Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Orchestrator exposes MySQLOrchestratorPassword variable

Description

Orchestrator 3.2.6-11 shows the MySQLOrchestratorPassword variable value in the error log and when accessing the web interface.

How to repeat:

-- Create a MySQL and Orchestrator node ./anydbver deploy ps:8.0 node1 percona-orchestrator:latest,master=node0 ./anydbver ssh mysql -e "CREATE USER 'orchestrator_srv'@'%' IDENTIFIED BY 'orc_server_password'; GRANT ALL ON orchestrator.* TO 'orchestrator_srv'@'%';" -- Configure Orchestrator to use node0 as MySQL backend database ./anydbver ssh node1 rpm -qa | grep -i orc percona-orchestrator-3.2.6-11.el8.x86_64 percona-orchestrator-cli-3.2.6-11.el8.x86_64 percona-orchestrator-client-3.2.6-11.el8.x86_64 vi /usr/local/orchestrator/orchestrator.conf.json -- Add the following lines and remove sqlite options "MySQLOrchestratorHost": "node_0_IP", "MySQLOrchestratorPort": 3306, "MySQLOrchestratorDatabase": "orchestrator", "MySQLOrchestratorUser": "orchestrator_srv", "MySQLOrchestratorPassword": "orc_server_password", -- Restart Orchestrator systemctl restart orchestrator -- Discover node0 Cluster /usr/local/orchestrator/orchestrator -c discover -i node_0_IP -- Tail the messages file tail -f /var/log/messages -- On node0, restart the MySQL database systemctl restart mysql -- On node1, there are several messages showing the backend password: Feb 28 23:26:03 juan-arruti-node1 orchestrator[4262]: 2024-02-28 23:26:03 ERROR 2024-02-28 23:26:03 ERROR QueryRowsMap(orchestrator_srv:orc_server_password@tcp(10.124.33.138:3306)/orchestrator?timeout=1s&readTimeout=30s&rejectReadOnly=false&interpolateParams=true) select hostname, token, first_seen_active, last_seen_Active from active_node where anchor = 1: dial tcp 10.124.33.138:3306: connect: connection refused ... Feb 28 23:26:04 juan-arruti-node1 orchestrator[4262]: 2024-02-28 23:26:04 ERROR ExecNoPrepare(orchestrator_srv:orc_server_password@tcp(10.124.33.138:3306)/orchestrator?timeout=1s&readTimeout=30s&rejectReadOnly=false&interpolateParams=true) update node_health set last_seen_active = now() - interval ? second, extra_info = case when ? != '' then ? else extra_info end, app_version = ?, incrementing_indicator = incrementing_indicator + 1 where hostname = ? and token = ?: dial tcp 10.124.33.138:3306: connect: connection refused

Accessing the web interface also shows the MySQLOrchestratorPassword variable value. Please check the screenshot uploaded.

Environment

None

AFFECTED CS IDs

CS0044352

Attachments

1

Activity

Show:

parveez.baig August 18, 2024 at 6:36 AM

Tested and Verified that the password is not being logged in v3.2.6-14.

updated messages:

2024-08-18 06:25:09 ERROR ExecNoPrepare(127.0.0.1:3306) update node_health set last_seen_active = now() - interval ? second, extra_info = case when ? != '' then ? else extra_info end, app_version = ?, incrementing_indicator = incrementing_indicator + 1 where hostname = ? and token = ?: dial tcp 127.0.0.1:3306: connect: connection refused

2024-08-18 06:25:09 ERROR QueryRowsMap(127.0.0.1:3306) select hostname, token, first_seen_active, last_seen_Active from active_node where anchor = 1: dial tcp 127.0.0.1:3306: connect: connection refused

Kamil Holubicki April 4, 2024 at 8:52 AM
Edited

Will go to v3.2.6-14

Done

Details

Assignee

Reporter

Labels

Needs Review

Yes

Needs QA

Yes

Components

Fix versions

Affects versions

Priority

Smart Checklist

Created February 28, 2024 at 11:45 PM
Updated October 28, 2024 at 11:46 AM
Resolved August 28, 2024 at 7:01 AM