Hi folks!
I have a singlestore cluster with 2 nodes. Master/Leaf - Agregator/Leaf.
Now, I need to perform an memory update on nodes, so I wanted to use promote command. I realize that users are not in both nodes, and I came up with sync_permission.
Do I need to have it on ON, to move traffic between nodes?
If NOT, how can I replicate users to move my load to the Agregator node?
I’m not an expert on this. I checked with our SQrL bot. It appears that a way to do this would be to first enable sync permissions, which may require additional work to re-add permissions/grants after you switch to sync permissions. Here’s the answer from SQrL.
To effectively manage your SingleStoreDB cluster during memory update requires a correct usage of the PROMOTE AGGREGATOR … TO MASTER command and proper synchronization of permissions across your nodes.
The PROMOTE AGGREGATOR … TO MASTER command requires the user to have full permissions on the node1. It is suitable for situations when the current Master Aggregator is still operational. If there’s permanent loss of the Master Aggregator, it’s recommended to use AGGREGATOR SET AS MASTER command2.
To replicate users, roles, and permissions between nodes, you can take advantage of the sync_permissions engine variable. This feature automates the synchronization of non-root user accounts, roles, and groups across your cluster3. Note that any user account operations performed on the Master Aggregator are automatically propagated to each Child Aggregator in the cluster3.
With sync_permissions enabled, should an administrator change a user’s password on the Master Aggregator and then tries to connect to a Child Aggregator as that user using the old password, the old password will be rejected3.
Keep in mind, enabling sync_permissions requires getting rid of all the existing permission grants on the cluster first, which is why it is best enabled on a fresh cluster4.
Remember to ensure that the passwordless ssh is enabled from the Master Aggregator to all other nodes in the cluster, including the Child Aggregator and Leaf Nodes5.
To summarize, you don’t need sync_permissions for traffic to move between nodes. However, if you aim to have permissions and users replicated across the nodes, enabling the sync_permissions engine variable would be a very efficient step to take.