K8SPXC-1009 - Also enable super_read_only when replica

[benlangfeld]

Without this change, users with SUPER can still perform DMLs against what should be read-only replicas.

It's not necessary to modify DisableReadonly() or IsReadonly() because enabling super_read_only implicitly enables read_only and disabling read_only implicitly disables super_read_only.

[it-percona-cla]

All committers have signed the CLA.

[JNKPercona]

Test name	Status
storage	passed
upgrade-haproxy	passed
recreate	passed
scaling	passed
scheduled-backup	failed
cross-site	failed
restore-to-encrypted-cluster	passed
haproxy	passed
big-data	passed
demand-backup	passed
init-deploy	passed
pitr	passed
limits	passed
monitoring-2-0	passed
demand-backup-encrypted-with-tls	passed
affinity	passed
one-pod	passed
auto-tuning	passed
proxysql-sidecar-res-limits	passed
users	passed
scaling-proxysql	passed
self-healing	passed
self-healing-chaos	passed
security-context	passed
tls-issue-self	passed
self-healing-advanced	passed
self-healing-advanced-chaos	passed
upgrade-proxysql	passed
tls-issue-cert-manager	passed
tls-issue-cert-manager-ref	passed
operator-self-healing	passed
operator-self-healing-chaos	passed
smart-update	passed
validation-hook	passed
proxy-protocol	passed
upgrade-consistency	passed
We run 36 out of 36

commit: https://github.com/percona/percona-xtradb-cluster-operator/pull/1094/commits/74bfb5d906aa1712915dd29632f303eddbcc2a96 image: perconalab/percona-xtradb-cluster-operator:PR-1094-74bfb5d9

[benlangfeld]

@egegunes is it possible to get this merged please? This is very important for deployments which use replication.

[hors]

@egegunes is it possible to get this merged please? This is very important for deployments which use replication.

@benlangfeld do not worry :) we are going to include your changes in next PXCO release. Now I am checking cross-site test.

[benlangfeld]

As I can see after these changes it is not possible to change password for replication user but it is common use case.

One could switch this off temporarily to make that change, leaving the node in a safe state the rest of the time.

[hors]

As I can see after these changes it is not possible to change password for replication user but it is common use case.

One could switch this off temporarily to make that change, leaving the node in a safe state the rest of the time.

yes, I think we should

[benlangfeld]

As I can see after these changes it is not possible to change password for replication user but it is common use case.

One could switch this off temporarily to make that change, leaving the node in a safe state the rest of the time.

yes, I think we should

So do you need a mention of that in the documentation or something else?

[hors]

One could switch this off temporarily to make that change, leaving the node in a safe state the rest of the time.

yes, I think we should

So do you need a mention of that in the documentation or something else?

@benlangfeld I prefer to have this logic on operator end. E.g. Operator can detect that it's replica cluster and super_read_only is 1 and in case of password change set it to 0. As soon as the password is updated operator will change it back to 1. So, using this logic we always have read_only=1 and only temporary super_read_only=0

[benlangfeld]

One could switch this off temporarily to make that change, leaving the node in a safe state the rest of the time.

yes, I think we should

So do you need a mention of that in the documentation or something else?

@benlangfeld I prefer to have this logic on operator end. E.g. Operator can detect that it's replica cluster and super_read_only is 1 and in case of password change set it to 0. As soon as the password is updated operator will change it back to 1. So, using this logic we always have read_only=1 and only temporary super_read_only=0

Ah ok, you meant for operator-driven password changes. I'll see if I can find time to implement that.

[egegunes]

@benlangfeld I'm closing this PR due to inactivity. You can re-open it if you want to work on it. Please let us know if you need any help.