Comments (11)
@whelan9453, thanks, I see a problem. Will provide a fixed version on Wed. Until then please avoid using sha256 for default user.
from clickhouse-operator.
Hi @whelan9453, you can not specify password_sha256_hex for the default user. This is current known issue.
Also, try the latest version 0.8.0 -- it has some security features built in, including automatic hashing of passwords -- you can define password in plain in YAML, and operator will hash it and store password_sha256_hex automatically.
from clickhouse-operator.
Hi @whelan9453 , I have just patched the latest release to support sha256 for default user, so your example should work "as is".
from clickhouse-operator.
Hi @alex-zaitsev
Thank you! I'll try again with password_sha256_hex of the default user.
One quick question: I use the command kubectl apply -f myinstallation.yaml
to deploy and update the ClickHouseInstallation
resource. Is that the right way to deploy? (Because sometimes the new configuration seems not valid)
from clickhouse-operator.
Hi @whelan9453 , sure, kubectl apply -f is the right way. What do you mean by not valid configuration?
from clickhouse-operator.
Sometimes after I ran the kubectl apply
command, the configuration XML files would stay unchanged. Another time the configuration XML files are changed, but the password remains old ones.
You can see my sample codes above that user admin and user default can log in with the same password even though the password_sha256_hex in the user.xml
is different.
from clickhouse-operator.
@whelan9453 , it may happen if operator can not apply the configuration. For example, if you have broken configuration operator will automatically rollback to the previous one. Unfortunately, it is not visible enough (kubectl apply always succeeds).
I think in your example you had different yaml before, and after making changes ClickHouse could not start. That's why you see old passwords and test user.
You can check events that operator log to ClickHouseInstallation object to see if there is anything there:
kubectl describe chi test -n
from clickhouse-operator.
Hi @whelan9453 , I have just patched the latest release to support sha256 for default user, so your example should work "as is."
Hi @alex-zaitsev
I just tried the latest release and saw there's a <password remove="1"></password>
in the password section, and things were looking okay.
However, after I did some changes to my clickhouse-installation.yaml
file and run kubectl apply -f clickhouse-installation.yaml
again, the <password remove="1"></password>
was gone missing and the error message came out like this.
2020.01.06 01:47:47.783826 [ 1 ] {} <Information> Application: Shutting down storages.
2020.01.06 01:47:47.783855 [ 1 ] {} <Debug> Application: Shutted down storages.
2020.01.06 01:47:47.784261 [ 1 ] {} <Debug> Application: Destroyed global context.
2020.01.06 01:47:47.788275 [ 1 ] {} <Error> Application: DB::Exception: Both fields 'password' and 'password_sha256_hex' are specified for user default. Must be only one of them.
2020.01.06 01:47:47.788324 [ 1 ] {} <Information> Application: shutting down
2020.01.06 01:47:47.788348 [ 1 ] {} <Debug> Application: Uninitializing subsystem: Logging Subsystem
2020.01.06 01:47:47.789385 [ 2 ] {} <Information> BaseDaemon: Stop SignalListener thread
I can reproduce this error by deleting all resources and applying it again.
from clickhouse-operator.
@whelan9453 , I've just uploaded the fix. Just re-install the operator to try it out.
from clickhouse-operator.
@whelan9453, could you confirm the latest version works for you?
from clickhouse-operator.
@alex-zaitsev
I've tried this part, and it looks fine.
Thanks!
from clickhouse-operator.
Related Issues (20)
- The startup sequence during installation. HOT 1
- operator error HOT 2
- Operator hangs during pod recreation in ClickHouse cluster with multiple shards and replicas HOT 4
- Select query fails on Distributed table with Authentication failed HOT 2
- [Question] Is using PreviousTailAffinity in a single node cluster valid syntax? HOT 1
- [Question] How can I achieve ClickHouse synchronization between two Kubernetes clusters? HOT 8
- [Question] Best way to replace default disk HOT 1
- [Question] Can we specify a static port for NodePort service? HOT 4
- Expanding PVC Volume Template Results in Data Loss HOT 10
- Leader election for the operator HOT 3
- Deleting a CHI resource may leave debris from replicated tables in [Zoo]Keeper that requires later cleanup HOT 3
- ClickHouse Operator leaves orphan S3 files when scaling down replicas that use S3-backed MergeTree HOT 2
- how to solve clickhouse cluster aborted status? HOT 6
- when I have two replicas, I want to delete the first
- when I have two replicas, I want to delete the first replica, keep the second replica alive, how can i do? HOT 7
- ClickHouse pod update stuck when adjusting version or resource HOT 1
- [Question] How do I update the clickhouse-$INSTALLATION_NAME service to LoadBalancer from ClusterIP? HOT 5
- PVC request resize use size without SI suffix HOT 2
- Version update fails with authentication error HOT 6
- Change in user configuration leads to cluster restart HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clickhouse-operator.