Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions percona-scheduler-admin
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ function exec_sql() {
local more_options=""
local retvalue
local retoutput
local default_auth=""
local auth_option=""
local defaults=""

if [[ $# -ge 7 ]]; then
Expand All @@ -372,7 +372,7 @@ function exec_sql() {
debug "$lineno" "exec_sql : $user@$hostname:$port ==> $query"

if [[ $MYSQL_CLIENT_VERSION == "8.0" ]]; then
default_auth="default-auth=mysql_native_password"
auth_option="default-auth=${AUTH_PLUGIN}"
fi

defaults=$(printf '[client]\nuser=%s\npassword="%s"\nhost=%s\nport=%s\nconnect-timeout=%s\n%s' \
Expand All @@ -381,7 +381,7 @@ function exec_sql() {
"${hostname}" \
"${port}" \
"${TIMEOUT}" \
"${default_auth}"
"${auth_option}"
)

if [[ $USE_STDIN_FOR_CREDENTIALS -eq 1 ]]; then
Expand Down Expand Up @@ -692,7 +692,7 @@ function user_input_check() {
"\n-- Please check the ProxySQL connection parameters and status."

if [[ -z "$precheck_user" ]]; then
mysql_exec "$LINENO" "CREATE USER '$safe_username'@'$USER_HOST_RANGE' IDENTIFIED WITH mysql_native_password BY '$safe_password';"
mysql_exec "$LINENO" "CREATE USER '$safe_username'@'$USER_HOST_RANGE' IDENTIFIED WITH ${AUTH_PLUGIN} BY '$safe_password';"
check_cmd $? "$LINENO" "Failed to add the PXC application user to PXC: $username" \
"\n-- Please check if '$CLUSTER_USERNAME'@'$CLUSTER_HOSTNAME' has the proper permissions to create the montioring user"

Expand Down Expand Up @@ -1174,7 +1174,7 @@ function enable_proxysql() {
"\n-- Please check the PXC cluster connection parameters and status."
if [[ -z "$check_user" ]]; then
# No monitor user found in MySQL, create the monitor user
mysql_exec "$LINENO" "CREATE USER '$SAFE_MONITOR_USERNAME'@'$USER_HOST_RANGE' IDENTIFIED WITH mysql_native_password BY '$SAFE_MONITOR_PASSWORD';"
mysql_exec "$LINENO" "CREATE USER '$SAFE_MONITOR_USERNAME'@'$USER_HOST_RANGE' IDENTIFIED WITH ${AUTH_PLUGIN} BY '$SAFE_MONITOR_PASSWORD';"
check_cmd $? "$LINENO" "Failed to create the ProxySQL monitoring user."\
"\n-- Please check that '$CLUSTER_USERNAME'@'$CLUSTER_HOSTNAME' has the proper permissions to create the montioring user"
fi
Expand Down
11 changes: 9 additions & 2 deletions proxysql-admin
Original file line number Diff line number Diff line change
Expand Up @@ -525,7 +525,7 @@ function user_input_check() {
"\n-- Please check the ProxySQL connection parameters and status."

if [[ -z "$precheck_user" ]]; then
mysql_exec "$LINENO" "CREATE USER '$safe_username'@'$USER_HOST_RANGE' IDENTIFIED WITH mysql_native_password BY '$safe_password';"
mysql_exec "$LINENO" "CREATE USER '$safe_username'@'$USER_HOST_RANGE' IDENTIFIED WITH ${AUTH_PLUGIN} BY '$safe_password';"
check_cmd $? "$LINENO" "Failed to add the PXC application user to PXC: $username" \
"\n-- Please check if '$CLUSTER_USERNAME'@'$CLUSTER_HOSTNAME' has the proper permissions to create the montioring user"

Expand Down Expand Up @@ -901,7 +901,7 @@ function enable_proxysql() {
"\n-- Please check the PXC cluster connection parameters and status."
if [[ -z "$check_user" ]]; then
# No monitor user found in MySQL, create the monitor user
mysql_exec "$LINENO" "CREATE USER '$SAFE_MONITOR_USERNAME'@'$USER_HOST_RANGE' IDENTIFIED WITH mysql_native_password BY '$SAFE_MONITOR_PASSWORD';"
mysql_exec "$LINENO" "CREATE USER '$SAFE_MONITOR_USERNAME'@'$USER_HOST_RANGE' IDENTIFIED WITH ${AUTH_PLUGIN} BY '$SAFE_MONITOR_PASSWORD';"
check_cmd $? "$LINENO" "Failed to create the ProxySQL monitoring user."\
"\n-- Please check that '$CLUSTER_USERNAME'@'$CLUSTER_HOSTNAME' has the proper permissions to create the montioring user"

Expand Down Expand Up @@ -2423,6 +2423,13 @@ function parse_args() {
exit 1
fi

if [[ $AUTH_PLUGIN != "caching_sha2_password" && $AUTH_PLUGIN != "mysql_native_password" ]]; then
error "" "Invalid AUTH_PLUGIN value: '$AUTH_PLUGIN'"
echo "Please use one of these values: 'caching_sha2_password', 'mysql_native_password'"
exit 1
fi
readonly AUTH_PLUGIN

if [[ $NEEDS_WRITER_HOSTGROUP -eq 1 ]]; then
if [[ -z $WRITER_HOSTGROUP_ID || $WRITER_HOSTGROUP_ID -eq -1 ]]; then
error "" "Invalid --writer-hg value: '$WRITER_HOSTGROUP_ID' "
Expand Down
6 changes: 3 additions & 3 deletions proxysql-admin-common
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ function exec_sql() {
local more_options=""
local retvalue
local retoutput
local default_auth=""
local auth_option=""
local defaults=""

if [[ $# -ge 7 ]]; then
Expand All @@ -84,7 +84,7 @@ function exec_sql() {
debug "$lineno" "exec_sql : $user@$hostname:$port ==> $query"

if [[ $MYSQL_CLIENT_VERSION == "8.0" ]]; then
default_auth="default-auth=mysql_native_password"
auth_option="default-auth=${AUTH_PLUGIN}"
fi

defaults=$(printf '[client]\nuser=%s\npassword="%s"\nhost=%s\nport=%s\nconnect-timeout=%s\n%s' \
Expand All @@ -93,7 +93,7 @@ function exec_sql() {
"${hostname}" \
"${port}" \
"${TIMEOUT}" \
"${default_auth}"
"${auth_option}"
)

# shellcheck disable=SC2086
Expand Down
6 changes: 6 additions & 0 deletions proxysql-admin.cnf
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,9 @@ export USE_SSL='no'
# the read hostgroup.
#
export WRITERS_ARE_READERS='backup'

# --------------------------------
# MySQL authentication plugin to use when creating users.
# Valid values: 'caching_sha2_password' (default) or 'mysql_native_password'
#
export AUTH_PLUGIN='caching_sha2_password'
4 changes: 3 additions & 1 deletion proxysql-common
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,13 @@ fi
#
# Script parameters/constants
#
readonly PROXYSQL_ADMIN_VERSION="3.0.6"
readonly PROXYSQL_ADMIN_VERSION="3.0.9"

# The minimum required openssl version
readonly REQUIRED_OPENSSL_VERSION="3.0.0"

declare AUTH_PLUGIN="caching_sha2_password"

# The name of the openssl binary packaged with proxysql-admin
readonly PROXYSQL_ADMIN_OPENSSL_NAME="proxysql-admin-openssl"

Expand Down
4 changes: 2 additions & 2 deletions proxysql-status
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ function mysql_exec() {
local retvalue
local retoutput
local defaults=""
local default_auth=""
local auth_option=""

# shellcheck disable=SC2086
if [[ $CREDENTIALS_FROM_CLIENT_CONFIG -eq 0 ]]; then
Expand All @@ -151,7 +151,7 @@ function mysql_exec() {
"${PASSWORD}" \
"${HOST}" \
"${PORT}" \
"${default_auth}"
"${auth_option}"
)

if [[ $USE_STDIN_FOR_CREDENTIALS -eq 1 ]]; then
Expand Down
28 changes: 14 additions & 14 deletions tests/proxysql-admin-testsuite.bats
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ fi
echo "$LINENO : Check query rule count for user(test_query_rule) found:$run_query_rule expect:0" >&2
[[ "$run_query_rule" -eq 0 ]]

mysql_exec "$HOST_IP" "$PORT_3" "create user test_query_rule@'%' identified by 'test';"
mysql_exec "$HOST_IP" "$PORT_3" "CREATE USER test_query_rule@'%' IDENTIFIED WITH ${AUTH_PLUGIN} BY 'test';"
# Give the cluster some time for this to replicate
sleep 3

Expand Down Expand Up @@ -226,20 +226,20 @@ fi
else
pass_field="authentication_string"
fi
cluster_user_count=$(cluster_exec "select count(distinct user) from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'mysql.%'" -Ns)
cluster_user_count=$(cluster_exec "select count(distinct user) from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'mysql.%' and user not like 'percona.%'" -Ns)

# HACK: this mismatch occurs because we are running the tests for cluster_two
# right after the test for cluster_one (multi-cluster scenario), so the
# user counts will be off (because user cluster_one will still be in proxysql users).
if [[ $WSREP_CLUSTER_NAME == "cluster_two" ]]; then
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not in ('cluster_one')" | awk '{print $0}')
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not in ('cluster_one') and username not like 'percona.%'" | awk '{print $0}')
else
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users" | awk '{print $0}')
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not like 'percona.%'" | awk '{print $0}')
fi

# Dump the user lists for debugging
echo "cluster users" >&2
cluster_exec "select user,host from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'mysql.%'" >&2
cluster_exec "select user,host from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'percona.%' and user not like 'mysql.%'" >&2
echo "" >&2
echo "proxysql users" >&2
proxysql_exec "select * from runtime_mysql_users" "-t" >&2
Expand All @@ -259,7 +259,7 @@ fi

# Step 1: Create the user in MySQL
echo "$LINENO: Creating user '$user' in MySQL" >&2
mysql_exec "$HOST_IP" "$PORT_3" "CREATE USER '$user'@'%' IDENTIFIED WITH mysql_native_password BY '$initial_password';"
mysql_exec "$HOST_IP" "$PORT_3" "CREATE USER '$user'@'%' IDENTIFIED WITH ${AUTH_PLUGIN} BY '$initial_password';"
mysql_exec "$HOST_IP" "$PORT_3" "GRANT ALL PRIVILEGES ON *.* TO '$user'@'%';"
sleep 3 # Allow replication

Expand Down Expand Up @@ -319,15 +319,15 @@ fi
else
pass_field="authentication_string"
fi
cluster_user_count=$(cluster_exec "select count(distinct user) from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'mysql.%'" -Ns)
cluster_user_count=$(cluster_exec "select count(distinct user) from mysql.user where ${pass_field} != '' and user not in ('admin') and user not like 'mysql.%' and user not like 'percona.%'" -Ns)

# HACK: this mismatch occurs because we are running the tests for cluster_two
# right after the test for cluster_one (multi-cluster scenario), so the
# user counts will be off (because user cluster_one will still be in proxysql users).
if [[ $WSREP_CLUSTER_NAME == "cluster_two" ]]; then
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not in ('cluster_one')" | awk '{print $0}')
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not in ('cluster_one') and username not like 'percona.%'" | awk '{print $0}')
else
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users" | awk '{print $0}')
proxysql_user_count=$(proxysql_exec "select count(distinct username) from runtime_mysql_users where username not like 'percona.%'" | awk '{print $0}')
fi

# Verify that the user is not in ProxySQL
Expand All @@ -338,7 +338,7 @@ fi
echo "Creating 1000 mysql users"
for i in $(seq -w 1 1000)
do
mysql_exec "$HOST_IP" "$PORT_3" "CREATE USER 'a - u0$i'@'%' IDENTIFIED WITH mysql_native_password BY 'Secret1!';"
mysql_exec "$HOST_IP" "$PORT_3" "CREATE USER 'a - u0$i'@'%' IDENTIFIED WITH ${AUTH_PLUGIN} BY 'Secret1!';"
done

# Give the cluster some time for this to replicate
Expand All @@ -359,8 +359,8 @@ fi

echo "time taken: $time_taken seconds"
# Expected time to process 1000 users is about 25 seconds.
# For this test, lets assume that it takes less than 2.5 minutes.
[[ $time_taken -le 150 ]]
# For this test, lets assume that it takes less than 4 minutes.
[[ $time_taken -le 240 ]]

echo "$output" >&2
[ "$status" -eq 0 ]
Expand Down Expand Up @@ -415,7 +415,7 @@ fi
[[ $proxysql_count -eq 0 ]]

# Create a user on the async node
mysql_exec "$HOST_IP" "$ASYNC_PORT" "CREATE USER '${server_user}'@'%' IDENTIFIED WITH mysql_native_password BY 'passwd';"
mysql_exec "$HOST_IP" "$ASYNC_PORT" "CREATE USER '${server_user}'@'%' IDENTIFIED WITH ${AUTH_PLUGIN} BY 'passwd';"

run sudo PATH=$WORKDIR:$PATH $WORKDIR/proxysql-admin --syncusers --server=${HOST_IP}:${ASYNC_PORT}
echo "$output" >&2
Expand Down Expand Up @@ -444,7 +444,7 @@ fi
[[ $proxysql_count -eq 0 ]]

# Create a user on the async node
mysql_exec "$HOST_IP" "$ASYNC_PORT" "CREATE USER '${server_user}'@'%' IDENTIFIED WITH mysql_native_password BY 'passwd';"
mysql_exec "$HOST_IP" "$ASYNC_PORT" "CREATE USER '${server_user}'@'%' IDENTIFIED WITH ${AUTH_PLUGIN} BY 'passwd';"

run sudo PATH=$WORKDIR:$PATH $WORKDIR/proxysql-admin --sync-multi-cluster-users --server=${HOST_IP}:${ASYNC_PORT}
echo "$output" >&2
Expand Down
Loading