| Bug #81391 | MySQL Cluster Manager ADD PROCESS DISTRIBUTED PRIVILEGES | ||
|---|---|---|---|
| Submitted: | 12 May 2016 11:29 | Modified: | 24 May 2017 17:47 |
| Reporter: | Ted Wennmark | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Cluster Manager: Agent | Severity: | S3 (Non-critical) |
| Version: | 1.4.0 | OS: | Any |
| Assigned to: | Thomas Nielsen | CPU Architecture: | Any |
| Tags: | MySQL Cluster Manager ADD PROCESS DISTRIBUTED PRIVILEGES | ||
[24 May 2017 17:47]
Daniel So
Added the following entry to the MySQL Cluster Manager 1.4.1 changelog: "If distributed privileges for mysqld nodes were used and the root password has been set on the cluster's mysqld nodes, after a new mysqld process was added, MySQL Cluster Manager failed to connect to it, as mcmd tried in vain to log on to the new mysqld node as root with an empty password. With this fix, mcmd then attempts in that situation to log on to the node as the user mcmd. Also, even if the root account is not secured, when distributed privileges are used, mcmd now attempts first to connect to a new mysqld node as mcmcd before it tries to create the mcmd user on the new node."
Description: MCM can not connect to newly added MySQL API node when you have enabled distributed privileges and have set a password for 'root' user. Enabling DEBUG mode in mcmd.ini you get this error: 2016-05-05 11:28:45.479: (debug) [T0x25faad0 RECFG@reconfig.c:4176]: Failed to connect to mysqld at 127.0.0.1:3306 as root: mysql_errno(mysql)=1045 mysql_error(mysql)='Access denied for user 'root'@'localhost' (using password: NO)' Problem is mcmd is trying to login to newly created MySQL API node with user 'root' with emply password ... this will fails as we are using distributed privileges. How to repeat: 1) Start mcmd with --bootstrap option to get a small cluster ruuning: mcmd --defaults-file=./mcmd.ini --daemon --bootstrap 2) Enable Distributed Privs mysql -hted-portege-z30-a -P3306 -uroot < ./cluster/share/ndb_dist_priv.sql 3) Set password for 'root' user: mysql> update mysql.user set password=PASSWORD('root') where user='root'; mysql> flush privileges; 4) Add one more MySQL API Node mcm> add process --set=port:mysqld:53=3308 --processhosts=mysqld@127.0.0.1 mycluster; 5) Start MySQL API Node mcm> start process --added mycluster; ERROR 9003 (00MGR): Tx {25efcfbb 174 0 15} timed out on agent 0 @{22 0 53 Wait for mysqld to start (genesis)} participants: 0@ted-portege-z30-a:18620[X] 1 Plan trace: {22, 0, 53, Wait for mysqld to start (genesis)} {21, 0, 53, Start single process} {20, 0, 53, Wait mysqld initialization complete} {19, 0, 53, Initialize mysqld} {18, 0, 53, Write genesis config file for mysqld} {17, 0, 53, Assert process disconnected from mgmd} {16, 0, 53, Check that port and socket file is available} {15, -3, -1, Begin new transaction for pro Suggested fix: MCM need to use correct privileges when connectong to new MySQL API node when using distributed privileges.