MySQL Forums
Forum List  »  Router & Proxy

Advanced Search
New Topic

Router bootstrap account question
Posted by: Silvio Schloeffel
Date: August 01, 2024 09:06AM

Hello,

it is our first contact with MySQL router, so apologies in advance if the question is too simple.

We test the migration from a MySQL 5.x Master - Master replication setup to a MySQL 8.x Innodb cluster.

The cluster is running, data transfer tests are done and now we think about some routers in front of the cluster.

We created a router user for our first router testsystem and tried to bootstrap the router.
And here the question starts.

The cluster is configured with ip rules for the root and admin users.
Also the created router user is bound to the system ip of the router server.
```
MySQL 10.234.16.40:33060+ ssl JS > info.setupRouterAccount('router-01@10.234.16.46')
Missing the password for new account router-01@10.234.16.46. Please provide one.
Password for new account: ************
Confirm password: ************
Creating user router-01@10.234.16.46.
Account router-01@10.234.16.46 was successfully created.
```
Our thinking was that we can bootstrap the router with the created router user but this wasn't working.

```
[root@blade-server-10 etc]# mysqlrouter --bootstrap router-01@db-01:3306 --directory /etc/mysqlrouter/ --user=mysqlrouter
Please enter MySQL password for router-01:

Bootstrapping MySQL Router 8.0.36 (MySQL Community - GPL) instance at '/etc/mysqlrouter'...

Fetching Cluster Members
trying to connect to mysql-server at db-03:3306

Creating account(s) (only those that are needed, if any)
Error: Error creating MySQL account for router (CREATE USER stage): Error executing MySQL query "CREATE USER IF NOT EXISTS 'mysql_router1_b113lfcw8rpz'@'%' IDENTIFIED BY ***": Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation (1227)
```

With the cluster admin user the boostraping is working but for productive use I will not open the cluster admin for worldwide connections.

Is there a secure way to bootstrap the router without needing the cluster admin account?
We want to install routers dynamically on various rented systems and configure the cluster as securely as possible for this purpose.

Best

Silvio

Navigate: Previous MessageNext Message
Options: ReplyQuote


Subject
Views
Written By
Posted
Router bootstrap account question
298
Silvio Schloeffel
August 01, 2024 09:06AM
Re: Router bootstrap account question
126
Silvio Schloeffel
August 09, 2024 04:43AM


Sorry, only registered users may post in this forum.
Click here to login

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.