Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Permissions to a vitess cluster via vttablet documentation doesn't work. #8036

Open
prime-minister-of-fun opened this issue May 4, 2021 · 2 comments
Open

Adding Permissions to a vitess cluster via vttablet documentation doesn't work. #8036

prime-minister-of-fun opened this issue May 4, 2021 · 2 comments
Assignees
@askdba
Labels
Component: Authn/z Authentication / Authorization / Certificates Type: Documentation

Comments

@prime-minister-of-fun
Copy link

Overview of the Issue

Attempting to add user permissions using vttablet and once again, the only documentation doesn't work. https://vitess.io/docs/user-guides/configuration-advanced/authorization/
/vt/bin/vttablet -table-acl-config=/tmp/perms.yml -enforce-tableacl-config -queryserver-config-strict-table-acl -tablet-path awsRegion-2872268816
tablet-path is required. No documentation as to how one finds the tablet path.
vttablet.go:152] mycnf read failed: open /vt/vtdataroot/vt_2872268816/my.cnf: no such file or directory
my.cnf exists, attempted to use the format in vthook_make_mycnf.sh But, that doesn't work either.

Reproduction Steps

  1. Connect to vttablet node in kubernetes cluster
  2. Execute vttablet to add permissions to cluster based on example documentation. /vt/bin/vttablet -table-acl-config=/tmp/perms.yml -enforce-tableacl-config -queryserver-config-strict-table-acl -tablet-path awsRegion-2872268816

Expected results. New users can log into vitess server.
Actual results. Error #1 -tablet-path is required. The option is poorly documented. No idea the string's format.
Actual results. Error #2 vttablet.go:152] mycnf read failed: open /vt/vtdataroot/vt_2872268816/my.cnf: no such file or directory

my.cnf exists. It's the default [mysqld] config only

Binary version

vttablet -version
Version: 10.0.0-RC1 (Git revision 29a494f7b branch 'heads/v10.0.0-rc1') built on Tue Apr  6 23:23:06 UTC 2021 by vitess@89bd9cb3a169 using go1.15.6 linux/amd64

Operating system and Environment details

OS, Architecture, and any other information you can provide
about the environment.

  • Operating system (output of cat /etc/os-release):
    PRETTY_NAME="Debian GNU/Linux 10 (buster)"
    NAME="Debian GNU/Linux"
    VERSION_ID="10"
    VERSION="10 (buster)"
    VERSION_CODENAME=buster
  • Kernel version (output of uname -sr): Linux 4.14.225-169.362.amzn2.x86_64
  • Architecture (output of uname -m): x86_64

Log Fragments

F0504 18:32:06.133567 85 vttablet.go:152] mycnf read failed: open /vt/vtdataroot/vt_1624642437/my.cnf: no such file or directory
@askdba askdba self-assigned this May 6, 2021
@askdba
Copy link
Contributor

askdba commented May 24, 2021

Hi, I was able to get this working by specifying following arguments to vtgate startup script.

-mysql_auth_server_impl static \
-mysql_auth_server_static_file=users.json \
-mysql_auth_static_reload_interval 1m \

Can you try again and report back?

@askdba
Copy link
Contributor

askdba commented Aug 17, 2021

@prime-minister-of-fun bumping on this issue.

@ajm188 ajm188 added the Component: Authn/z Authentication / Authorization / Certificates label Jun 24, 2022
@ajm188 ajm188 removed the Severity 4 label Mar 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@askdba askdba

Labels
Component: Authn/z Authentication / Authorization / Certificates Type: Documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ajm188 @askdba @prime-minister-of-fun