MySQL Forums
Forum List  »  NDB clusters

Privilege distribution
Posted by: Sean McDowell
Date: July 18, 2017 11:40AM

I am following the instructions for enabling privilege distribution (would be nice if it were enabled by default!) and I observe this behaviour -- is it expected?

I create a cluster running in Docker Swarm with this configuration:

Connected to Management Server at: mysql_mgmt:1186
Cluster Configuration
---------------------
[ndbd(NDB)] 2 node(s)
id=2 @10.0.1.6 (mysql-5.7.18 ndb-7.5.6, Nodegroup: 0, *)
id=3 @10.0.1.7 (mysql-5.7.18 ndb-7.5.6, Nodegroup: 0)

[ndb_mgmd(MGM)] 1 node(s)
id=1 @10.0.1.5 (mysql-5.7.18 ndb-7.5.6)

[mysqld(API)] 15 node(s)
id=4 @10.0.1.3 (mysql-5.7.18 ndb-7.5.6)
id=5 @10.0.1.2 (mysql-5.7.18 ndb-7.5.6)
id=6 @10.0.1.4 (mysql-5.7.18 ndb-7.5.6)

For one MySQL Server I fish out the temporary root@localhost password, log in, change the root@localhost password and then follow the instructions to enable privilege distribution: https://dev.mysql.com/doc/refman/5.7/en/mysql-cluster-privilege-distribution.html

Now if I try to log into another MySQL Server with the updated root password it rejects it. It still wants the original temporary password.

If I issue AGAIN the ALTER USER command to change the root@localhost password now I can log into the other servers with the updated password.

I also found that if I restart a MySQL Server service it will pick up the altered password:

docker service update --force mysql_mysql_server2

Does the initial conversion to distributed privileges not copy the updated root password? Or the other services are not aware of it?



Edited 1 time(s). Last edit at 07/18/2017 12:07PM by Sean McDowell.

Options: ReplyQuote


Subject
Views
Written By
Posted
Privilege distribution
89
July 18, 2017 11:40AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.