.* TO 'servermon'@'10.64.0.165';
+
+GRANT USAGE
+ ON *.* TO 'servermon'@'10.64.16.159'
+ IDENTIFIED BY '<%=@servermon_pass%>';
+
+GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT,
+SELECT, TRIGGER, UPDATE
+ ON `puppet`.* TO 'servermon'@'10.64.16.159';
+
+
--
To view, visit https://gerrit.wikimedia.org/r/301350
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idacb17cc3d77f9179b2c436f9f6393830c985ba2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
