Juju Charms Collection
percona-cluster package

Support changes to root and sstuser passwords

Bug #1436093 reported by Cory Johns
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Charm Helpers
Fix Released
Undecided
Felipe Reyes
OpenStack Percona Cluster Charm
In Progress
Wishlist
Felipe Reyes
percona-cluster (Juju Charms Collection)
Invalid
Wishlist
Unassigned

Bug Description

Per the comment at the top of percona_hooks.py, these config options should not be immutable, and immutable config goes against guidelines (https://jujucharms.com/docs/1.20/authors-charm-best-practice#juju-best-practices-and-tips-from-canonical's-infrastructure-team).

This came up during review of a fork of this charm for Galera Cluster (https://bugs.launchpad.net/charms/+bug/1430796), so perhaps a joint effort could get this issue resolved for both charms at once.

Tags: cpe-onsite sts

Related branches

lp:~freyes/charm-helpers/add-set-mysql-password
Billy Olsen: Needs Fixing
Jorge Niedbalski (community): Approve
Mario Splivalo (community): Approve
MySQL Charm Maintainers: Pending requested
Diff: 220 lines (+178/-0)
2 files modified
charmhelpers/contrib/database/mysql.py (+75/-0)
tests/contrib/database/test_mysql.py (+103/-0)
James Page (james-page)
Changed in percona-cluster (Juju Charms Collection):
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Xiang Hui (xianghui) wrote :

Before [1] is landed, we'll hold this bug.
After [1] landed, will take a look whether [2] could apply to percona-cluster in the same way.

[1] https://launchpad.net/bugs/1454317
[2] http://bazaar.launchpad.net/~codership/charms/trusty/galera-cluster/trunk/revision/57

Changed in percona-cluster (Juju Charms Collection):
assignee: nobody → Xiang Hui (xianghui)
Xiang Hui (xianghui)
Changed in percona-cluster (Juju Charms Collection):
assignee: Xiang Hui (xianghui) → Mario Splivalo (mariosplivalo)
James Page (james-page)
Changed in charm-percona-cluster:
assignee: nobody → Mario Splivalo (mariosplivalo)
importance: Undecided → Wishlist
status: New → Triaged
Changed in percona-cluster (Juju Charms Collection):
status: Triaged → Invalid
Revision history for this message
Janghoon-Paul Sim (janghoon) wrote :

This bug also affects me.

Users may expects that "juju config percona-cluster root-password=$NEW_PASSWORD" command will change root password on mysql side as well.
However, it doesn't change it actually.
It would cause confusion and hooking errors for users.

Also, juju charm documentation[1] doesn't mention it clearly.
The documentation should mention about this limitation more clearly like this on configuration section.

Keep in mind that you have to change manually those passwords on mysql side as well if you update this password.

[1] https://jujucharms.com/percona-cluster/252

Felipe Reyes (freyes)
Changed in percona-cluster (Juju Charms Collection):
assignee: Mario Splivalo (mariosplivalo) → nobody
Changed in charm-percona-cluster:
assignee: Mario Splivalo (mariosplivalo) → Felipe Reyes (freyes)
tags: added: sts
Felipe Reyes (freyes)
Changed in charm-percona-cluster:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-percona-cluster (master)

Fix proposed to branch: master
Review: https://review.openstack.org/474032

Felipe Reyes (freyes)
Changed in charm-helpers:
status: New → In Progress
assignee: nobody → Felipe Reyes (freyes)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/488603

Felipe Reyes (freyes)
Changed in charm-helpers:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-percona-cluster (master)

Reviewed: https://review.openstack.org/488603
Committed: https://git.openstack.org/cgit/openstack/charm-percona-cluster/commit/?id=62ed38b7b2affe163d7597abfd520abc9c7cdd30
Submitter: Jenkins
Branch: master

commit 62ed38b7b2affe163d7597abfd520abc9c7cdd30
Author: Felipe Reyes <email address hidden>
Date: Fri Jul 28 16:23:05 2017 -0400

    Resync charm-helpers for support to change passwords

    Change-Id: I1337096eb32250285e4a4a5d2b1975f91993816a
    Partial-Bug: 1436093

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/474032
Committed: https://git.openstack.org/cgit/openstack/charm-percona-cluster/commit/?id=e7f611ff2e01312a7ae88f8ed871dd7bf75b0e80
Submitter: Jenkins
Branch: master

commit e7f611ff2e01312a7ae88f8ed871dd7bf75b0e80
Author: Felipe Reyes <email address hidden>
Date: Tue Jun 13 22:42:18 2017 -0400

    Add support to change root password

    Change the configured root's password in percona and update the leader
    settings.

    Change-Id: I7168a96cac7a3b4df7fcfa1afc6f35076748578b
    Partial-Bug: 1436093

Dmitrii Shcherbakov (dmitriis)
tags: added: cpe-onsite
Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

There is still the sst part left which should touch the wsrep_sst_auth variable at runtime:

http://galeracluster.com/documentation-webpages/mysqlwsrepoptions.html
wsrep_sst_auth
Variable Scope: Global
Permitted Values Type: string
Valid Values: username:password

And also result in re-rendering of my.cnf/mysqld.cnf:

wsrep_sst_auth="sstuser:{{ sst_password }}"

~~

The source code has relevant update methods:

https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/percona-xtradb-cluster-5.7/tree/sql/sys_vars.cc?h=ubuntu/bionic&id=debian/5.7.20-29.24-0ubuntu2.1#n6220
static Sys_var_charptr Sys_wsrep_sst_auth(
       "wsrep_sst_auth", "Authentication for SST connection",
       PREALLOCATED GLOBAL_VAR(wsrep_sst_auth), CMD_LINE(REQUIRED_ARG, OPT_WSREP_SST_AUTH),
       IN_FS_CHARSET, DEFAULT(wsrep_sst_auth), NO_MUTEX_GUARD,
       NOT_IN_BINLOG,
       ON_CHECK(wsrep_sst_auth_check),
       ON_UPDATE(wsrep_sst_auth_update));

https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/percona-xtradb-cluster-5.7/tree/sql/wsrep_sst.cc?h=ubuntu/bionic&id=debian/5.7.20-29.24-0ubuntu2.1#n194
bool wsrep_sst_auth_update (sys_var *self, THD* thd, enum_var_type type)
{
    return sst_auth_real_set (wsrep_sst_auth);
}
https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/percona-xtradb-cluster-5.7/tree/sql/wsrep_sst.cc?h=ubuntu/bionic&id=debian/5.7.20-29.24-0ubuntu2.1#n163
static bool sst_auth_real_set (const char* value)
// ..

And the variable is marked as dynamic in documentation:
https://www.percona.com/doc/percona-xtradb-cluster/5.5/wsrep-system-index.html#wsrep_sst_auth

Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

I validated on a single-unit deployment that currently (18.08) root password changes work but sst password changes do not. If sst-password is set via `juju run --unit mysql/0 'leader-set sst-password=newpasswd'` and a jujud-unit-mysql-0 unit is restarted (to trigger a config-changed event as the leader itself does not receive leader-settings-changed), the code gets to the pxc_installed check which prevents a new sst password from being set.

    133 def install_percona_xtradb_cluster():
    134 '''Attempt PXC install based on seeding of passwords for users'''
    135 if pxc_installed():
    136 log('MySQL already installed, skipping')
--> 137 return

So the change would be to augment this portion of config-changed hook implementation:

    # the password needs to be updated only if the node was already
    # bootstrapped
    if is_bootstrapped():
        update_root_password()
        # update_sst_password() <----
        set_ready_on_peers()

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.