cf-mysql-release v36

The theme for cf-mysql-release v36 is security and tuning!

In a world where MySQL is targeted by ransomware, it’s important to keep your data stores are as secure as possible. You need specialized knowledge to deploy MySQL so that it is both secure and optimized for performance. It’s especially difficult to go back and update existing servers.

v36 adds fifteen security and performance improvements and chooses sane defaults so that you don’t have to be a DBA to run MySQL. Many of MySQL’s standard settings are dated, and if left untuned, can spoil performance. Where it makes sense, we’ve updated the defaults or added a manifest property.

Upgrading to cf-mysql-release v36, and keeping current with stemcells, will help protect your databases from well-known attacks.

Deprecation Delivered

As first mentioned with the v34 release, we’ve removed spiff templates starting with v36. Please use cf-mysql-deployment v36 with the bosh2 cli to deploy. Let us know how it goes for you! Please file a GitHub issue if you’re having troubles! - Remove all spiff manifest-generation [#140167683]

Dependency Updates

• cf-mysql-release uses MariaDB 10.1.24 [#147901169]
• Upgrade any golang components to v1.8.3 [#145389045]
• Fix CVE-2017-5029 (nokogiri) in cf-mysql-broker [#147061901]

Security and Tuning

For more information, refer to the cluster configuration documentation and read the descriptions in the spec file.

• Set MySQL server to skip symbolic links [#144637795]
• As a developer, I don’t want my MySQL client to accidentally send files from the client host [#144637793]
• Set MySQL server variables so that users cannot interact with the MySQL server’s file systems [#144637789]
• Make it optional to not allow the server mysql CLI to keep a history file [#144637787]
• Admin user should not be able to connect from arbitrary host via wildcard [#144637779]
• Audit automatically-created users to ensure that have the minimum privileges necessary [#144637773]
• As an Operator, I’d like smoke-tests to run as a non-privileged user [#145547181]
• cf-mysql-release has query_cache_type set to OFF [#145565343]
• Operator can tune innodb_log_buffer_size, default to 32MB [#145565355]
• Operator can configure innodb_large_prefix [#144634641]
• Operator can configure the size of the table_definition_cache [#145565357]
• Operator can change the table_open_cache [#145565341]
• Operator would like to deploy with innodb_strict_mode set to ON [#145565345]
• Operator can configure innodb_flush_method [#145565333]
• Operator can express buffer pool size to be a % which undersedes the setting that expresses it in megabytes [#145938549]

Make sure to check this last out. Where previously you had to change the buffer cache property whenever deploying to different sized VMs, you can set a new property to have cf-mysql-release automatically compute how much RAM to use for buffer cache!

Bugfixes and Other Improvements

• Operator can specify a name for a cluster before initial deployment [#144962487]

  • Operator can follow documentation to change the cluster name of an existing deployment [#146552277]

  Use this to give your clusters a unique identifier. Now you can double-check that you’re operating on the right deployment when running interactive MySQL.

• When deploying a new cluster, an Operator may need to decrease the timeout used by MySQL to detect if other nodes already exist [#145287747]

• Operator is told when a persistent disk could not be found, or is less than 10GB [#145971959]

• If no syslog configuration is provided we do not attempt to configure syslog [#146544497]

• [BUG] cluster_health log miss several columns sometimes [#140438237]

• [BUG] When shutting down during the wrong BOSH phase, MySQL may fail to leave the cluster gracefully. [#145228885]

• [BUG] Operator should not be provided with an empty set of files when running download-logs [#144945415]

We significantly refactored mariadb_ctrl, the real brains behind cf-mysql-release. - [BUG] mariadb_ctrl PostStartSQLFiles are run without error checking. [#146056211] - [BUG] mariadb_ctrl upgrade does not wait for mysqld shutdown [#145530067] - [BUG] mariadb_ctrl should wait for the database to be synced before moving on to seeding databases [#146052481] - mariadb_ctrl should use the link bootstrap property to determine if it is the bootstrap node #145454113

• Release Integration can more easily consume BOSH links provided by cf-MySQL’s jobs [#145350449], [#147457159]

cf-mysql-deployment improvements

• As an Operator, I’d like to find an example operations file to set cf_mysql.host [#139035695]
• Share the links in cf-mysql-deployment [#146118495]

---

Manifest Changes

New Job: smoke-tests-user

• This job should be colocated with MySQL if you would like to create the smoke-tests user.

New Job: cf-mysql-broker-user

• This job should be colocated with MySQL if you would like to create the cf-mysql-broker and quota-enforcer users if the quota enforcer has been enabled.

Proxy Job Spec Changes

• cf_mysql.mysql.cluster_ips, cf_mysql.proxy.proxy_ips, cf_mysql.proxy.arbitrator_ip have been removed and are now only accessible via BOSH links.

MySQL Job Spec Changes

• The mysql-database link has been renamed to internal-mysql-database and its type is now internal-database.
• The following properties have been added:
  • cf_mysql.mysql.remote_admin_access
  • cf_mysql.mysql.innodb_buffer_pool_size_percent
  • cf_mysql.mysql.innodb_log_buffer_size
  • cf_mysql.mysql.innodb_flush_method
  • cf_mysql.mysql.innodb_large_prefix_enabled
  • cf_mysql.mysql.innodb_strict_mode
  • cf_mysql.mysql.table_definition_cache_size
  • cf_mysql.mysql.table_open_cache
  • cf_mysql.mysql.cluster_name
  • cf_mysql.mysql.cluster_probe_timeout
  • cf_mysql.mysql.cli_history
  • cf_mysql.mysql.enable_local_file

Arbitrator Job Spec Changes

• cf_mysql.mysql.cluster_ips has been removed and are now only accessible via BOSH link.

Bootstrap Errand Spec Changes

• cf_mysql.mysql.cluster_ips has been removed and are now only accessible via BOSH link. cf-mysql-broker
• The following properties are available through the broker link:
  • cf_mysql.broker.db_password
  • cf_mysql.broker.disable_quota_enforcer
  • cf_mysql.broker.quota_enforcer.password

• cf_mysql.mysql.admin_username, cf_mysql.mysql.admin_password have been removed and are now only accessible via BOSH link.

  Rejoin-Unsafe Errand Spec Changes

• cf_mysql.mysql.cluster_ips has been removed and are now only accessible via BOSH link.

Smoke-Tests Errand Spec Changes

• cf_mysql.mysql.admin_username, cf_mysql.mysql.admin_password, cf_mysql.proxy.proxy_ips have been removed and are now only accessible via BOSH link.
• cf_mysql.smoke_tests.db_password will set the password for the user which has been created by the smoke-tests-user job. verify-cluster-schemas
• cf_mysql.mysql.cluster_ips, cf_mysql.proxy.arbitrator_ip have been removed and are now only accessible via BOSH link.

---

Feedback Time: Allow table locks?

In v34, we removed Apps’ ability to lock tables, as a way of enforcing the fact that Galera doesn’t replicate table locks. Perhaps this was too strict?

Galera is often advertised as a way to horizontally scale MySQL, but cf-mysql uses Galera solely to offer high uptime SLAs. We don’t distribute reads and writes across the cluster, we keep a hot-spare (or two) for fast failover.

We feel that the work we’ve done in Switchboard, our custom proxy, is sufficient to to direct traffic to only one backend, which means it’d be OK to use locks - no App instance will be using another backend, so no conflicts!

• Roll back table lock prohibition? Click: :ok_hand:
• Nope, keep denying table locks? Click: :no_entry:

No survey this time, please find us on Cloud Foundry Slack in #core-services or contact us on GitHub!

- name: "cf-mysql"
  version: "36"
  url: "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=36"
  sha1: "746240c005465ffa105ee89e53e401e311b4fbf8"

bosh upload-release --sha1 746240c005465ffa105ee89e53e401e311b4fbf8 \
  "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=36"