1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
include/group_replication.inc
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
[connection server1]
# 1. Bootstrap M1.
# Install test authentication plugin.
# Create new users.
[connection server1]
INSTALL PLUGIN test_plugin_server SONAME 'PLUGIN_AUTH';
include/start_and_bootstrap_group_replication.inc
SET SQL_LOG_BIN=0;
CREATE USER 'plug_user_p' IDENTIFIED WITH 'test_plugin_server' AS 'proxy_user_p';
CREATE USER 'plug_user_wp' IDENTIFIED WITH 'test_plugin_server' AS 'proxy_user_wp';
CREATE USER 'proxy_user_p' IDENTIFIED BY 'password';
CREATE USER 'proxy_user_wp' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO 'proxy_user_p';
GRANT ALL PRIVILEGES ON *.* TO 'proxy_user_wp';
GRANT PROXY ON 'proxy_user_p' to 'plug_user_p';
GRANT PROXY ON 'proxy_user_wp' to 'plug_user_wp';
GRANT REPLICATION SLAVE ON *.* TO 'plug_user_p';
GRANT REPLICATION SLAVE ON *.* TO 'plug_user_wp';
SET SQL_LOG_BIN=1;
# 2. Reset recovery interval to 1 and count to 2 for M2.
[connection server2]
SET @old_log_output= @@log_output;
SET GLOBAL log_output= 'TABLE,FILE';
RESET SLAVE ALL FOR CHANNEL 'group_replication_recovery';
Warnings:
Warning 1287 'RESET SLAVE' is deprecated and will be removed in a future release. Please use RESET REPLICA instead
INSTALL PLUGIN test_plugin_server SONAME 'PLUGIN_AUTH';
SET @saved_group_replication_recovery_reconnect_interval = @@GLOBAL.group_replication_recovery_reconnect_interval;
SET @saved_gr_recovery_retry_count = @@GLOBAL.group_replication_recovery_retry_count;
SET GLOBAL group_replication_recovery_reconnect_interval= 1;
SET GLOBAL group_replication_recovery_retry_count= 2;
SET GLOBAL group_replication_group_name= "GROUP_REPLICATION_GROUP_NAME";
# 3. Test credentials as parameter START GR.
# Confirm password is not logged.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p' , DEFAULT_AUTH= 'auth_test_plugin';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
# 4. SSL - Test credentials as parameter START GR.
# Confirm password is not logged.
SET @group_replication_recovery_use_ssl_save= @@GLOBAL.group_replication_recovery_use_ssl;
SET GLOBAL group_replication_recovery_use_ssl= ON;
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p' , DEFAULT_AUTH= 'auth_test_plugin';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET @@GLOBAL.group_replication_recovery_use_ssl= @group_replication_recovery_use_ssl_save;
# 5. Test wrong credentials.
# Confirm password is not logged.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER='plug_user_p',PASSWORD='WRONG';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER='plug_user_wp';
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is NOT LOGGED not even secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION PASSWORD='wrong';
ERROR HY000: The START GROUP_REPLICATION command failed since the USER option was not provided with PASSWORD for recovery channel.
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER='plug_user_p' , PASSWORD='proxy_user_p' , DEFAULT_AUTH='wrong_auth';;
include/gr_wait_for_member_state.inc
include/stop_group_replication.inc
include/assert.inc [Password is not logged.]
include/assert.inc [Password is logged as secret.]
# 6. Cleanup.
CHANGE REPLICATION SOURCE TO SOURCE_USER='root' , SOURCE_PASSWORD='' FOR CHANNEL 'group_replication_recovery';
Warnings:
Note 1759 Sending passwords in plain text without SSL/TLS is extremely insecure.
Note 1760 Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/start_group_replication.inc
SET SESSION sql_log_bin = 0;
call mtr.add_suppression("Replica I/O for channel 'group_replication_recovery': Fatal error: Invalid .* username when attempting to connect to the source server.*");
call mtr.add_suppression("There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.");
call mtr.add_suppression("For details please check performance_schema.replication_connection_status table and error log messages of Replica I/O for channel group_replication_recovery.");
call mtr.add_suppression("There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.");
call mtr.add_suppression("Maximum number of retries when trying to connect to a donor reached. Aborting group replication incremental recovery.");
call mtr.add_suppression("Fatal error during the incremental recovery process of Group Replication. The server will leave the group.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
call mtr.add_suppression("Skipping leave operation: concurrent attempt to leave the group is on-going.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
SET SESSION sql_log_bin = 1;
SET @@GLOBAL.group_replication_recovery_reconnect_interval = @saved_group_replication_recovery_reconnect_interval;
SET @@GLOBAL.group_replication_recovery_retry_count = @saved_gr_recovery_retry_count;
SET GLOBAL log_output= @old_log_output;
UNINSTALL PLUGIN test_plugin_server;
[connection server1]
SET SESSION sql_log_bin = 0;
call mtr.add_suppression("Wrong password supplied for proxy_user_p");
call mtr.add_suppression("Wrong password supplied for proxy_user_wp");
DROP USER 'plug_user_p';
DROP USER 'plug_user_wp';
DROP USER 'proxy_user_p';
DROP USER 'proxy_user_wp';
SET SESSION sql_log_bin = 1;
UNINSTALL PLUGIN test_plugin_server;
TRUNCATE mysql.general_log;
include/group_replication_end.inc
|
