-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make vttablet wait for vt_dba user to be granted privileges #14565
Conversation
… provided to the dba user Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Review ChecklistHello reviewers! 👋 Please follow this checklist when reviewing this Pull Request. General
Tests
Documentation
New flags
If a workflow is added or modified:
Backward compatibility
|
go/cmd/vttablet/cli/cli.go
Outdated
@@ -273,4 +308,5 @@ func init() { | |||
Main.Flags().DurationVar(&tableACLConfigReloadInterval, "table-acl-config-reload-interval", tableACLConfigReloadInterval, "Ticker to reload ACLs. Duration flag, format e.g.: 30s. Default: do not reload") | |||
Main.Flags().StringVar(&tabletPath, "tablet-path", tabletPath, "tablet alias") | |||
Main.Flags().StringVar(&tabletConfig, "tablet_config", tabletConfig, "YAML file config for tablet") | |||
Main.Flags().DurationVar(&dbaGrantWaitTime, "dba-grant-wait-time", dbaGrantWaitTime, "Time to wait for dba user to be granted the required permissions. Setting the value to 0 disable the wait.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm iffy about adding two new flags for this. Do we have an idea of what a good default wait time would be in the specific issue you are trying to address?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder why the tests are failing. It will be interesting to see what those failures reveal.
Signed-off-by: Manan Gupta <[email protected]>
The test failures are all using MysQL 5.7. Unit test and also the end to end tests. mysql [localhost:8032] {msandbox} ((none)) > show grants\G
*************************** 1. row ***************************
Grants for msandbox@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `msandbox`@`localhost`
*************************** 2. row ***************************
Grants for msandbox@localhost: GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SENSITIVE_VARIABLES_OBSERVER,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `msandbox`@`localhost`
*************************** 3. row ***************************
Grants for msandbox@localhost: GRANT `R_DO_IT_ALL`@`%` TO `msandbox`@`localhost`
3 rows in set (0.01 sec) and mysql [localhost:5731] {msandbox} ((none)) > show grants\G
*************************** 1. row ***************************
Grants for msandbox@localhost: GRANT ALL PRIVILEGES ON *.* TO 'msandbox'@'localhost'
1 row in set (0.00 sec) In mysql 5.7 we they don't list all the privileges, but just GRANT ALL PRIVILEGES... |
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
…up MySQL Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
We definitely need the DBA grants part of this, because we don't want vttablet to start populating the DBA pool with connections where the right grants are not yet present.
This is a fatal error, so vttablet shuts down and restarts. Usually by the time it comes up again, my.cnf file is available and the end result is something like the following in the pod status. mysqlctld container:
vttablet container:
h/t @dctrwatson for explaining this to me. This also suggests an alternate implementation for the DBA grants issue. Instead of waiting for the grants to be available, we check whether they are present, and if they aren't we simply exit / shutdown with an error. And that can happen as many times as needed until the check succeeds. |
@deepthi So what do we want to do? Remove the flags with a default value? Remove the wait for the file to show up because vttablet would crash anyways? |
Signed-off-by: Manan Gupta <[email protected]>
The main issue with this approach is that you still get a bunch of errors logged and pod restarts. While that's not considered a problem normally in the k8s world, I think it can still be pretty confusing and it's also not really optimal in how quickly the system comes up (Vitess waiting for a bit is going to be faster than k8s noticing the failure and restarting). A bit of resiliency like this in the PR with a (maybe even shorter) timeout would still be a nice improvement imho to improve also the operational experience (next to fixing the actual bug here of course). |
I'll move the mycnf file wait into a separate PR and hard-code the dba-grants wait to 10seconds so that we can get this bug fix in. WDYT? |
Sounds good. |
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
Signed-off-by: Manan Gupta <[email protected]>
return nil | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add logs for the err != nil
cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed this review comment - #14632
Description
This PR adds a wait to the vttablet startup. The init_db.sql file is not guaranteed to have completed applying before the vttablet initializes because vttablet and mysqlctl could have started parallely. This causes the issue described in #14562. So, during vttablet startup, we wait for the dba user to have access to the SUPER privilege.
Related Issue(s)
Checklist
Deployment Notes