vitessio · harshit-gangal · Jul 19, 2023 · Jul 18, 2023 · Jul 18, 2023 · Jul 19, 2023
@@ -185,8 +185,8 @@ jobs:
  source build.env
 
  rm -f $PWD/bin/vtbackup $PWD/bin/vttablet
- cp /tmp/vitess-build-current/bin/vtbackup $PWD/bin/vtbackup
- cp /tmp/vitess-build-other/bin/vttablet $PWD/bin/vttablet
+ cp /tmp/vitess-build-other/bin/vtbackup $PWD/bin/vtbackup
+ cp /tmp/vitess-build-current/bin/vttablet $PWD/bin/vttablet
  vtbackup --version
  vttablet --version
 

@@ -11,6 +11,12 @@
 ###############################################################################
 # Equivalent of mysql_secure_installation
 ###############################################################################
+# We need to ensure that super_read_only is disabled so that we can execute
+# these commands. Note that disabling it does NOT disable read_only.
+# We save the current value so that we only re-enable it at the end if it was
+# enabled before.
+SET @original_super_read_only=IF(@@global.super_read_only=1, 'ON', 'OFF');
+SET GLOBAL super_read_only='OFF';
 
 # Changes during the init db should not make it to the binlog.
 # They could potentially create errant transactions on replicas.
@@ -77,3 +83,9 @@ FLUSH PRIVILEGES;
 
 RESET SLAVE ALL;
 RESET MASTER;
+
+# custom sql is used to add custom scripts like creating users/passwords. We use it in our tests
+# {{custom_sql}}
+
+# We need to set super_read_only back to what it was before
+SET GLOBAL super_read_only=IFNULL(@original_super_read_only, 'ON');
@@ -25,6 +25,7 @@ import (
  "testing"
 
  "vitess.io/vitess/go/test/endtoend/cluster"
+ "vitess.io/vitess/go/test/endtoend/utils"
  "vitess.io/vitess/go/vt/log"
 )
 
@@ -89,8 +90,12 @@ func TestMain(m *testing.M) {
  dbCredentialFile = cluster.WriteDbCredentialToTmp(localCluster.TmpDirectory)
  initDb, _ := os.ReadFile(path.Join(os.Getenv("VTROOT"), "/config/init_db.sql"))
  sql := string(initDb)
+ // The original init_db.sql does not have any passwords. Here we update the init file with passwords
+ sql, err = utils.GetInitDBSQL(sql, cluster.GetPasswordUpdateSQL(localCluster), "")
+ if err != nil {
+ return 1, err
+ }
  newInitDBFile = path.Join(localCluster.TmpDirectory, "init_db_with_passwords.sql")
- sql = sql + cluster.GetPasswordUpdateSQL(localCluster)
  err = os.WriteFile(newInitDBFile, []byte(sql), 0666)
  if err != nil {
  return 1, err

@@ -30,6 +30,7 @@ import (
 
  "vitess.io/vitess/go/mysql"
  "vitess.io/vitess/go/vt/log"
+ "vitess.io/vitess/go/vt/mysqlctl"
  "vitess.io/vitess/go/vt/tlstest"
 )
 
@@ -236,11 +237,15 @@ func (mysqlctl *MysqlctlProcess) Connect(ctx context.Context, username string) (
 // MysqlCtlProcessInstanceOptionalInit returns a Mysqlctl handle for mysqlctl process
 // configured with the given Config.
 func MysqlCtlProcessInstanceOptionalInit(tabletUID int, mySQLPort int, tmpDirectory string, initMySQL bool) *MysqlctlProcess {
+ initFile, err := getInitDBFileUsed()
+ if err != nil {
+ log.Errorf("Couldn't find init db file - %v", err)
+ }
  mysqlctl := &MysqlctlProcess{
  Name: "mysqlctl",
  Binary: "mysqlctl",
  LogDirectory: tmpDirectory,
- InitDBFile: path.Join(os.Getenv("VTROOT"), "/config/init_db.sql"),
+ InitDBFile: initFile,
  }
  mysqlctl.MySQLPort = mySQLPort
  mysqlctl.TabletUID = tabletUID
@@ -249,6 +254,23 @@ func MysqlCtlProcessInstanceOptionalInit(tabletUID int, mySQLPort int, tmpDirect
  return mysqlctl
 }
 
+func getInitDBFileUsed() (string, error) {
+ versionStr, err := mysqlctl.GetVersionString()
+ if err != nil {
+ return "", err
+ }
+ flavor, _, err := mysqlctl.ParseVersionString(versionStr)
+ if err != nil {
+ return "", err
+ }
+ if flavor == mysqlctl.FlavorMySQL || flavor == mysqlctl.FlavorPercona {
+ return path.Join(os.Getenv("VTROOT"), "/config/init_db.sql"), nil
+ }
+ // Non-MySQL instances for example MariaDB, will use init_testserver_db.sql which does not contain super_read_only global variable.
+ // Even though MariaDB support is deprecated (https://github.com/vitessio/vitess/issues/9518) but we still support migration scenario.
+ return path.Join(os.Getenv("VTROOT"), "go/test/endtoend/vreplication/testdata/config/init_testserver_db.sql"), nil
+}
+
 // MysqlCtlProcessInstance returns a Mysqlctl handle for mysqlctl process
 // configured with the given Config.
 func MysqlCtlProcessInstance(tabletUID int, mySQLPort int, tmpDirectory string) *MysqlctlProcess {

@@ -306,3 +306,23 @@ func TimeoutAction(t *testing.T, timeout time.Duration, errMsg string, action fu
  }
  }
 }
+
+func GetInitDBSQL(initDBSQL string, updatedPasswords string, oldAlterTableMode string) (string, error) {
+ // Since password update is DML we need to insert it before we disable
+ // super_read_only therefore doing the split below.
+ splitString := strings.Split(initDBSQL, "# {{custom_sql}}")
+ if len(splitString) != 2 {
+ return "", fmt.Errorf("missing `# {{custom_sql}}` in init_db.sql file")
+ }
+ var builder strings.Builder
+ builder.WriteString(splitString[0])
+ builder.WriteString(updatedPasswords)
+
+ // https://github.com/vitessio/vitess/issues/8315
+ if oldAlterTableMode != "" {
+ builder.WriteString(oldAlterTableMode)
+ }
+ builder.WriteString(splitString[1])
+
+ return builder.String(), nil
+}
@@ -0,0 +1,91 @@
+# This file is for testing purpose only.
+# This file is executed immediately after initializing a fresh data directory.
+# It is equivalent of init_db.sql. Given init_db.sql is for mysql which has super_read_only
+# related stuff therefore for testing purpose we avoid setting `super_read_only` during initialization.
+
+###############################################################################
+# WARNING: Any change to init_db.sql should gets reflected in this file as well.
+###############################################################################
+
+###############################################################################
+# WARNING: This sql is *NOT* safe for production use,
+# as it contains default well-known users and passwords.
+# Care should be taken to change these users and passwords
+# for production.
+###############################################################################
+
+###############################################################################
+# Equivalent of mysql_secure_installation
+###############################################################################
+# We need to ensure that read_only is disabled so that we can execute
+# these commands.
+SET GLOBAL read_only='OFF';
+
+# Changes during the init db should not make it to the binlog.
+# They could potentially create errant transactions on replicas.
+SET sql_log_bin = 0;
+# Remove anonymous users.
+DELETE FROM mysql.user WHERE User = '';
+
+# Disable remote root access (only allow UNIX socket).
+DELETE FROM mysql.user WHERE User = 'root' AND Host != 'localhost';
+
+# Remove test database.
+DROP DATABASE IF EXISTS test;
+
+###############################################################################
+# Vitess defaults
+###############################################################################
+
+# Admin user with all privileges.
+CREATE USER 'vt_dba'@'localhost';
+GRANT ALL ON *.* TO 'vt_dba'@'localhost';
+GRANT GRANT OPTION ON *.* TO 'vt_dba'@'localhost';
+
+# User for app traffic, with global read-write access.
+CREATE USER 'vt_app'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE,
+ REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES,
+ LOCK TABLES, EXECUTE, REPLICATION CLIENT, CREATE VIEW,
+ SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER
+ ON *.* TO 'vt_app'@'localhost';
+
+# User for app debug traffic, with global read access.
+CREATE USER 'vt_appdebug'@'localhost';
+GRANT SELECT, SHOW DATABASES, PROCESS ON *.* TO 'vt_appdebug'@'localhost';
+
+# User for administrative operations that need to be executed as non-SUPER.
+# Same permissions as vt_app here.
+CREATE USER 'vt_allprivs'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE,
+ REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES,
+ LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW,
+ SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER
+ ON *.* TO 'vt_allprivs'@'localhost';
+
+# User for slave replication connections.
+CREATE USER 'vt_repl'@'%';
+GRANT REPLICATION SLAVE ON *.* TO 'vt_repl'@'%';
+
+# User for Vitess VReplication (base vstreamers and vplayer).
+CREATE USER 'vt_filtered'@'localhost';
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, FILE,
+ REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES,
+ LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW,
+ SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER
+ ON *.* TO 'vt_filtered'@'localhost';
+
+# User for general MySQL monitoring.
+CREATE USER 'vt_monitoring'@'localhost';
+GRANT SELECT, PROCESS, SUPER, REPLICATION CLIENT, RELOAD
+ ON *.* TO 'vt_monitoring'@'localhost';
+GRANT SELECT, UPDATE, DELETE, DROP
+ ON performance_schema.* TO 'vt_monitoring'@'localhost';
+
+FLUSH PRIVILEGES;
+
+RESET SLAVE ALL;
+RESET MASTER;
+
+# custom sql is used to add custom scripts like creating users/passwords. We use it in our tests
+# {{custom_sql}}