deepthi
commented
3 years ago What do you mean by the "lite" kubernetes deployment? Is it the one at https://github.com/vitessio/vitess/tree/master/examples/operator?
Open prime-minister-of-fun opened 3 years ago
deepthi
commented
3 years ago What do you mean by the "lite" kubernetes deployment? Is it the one at https://github.com/vitessio/vitess/tree/master/examples/operator?
askdba
commented
3 years ago Hi, I've tested this on a local example and the way it works is you need to supply additional arguments to vtgate . Make sure you're using a JSON file not yml as documented.
So if the users I want to add as follows:
askdba:local askdba$ more users.json
{
"vitess": [
{
"UserData": "vitess",
"Password": "supersecretpassword"
}
],
"askdba": [
{
"UserData": "askdba",
"Password": "password1"
}
],
"atechgirl": [
{
"UserData": "atechgirl",
"Password": "password2"
}
],
"sugu": [
{
"UserData": "sugu",
"Password": "sugu"
}
]
}And I want to be able add/remove users using vtgate arguments as follows:
-mysql_auth_server_impl static \
-mysql_auth_server_static_file=users.json \
-mysql_auth_static_reload_interval 1m \These parameters allow users.json file to be checked every 1 minute. If you have a syntax error it'll show on vtgate logs.
Overview of the Issue
I'm attempting to add users to a cluster as documented: https://vitess.io/docs/user-guides/configuration-advanced/user-management/
Using the example from the page and the following command, command hangs indefinitely. AKA, vtgate command runs, but no output of any kind, no exit.
/vt/bin/vtgate -mysql_auth_server_impl static -mysql_auth_server_static_file /tmp/user.yaml -topo_global_server_address myhost-db-etcd-bfb372e2-client.vitess.svc:2379 -topo_global_root /vitess/myhost-db/global -topo_implementation etcd2
Reproduction Steps
Steps to reproduce this issue, example:
1.make file with the following user data. echo { vitess: [ { UserData: user1, Password: 1-hashed-mysql-password }, { UserData: user2, Password: 9-hashed-mysql-password }, { UserData: user3, Password: 9-hashed-mysql-password }, { UserData: user4, Password: 9-hashed-mysql-password }, { UserData: user5, Password: *9-hashed-mysql-password } ] } > /tmp/users.yml
2 run command according to above documentation: /vt/bin/vtgate -mysql_auth_server_impl=static -mysql_auth_server_static_file /tmp/users.yml -topo_global_server_address my-host-db-etcd-bfb372e2-client.vitess.svc:2379 -topo_global_root /vitess/my-host/global -topo_implementation etcd2
Expected behavior: Now we can test our new users:. Meaning, users 1- 5 are added to each cell in the cluster.
Actual behavior: vtgate hangs indefinitely. No error, no logging, nothing. "Access denied" when attempting to log into vtgate as mysql client. Vtgate is listening because telnet $hostname 3306 works. I just can't login, at all.
Etcd is running and the topo_global_root is present. I can poll an etcd node for peers, or whatever they call them in etcd.
Binary version
Version: 10.0.0-RC1 (Git revision 29a494f7b branch 'heads/v10.0.0-rc1') built on Tue Apr 6 23:23:06 UTC 2021 by vitess@89bd9cb3a169 using go1.15.6 linux/amd64
Operating system and Environment details
OS, Architecture, and any other information you can provide about the environment.
cat /etc/os-release):PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debianuname -sr): Linux 4.14.209-160.335.amzn2.x86_64uname -m): x86_64 Used the "lite" kubernetes deployment without fiddling with anything but the name in etcd.Log Fragments
Nothing logged.