Add parameter to not create additional users on cloudstack-setup-databases

[lucas-a-martins]

Description

When using the cloudstack-setup-databases command during the database setup process, some additional users are created. Since the standard procedure involves creating and configuring database users prior to the ACS setup, these extra users are not used. Moreover, the additional users created by cloudstack-setup-databases are granted excessive permissions, requiring operators to manually delete them.

This PR introduces a new optional parameter, --skip-users-auto-creation. By using this parameter, ACS will skip the automatic creation of these additional users.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale

• Major
• Minor

Screenshots (if appropriate):

How Has This Been Tested?

After executing the cloudstack-setup-databases with the new flag, I checked the database users and, as expected, no new users were created. I then repeated the procedure without the new flag, and the extra users were created as usual.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 16.17%. Comparing base (b38ee63) to head (09ec0a9).
Report is 528 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #9969      +/-   ##
============================================
+ Coverage     15.80%   16.17%   +0.36%     
- Complexity    12586    13291     +705     
============================================
  Files          5627     5668      +41     
  Lines        492328   498179    +5851     
  Branches      59692    60290     +598     
============================================
+ Hits          77828    80590    +2762     
- Misses       405977   408567    +2590     
- Partials       8523     9022     +499     

Flag	Coverage Δ
uitests	3.99% <ø> (-0.05%)	⬇️
unittests	17.02% <ø> (+0.39%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sureshanaparti]

@blueorangutan package

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11676

[DaanHoogland]

@blueorangutan package

[blueorangutan]

@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11728

[DaanHoogland]

@blueorangutan test

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-11860)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 57547 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9969-t11860-kvm-ol8.zip
Smoke tests completed. 140 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_secure_vm_migration	Error	134.24	test_vm_life_cycle.py
test_01_secure_vm_migration	Error	134.24	test_vm_life_cycle.py

[DaanHoogland]

clgtm

[lucas-a-martins]

@blueorangutan package

[blueorangutan]

@lucas-a-martins a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12705

[lucas-a-martins]

@blueorangutan test

[DaanHoogland]

@blueorangutan test

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-12629)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 57362 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9969-t12629-kvm-ol8.zip
Smoke tests completed. 140 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
ContextSuite context=TestSharedNetworkWithConfigDrive>:setup	Error	1521.57	test_network.py

[bernardodemarco]

LGTM, manually tested in a local environment

• Verified that when the --skip-users-auto-creation flag is omitted, the script creates the default users:

Script execution

root@cloudstack:~# cloudstack-setup-databases scc:scc@192.168.122.200 --deploy-as=a:scc -i 192.168.122.200
Mysql user name:scc                                                             [ OK ]
Mysql user password:******                                                      [ OK ]
Mysql server ip:192.168.122.200                                                 [ OK ]
Mysql server port:3306                                                          [ OK ]
Mysql root user name:a                                                          [ OK ]
Mysql root user password:******                                                 [ OK ]
Using specified cluster management server node IP 192.168.122.200               [ OK ]
Checking Cloud database files ...                                               [ OK ]
Checking local machine hostname ...                                             [ OK ]
Checking SELinux setup ...                                                      [ OK ]
Preparing /etc/cloudstack/management/db.properties                              [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database.sql             [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema.sql               [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database-premium.sql     [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql       [ OK ]
Applying /usr/share/cloudstack-management/setup/server-setup.sql                [ OK ]
Applying /usr/share/cloudstack-management/setup/templates.sql                   [ OK ]
Processing encryption ...                                                       [ OK ]
Finalizing setup ...                                                            [ OK ]

CloudStack has successfully initialized database, you can check your database configuration in /etc/cloudstack/management/db.properties

DB users

MariaDB [(none)]> select user,host from mysql.user;
+-------------+---------------+
| User        | Host          |
+-------------+---------------+
| scc         | %             |
| a           | 192.168.122.% |
| scc         | 192.168.122.% |
| mariadb.sys | localhost     |
| mysql       | localhost     |
| root        | localhost     |
| scc         | localhost     |
+-------------+---------------+
7 rows in set (0.001 sec)

• Verified that when the flag is specified, the default users are not created:

Script execution

root@cloudstack:~# cloudstack-setup-databases scc:scc@192.168.122.200 --deploy-as=a:scc -i 192.168.122.200 --skip-users-auto-creation
Mysql user name:scc                                                             [ OK ]
Mysql user password:******                                                      [ OK ]
Mysql server ip:192.168.122.200                                                 [ OK ]
Mysql server port:3306                                                          [ OK ]
Mysql root user name:a                                                          [ OK ]
Mysql root user password:******                                                 [ OK ]
Using specified cluster management server node IP 192.168.122.200               [ OK ]
Checking Cloud database files ...                                               [ OK ]
Checking local machine hostname ...                                             [ OK ]
Checking SELinux setup ...                                                      [ OK ]
Preparing /etc/cloudstack/management/db.properties                              [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database.sql             [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema.sql               [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database-premium.sql     [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql       [ OK ]
Applying /usr/share/cloudstack-management/setup/server-setup.sql                [ OK ]
Applying /usr/share/cloudstack-management/setup/templates.sql                   [ OK ]
Processing encryption ...                                                       [ OK ]
Finalizing setup ...                                                            [ OK ]

CloudStack has successfully initialized database, you can check your database configuration in /etc/cloudstack/management/db.properties

DB users

MariaDB [(none)]> select user,host from mysql.user;
+-------------+---------------+
| User        | Host          |
+-------------+---------------+
| a           | 192.168.122.% |
| scc         | 192.168.122.% |
| mariadb.sys | localhost     |
| mysql       | localhost     |
| root        | localhost     |
+-------------+---------------+
5 rows in set (0.001 sec)

[bernardodemarco]

[SF] Trillian test result (tid-12629) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 57362 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9969-t12629-kvm-ol8.zip Smoke tests completed. 140 look OK, 1 have errors, 0 did not run Only failed and skipped tests results shown below:

Test Result Time (s) Test File
ContextSuite context=TestSharedNetworkWithConfigDrive>:setup Error 1521.57 test_network.py

The CI error does not seem to be related

[Copilot]

Pull Request Overview

This PR adds the --skip-users-auto-creation flag to the cloudstack-setup-databases command to prevent the creation of extra database users with excessive permissions.

• Introduces a new flag and corresponding option in the argument parser.
• Adds logic to bypass execution of queries that create or grant permissions to extra users by replacing them.
• Sets an instance attribute to propagate the flag value for later use.

[Copilot]

[nitpick] Consider extracting the query replacement logic (lines 244-245) into a separate function or adding more descriptive inline comments to clarify its intent, which could improve readability and maintainability.

Suggested change

	if self.options.skipUsersAutoCreation:
	for t, r in queriesToSkip: text = text.replace(t,r)
	for t, r in replacements: text = text.replace(t,r)
	text = self.apply_replacements(text, queriesToSkip, replacements, self.options.skipUsersAutoCreation)

[Copilot]

[nitpick] The flag is checked in multiple locations; consider consolidating the handling of skipUsersAutoCreation to ensure consistency and reduce potential duplication of logic.

Suggested change

	if self.options.skipUsersAutoCreation:
	self.skipUsersAutoCreation = self.options.skipUsersAutoCreation
	self.handleSkipUsersAutoCreation()

[DaanHoogland]

@lucas-a-martins , will you consider @CoPilot’s sugestions?

[lucas-a-martins]

@lucas-a-martins , will you consider @CoPilot’s sugestions?

I don’t think so