[MediaWiki-commits] [Gerrit] operations/puppet[production]: mariadb - phabricator: Remove public hashes from configurati...

Jcrespo (Code Review) Tue, 12 Sep 2017 21:06:55 -0700

Jcrespo has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/377703 )


Change subject: mariadb - phabricator: Remove public hashes from configuration 
files
......................................................................

mariadb - phabricator: Remove public hashes from configuration files

These are handled on the private repo, not here anymore.

Bug: T163938
Change-Id: Iaac4706f63f6e46e23c4b00cb7449b87052bbaf9
---
M modules/role/manifests/mariadb.pp
M modules/role/templates/mariadb/grants/production-m3.sql.erb
2 files changed, 20 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/03/377703/1

diff --git a/modules/role/manifests/mariadb.pp 
b/modules/role/manifests/mariadb.pp
index 4b86840..db6441b 100644
--- a/modules/role/manifests/mariadb.pp
+++ b/modules/role/manifests/mariadb.pp
@@ -67,6 +67,12 @@
         $labspuppet_pass     = hiera('labspuppetbackend_mysql_password')
         $labsdbaccounts_pass = $passwords::labsdbaccounts::db_password
         $rddmarc_pass        = $passwords::rddmarc::db_password
+        $phab_admin_pass     = $passwords::mysql::phabricator::admin_pass
+        $phab_app_pass       = $passwords::mysql::phabricator::app_pass
+        $phab_bz_pass        = $passwords::mysql::phabricator::bz_pass
+        $phab_rt_pass        = $passwords::mysql::phabricator::rt_pass
+        $phab_manifest_pass  = $passwords::mysql::phabricator::manifest_pass
+        $phab_metrics_pass   = $passwords::mysql::phabricator::metrics_pass
 
         file { '/etc/mysql/production-grants-shard.sql':
             ensure  => present,
diff --git a/modules/role/templates/mariadb/grants/production-m3.sql.erb 
b/modules/role/templates/mariadb/grants/production-m3.sql.erb
index 68472bb..b0eba95 100644
--- a/modules/role/templates/mariadb/grants/production-m3.sql.erb
+++ b/modules/role/templates/mariadb/grants/production-m3.sql.erb
@@ -13,7 +13,7 @@
 
 GRANT USAGE
     ON *.* TO 'phadmin'@'10.64.16.8'
-    IDENTIFIED BY PASSWORD '*4882BF5FB61F6C0D5935BFA407BB6B6086421A5F';
+    IDENTIFIED BY '<%= @phab_admin_pass %>';
 
 GRANT ALL PRIVILEGES
     ON `phabricator%`.* TO 'phadmin'@'10.64.16.8';
@@ -21,7 +21,7 @@
 -- phadmin@dbproxy1003
 GRANT USAGE
     ON *.* TO 'phadmin'@'10.64.0.198'
-    IDENTIFIED BY PASSWORD '*4882BF5FB61F6C0D5935BFA407BB6B6086421A5F';
+    IDENTIFIED BY '<%= @phab_admin_pass %>';
 
 GRANT ALL PRIVILEGES
     ON `phabricator%`.* TO 'phadmin'@'10.64.0.198';
@@ -29,7 +29,7 @@
 -- phadmin@dbproxy1008
 GRANT USAGE
     ON *.* TO 'phadmin'@'10.64.32.157'
-    IDENTIFIED BY PASSWORD '*4882BF5FB61F6C0D5935BFA407BB6B6086421A5F';
+    IDENTIFIED BY '<%= @phab_admin_pass %>';
 
 GRANT ALL PRIVILEGES
     ON `phabricator%`.* TO 'phadmin'@'10.64.32.157';
@@ -38,7 +38,7 @@
 
 GRANT REPLICATION CLIENT
     ON *.* TO 'phuser'@'10.64.16.8'
-    IDENTIFIED BY PASSWORD '*986DF0EF210E895FAAA2D71A8AF0F4EEA4D93E2A';
+    IDENTIFIED BY '<%= @phab_app_pass %>';
 
 GRANT CREATE, DROP
     ON `phabricator_cache`.`cache_markupcache` TO 'phuser'@'10.64.16.8';
@@ -50,7 +50,7 @@
 
 GRANT REPLICATION CLIENT
     ON *.* TO 'phuser'@'10.64.0.198'
-    IDENTIFIED BY PASSWORD '*986DF0EF210E895FAAA2D71A8AF0F4EEA4D93E2A';
+    IDENTIFIED BY '<%= @phab_app_pass %>';
 
 GRANT CREATE, DROP
     ON `phabricator_cache`.`cache_markupcache` TO 'phuser'@'10.64.16.8';
@@ -62,7 +62,7 @@
 
 GRANT REPLICATION CLIENT
     ON *.* TO 'phuser'@'10.64.32.157'
-    IDENTIFIED BY PASSWORD '*986DF0EF210E895FAAA2D71A8AF0F4EEA4D93E2A';
+    IDENTIFIED BY '<%= @phab_app_pass %>';
 
 GRANT CREATE, DROP
     ON `phabricator_cache`.`cache_markupcache` TO 'phuser'@'10.64.32.157';
@@ -74,7 +74,7 @@
 
 GRANT USAGE
     ON *.* TO 'phstats'@'10.64.16.8'
-    IDENTIFIED BY PASSWORD '*FB8AA9D0E19A01A13E7FB1037FC964F7887D22F5';
+    IDENTIFIED BY '<%= @phab_metrics_pass %>';
 GRANT SELECT ON `phabricator_maniphest`.* TO 'phstats'@'10.64.16.8';
 GRANT SELECT ON `phabricator_user`.* TO 'phstats'@'10.64.16.8';
 GRANT SELECT ON `phabricator_project`.* TO 'phstats'@'10.64.16.8';
@@ -84,7 +84,7 @@
 
 GRANT USAGE
     ON *.* TO 'phstats'@'10.64.0.198'
-    IDENTIFIED BY PASSWORD '*FB8AA9D0E19A01A13E7FB1037FC964F7887D22F5';
+    IDENTIFIED BY '<%= @phab_metrics_pass %>';
 GRANT SELECT ON `phabricator_maniphest`.* TO 'phstats'@'10.64.0.198';
 GRANT SELECT ON `phabricator_user`.* TO 'phstats'@'10.64.0.198';
 GRANT SELECT ON `phabricator_project`.* TO 'phstats'@'10.64.0.198';
@@ -94,7 +94,7 @@
 
 GRANT USAGE
     ON *.* TO 'phstats'@'10.64.32.157'
-    IDENTIFIED BY PASSWORD '*FB8AA9D0E19A01A13E7FB1037FC964F7887D22F5';
+    IDENTIFIED BY '<%= @phab_metrics_pass %>';
 GRANT SELECT ON `phabricator_maniphest`.* TO 'phstats'@'10.64.32.157';
 GRANT SELECT ON `phabricator_user`.* TO 'phstats'@'10.64.32.157';
 GRANT SELECT ON `phabricator_project`.* TO 'phstats'@'10.64.32.157';
@@ -104,7 +104,7 @@
 
 GRANT USAGE
     ON *.* TO 'phmanifest'@'10.64.16.8'
-    IDENTIFIED BY PASSWORD '*57879C423C685FDF9F3F4E3DB71207E76A8384C4';
+    IDENTIFIED BY '<%= @phab_manifest_pass %>';
 
 GRANT SELECT
     ON `phabricator_maniphest`.* TO 'phmanifest'@'10.64.16.8';
@@ -113,7 +113,7 @@
 
 GRANT USAGE
     ON *.* TO 'phmanifest'@'10.64.0.198'
-    IDENTIFIED BY PASSWORD '*57879C423C685FDF9F3F4E3DB71207E76A8384C4';
+    IDENTIFIED BY '<%= @phab_manifest_pass %>';
 
 GRANT SELECT
     ON `phabricator_maniphest`.* TO 'phmanifest'@'10.64.0.198';
@@ -122,7 +122,7 @@
 
 GRANT USAGE
     ON *.* TO 'phmanifest'@'10.64.32.157'
-    IDENTIFIED BY PASSWORD '*57879C423C685FDF9F3F4E3DB71207E76A8384C4';
+    IDENTIFIED BY '<%= @phab_manifest_pass %>';
 
 GRANT SELECT
     ON `phabricator_maniphest`.* TO 'phmanifest'@'10.64.32.157';
@@ -130,13 +130,13 @@
 -- bzmigrate@%
 GRANT USAGE
     ON *.* TO 'bzmigrate'@'%'
-    IDENTIFIED BY PASSWORD '*DA35098F5C3FFAF021B5E73207FC2CFB431DE2FF';
+    IDENTIFIED BY '<%= @phab_bz_pass %>';
 GRANT ALL PRIVILEGES
     ON `bugzilla_migration`.* TO 'bzmigrate'@'%';
 
 -- rtmigrate@%
 GRANT USAGE
     ON *.* TO 'rtmigrate'@'%'
-    IDENTIFIED BY PASSWORD '*FEFB866BAD7FF0ED0A3078A178E2AA1B7D093477';
+    IDENTIFIED BY '<%= @phab_rt_pass %>';
 GRANT ALL PRIVILEGES
     ON `rt_migration`.* TO 'rtmigrate'@'%';

-- 
To view, visit https://gerrit.wikimedia.org/r/377703
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iaac4706f63f6e46e23c4b00cb7449b87052bbaf9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jcrespo <jcre...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: mariadb - phabricator: Remove public hashes from configurati...

Reply via email to