Bug #92276 Dba.createCluster() function run as Error due to Password needed
Submitted: 4 Sep 2018 2:24 Modified: 4 Sep 2018 10:30
Reporter: Huishan Piao Email Updates:
Status: Not a Bug Impact on me:
None 
Category:Shell AdminAPI InnoDB Cluster / ReplicaSet Severity:S2 (Serious)
Version:8.0.11 OS:Linux (generic)
Assigned to: CPU Architecture:Any
Tags: Dba.createCluster()

[4 Sep 2018 2:24] Huishan Piao 
Description:
When I using MySQLShell 8.0.11 to create Group Replication under Database server 5.7.23, there is error on create cluster steps.

I created a user root@192.168.56.11 and grant all privileges, and using this to create Cluster:

CREATE USER 'root'@'192.168.56.11' IDENTIFIED BY "mysql";
GRANT ALL PRIVILEGES ON *.* TO root@192.168.56.11;

ic-1 host IP is 192.168.56.11

ERROR when  dba.createCluster('myCluster'):

 MySQL  ic-1:3306 ssl  JS > dba.createCluster('myCluster')
A new InnoDB cluster will be created on instance 'root@ic-1:3306'.

Validating instance at ic-1:3306...

This instance reports its own address as ic-1

Instance configuration is suitable.
Creating InnoDB cluster 'myCluster' on 'root@ic-1:3306'...
Dba.createCluster: Access denied for user 'root'@'192.168.56.11' (using password: YES) (MySQL Error 1045)

I using this user login to instance already, but show Password Error.
not request me to provide password.

How to repeat:
OS: Oracle Linux 6.8
MySQL 5.7.23
MySQLShell 8.0.11

Suggested fix:
ask for input password when execute dba.createCluster('clustername');
[4 Sep 2018 2:40] Huishan Piao 
other problem is even I create Cluster failed, still have a user created like 
 Host: localhost
 User: mysql_innodb_cluster_r0430387613
[4 Sep 2018 10:30] MySQL Verification Team 
Hello Huishan Piao,

Thank you for the report.
Imho, created user 'root'@'x.x.x.x' is missing "GRANT OPTION" which can be confirmed with dba.checkInstanceConfiguration('root'@'x.x.x.x'):

Validating local MySQL instance listening at port xxxxxx for use in an InnoDB cluster...
ERROR: The account 'root'@'x.x.x.x' is missing privileges required to manage an InnoDB cluster:
Missing global privileges: GRANT OPTION.
For more information, see the online documentation.
Dba.checkInstanceConfiguration: The account 'root'@'x.x.x.x' is missing privileges required to manage an InnoDB cluster. (RuntimeError)

You may want to follow detailed steps outlined in - https://dev.mysql.com/doc/refman/8.0/en/mysql-innodb-cluster-working-with-cluster.html
https://dev.mysql.com/doc/refman/8.0/en/mysql-innodb-cluster-production-deployment.html

Alternatively, you can try 

dba.configureInstance("root@x.x.x.x", {clusterAdmin: "myAdmin", clusterAdminPassword: "myAdminPwd"});

Which would create "myAdmin" user with appropriate privileges required i.e

mysql> show grants for myAdmin@'%';
+--------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for myAdmin@%                                                                                                                       |
+--------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT RELOAD, SHUTDOWN, PROCESS, FILE, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, CREATE USER ON *.* TO 'myAdmin'@'%' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.* TO 'myAdmin'@'%' WITH GRANT OPTION                                                       |
| GRANT SELECT ON `sys`.* TO 'myAdmin'@'%' WITH GRANT OPTION                                                                                 |
| GRANT ALL PRIVILEGES ON `mysql_innodb_cluster_metadata`.* TO 'myAdmin'@'%' WITH GRANT OPTION                                               |
| GRANT SELECT ON `performance_schema`.`replication_group_member_stats` TO 'myAdmin'@'%' WITH GRANT OPTION                                   |
| GRANT SELECT ON `performance_schema`.`threads` TO 'myAdmin'@'%' WITH GRANT OPTION                                                          |
| GRANT SELECT ON `performance_schema`.`replication_applier_status` TO 'myAdmin'@'%' WITH GRANT OPTION                                       |
| GRANT SELECT ON `performance_schema`.`replication_group_members` TO 'myAdmin'@'%' WITH GRANT OPTION                                        |
| GRANT SELECT ON `performance_schema`.`replication_applier_status_by_worker` TO 'myAdmin'@'%' WITH GRANT OPTION                             |
| GRANT SELECT ON `performance_schema`.`replication_connection_configuration` TO 'myAdmin'@'%' WITH GRANT OPTION                             |
| GRANT SELECT ON `performance_schema`.`replication_applier_status_by_coordinator` TO 'myAdmin'@'%' WITH GRANT OPTION                        |
| GRANT SELECT ON `performance_schema`.`replication_connection_status` TO 'myAdmin'@'%' WITH GRANT OPTION                                    |
| GRANT SELECT ON `performance_schema`.`replication_applier_configuration` TO 'myAdmin'@'%' WITH GRANT OPTION                                |
+--------------------------------------------------------------------------------------------------------------------------------------------+

Also, I would like to suggest you to use MySQL Shell 8.0.12 instead of MySQL Shell 8.0.11.

regards,
Umesh