Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-29438

Database password specified in the configuration URL is ignored by the Replication system

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: Qserv
    • Labels:
      None

      Description

      The bug

      The current implementation of the MySQL-based configuration service won't transfer a database password from the configuration URL (database connection string) into the transient state of the Replication system's configuration. For example, if (any) replication service is being started with the following configuration option:

      --config=mysql://root:CHANGEME@localhost:44406/qservReplica
      

      The service wouldn't know which password to use when trying to open a connection to the Replication system's persistent state:

      $ qserv-replica-master-http --config=mysql://root:CHANGEME@localhost:44406/qservReplica
      2021-03-25T23:14:10.460Z  LWP 47    INFO   MASTER CONTROLLERadmin-auth-key= auth-key= config=mysql://root:CHANGEME@localhost:44406/qservReplica db-allow-reconnect=1 db-max-reconnects=1 db-reconnect-timeout=3600 db-transaction-timeout=3600 health-probe-interval=60 instance-id=qserv_in_containers qserv-db-password=****** qserv-sync-timeout=1800 replicas=0 replication-interval=60 worker-config-timeout=600 worker-evict-timeout=3600 worker-response-timeout=60 xrootd-allow-reconnect=1 xrootd-reconnect-timeout=3600 debug=0 permanent-worker-delete=0 purge=0 qserv-sync-force=0 
      2021-03-25T23:14:10.463Z  LWP 47    ERROR  Connection[2]::_connect(_inTransaction=0,_connectTimeoutSec=3600)  unrecoverable error at: Connection[2]::_connectOnce(_inTransaction=0,_connectionAttempt=1)  mysql_real_connect() failed, error: Access denied for user 'root'@'localhost' (using password: NO), errno: 1045
      2021-03-25T23:14:10.463Z  LWP 47    ERROR  DatabaseServices::create  failed to instantiate MySQL-based database services, error: Connection[2]::_connectOnce(_inTransaction=0,_connectionAttempt=1)  mysql_real_connect() failed, error: Access denied for user 'root'@'localhost' (using password: NO), errno: 1045, no such service will be available to the application.
      main()  the application failed, exception: DatabaseServices::create  failed to instantiate MySQL-based database services, error: Connection[2]::_connectOnce(_inTransaction=0,_connectionAttempt=1)  mysql_real_connect() failed, error: Access denied for user 'root'@'localhost' (using password: NO), errno: 1045
      

      This log file snippet reveals another problem with the implementation - it's dumping the raw URL including unscrambled password (and possibly, the authentication keys auth-key and admin-auth-key for the REST services) into the log stream:

      2021-03-25T23:14:10.460Z  LWP 47    INFO   MASTER CONTROLLERadmin-auth-key= auth-key= config=mysql://root:CHANGEME@localhost:44406/qservReplica
      

      That needs to be investigated and fixed as well.

        Attachments

          Activity

          Hide
          npease Nate Pease added a comment -

          Looks good. Thanks!

          Show
          npease Nate Pease added a comment - Looks good. Thanks!

            People

            Assignee:
            gapon Igor Gaponenko
            Reporter:
            gapon Igor Gaponenko
            Reviewers:
            Nate Pease
            Watchers:
            Fritz Mueller, Igor Gaponenko, Nate Pease
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: