I'm working on updating the cluster documentation to reflect the latest changes (in our code and in MySQL).
Here are some general notes.
Replication privilegesIn order to allow replication from the slave host (
slavehost) we need only to run this sentence on the master host:
GRANT REPLICATION SLAVE ON db.table TO 'replicationuser'@'slavehost'
mysql-ha creates a user with just this privilege, and it's recommended that you don't grant this user any more privileges than those needed (REPLICATION SLAVE on any db.table combination you want to replicate).
mysql-ha limitations and known issues:
Right now the cluster is based on sharing an IP address. This technique works if both master and slave node are on the same physical network. We need to modularize this code so that we can share a network resource instead, this resource being either an IP address, a dynamic DNS entry, etc.
- remote execution security
Right now, remote script execution is based on passwordless remote ssh. In order to allow this, we set up pubkey/privkey based ssh
without a passphrase. This is an obvious security issue. We need to use the ssh agent in order to use a passphrase to protect the private key. This should be provided as an option to the end user.
The cluster uses ARP spoofing
only if the failover can't be forced on the master node. ARP spoofing is generally ignored by routers but is a normal technique used by clusters (heartbeat uses it by default to speed up the propagation of an IP address change). We should allow the customization of this with
three options:
- no spoofing
- spoof only when needed (as is done now)
- spoof always (as heartbeat)
Please note that
ARP spoofing is only needed if the cluster uses a shared IP address.
Another issue is that we execute remote commands using the root account. I'm currently working on updating sudo, so we no longer need the root password on the master/slave node and remote commands can be executed by non-privileged accounts.
More info on this later..