The procedure mentioned in #1 does not take into account that grants are not created if they already exist so even if a password is changed in a service config file and leader settings of the percona application, it is not changed in the DB itself:
2018-10-06 15:44:33 DEBUG juju-log shared-db:94: Grant exists for host '10.232.6.200' on db 'keystone'
And so services stop working after a restart.
What needs to be done manually is something like this:
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'<client-ip>' IDENTIFIED BY 'newpasswd'
The procedure mentioned in #1 does not take into account that grants are not created if they already exist so even if a password is changed in a service config file and leader settings of the percona application, it is not changed in the DB itself:
2018-10-06 15:44:33 DEBUG juju-log shared-db:94: Grant exists for host '10.232.6.200' on db 'keystone'
And so services stop working after a restart.
What needs to be done manually is something like this:
GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone' @'<client- ip>' IDENTIFIED BY 'newpasswd'