Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Incomplete
-
2.1.13
-
None
-
Ubuntu, DEB packages from MariaDB.org
Description
While similar to MXS-306 (and possibly related to MXS-356), this doesn't seem to be the same bug. We had two different environments on which we're trying to use MaxScale for security purposes (by locking down access from some machines to specific users, via dbfwfilter).
TCPdump shows the following query running from the MaxScale node to a MySQL backend:
SELECT u.user, u.host, d.db, u.select_priv, u.password
|
FROM mysql.user AS u
|
LEFT JOIN mysql.db AS d
|
ON (u.user = d.user AND u.host = d.host) WHERE u.user NOT IN ('root')
|
UNION
|
SELECT u.user, u.host, t.db, u.select_priv, u.password
|
FROM mysql.user AS u LEFT JOIN mysql.tables_priv AS t
|
ON (u.user = t.user AND u.host = t.host) WHERE u.user NOT IN ('root');
|
On server A, the query above returns 1620 rows and everything works fine. On server B, the same query (when run it manually, on the mysql CLI), it returns 2485 rows.
As I said before, for server A, it loads the authenticantion information just fine, but for backend server B, we get the following in the maxscale logs:
2018-02-08 14:38:46 notice : Started MaxScale log flusher.
|
2018-02-08 14:38:49 error : [MySQLAuth] Failed to load users: Lost connection to MySQL server during query
|
2018-02-08 14:38:49 info : [MySQLAuth] Added user: INSERT OR REPLACE INTO mysqlauth_users VALUES ('maxuser', '%', NULL, 1, 'A1328B81CED7AA9EFFAF8CC6DB1D0C540CDED1DA')
|
2018-02-08 14:38:49 info : [MySQLAuth] Added user: INSERT OR REPLACE INTO mysqlauth_users VALUES ('maxuser', 'localhost', NULL, 1, 'A1328B81CED7AA9EFFAF8CC6DB1D0C540CDED1DA')
|
2018-02-08 14:38:49 notice : [MySQLAuth] [Firewall Service DEV] No users were loaded but 'inject_service_user' is enabled. Enabling service credentials for authentication until database users have been successfully loaded.
|
This seems to be related to the internal, in-memory, sqlite database (or memory allocation allowed for it): it works 'fine' for relatively small/simpler complexity for credentials, but fails with larger sets.