-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remote-db: added option to customize access to remote db #111
Conversation
@@ -3,9 +3,17 @@ ovirt_engine_remote_db_port: 5432 | |||
ovirt_engine_remote_db_listen_address: '*' | |||
ovirt_engine_db_name: 'engine' | |||
ovirt_engine_db_user: 'engine' | |||
ovirt_engine_db_password: 'AqbXg4dpkbcVRZwPbY8WOR' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would avoid adding password in this, password should be generated by ovirt otopi for database
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just added it, because other roles use these as defaults, roles/ovirt-engine-setup/defaults/main.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need access to database? If yes we can get them from
[root@ls-engine1 ~]# grep PASSWORD /etc/ovirt-engine/engine.conf.d/10-setup-database.conf
ENGINE_DB_PASSWORD="KyO0pZ8EQaYpashtKiY0d2"
If you dont set this argument it will be generated, if you set it up it will be used. Thus Im for removing it in all setup roles or use some sensible example contanst in tests such as '123456' or something similiar not random hash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no problem to change it, it will require changes in answerfile generation.
I am opening issue about it #112 .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so you want to fix this in this PR or another? Im ok with both solution as we are tracking the issue
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, I want to fix it in different PR, because it requires changes unrelated to remote-db,
The changes here were done to do not break current workflow, and add option to update access rules for db connections, which was main reason behind this PR.
|
||
ovirt_engine_remote_db: False | ||
ovirt_engine_dwh_remote_db: False | ||
|
||
ovirt_engine_dwh_db_name: 'ovirt_engine_history' | ||
ovirt_engine_dwh_db_user: 'ovirt_engine_history' | ||
ovirt_engine_dwh_db_password: '37xmBKECANQGm0z3SfylMp' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would avoid adding password in this, password should be generated by ovirt otopi for database
README.md
Outdated
@@ -88,7 +88,7 @@ fqdn.of.ovirt.hypervisor2.com | |||
|
|||
## Test | |||
|
|||
This project uses [provision_docker] an ansible role to run oVirt deployment | |||
This project uses [provision\_docker] an ansible role to run oVirt deployment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ajaj, this doesn't get rendered well ... changing it back ...
1) added option to customize access to remote db some time we need to grant access from local, and also restrict subnet from where the connection can be established from. 2) update test that it use remote deployment of db it create separate container and deploy remote db there for engine and dwh.
some time we need to grant access from local,
and also restrict subnet from where the connection
can be established from.
it create separate container and deploy remote db there
for engine and dwh.