[chef] Re: Setting up HA applications

[Jay Feldblum < >]

Stanisław,

You don't have to manage data bag items, or the pre-generated passwords in them, by hand. You can certainly write an application, a CLI, or a knife plugin around describing the data bag items for your various mysql clusters. The tool can create the data bag item with a pre-generated password (and probably other details), without you having to do it by hand.

Cheers,

Jay

On Fri, Jul 6, 2012 at 9:11 AM, Pitucha, Stanislaw Izaak < " target="_blank"> > wrote:

Hi all,
I'm trying to figure out if there's a good way of reliably setting up configuration for HA services. Specifically - how to provision accounts / passwords in that setup.

Let's say I'm setting up a master-master mysql setup. With one box, I'd just use my known users with randomly generated passwords and do the grants locally. Now with two servers, that's not possible really. If I generate a random password, I cannot synchronise it with the other node, or at least cannot do that using node attributes without a possibility of collisions.

So it looks like I'm left with options I don't like:
- create user from outside (would require remote login as a root)
- set up user creation only on a single node (what if I want to update the password and that node is down?)
- set the passwords beforehand in a data bag (would work, but can't we do better? I don't want to care about password generation)

Regards,
Stanisław Pitucha
Cloud Services
Hewlett Packard