On Monday 15 March 2010 12:50:41 Florian Haas wrote: > On second thought... > > On 03/11/2010 01:45 AM, Marian Marinov wrote: > > diff -r 31ea5ae9c8e7 -r cacb3e119fd9 heartbeat/mysql > > --- a/heartbeat/mysql Thu Mar 11 02:20:46 2010 +0200 > > +++ b/heartbeat/mysql Thu Mar 11 02:24:47 2010 +0200 > > @@ -512,6 +512,8 @@ > > fi > > sleep 2 > > done > > + > > + mysql -S $OCF_RESKEY_socket -O connect_timeout=1 -e 'SET GLOBAL > > read_only=on'; > > > > ocf_log info "MySQL started" > > return $OCF_SUCCESS > > You can't do that. The RA must test for ocf_is_ms here. Non master/slave > capable MySQL setups must be read/write on start. I'm changing that. > > > @@ -569,6 +571,7 @@ > > if is_slave; then > > mysql --socket=$OCF_RESKEY_socket -O connect_timeout=1 -e 'STOP > > SLAVE' > > fi > > + mysql -S $OCF_RESKEY_socket -O connect_timeout=1 -e 'SET GLOBAL > > read_only=off'; return $OCF_SUCCESS > > } > > > > @@ -633,6 +636,7 @@ > > MASTER_CONNECT_RETRY=4" > > mysql --socket=$OCF_RESKEY_socket -O connect_timeout=1 -e 'START > > SLAVE'; fi > > + mysql -S $OCF_RESKEY_socket -O connect_timeout=1 -e 'SET GLOBAL > > read_only=on'; if is_slave 1; then > > return $OCF_SUCCESS > > else > > These are fine to not test for ocf_is_ms, as promote and demote are only > ever called if the resource is indeed configured as a multistate resource. > > And, one other thing, correct me if I'm wrong but as you are doing this > you are assuming that root will be able to connect to MySQL locally > without a password? That's got to be changed too.
This must not be changed, as if you supply the root password on the CMD line there is a good chance that someone will be able to catch it. This is a very big security risk. Since MySQL has .my.cnf files it is best to use them. If you don't want to do that. Then I can write a simple expect, but it is slower and adds the requirement to have expect and tcl installed on the machine. I thought about that and I don't think there is one perfect solution, but I think .my.cnf files is by far the best solution. Marian > > Cheers, > Florian > -- Best regards, Marian Marinov
signature.asc
Description: This is a digitally signed message part.
_______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
