Skip to main content

Recovering from Loss of Root Credentials

If the affected node is using Tools for managing the cluster you may be able to reset a root password using the the sdb-admin change-root-password command .

If the root credential is lost on only the master aggregator and there are existing child aggregators in the cluster, then a child aggregator can be promoted to master aggregator. The old master aggregator can be deleted after a child aggregator is deployed in its place.. See Tools: Aggregator Failures.

If all else fails, the insecure_accept_any_password_for_all_users option can be set to true at startup. For example:

sudo /ebs/memsql/master-3306-MI63dd6b39/memsqld --defaults-file=/ebs/memsql/master-3306-MI63dd6b39/memsql.cnf \
--pid-file=/ebs/memsql/master-3306-MI63dd6b39/data/ --user=memsql --insecure_accept_any_password_for_all_users=true
2019-12-07 01:52:09.822   WARN: MemSQL is running with option "insecure_accept_any_password_for_all_users". Please fix your user account and turn off this mode.
2019-12-07 01:52:09.822   INFO: Successfully became user 'memsql' (uid 999, gid 999)
2019-12-07 01:52:10.059   INFO: Entering command loop
2019-12-07 01:52:11.545   INFO: Initializing OpenSSL
2019-12-07 01:52:11.546   INFO: MemSQL version hash: e973c625ae6d372c2d41d39b19612202c244fd7a (Sun Oct 20 22:22:04 2019 -0400)
2019-12-07 01:52:11.630   INFO: ./memsqld: ready for connections.
2019-12-07 01:52:11.630   INFO: Version:  '6.8.11'  Socket:  '/ebs/memsql/master-3306-MI63dd6b39/data/memsql.sock'  Port:  '3306'
2019-12-07 01:52:11.723   INFO: Replaying snapshots/memsql_snapshot_0: started replaying from offset 0
2019-12-07 01:52:11.724   INFO: Replaying snapshots/memsql_snapshot_0: Log record expected at offset 89.
2019-12-07 01:52:11.724   INFO: Replaying snapshots/memsql_snapshot_0: completed replaying at offset 89

A node started with the --insecure_accept_any_password_for_all_users=true option will allow a user to log in without a password only once. Subsequent login attempts will fail.

The following warning will be logged in the memsql.log file:

WARN: Thread 99996: AuthenticateUser: User logged in using "insecure_accept_any_password_for_all_users" mode. Please restart the server without this option after fixing your accounts.