Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.0 Manual
Page in Other Manuals
Tungsten Replicator 8.0 Manual
Tungsten Replicator 7.0 Manual
Tungsten Clustering (for MySQL) 7.1 Manual
Tungsten Replicator 6.1 Manual
Tungsten Clustering (for MySQL) 6.1 Manual
Tungsten Replicator 7.1 Manual
Tungsten Clustering (for MySQL) 8.0 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.0 Manual

       > 6. Operations Guide

       > 6.16. Performing Database or OS Maintenance
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST APIv2
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
Navigate Up
6.16. Performing Database or OS Maintenance
Parent Sections
6.16.1. Performing Maintenance on a Single Replica
6.16.2. Performing Maintenance on a Primary
6.16.3. Performing Maintenance on an Entire Dataservice
6.16.4. Upgrading MySQL
6.16.5. Upgrading or Updating your JVM
6.16.6. Making Schema Changes
6.16.7. Updating Database User Passwords
6.16.7. Updating Database User Passwords
Prev  ^Up6.16. Performing Database or OS Maintenance Next

6.16.7. Updating Database User Passwords

6.16.7. Updating passwords for Connectors and Applications

Rotating user passwords is a common procedure that all businesses follow on a regular basis. This should be no different when Tungsten Clustering is in use however the process needs to be handled with care to ensure uninterupted operations.

The procedure below provides the basic steps required to change the database user account associated with Tungsten. This would be the user that is configured by the replication-user tpm option that is used by the Tungsten processes.

  1. The first step is to place the cluster into MAINTENANCE mode: 

    shell> cctrl
cctrl> set policy maintenance

  2. On the primary node, connect to mysql as the root user and issue the password change (This example assumes the DB user is called tungsten: 

    shell> mysql -u root -p
mysql> set password for tungsten@'%' = password('new_pass');
mysql> flush privileges

  3. On all remaining nodes, connect to mysql as the root user and issue the following: 

    shell> mysql -u root -p
mysql> flush privileges

  4. At this point, tungsten services will now show as offline, however because we are in MAINTENANCE, applications will still be connected.

    To bring process online with the new password, we now need to update the /etc/tungsten/tungsten.ini and update the password accordingly for the replication-user entry. After updating this on every host, issue the following, also on every host: 

    shell> tpm update

  5. Return the cluster to AUTOMATIC mode: 

    shell> cctrl
cctrl> set policy automatic

Using MySQL 8.0.14+?

If you are running version 8.0.14 or later of MySQL, you may want to consdier making use of a new MySQL feature that allows user accounts to have dual passwords. Doing so would eliminate the offline state of Tungsten components in the above example. This process would look like the following:

  1. The first step is to place the cluster into MAINTENANCE mode: 

    shell> cctrl
cctrl> set policy maintenance

  2. On the primary node, connect to mysql as the root user and issue the DDL below (This example assumes the DB user is called tungsten: 

    shell> mysql -u root -p
mysql> ALTER USER tungsten@'%' IDENTIFIED BY 'second_pass' RETAIN CURRENT PASSWORD;
mysql> flush privileges

  3. On all remaining nodes, connect to mysql as the root user and issue the following: 

    shell> mysql -u root -p
mysql> flush privileges

  4. We now need to update the /etc/tungsten/tungsten.ini and update the password accordingly for the replication-user entry. After updating this on every host, issue the following, also on every host: 

    shell> tpm update

  5. Return the cluster to AUTOMATIC mode: 

    shell> cctrl
cctrl> set policy automatic

  6. When all systems that utilise the account have been updated to use the new password, issue the following: 

    shell> mysql -u root -p
mysql> ALTER USER tungsten@'%' DISCARD OLD PASSWORD;
mysql> flush privileges

Updating passwords for Connectors and Applications

It is not possible to update application user passwords without incurring downtime, the same applies if you are updating the user associated with the application-user tpm option that the connectors user.

To change these user accounts the process would be as follows:

  1. On the primary node, connect to mysql as the root user and issue the password change 

    shell> mysql -u root -p
mysql> set password for app_user@'%' = password('new_pass');
mysql> flush privileges

  2. On all remaining nodes, connect to mysql as the root user and issue the following: 

    shell> mysql -u root -p
mysql> flush privileges

  3. At this point, applications and/or connectors will be offline.

    To bring connectors online with the new password, we need to update the /etc/tungsten/tungsten.ini and update the password accordingly for the application-user entry. After updating this on every connector host, issue the following, also on every connector host: 

    shell> tpm update

  4. If you are using Proxy mode, you will also need to update the password for application users within the user.map file.

    After updating the file, the connector will automatically detect a change and reload.

As with the main Tungsten account, if you are running MySQL 8.0.14+ you can also make the process simpler with minimal to zero downtime by utilising the DUAL password feature. For application and connector users, this process is expalined in Section 7.6.2, “Dual-Paswords and MySQL 8”

Prev Up Next
6.16.6. Making Schema Changes  ^Level 6.17. Monitoring Tungsten Cluster
Copyright © 2025 Continuent, Ltd.1 (415) 529-4901Terms of UsePrivacy & CookiesLegal NoticeExhibits