Uploaded image for project: 'MariaDB ColumnStore'
  1. MariaDB ColumnStore
  2. MCOL-5019

creating different keys with cskeys on all nodes can break cluster(key not distributed properly)

    XMLWordPrintable

Details

    Description

      Usual process also on installation is

      cskeys on every node.
      cspasswd on every node
      mcsSetConfig CrossEngineSupport Password on every node

      cskeys creates a key on /var/lib/columnstore/.secrets
      cspasswd creates an encrypted passwordstring based on this key.
      mcsSetConfig write the encrypted passwordstring to Columnstore.xml

      This works properly,
      but if a change was done on Columnstore.xml (usually on node 1),
      the Columnstore.xml will be distributed to all nodes,
      but not the key.

      Afterwards we have the situation, that
      keys ( /var/lib/columnstore/.secrets) are different on every node,
      but encrypted passwordstring in Columnstore.xml are the same on all nodes, based on the key on node1.

      Workarround:

      run cskeys on a one node
      copy /var/lib/columnstore/.secrets to every other node
      run cspasswd on each node
      

      Suggestion:

      If Columnstore distribute Columnstore.xml, it have also to distribute /var/lib/columnstore/.secrets (if any),
      if Section:CrossEngineSupport Value:Password was changed in Columnstore.xml

      Attachments

        Activity

          People

            alan.mologorsky Alan Mologorsky
            Richard Richard Stracke
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.