Skip to content
This repository has been archived by the owner on Oct 22, 2021. It is now read-only.

database: PXC does not pick up new database root password #1355

Closed
mook-as opened this issue Sep 21, 2020 · 0 comments · Fixed by #1594
Closed

database: PXC does not pick up new database root password #1355

mook-as opened this issue Sep 21, 2020 · 0 comments · Fixed by #1594
Assignees
@mook-as
Labels
Priority: High Status: Accepted This issue will be implemented in a near future Type: Bug Something isn't working
Milestone
2.7.0

Comments

@mook-as
Copy link
Contributor

mook-as commented Sep 21, 2020

Describe the bug
When we change the var-pxc-root-password secret and restart the database pod(s), the root database does not get updated; this means:

  • The readiness probe will never pass, as it is using the new, modified password instead.
  • Any database seeder pods will fail, as they are attempting to use the new root password.

To Reproduce

  1. Deploy on minikube with internal database.
  2. Apply the following secret rotation config map:
rotate.pxc-root-password.yaml 
---
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    quarks.cloudfoundry.org/secret-rotation: "true"
  name: rotate.pxc-root-password
  namespace: kubecf
data:
    secrets: '[ "var-pxc-root-password" ]'
3. Delete the database-0 pod and let it restart.

Expected behaviour
The database root password is changed.

Actual behaviour
The database root password stays the same; the readiness probe no longer passes.

Environment

Additional context
Found in the context of #703
@mook-as mook-as added Type: Bug Something isn't working Status: Validation Need to brainstorm before starting labels Sep 21, 2020
@fargozhu fargozhu added Status: Accepted This issue will be implemented in a near future and removed Status: Validation Need to brainstorm before starting labels Oct 21, 2020
@ShuangMen ShuangMen mentioned this issue Oct 22, 2020
Open
@fargozhu fargozhu added this to the 2.7.0 milestone Oct 22, 2020
@mook-as mook-as self-assigned this Nov 16, 2020
mook-as added a commit that referenced this issue Nov 17, 2020
@mook-as
fix: PXC: Always reset the root password on start
7c7d56c 
If the root password changes from under us (e.g. from a secret
rotation), we need to tell MySQL about it so that things like the
readiness probe will work with the new password.  A database seeder job
will also be automatically triggered to take care of any of the other
passwords changing.

See #1355
@mook-as mook-as mentioned this issue Nov 17, 2020
Merged
7 tasks
@andreas-kupries andreas-kupries mentioned this issue Nov 27, 2020
Closed
mook-as added a commit that referenced this issue Dec 3, 2020
@mook-as
fix: PXC: Always reset the root password on start
726d6e4 
If the root password changes from under us (e.g. from a secret
rotation), we need to tell MySQL about it so that things like the
readiness probe will work with the new password.  A database seeder job
will also be automatically triggered to take care of any of the other
passwords changing.

See #1355
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mook-as mook-as

Labels
Priority: High Status: Accepted This issue will be implemented in a near future Type: Bug Something isn't working
Projects
None yet
Milestone
2.7.0
Development

Successfully merging a pull request may close this issue.

fix: PXC: Always reset the root password on start cloudfoundry-incubator/kubecf
2 participants
@fargozhu @mook-as