Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: VStream and VReplication should use different MySQL users #17567

Open
twthorn opened this issue Jan 17, 2025 · 1 comment
Open

Feature Request: VStream and VReplication should use different MySQL users #17567

twthorn opened this issue Jan 17, 2025 · 1 comment
Labels
Component: VReplication Type: Feature

Comments

@twthorn
Copy link
Contributor

twthorn commented Jan 17, 2025

Feature Description

Both VStream and VReplication use the same user vt_filtered. If a Vitess/MySQL deployment has max_user_connections enabled, then it is possible that if VStream client is misbehaving (e.g., creates too many MySQL connections), then VReplication can be blocked entirely. Since VStream is more auxiliary for downstream use cases, it should not be tightly coupled with VReplication (which is essential to Vitess availability) via the shared resource (i.e., the connection pool for vt_filtered user).

Request here is to by default use a separate user. Or at least give the option to override the vstream or vreplication username.

Use Case(s)

Prevent vstream clients from stopping replication of tablets.
@twthorn twthorn added the Needs Triage This issue needs to be correctly labelled and triaged label Jan 17, 2025
@mattlord mattlord added Type: Feature Component: VReplication and removed Needs Triage This issue needs to be correctly labelled and triaged labels Jan 17, 2025
@github-project-automation github-project-automation bot moved this to Backlog in VReplication Jan 17, 2025
@mattlord
Copy link
Contributor

mattlord commented Jan 17, 2025
edited
Loading

@twthorn for the vtgate VStream API, it is VReplication on the tablet side (just no workflow). It's a fair point though. It's certainly possible to distinguish them from the caller side. I think the same basic problem would still hold though if we used another of the available users:

❯ vttablet --help | grep db | grep user
      --db_allprivs_user string                                          db allprivs user userKey (default "vt_allprivs")
      --db_app_user string                                               db app user userKey (default "vt_app")
      --db_appdebug_user string                                          db appdebug user userKey (default "vt_appdebug")
      --db_dba_user string                                               db dba user userKey (default "vt_dba")
      --db_erepl_user string                                             db erepl user userKey (default "vt_erepl")
      --db_filtered_user string                                          db filtered user userKey (default "vt_filtered")
      --db_repl_user string                                              db repl user userKey (default "vt_repl")

App would certainly be even more potentially problematic. But we could e.g. use the erepl (External Replication) user. That's not used at all anymore within Vitess itself, and VTGate VStreams could logically be considered external replication. What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: VReplication Type: Feature
Projects
VReplication
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattlord @twthorn