Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

galera_bootstrap_set_root_password causes failures when adding DBs or users later on #6

Open
dvandok opened this issue Oct 17, 2016 · 11 comments
Open

galera_bootstrap_set_root_password causes failures when adding DBs or users later on #6

dvandok opened this issue Oct 17, 2016 · 11 comments

Comments

@dvandok
Copy link

dvandok commented Oct 17, 2016

Forgive me if I understand this entirely the wrong way.

The galera/master.sls sets the mysql root password during the bootstrap phase in galera_bootstrap_set_root_password.
https://github.com/tcpcloud/salt-formula-galera/blob/master/galera/master.sls#L81
It does so with the mysqladmin command, without passing any authentication data. This works because the root user by default can access mysql on localhost without a password.
But after this command that is no longer the case. The root user can not use any mysql commands without using a password. Since the default for the mysql state module of saltstack is to interact as root without a password, every attempt to create a database or add a user will fail.
Even a repeat call to the galera_bootstrap_set_root_password state will fail, which means that if anything goes wrong during the bootstrapping we're stuck with an unusable system.

Is there a point to setting an explicit password for root? Isn't it reasonable to let root log in for local connections?
@pupapaik
Copy link
Contributor

What version of galera do you use? Because every version little bit differs. You need to start galera and set root, debian passwords. Then you need to stop and start galera as new-cluster. Then other nodes can join.

@dvandok
Copy link
Author

dvandok commented Oct 17, 2016

On 17-10-16 15:50, Jakub Pavlik wrote:

What version of galera do you use?

25.2.9
(/var/lib/apt/lists/apt.tcpcloud.eu_testing_dists_trusty_galera-s9s_binary-amd64_Packages)

Because every version little bit
differs. You need to start galera and set root, debian passwords.
Then you need to stop and start galera as new-cluster. Then other
nodes can join.

I think that is what the galera master.sls is trying to do, but setting
the password breaks creating the mysql databases later on.

Not sure if the order is correct; if I run state.sls galera.sls, I'm
getting all the mysql databases as a bonus (nova, heat, etc.)

@pupapaik
Copy link
Contributor

OK, good so then please set version of formula 0.2+020160713152239.21.gbpf4bfad

because we stopped supported this packages and replaced them for Mirantis Packages 8 and 9
#2

@dvandok
Copy link
Author

dvandok commented Oct 17, 2016

On 17-10-16 17:09, Jakub Pavlik wrote:

OK, good so then please set version of formula 0.2+020160713152239.21.gbpf4bfad

because we stopped supported this packages and replaced them for Mirantis Packages 8 and 9
#2

But what about #3 ?

Where is the galera-3 package supposed to come from?

@pupapaik
Copy link
Contributor

You need to set Mirantis repos: http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/pool/main/g/

@dvandok
Copy link
Author

dvandok commented Oct 17, 2016

On 17-10-16 18:10, Jakub Pavlik wrote:

You need to set Mirantis repos: http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/pool/main/g/

OK, thanks. I'm trying to get the workshop example running but I
understand there have been new developments recently. I have to catch up...

@dvandok
Copy link
Author

dvandok commented Oct 18, 2016

I've now set up a three-server galera cluster, but the formula for galera/server still complains:

ID: mysql_database_nova
Function: mysql_database.present
Name: nova
Result: False
Comment: MySQL Error 1045: Access denied for user 'root'@'localhost' (using password: NO)
Started: 21:19:49.584706
Duration: 2.862 ms

Changes:

@dvandok
Copy link
Author

dvandok commented Oct 19, 2016

OK, I'm starting to understand how this is meant to work. According to
https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.mysql.html
there is a way to get a file /etc/mysql/debian.cnf with a maintenance account that saltstack will use. But the code here still doesn't work, as the debian-sys-maint user is not given GRANT rights in mysql_bootstrap_update_maint_password.

@pupapaik
Copy link
Contributor

It should work if you have correct packages and first run. We put credentials for root directly into formula. So you do not need to have debian-sys-maint. Check if you have latest formula.

@dvandok
Copy link
Author

dvandok commented Oct 19, 2016

So what is the relationship with salt-formula-mysql? There seems to be some overlap in what these formulas try to achieve. I've set up my galera cluster now but I don't see where the root creds are used in e.g. https://github.com/tcpcloud/salt-formula-galera/blob/master/galera/server.sls#L13 which is code that hasn't been updated in more than a year; compared to https://github.com/tcpcloud/salt-formula-mysql/blob/master/mysql/server/database.sls#L15 which is much fresher.

@pupapaik
Copy link
Contributor

mysql formula creates databases. Galera formula just deploy galera and set root and debian password. so we combine those together.

@dvandok dvandok mentioned this issue Aug 3, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvandok @pupapaik