1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
include/master-slave.inc
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
[connection master]
==== Create new replication user ====
[on master]
CREATE USER rpluser_with_length_32_123456789@127.0.0.1 IDENTIFIED BY 'rpl';
CREATE USER rpluser_with_length_32_1234567890@127.0.0.1 IDENTIFIED BY 'rpl';
ERROR HY000: String 'rpluser_with_length_32_1234567890' is too long for user name (should be no longer than 32)
GRANT REPLICATION SLAVE ON *.* TO rpluser_with_length_32_123456789@127.0.0.1;
[on slave]
include/sync_slave_sql_with_master.inc
include/stop_slave.inc
CHANGE REPLICATION SOURCE TO SOURCE_USER='rpluser_with_length_32_123456789',
SOURCE_PASSWORD='rpl', GET_SOURCE_PUBLIC_KEY = 1, SOURCE_SSL = 1;
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/start_slave.inc
==== Do replication as new user ====
[on master]
CREATE TABLE t1 (n INT);
INSERT INTO t1 VALUES (1);
[on slave]
include/sync_slave_sql_with_master.inc
SELECT * FROM t1;
n
1
==== Delete new replication user ====
[on master]
DROP USER rpluser_with_length_32_123456789@127.0.0.1;
FLUSH PRIVILEGES;
[on slave]
include/sync_slave_sql_with_master.inc
==== Restart slave without privileges =====
include/stop_slave.inc
START SLAVE;
Warnings:
Warning 1287 'START SLAVE' is deprecated and will be removed in a future release. Please use START REPLICA instead
include/wait_for_slave_sql_to_start.inc
include/wait_for_slave_io_to_stop.inc
==== Verify that Slave IO thread stopped with error ====
include/wait_for_slave_io_error.inc [errno=1045]
[on master]
CREATE USER rpluser_plain@127.0.0.1 IDENTIFIED BY 'rpl';
GRANT REPLICATION SLAVE ON *.* TO rpluser_plain@127.0.0.1;
[on slave]
include/stop_slave.inc
CHANGE REPLICATION SOURCE TO SOURCE_USER='rpluser_plain', SOURCE_PASSWORD='rpl', SOURCE_SSL = 0, GET_SOURCE_PUBLIC_KEY = 1;
Warnings:
Note 1759 Sending passwords in plain text without SSL/TLS is extremely insecure.
Note 1760 Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/start_slave.inc
[on master]
DROP USER rpluser_plain@127.0.0.1;
FLUSH PRIVILEGES;
[on slave]
include/stop_slave.inc
# Resetting replication user to root
include/stop_slave_sql.inc
Warnings:
Note 3084 Replication thread(s) for channel '' are already stopped.
CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL = 0;
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/rpl_reset.inc
# Replication Tests related to WL#9591 and WL#11057
# Check if replication takes place when slave user
# created with caching_sha2_pasword
[on master]
CREATE USER u1_caching_sha2_password@127.0.0.1 IDENTIFIED WITH
'caching_sha2_password' BY 'pwd';
GRANT all ON *.* TO u1_caching_sha2_password@127.0.0.1;
[on slave]
include/sync_slave_sql_with_master.inc
include/stop_slave.inc
# Set the user created with authentication plugin caching_sha2_password
# as replication slave user and get RSA public key from master
CHANGE REPLICATION SOURCE TO SOURCE_USER='u1_caching_sha2_password', SOURCE_PASSWORD='pwd', SOURCE_SSL=0, GET_SOURCE_PUBLIC_KEY = 1;
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/start_slave.inc
# Do replication with the user created with
# authentication plugin caching_sha2_password
[on master]
CREATE USER u2 IDENTIFIED WITH 'caching_sha2_password' BY 'pwd_u2';
# Below steps ensures that password is not cached initially and
# After successful login, it is cached. Hence same login statement
# with which login was denied earlier is allowed now
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u2@localhost u2@%
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u2@localhost u2@%
[on slave]
include/sync_slave_sql_with_master.inc
# On slave it is ensured that password cached on master is not replicated
# and after successful login on slave, it is cached
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u2@localhost u2@%
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u2@localhost u2@%
[on master]
FLUSH PRIVILEGES;
# Ensure that affect of FLUSH PRIVILEGE is propagated and cache from slave is also cleaned
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
[on slave]
include/sync_slave_sql_with_master.inc
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
[on slave]
include/stop_slave.inc
# Set the user created with authentication plugin caching_sha2_password
# as replication slave user and get RSA public key from master
CHANGE REPLICATION SOURCE TO SOURCE_USER='u1_caching_sha2_password', SOURCE_PASSWORD='pwd', SOURCE_SSL = 0, SOURCE_PUBLIC_KEY_PATH='MYSQL_TEST_DIR/std_data/rsa_public_key.pem', GET_SOURCE_PUBLIC_KEY = 0;;
Warnings:
Note 1759 Sending passwords in plain text without SSL/TLS is extremely insecure.
Note 1760 Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/start_slave.inc
# Do replication with the user created with
# authentication plugin caching_sha2_password
[on master]
CREATE USER u3 IDENTIFIED WITH 'caching_sha2_password' BY 'pwd_u3';
# Below steps ensures that password is not cached initially and
# After successful login, it is cached. Hence same login statement
# with which login was denied earlier is allowed now
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u3@localhost u3@%
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u3@localhost u3@%
[on slave]
include/sync_slave_sql_with_master.inc
# On slave it is ensured that password cached on master is not replicated
# and after successful login on slave, it is cached
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u3@localhost u3@%
mysql: [Warning] Using a password on the command line interface can be insecure.
USER() CURRENT_USER()
u3@localhost u3@%
[on master]
FLUSH PRIVILEGES;
# Ensure that affect of FLUSH PRIVILEGE is prpoagated and cache from slave is also cleaned
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
[on slave]
include/sync_slave_sql_with_master.inc
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 2061 (HY000): Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection.
[on slave]
include/stop_slave.inc
==== Cleanup (Note that slave IO thread is not running) ====
CHANGE REPLICATION SOURCE TO SOURCE_USER = 'root', SOURCE_PASSWORD = '', SOURCE_SSL = 0;
Warnings:
Note #### Sending passwords in plain text without SSL/TLS is extremely insecure.
Note #### Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
include/rpl_reset.inc
[on master]
DROP TABLE t1;
DROP USER u1_caching_sha2_password@127.0.0.1;
DROP USER u2, u3;
include/rpl_end.inc
|
