For the Percona XtraDB Cluster (PXC) datastore we need the ability to enable root for a cluster to be able to manage the datastore with a privileged user. For example, in order to integrate a PXC datastore cluster with Cloud Foundry it requires a root user to automatically manage the database users and databases on the cluster. This will add root enable to the PXC solution we currently have.
Launchpad Blueprint: https://blueprints.launchpad.net/trove/+spec/pxc-root-enable
PXC is lacking support for root enable cluster. This will allow a user to create a root user and either give a new random password or set the given password for the root user across the cluster.
PXC will use the existing root enable API call. This change will allow the cluster to enable root within a cluster. The call will apply the root user and password to a single node in the cluster and since the cluster replicates to the other nodes they will get the same root user and password set.
Requirements for root enable:
PXC will need to extend the existing root enable calls into its clustered datastore implementation because currently the root enable calls raise an exception if root enable is called with a cluster since most datastores do not support this feature. This will require a configuration change for the guestagent and will be outlined below.
This change only involves adding the existing feature to the PXC datastore not changing the existing functionality of other datastores. This will not add root enabled at cluster create time because that functionality does not currently exist in the api for cluster create.
In order to allow a PXC cluster to enable root we need to update the guestagent api to support this call. After looking over the other cluster enabled datastores the only other cluster datastore that supports this feature is Vertica. Much of this code can easily be reused and applied to PXC as well. We will pull the majority of this code into a common location that can be used by other datastores in the future as well as the PXC datastore today. The Vertica datastore can extend this class with the additional changes it needs specific to its datastore.
The PXC configuration change will be with the root_controller configuration parameter where it uses the DefaultRootController today and instead point to the new class called ClusterRootController.
The following public API calls will be made available to the PXC datastore.
Support for the following existing CLI calls.
No changes should be necessary to accomplish these actions.
The Vertica datastore already has this feature and much of the code is reusable so we can move this code to a common location and build off of it.
The PXC guest agent will need the methods to enable root as well with or without a password. Since this feature didn’t exist prior to now we only need the enable_root_with_password and not the enable_root method in the manager for PXC. The enable_root_with_password method is the new version of the root enable call. The old version that did not have a password was left for backward compatibility.
No calls will be deprecated in order to complete this.
The dashboard will need an update for this to be enabled for a PXC cluster. This change will need to apply for only a cluster of datastore type pxc as other datastores do not have this ability.
Need a new option on a cluster dropdown to allow a user to enable root for a given cluster. Greyed out if the cluster is not of datastore type pxc.
There should be a dialog that allows the user to enter a password that they would like to use for the root user or allow the system to randomly gererate a password and display the password to them once so that they can copy and paste it to what ever application needs root access.
Just the common updates since this is a new feature the guestagent will need to be updated.
There will be unit tests that test the new calls for the strategy.
There will be integration tests added to the scenario tests that will test enabling root on a cluster.