Most advanced SST methods happen to require a dedicated database user
account with certain privileges to access the server during the SST
process on the donor node. Previously that user account had to be
created manually before any SST could take place and its authentication
credentials had to be manually entered into the configuration file and
stored there in clear text indefinitely - to be accessed by the SST
script when needed.
A much less error prone and more secure approach is to automatically
create such user account just for the SST and delete it afterwards. The
account credentials can be passed directly to SST script. Besides better
security and simpler node configuration this also solves the problem of
SST user privilege evolution: the required privileges may change with
the new server release, and automatic account generation will always
create the user with the right privileges.
Attachments
Issue Links
duplicates
MDEV-16009mariabackup SST requires clear text password in xtrabackup.cnf
Open
relates to
MDEV-16009mariabackup SST requires clear text password in xtrabackup.cnf
Open
MDEV-19949mariabackup option of '--password' or '-p' without specifying password in commandline
Julius Goryavsky
added a comment - Merged with the head revision:
https://github.com/MariaDB/server/commit/203d337a5533662111cc86505d19cda98b352d06 (prerequisite)
https://github.com/MariaDB/server/commit/d9f910bfe9ec3997a3b9e593e2f47ec5a4f80271
https://github.com/MariaDB/server/commit/1aa1a7cf6459e95adc18717cd69fbdde1dcaf7f0
https://github.com/MariaDB/server/commit/a1e5a284fc009ce0a0e66f199d45cc2f4f705c30
https://github.com/MariaDB/server/commit/2ba1a8b878b7549749cee4dc109d7d4c3e66d36a
https://github.com/MariaDB/server/commit/29e9ade269d803b6823ec57808e0b7fad28baf9e
People
Julius Goryavsky
Alexey
Votes:
0Vote for this issue
Watchers:
6Start watching this issue
Dates
Created:
Updated:
Resolved:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":722,"ttfb":167.30000001192093,"pageVisibility":"visible","entityId":123799,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"5c1c76ac-2218-4af0-8d60-2991436b2614","navigationType":0,"readyForUser":787.8000000119209,"redirectCount":0,"resourceLoadedEnd":923.5999999940395,"resourceLoadedStart":172.40000000596046,"resourceTiming":[{"duration":7.4000000059604645,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":172.40000000596046,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":172.40000000596046,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":179.80000001192093,"responseStart":0,"secureConnectionStart":0},{"duration":7.300000011920929,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":172.69999998807907,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":172.69999998807907,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":180,"responseStart":0,"secureConnectionStart":0},{"duration":60.89999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/s/e9b27a47da5fb0f74a35acd57e9847fb-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":172.80000001192093,"connectEnd":172.80000001192093,"connectStart":172.80000001192093,"domainLookupEnd":172.80000001192093,"domainLookupStart":172.80000001192093,"fetchStart":172.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":172.80000001192093,"responseEnd":233.69999998807907,"responseStart":233.69999998807907,"secureConnectionStart":172.80000001192093},{"duration":189.90000000596046,"initiatorType":"script","name":"https://jira.mariadb.org/s/c32eb0da7ad9831253f8397e6cc26afd-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":172.90000000596046,"connectEnd":172.90000000596046,"connectStart":172.90000000596046,"domainLookupEnd":172.90000000596046,"domainLookupStart":172.90000000596046,"fetchStart":172.90000000596046,"redirectEnd":0,"redirectStart":0,"requestStart":172.90000000596046,"responseEnd":362.80000001192093,"responseStart":362.80000001192093,"secureConnectionStart":172.90000000596046},{"duration":193.09999999403954,"initiatorType":"script","name":"https://jira.mariadb.org/s/bc0bcb146314416123c992714ee00ff7-CDN/lu2bv2/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":173.09999999403954,"connectEnd":173.09999999403954,"connectStart":173.09999999403954,"domainLookupEnd":173.09999999403954,"domainLookupStart":173.09999999403954,"fetchStart":173.09999999403954,"redirectEnd":0,"redirectStart":0,"requestStart":173.09999999403954,"responseEnd":366.19999998807907,"responseStart":366.19999998807907,"secureConnectionStart":173.09999999403954},{"duration":193.09999999403954,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":173.40000000596046,"connectEnd":173.40000000596046,"connectStart":173.40000000596046,"domainLookupEnd":173.40000000596046,"domainLookupStart":173.40000000596046,"fetchStart":173.40000000596046,"redirectEnd":0,"redirectStart":0,"requestStart":173.40000000596046,"responseEnd":366.5,"responseStart":366.5,"secureConnectionStart":173.40000000596046},{"duration":193.40000000596046,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":173.5,"connectEnd":173.5,"connectStart":173.5,"domainLookupEnd":173.5,"domainLookupStart":173.5,"fetchStart":173.5,"redirectEnd":0,"redirectStart":0,"requestStart":173.5,"responseEnd":366.90000000596046,"responseStart":366.90000000596046,"secureConnectionStart":173.5},{"duration":197.7000000178814,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bv2/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":173.69999998807907,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":173.69999998807907,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":371.40000000596046,"responseStart":0,"secureConnectionStart":0},{"duration":193.40000000596046,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":173.90000000596046,"connectEnd":173.90000000596046,"connectStart":173.90000000596046,"domainLookupEnd":173.90000000596046,"domainLookupStart":173.90000000596046,"fetchStart":173.90000000596046,"redirectEnd":0,"redirectStart":0,"requestStart":173.90000000596046,"responseEnd":367.30000001192093,"responseStart":367.30000001192093,"secureConnectionStart":173.90000000596046},{"duration":197.40000000596046,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":174.09999999403954,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":174.09999999403954,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":371.5,"responseStart":0,"secureConnectionStart":0},{"duration":193.7000000178814,"initiatorType":"script","name":"https://jira.mariadb.org/s/719848dd97ebe0663199f49a3936487a-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":174.09999999403954,"connectEnd":174.09999999403954,"connectStart":174.09999999403954,"domainLookupEnd":174.09999999403954,"domainLookupStart":174.09999999403954,"fetchStart":174.09999999403954,"redirectEnd":0,"redirectStart":0,"requestStart":174.09999999403954,"responseEnd":367.80000001192093,"responseStart":367.80000001192093,"secureConnectionStart":174.09999999403954},{"duration":291,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":175.30000001192093,"connectEnd":175.30000001192093,"connectStart":175.30000001192093,"domainLookupEnd":175.30000001192093,"domainLookupStart":175.30000001192093,"fetchStart":175.30000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":175.30000001192093,"responseEnd":466.30000001192093,"responseStart":466.30000001192093,"secureConnectionStart":175.30000001192093},{"duration":733.9000000059605,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":175.40000000596046,"connectEnd":175.40000000596046,"connectStart":175.40000000596046,"domainLookupEnd":175.40000000596046,"domainLookupStart":175.40000000596046,"fetchStart":175.40000000596046,"redirectEnd":0,"redirectStart":0,"requestStart":175.40000000596046,"responseEnd":909.3000000119209,"responseStart":909.3000000119209,"secureConnectionStart":175.40000000596046},{"duration":86.10000002384186,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":382.69999998807907,"connectEnd":382.69999998807907,"connectStart":382.69999998807907,"domainLookupEnd":382.69999998807907,"domainLookupStart":382.69999998807907,"fetchStart":382.69999998807907,"redirectEnd":0,"redirectStart":0,"requestStart":382.69999998807907,"responseEnd":468.80000001192093,"responseStart":468.80000001192093,"secureConnectionStart":382.69999998807907},{"duration":278.2999999821186,"initiatorType":"link","name":"https://jira.mariadb.org/s/d5715adaadd168a9002b108b2b039b50-CDN/lu2bv2/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/css/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":645.3000000119209,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":645.3000000119209,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":923.5999999940395,"responseStart":0,"secureConnectionStart":0},{"duration":317.30000001192093,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/e65b778d185daf5aee24936755b43da6/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-project.issue.navigator,-jira.view.issue,-atl.general/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":646.1999999880791,"connectEnd":646.1999999880791,"connectStart":646.1999999880791,"domainLookupEnd":646.1999999880791,"domainLookupStart":646.1999999880791,"fetchStart":646.1999999880791,"redirectEnd":0,"redirectStart":0,"requestStart":646.1999999880791,"responseEnd":963.5,"responseStart":963.5,"secureConnectionStart":646.1999999880791},{"duration":322,"initiatorType":"script","name":"https://jira.mariadb.org/s/53a43b6764f587426c7bb9a150184c00-CDN/lu2bv2/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/js/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":646.5,"connectEnd":646.5,"connectStart":646.5,"domainLookupEnd":646.5,"domainLookupStart":646.5,"fetchStart":646.5,"redirectEnd":0,"redirectStart":0,"requestStart":646.5,"responseEnd":968.5,"responseStart":968.5,"secureConnectionStart":646.5}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":14,"responseStart":167,"responseEnd":171,"domLoading":170,"domInteractive":928,"domContentLoadedEventStart":928,"domContentLoadedEventEnd":964,"domComplete":1189,"loadEventStart":1189,"loadEventEnd":1190,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":910.9000000059605},{"name":"bigPipe.sidebar-id.end","time":911.6999999880791},{"name":"bigPipe.activity-panel-pipe-id.start","time":911.9000000059605},{"name":"bigPipe.activity-panel-pipe-id.end","time":912.6999999880791},{"name":"activityTabFullyLoaded","time":978.0999999940395}],"measures":[],"correlationId":"64516edf184ae6","effectiveType":"4g","downlink":10,"rtt":0,"serverDuration":96,"dbReadsTimeInMs":12,"dbConnsTimeInMs":19,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
New Feature
Critical
MDEV-20757 wsrep_ss_auth password encryption
MDEV-25321 mariabackup failed if password is passed via environment variable
Merged with the head revision:
https://github.com/MariaDB/server/commit/203d337a5533662111cc86505d19cda98b352d06 (prerequisite)
https://github.com/MariaDB/server/commit/d9f910bfe9ec3997a3b9e593e2f47ec5a4f80271
https://github.com/MariaDB/server/commit/1aa1a7cf6459e95adc18717cd69fbdde1dcaf7f0
https://github.com/MariaDB/server/commit/a1e5a284fc009ce0a0e66f199d45cc2f4f705c30
https://github.com/MariaDB/server/commit/2ba1a8b878b7549749cee4dc109d7d4c3e66d36a
https://github.com/MariaDB/server/commit/29e9ade269d803b6823ec57808e0b7fad28baf9e