Recovering from Loss of Root Credentials
Warning
SingleStore 9.0 gives you the opportunity to preview, evaluate, and provide feedback on new and upcoming features prior to their general availability. In the interim, SingleStore 8.9 is recommended for production workloads, which can later be upgraded to SingleStore 9.0.
On this page
If the affected node is using Tools for managing the cluster you may be able to reset a root password using the the sdb-admin change-root-password command .
If the root credential is lost on only the master aggregator and there are existing child aggregators in the cluster, then a child aggregator can be promoted to master aggregator.
If all else fails, the insecure_
option can be set to true at startup.
sudo /ebs/memsql/master-3306-MI63dd6b39/memsqld --defaults-file=/ebs/memsql/master-3306-MI63dd6b39/memsql.cnf \--pid-file=/ebs/memsql/master-3306-MI63dd6b39/data/memsqld.pid --user=memsql --insecure_accept_any_password_for_all_users=true
----------------------------------------------------------------------------------------
2019-12-07 01:52:09.822 WARN: MemSQL is running with option "insecure_accept_any_password_for_all_users". Please fix your user account and turn off this mode.
2019-12-07 01:52:09.822 INFO: Successfully became user 'memsql' (uid 999, gid 999)
2019-12-07 01:52:10.059 INFO: Entering command loop
2019-12-07 01:52:11.545 INFO: Initializing OpenSSL
2019-12-07 01:52:11.546 INFO: MemSQL version hash: e973c625ae6d372c2d41d39b19612202c244fd7a (Sun Oct 20 22:22:04 2019 -0400)
2019-12-07 01:52:11.630 INFO: ./memsqld: ready for connections.
2019-12-07 01:52:11.630 INFO: Version: '6.8.11' Socket: '/ebs/memsql/master-3306-MI63dd6b39/data/memsql.sock' Port: '3306'
2019-12-07 01:52:11.723 INFO: Replaying snapshots/memsql_snapshot_0: started replaying from offset 0
2019-12-07 01:52:11.724 INFO: Replaying snapshots/memsql_snapshot_0: Log record expected at offset 89.
2019-12-07 01:52:11.724 INFO: Replaying snapshots/memsql_snapshot_0: completed replaying at offset 89
A node started with the --insecure_
option will allow a user to log in without a password only once.
The following warning will be logged in the memsql.
file:
WARN: Thread 99996: AuthenticateUser: User logged in using "insecure_accept_any_password_for_all_users" mode. Please restart the server without this option after fixing your accounts.
Distributed User
The distributed
user is an internal user that has all privileges in the system.insecure_
.
The distributed user can be used to log in if you have dropped the root user.
memsql> show users;
Empty set (0.000 sec)
memsql> select current_user();
+-----------------------+
| current_user() |
+-----------------------+
| distributed@localhost |
+-----------------------+
1 row in set (0.000 sec)
memsql> create user root@'%';
Query OK, 0 rows affected (0.009 sec)
memsql> grant all on *.* to root@'%';
Query OK, 0 rows affected (0.009 sec)
memsql> show grants for root;
+-------------------------------------------+
| Grants for root@% |
+-------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' |
+-------------------------------------------+
1 row in set (0.000 sec)
Last modified: July 27, 2023