Percona 8.0.29 fresh install automation as slave

Hi community,

we had a role for ansible to automate the process for install percona mysql master and slave
so a time ago this role works fine until now with fresh versions using percona 8.x as master/slave is starting to get this new behavior.

Our setting for server slave is using “read_only=true” in the configuration file, in that way with any reboot from server we always guarantee the slave can’t be touched or modified

and when the engine initialize in older version 8.x the first time we used this workaround.

(master and slave)
1- using mysql client with variable connect-expired-password
2- to not break the replica from configuration file in the same line with mysql client we use set global super_read_only=OFF
3- then set the password for root
4- set global super_read_only=ON

the issue now is:
we still connecting using temporary password but now the recently version can’t accept other query until not change the password expired as first step, is like a mandatory otherwise can’t do anything.
so the step 2 can’t do it now in automate process because in the master server I can remove the step 2 and avoid the second time to set the initial root password but on slave starting from configuration as read_only = true is blocked

mysql> set global super_read_only=OFF;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

the main goal is maintain the slave always read only but if before i can use expired password for change the root password I used global variables now I can’t with this restriction… exist other way to use global variables from mysql cli to can change the password as first step without break the replica on session time and not using configuration ?

1 Like

Hello @baph0m3t,
Firstly, the terms are now source and replica. Regarding your setup, when you initialize a brand new MySQL server, you must always change the root password before you can do anything. Yes, this is required. You may need to alter your ansible steps. All you need to do is set the password first, then do your remaining steps. If you are creating a new replica from a source backup, then this should not be an issue because the username/passwords will have been restored as part of your backup-restore process.

1 Like