Restored mysql not reporting proper root status

Bug #1549600 reported by Petr Malik
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack DBaaS (Trove)
Fix Released
High
Petr Malik
Liberty
New
Undecided
Unassigned
Mitaka
Fix Committed
Undecided
Unassigned

Bug Description

Restored MySQL instance with disabled-root does not report the root had been enabled.

- create a MySQL instance
- enable root on the instance
- disable root on the instance
- také backup of the instance
- restore the backup
- show root status on the restored instance

The status displays False, but it should be True.
This defect could allow users to bypass the root report by restoring an instance from backup.

Amrith Kumar (amrith)
Changed in trove:
status: New → Confirmed
Petr Malik (pmalik)
Changed in trove:
assignee: nobody → Petr Malik (pmalik)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/304822

Changed in trove:
status: Confirmed → In Progress
Amrith Kumar (amrith)
Changed in trove:
milestone: none → newton-1
Changed in trove:
assignee: Petr Malik (pmalik) → Amrith (amrith)
Amrith Kumar (amrith)
Changed in trove:
assignee: Amrith (amrith) → Petr Malik (pmalik)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to trove (master)

Reviewed: https://review.openstack.org/304822
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=52bc1ab9c89cdca7c2556edb373ce3b59ace0295
Submitter: Jenkins
Branch: master

commit 52bc1ab9c89cdca7c2556edb373ce3b59ace0295
Author: Petr Malik <email address hidden>
Date: Tue Apr 12 14:55:39 2016 -0400

    Do not remove root user on disable

    The existence of the root user (with remote access)
    is used to determine whether root was ever enabled on a restored
    instance.
    Do not remove it, just generate a new random password for it.

    Change-Id: I8a4321ac062b1ec565945b49dbb7c619b6da867f
    Closes-Bug: 1549600

Changed in trove:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to trove (master)

Reviewed: https://review.openstack.org/283754
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=6ace3dda60d9eec50a3bc47d9cc2bcec6103abdd
Submitter: Jenkins
Branch: master

commit 6ace3dda60d9eec50a3bc47d9cc2bcec6103abdd
Author: Petr Malik <email address hidden>
Date: Tue Feb 23 13:58:47 2016 -0500

    Update the root scenario tests

    Incorporate the changes made as a part of the cluster-root
    tests introduced in review 266005:

        - add test scenario for: bug 1549600
        - simplify turning off unsupported root-disable tests
          by introducing a single assertion hook that runs before all
          related tests
        - ping the datastore as root to verify it can connect
        - ping after root-disable to verify it cannot connect
        - add missing ping implementations to Cassandra and Redis helpers
        - enable root with password tests on MySQL and related
        - use the same helper method to get root credentials as
          the cluster-root tests
        - also assert the expected root-user-name if specified
        - cleanup auxiliary backup
        - add Postgres root credentials
        - Skip root-cluster test on Redis
        - minor cleanup
        - increased the low guestagent call timeout (helps tests
          run more stable).

    Depends-On: I8a4321ac062b1ec565945b49dbb7c619b6da867f

    Change-Id: I3fb0a8bb37fd124c22573552ff61852ead23e9a0
    Related-Bug: 1529965
    Related-Bug: 1549969
    Related-Bug: 1549600

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to trove (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/313605

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to trove (stable/mitaka)

Reviewed: https://review.openstack.org/313605
Committed: https://git.openstack.org/cgit/openstack/trove/commit/?id=0c64fc64d8cff59d24b4883b9057de3fe8e2a224
Submitter: Jenkins
Branch: stable/mitaka

commit 0c64fc64d8cff59d24b4883b9057de3fe8e2a224
Author: Petr Malik <email address hidden>
Date: Tue Apr 12 14:55:39 2016 -0400

    Do not remove root user on disable

    The existence of the root user (with remote access)
    is used to determine whether root was ever enabled on a restored
    instance.
    Do not remove it, just generate a new random password for it.

    Change-Id: I8a4321ac062b1ec565945b49dbb7c619b6da867f
    Closes-Bug: 1549600
    (cherry picked from commit 52bc1ab9c89cdca7c2556edb373ce3b59ace0295)

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/trove 5.0.1

This issue was fixed in the openstack/trove 5.0.1 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/trove 6.0.0.0b2

This issue was fixed in the openstack/trove 6.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.