Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

phxbinlogsvr_tools设置管理员密码问题 #34

Closed
coding-chenkaikai opened this issue Sep 21, 2016 · 13 comments
Closed

phxbinlogsvr_tools设置管理员密码问题 #34

coding-chenkaikai opened this issue Sep 21, 2016 · 13 comments

Comments

@coding-chenkaikai
Copy link

通过phxbinlogsvr_tools设置mysql非root管理员及密码,使用命令如下:
phxbinlogsvr_tools -f SetMySqlAdminInfo -h <host> -p <port> -u <admin username> -d <admin pwd> -U <new admin username> -D <new admin pwd>
1、通过phxsql集群中主机登陆mysql,非root用户,密码正常,登陆成功
2、通过phxsql集群外主机登陆mysql,非root用户,提示密码不正确,经测试密码为空
3、想通过phxsql集群外主机登陆mysql,使用root登陆,发现没有权限,通过查看mysql权限表,没有给root分配其他主机访问的权限?
@mariohuang
Copy link
Collaborator

mariohuang commented Sep 21, 2016
edited
Loading

1 2 能否给出登录的指令,密码可以不用贴出来?
3这点是我们想做到与原生MySQL安装后一样的安全标准,原生MySQL安装后root只有localhost的登陆权限,所以扩展到PhxSQL上,安装后就只能三台集群内的机器能登录,这样避免了用户安装后没修改密码,被坏人进行扫描攻击的风险。如果你有其他机器访问PhxSQl的需求,请直接对PhxSQL进行IP授权的操作。

欢迎提出更好的方案:)

@coding-chenkaikai
Copy link
Author

基本信息如下:
集群主机:ip1,ip2,ip3
集群外主机:ip0
phxsqlproxy_port:19521
设置新用户名/密码:newuser/newpassword
登陆指令如下:
mysql -unewuser -P19521 -h ip1 -p"newpassword"
【提示:ERROR 1045 (28000): Access denied for user 'newuser'@'ip1' (using password: YES)】
mysql -unewuser -P19521 -h ip1
【登陆成功】

@aStonegod
Copy link

这个问题我也遇到过, 重新部署之后正常了.....

@cjcchen
Copy link
Collaborator

cjcchen commented Sep 21, 2016

@coding-chenkaikai 请问是修改了用户密码之后,在集群内登陆时,用新的用户和密码也是登陆不成功吗?

对于集群外的ip,是需要用户自己手动授权的。我们默认只对集群内的ip能使用管理员权限登陆。

@coding-chenkaikai
Copy link
Author

@cjcchen 在集群内部是可以使用新用户名和新密码登陆成功的,在集群外部,密码就变为空了

@cjcchen
Copy link
Collaborator

cjcchen commented Sep 22, 2016

@coding-chenkaikai
请问集群外部的登陆权限是你们自己设置的吗?

由于phxsql的管理员账号是phxbinlogsvr负责监控mysql而使用的。该账号活动范围仅在集群内部。
因此phxsql只负责修改管理员账号对集群内部ip的相应权限。在修改管理员账号密码时,只对集群ip的权限进行相应的修改。

如果想在集群外登陆mysql进行管理员操作,建议使用不同的账号密码。

@coding-chenkaikai
Copy link
Author

@cjcchen 我没有做任何操作,只是使用提供phxbinlogsvr_tools创建新管理员,然后我看到此管理员拥有所有机器访问权限(集群内,集群外),集群内正常,集群外,密码变为空

@cjcchen
Copy link
Collaborator

cjcchen commented Sep 28, 2016

@coding-chenkaikai 关于修改管理员后,集群外的机器可以不适用密码登陆的问题,我们已经修复了。可以尝试更新代码重新编译。

感谢您的反馈

@coding-chenkaikai
Copy link
Author

@cjcchen 好的,谢谢

@coding-chenkaikai
Copy link
Author

coding-chenkaikai commented Oct 9, 2016
edited
Loading

@cjcchen @mariohuang 我使用最新代码进行编译,设置sqlproxy的端口为19521,集群中主机通过读写端口可以连接上mysql server,但是通过只读端口19522只能连接上master,其余集群内主机均连接不上,我又通过脚本创建管理员用户,出现同样的问题
只有最新代码部署后出现该问题,上一个版本未出现该问题
集群所有主机MasterEnableReadPort = 1,错误提示如下:

[root@ip3 phxsql]# mysql -uroot -P19522 -h"ip3"
ERROR 1045 (28000): Access denied for user 'root'@'ip3' (using password: NO)
[root@ip3 phxsql]# 
[root@ip3 phxsql]# mysql -uroot -P19522 -h"ip2"
ERROR 1045 (28000): Access denied for user 'root'@'ip2' (using password: NO)
[root@ip3 phxsql]# 
[root@ip3 phxsql]# mysql -uroot -P19522 -h"ip1"
Welcome to the MySQL monitor.  Commands end with ; or \g.

@cjcchen
Copy link
Collaborator

cjcchen commented Oct 10, 2016

@coding-chenkaikai 我们这边测试过没有什么异常。麻烦更新下最新代码重新尝试一下。

@coding-chenkaikai
Copy link
Author

coding-chenkaikai commented Oct 11, 2016
edited
Loading

@cjcchen 使用的是最新代码,编译过程没有出现任何错误,执行下面命令没有任何问题,重现编译之后,问题可以重现,phxsqlproxy提供读写端口正常,本机使用mysql端口连接本机服务器也正常,phxsqlproxy提供的只读端口只有Master可以连接

./phxbinlogsvr_tools_phxrpc -f InitBinlogSvrMaster
./phxbinlogsvr_tools_phxrpc -f GetMasterInfoFromGlobal
./phxbinlogsvr_tools_phxrpc -f GetMemberList

log显示如下:

E1011 19:12:45.000828 12568 phx_glog.cpp:82]  DoQuery mysql_query show variables like 'super_read_only'; done 0,  
E1011 19:12:45.001410 12568 phx_glog.cpp:82]  DoQuery mysql_query show global variables like 'gtid_executed'; done 0,  
E1011 19:12:45.001566 12568 phx_glog.cpp:82]  GetAllFiles get file list 1 
E1011 19:12:45.001580 12568 phx_glog.cpp:82]  GetAllFiles get file list 1, min EVENTDATA-0 max EVENTDATA-0 
E1011 19:12:45.001610 12568 phx_glog.cpp:82]  OpenDB fd 44 open db /var/lib/phxsql/phxbinlogsvr/event_data/EVENTDATA-0 offset 0 done mode 2 file size 0 
E1011 19:12:45.001626 12568 phx_glog.cpp:82]  GetLastGtid get gtid  from gtid list num 0, ret 0 
E1011 19:12:45.001945 12568 phx_glog.cpp:82]  DoQuery mysql_query show status like 'Slave_running'; done 0,  
E1011 19:12:45.001977 12568 phx_glog.cpp:82]  CheckSlaveRunningStatus slave is running ON 
E1011 19:12:45.002008 12568 phx_glog.cpp:82]  CheckRunning check super read only ON is master 0 ret 0 
E1011 19:12:45.002019 12568 phx_glog.cpp:82]  Process check running ret 0 
E1011 19:12:45.002665 12568 phx_glog.cpp:82]  DoQuery mysql_query show global variables like 'gtid_executed'; done 0,  
E1011 19:12:45.002727 12568 phx_glog.cpp:82]  IsGTIDCompleted get gtid empty , binlog svr max gtid , master start 
E1011 19:12:45.002785 12568 phx_glog.cpp:82]  GetCurrentInstanceInterval 0x1147930 get newest instance id 0 oldest instanceid 0 
E1011 19:12:45.004245 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos8InstanceE::OnReceivePaxosMsg Now.InstanceID 1748 Msg.InstanceID 1748 MsgType 3 Msg.from_nodeid 144134618507922527 My.nodeid 216192212545850463 Seen.LatestInstanceID 1747 
E1011 19:12:45.009894 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos8LogStoreE::Append ok, offset 192345 fileid 0 checksum 238386396 instanceid 1748 buffer size 98 usetime 5ms sync 1 
E1011 19:12:45.009932 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos13AcceptorStateE::Persist GroupIdx 0 InstanceID 1748 PromiseID 1 PromiseNodeID 144134618507922527 AccectpedID 1 AcceptedNodeID 144134618507922527 ValueLen 63 Checksum 4194984054 
E1011 19:12:45.009979 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos8InstanceE::OnReceivePaxosMsg Now.InstanceID 1748 Msg.InstanceID 1748 MsgType 5 Msg.from_nodeid 144134618507922527 My.nodeid 216192212545850463 Seen.LatestInstanceID 1747 
E1011 19:12:45.010257 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos8InstanceE::OnReceivePaxosMsg Now.InstanceID 1748 Msg.InstanceID 1748 MsgType 7 Msg.from_nodeid 144134618507922527 My.nodeid 216192212545850463 Seen.LatestInstanceID 1748 
E1011 19:12:45.010318 12558 phx_glog.cpp:82]  SMExecute instance id 1748 execute ip 172.17.0.2 svr id -1408172030 version 1745 export ip  port 0 
E1011 19:12:45.010339 12558 phx_glog.cpp:82]  SetMaster set info ip 172.17.0.2 svr id 2886795266 version 1746 
E1011 19:12:45.010428 12558 phx_glog.cpp:82]  Showy(0): PN8phxpaxos8InstanceE::OnReceivePaxosMsg Now.InstanceID 1749 Msg.InstanceID 1748 MsgType 6 Msg.from_nodeid 144134618507922527 My.nodeid 216192212545850463 Seen.LatestInstanceID 1748 
E1011 19:12:45.034289 12353 phx_glog.cpp:82]  DoQuery mysql_query show global variables like 'gtid_executed'; done 0,  
E1011 19:12:45.034348 12353 phx_glog.cpp:82]  MakeCheckPoint now time 1476184365 last check time 1476184315,  interval time 216000 
E1011 19:12:45.034381 12353 phx_glog.cpp:82]  MakeCheckPoint check point check done 
E1011 19:12:45.034391 12353 phx_glog.cpp:82]  CheckRunningStatus current mysql instanceid 0, binlog svr instanceid 0 
E1011 19:12:45.035400 12559 phx_glog.cpp:82]  Showy(0): PN8phxpaxos7CleanerE::run sleep a while, max deleted instanceid 0 checkpoint instanceid (no checkpoint) now instanceid 1749

@cjcchen
Copy link
Collaborator

cjcchen commented Oct 11, 2016

@coding-chenkaikai 麻烦更新到最新的代码之后,如果可以重新安装一下集群。如果不能安装,可尝试通过工具修改数据同步账号的账号密码为管理员的账号密码。然后再次使用工具修改为正常的数据同步账号的账号密码。

谢谢您的反馈。

@wodesuck wodesuck closed this as completed Nov 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mariohuang @wodesuck @cjcchen @aStonegod @coding-chenkaikai