-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VReplication: use db_filtered user for vstreams #10080
VReplication: use db_filtered user for vstreams #10080
Conversation
fd3cf07
to
e50c970
Compare
579b889
to
f1774d6
Compare
81eee77
to
999bd11
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
nice catch
75ca067
to
1312af6
Compare
1877058
to
bbdb16a
Compare
I increased the scope a bit to use the
That's why I requested a re-review. Sorry. It was a long round about adventure to find out why the PITR recovery tests (which use rippled) were failing (dbconfig parts of bbdb16a). |
ce06996
to
8eb2d8f
Compare
@derekperkins please let me know if you have any messaging related questions or concerns. Thanks! |
8eb2d8f
to
fd090a2
Compare
Signed-off-by: Matt Lord <[email protected]>
Signed-off-by: Matt Lord <[email protected]>
This way vreplication is using the same user on the source (streamer) and target (player). Signed-off-by: Matt Lord <[email protected]>
And set the filtered user config in the binlog server streamer and the tabletmanager restore. Signed-off-by: Matt Lord <[email protected]>
Signed-off-by: Matt Lord <[email protected]>
fd090a2
to
f25b649
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Description
When performing VReplication workflows — such as
MoveTables
— we need to stream table rows, query results, and binary log events from the source in order to copy data and changes to the target.The
com_binlog_dump_gtid
command is used on the source side in order to stream the binary log events (vstreamer->binlog streamer) from the source tablet's mysqld to the vttablet for filtering before sending to the target vttablets (vcopier->vplayer). In order to execute this command the user needs theREPLICATION SLAVE
privilege.A big issue this PR addresses is that the
db_app
user was used for this. Not only is this unexpected (non-intuitive and not documented), but it requires that the application user has replication privileges which is not the norm. In this PR we:db_filtered
user — which already has theREPLICATION SLAVE
privilege — for streaming the binlog events (binlog streamer)SHOW BINARY LOGS
executed in related connection/code that require theREPLICATION CLIENT
privilege, whichdb_filtered
already hasdb_filtered
user for all other base vstream types: row streamer and results streamerREPLICATION SLAVE
privilege from the defaultdb_app
usermake embed_config
which itself was broken), including this change and the recent super_read_only change (see related issue below)Related Issue(s)
Checklist