Bug #94282 mysqlrouter Error Could not open /var/lib/mysqlrouter/state.json.tmp for writing
Submitted: 11 Feb 20:31 Modified: 14 May 22:01
Reporter: Joseph Peters Email Updates:
Status: Closed Impact on me:
Category:MySQL Router Severity:S2 (Serious)
Version:8.0.15 OS:Ubuntu (18.04)
Assigned to: CPU Architecture:x86

[11 Feb 20:31] Joseph Peters
Unable to bootstrap the latest 8.0.15 mysqlrouter in Ubuntu 18.04 when trying to connect to an already running Innodb cluster made up of 3 Mysql 8.0.15 servers in the same private network.

The cluster is running smoothly and I have no firewall restrictions between the machine with mysqlrouter and the ones that make up the cluster. Also have the correct mysql user permissions for cluster configuration and for mysqlrouter connections in place, everything ok.

How to repeat:
In the machine Im trying to run the mysqlrouter:

# /etc/hosts contains: db-server1 db-server2 db-server3

After a fresh install of the new 8.0.15 mysqlrouter package, when trying to bootstrap, always get this no matter what...

# mysqlrouter --bootsrap db-server1:3306 --user=mysqlrouter
Please enter MySQL password for root: xxxxxx
Error: Could not open /var/lib/mysqlrouter/state.json.tmp for writing: Permission denied

Note: the /var/lib/mysqlrouter folder is created upon package install and has the correct permissions for the mysqlrouter to to write in it. Anyone experiencing this behaviour for mysqlrouter 8.0.15 in Ubuntu 18.04?

Suggested fix:
Any help with this appreciated.
[11 Feb 20:39] Joseph Peters
The db-servers that make up the Innodb cluster are also running Ubuntu 18.04 with MySQL servers 8.0.15 and cluster got configured nicely via mysql shell.
[12 Feb 10:30] Joseph Peters
I managed to bootstrap the mysqlouter by disabling the apparmor profile that was installed with the mysqlrouter8.0.15 ubuntu package.

ln -s /etc/apparmor.d/usr.bin.mysqlrouter /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.bin.mysqlrouter

After the above I was able to bootstrap the mysqlrouter as usual. Seems to be something in the apparmor profile for mysqlrouter that is not quite right I guess.
[12 Feb 10:56] Umesh Shastry
Hello Joseph,

Thank you for the report and feedback.

[12 Feb 11:05] Joseph Peters
Instead of disabling the apparmor profile for mysqlrouter, I also managed to get things working by adding the following line to the /etc/apparmor.d/usr.bin.mysqlrouter profile and then reload apparmor.

# Allow config access
  /etc/mysqlrouter/** rw,
  /var/lib/mysqlrouter/keyring rw,
  # /var/lib/mysqlrouter/state.json.tmp rw, <---- ADDING THIS DID NOT WORK AS WELL, SEEMS THAT MORE FILES NEED TO BE WRITTEN under /var/lib/mysqlrouter
  /var/lib/mysqlrouter/** rw,   <---- SO ADDED THIS LINE AND EVERYTHING SEEMS TO BE WORKING FINE

service apparmor reload
[14 May 21:01] Philip Olson
Posted by developer:
Fixed as of the MySQL Router 8.0.16 release, and here's the changelog entry:

Apparmor is now given r/w access to /var/lib/mysqlrouter/ rather than
specific files within to allow additional dynamically generated files

Thank you for the bug report, and sorry for the delayed response.