It is a good idea to periodically change passwords on your system, especially if you’ve the feeling that they have been shared too much around.

Here we’ll see the correct way to change the MySQL password for the cmon or root user in a database cluster managed by ClusterControl.  There’s a script available to change passwords automatically, but if you prefer to do this by hand here’s how.

Notice that versions of ClusterControl starting with 1.2.9 ditched the cmon account and use the root account instead.

 

Changing the cmon password

On all database nodes and the controller:

mysql> UPDATE mysql.user SET password=password(‘n3wp4ssw0rd’) WHERE user=‘cmon’;

mysql> FLUSH PRIVILEGES;

On all database nodes (only if you’re using load balancing via HAProxy), modify the following line in /usr/local/bin/mysqlchk.sh :

MYSQL_PASSWORD='n3wp4ssw0rd'

On the controller, modify the following line in /etc/cmon.cnf :

mysql_password=n3wp4ssw0rd

and modify the following line in both /var/www/html/clustercontrol/bootstrap.php and /var/www/html/cmonapi/config/database.php:

define('DB_PASS', 'n3wp4ssw0rd');

and finally restart the monitoring daemon:

service cmon restart

 

Changing the root password

On all database nodes and the controller:

mysql> UPDATE mysql.user SET password=password('r00ts3cr3t') WHERE user='root';

mysql> FLUSH PRIVILEGES;

On all database nodes, modify the following line in /etc/my.cnf :

wsrep_sst_auth=root:r00ts3cr3t

On the controller, modify the following line in /etc/cmon.cnf :

monitored_mysql_root_password='r00ts3cr3t'

and finally restart the monitoring daemon:

service cmon restart

 

Theoretically you’d need to issue the UPDATE MySQL command only on one node of each cluster (and on the controller) as the change will automatically replicate on all nodes.  However it’s always better to play on the safe side.

Obviously n3wp4ssw0rd and r00ts3cr3t are weak passwords — don’t use them.

 

0 réponses

Laisser un commentaire

Participez-vous à la discussion?
N'hésitez pas à contribuer!

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée.

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.