remote-db: added option to customize access to remote db #111
Conversation
lukas-bednar
requested review from
StLuke,
KKoukiou,
petr-balogh,
pkubica and
nellyc
| @@ -3,9 +3,17 @@ ovirt_engine_remote_db_port: 5432 | |||
| ovirt_engine_remote_db_listen_address: '*' | |||
| ovirt_engine_db_name: 'engine' | |||
| ovirt_engine_db_user: 'engine' | |||
| ovirt_engine_db_password: 'AqbXg4dpkbcVRZwPbY8WOR' | |||
There was a problem hiding this comment.
I would avoid adding password in this, password should be generated by ovirt otopi for database
There was a problem hiding this comment.
I just added it, because other roles use these as defaults, roles/ovirt-engine-setup/defaults/main.yml
There was a problem hiding this comment.
Do we need access to database? If yes we can get them from
[root@ls-engine1 ~]# grep PASSWORD /etc/ovirt-engine/engine.conf.d/10-setup-database.conf
ENGINE_DB_PASSWORD="KyO0pZ8EQaYpashtKiY0d2"
If you dont set this argument it will be generated, if you set it up it will be used. Thus Im for removing it in all setup roles or use some sensible example contanst in tests such as '123456' or something similiar not random hash.
There was a problem hiding this comment.
I have no problem to change it, it will require changes in answerfile generation.
I am opening issue about it #112 .
There was a problem hiding this comment.
so you want to fix this in this PR or another? Im ok with both solution as we are tracking the issue
There was a problem hiding this comment.
yes, I want to fix it in different PR, because it requires changes unrelated to remote-db,
The changes here were done to do not break current workflow, and add option to update access rules for db connections, which was main reason behind this PR.
|
|
||
| ovirt_engine_remote_db: False | ||
| ovirt_engine_dwh_remote_db: False | ||
|
|
||
| ovirt_engine_dwh_db_name: 'ovirt_engine_history' | ||
| ovirt_engine_dwh_db_user: 'ovirt_engine_history' | ||
| ovirt_engine_dwh_db_password: '37xmBKECANQGm0z3SfylMp' |
There was a problem hiding this comment.
I would avoid adding password in this, password should be generated by ovirt otopi for database
README.md
Outdated
| @@ -88,7 +88,7 @@ fqdn.of.ovirt.hypervisor2.com | |||
|
|
|||
| ## Test | |||
|
|
|||
| This project uses [provision_docker] an ansible role to run oVirt deployment | |||
| This project uses [provision\_docker] an ansible role to run oVirt deployment | |||
There was a problem hiding this comment.
ajaj, this doesn't get rendered well ... changing it back ...
1) added option to customize access to remote db some time we need to grant access from local, and also restrict subnet from where the connection can be established from. 2) update test that it use remote deployment of db it create separate container and deploy remote db there for engine and dwh.
some time we need to grant access from local,
and also restrict subnet from where the connection
can be established from.
it create separate container and deploy remote db there
for engine and dwh.