- PXC#460: wsrep_sst_auth don't work in Percona-XtraDB-Cluster-56-5.6.25-25.12.1.el7
Semantics:
---------
* Generally end-user will create a separate user with needed privileges for
performing DONOR action.
* This user credentials are specified using wsrep_sst_auth.
* Along with this user there could be other user(s) created on the server
that sysadmin may use for normal or other operations
* Credentials for these user(s) can be specified in same cluster/server
cnf file as part of [client] section
When cluster act as DONOR and if wsrep_sst_auth is provided then it should
strictly use it for performing SST based action.
What if end-user has same credentials for performing both SST action and
normal admin work ?
* Then end-user can simply specify these credentials as part of [client]
section in cnf file and skip providing wsrep_sst_auth.
Issue:
-----
MySQL client user/password parsing preference order is as follows:
* command line (through --user/--password)
* cnf file
* MYSQL_PWD enviornment variable.
Recent change tried passing sst user password through MYSQL_PWD
(and user though --user command line param as before).
On the system where-in admin had another user for performing non-SST actions,
credentials for such user were present in cnf file under [client] section.
Due to mysql client preference order, SST user name was used (as it was
passed through command line) but password of other user (meant for non-SST)
action was being used as it was passed through cnf file.
Password passed through MYSQL_PWD was completely ignored causing
user-name/password mismatch.
Solution:
---------
* If user has specified credentials for SST then pass them through command
line so that they are used in priority.
(There could be security concern on passing things through command line but
when I tried passing user-name and password through command line to mysql
client and then did ps I saw this
./bin/mysql --user=sstuser --password=x xxxxxxxx -S /tmp/n1.sock
so seems like password is not shown)
commit c0300e2564e8d03 fee5c6e554918d8 b98f67c16c
Merge: 4055140 b966fc0
Author: Krunal Bauskar <email address hidden>
Date: Thu Oct 22 15:05:42 2015 +0530
Merge pull request #48 from kbauskar/ 5.6-pxc- 460
- PXC#460: wsrep_sst_auth don't work in Percona- XtraDB- Cluster- 56-5.6…
commit b966fc0e200b0bd 7ed32027c5ade77 49f70dca51
Author: Krunal Bauskar <email address hidden>
Date: Thu Oct 22 14:56:29 2015 +0530
- PXC#460: wsrep_sst_auth don't work in Percona- XtraDB- Cluster- 56-5.6. 25-25.12. 1.el7
Semantics:
---------
* Generally end-user will create a separate user with needed privileges for
performing DONOR action.
* This user credentials are specified using wsrep_sst_auth.
* Along with this user there could be other user(s) created on the server
that sysadmin may use for normal or other operations
* Credentials for these user(s) can be specified in same cluster/server
cnf file as part of [client] section
When cluster act as DONOR and if wsrep_sst_auth is provided then it should
strictly use it for performing SST based action.
What if end-user has same credentials for performing both SST action and
normal admin work ?
* Then end-user can simply specify these credentials as part of [client]
section in cnf file and skip providing wsrep_sst_auth.
Issue:
-----
MySQL client user/password parsing preference order is as follows:
* command line (through --user/--password)
* cnf file
* MYSQL_PWD enviornment variable.
Recent change tried passing sst user password through MYSQL_PWD
(and user though --user command line param as before).
On the system where-in admin had another user for performing non-SST actions,
credentials for such user were present in cnf file under [client] section.
Due to mysql client preference order, SST user name was used (as it was
passed through command line) but password of other user (meant for non-SST)
action was being used as it was passed through cnf file.
Password passed through MYSQL_PWD was completely ignored causing name/password mismatch.
user-
Solution:
---------
* If user has specified credentials for SST then pass them through command
line so that they are used in priority.
(There could be security concern on passing things through command line but
when I tried passing user-name and password through command line to mysql
client and then did ps I saw this
./bin/mysql --user=sstuser --password=x xxxxxxxx -S /tmp/n1.sock
so seems like password is not shown)