I have been running an XtraDB cluster for a bit now without any major issues. My config is:
3x CentOS 7 Servers
4 GB Memory
50 GB OS
50 GB Data
PBIS-Open for PAM AD Authentication
/etc/pam.d/mysql config file uses auth required pam_lsass.so and account required pam_lsass.so
auth_pam_compat plugin installed
Anonymous user configured in mysql to Require SSL, and Authentication_String is mysql, MySQL^Admins=dba (MySQL Admins is an AD Group)
mysql user dba is configured to grant anonymous user proxy rights and granted all privileges with grant option.
Authentication is working with AD users without problem through Workbench and other tools. I had not seen mysql crash or have any issues for some time.
Prior to going live with a cut over to this environment, I configured our solarwinds environment to monitor the mysql servers metrics using the community SAM module. Essentially all it does is run a number of remote query with a login user and pull back a stat to record.
When running the monitoring solution on a system with AD credentials, anywhere from a few hours to a day, the mysqld process crashes hard. MySQL will not start with a standard systemctl start mysqld command. I have to sudo su - mysql and start the process manually then I can shutdown the process gracefully and start with the standard system process command.
When running the monitoring solution on a system with mysql credentials, the mysql process doesn’t seem to have any issues. Just to be sure, I’m using the dba user account on mysql that the AD user would be proxying as.
I was able to reproduce with a standalone install of XtraDB server without setting up the wsrep config section and the error manifested itself. I have a whole document of the configuration steps if I really need to provide it but may need to scrub some personal info from it.
I get a really long dump after the crash which I’ve attached to this post.
I’m wondering if I’m running into an issue with the auth_pam_compat module or if I have some configuration setting that isn’t right. Does anyone else use the auth_pam_compat module to manage user access/monitoring of the mysql environment?