MediaWiki should not connect as root database user on MediaWiki-Vagrant
Closed, ResolvedPublic

Description

On one of our labs-vagrant machines (flow-tests) we started getting a "Too many connections" error ("ERROR 1040 (HY000): Too many connections" on command line, also shown via web).

The normal way to deal with that is to connect on the command-line and kill certain/all connections. To allow this even under a max_connections condition, MySQL reserves a spare connection for the super-user (generally root). See B.5.2.7 Too many connections.

However, under MediaWiki-Vagrant, MW connects as root, defeating the purpose. MediaWiki-Vagrant should set up another database account without SUPER, and use that for the wiki database configuration.

Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF raised the priority of this task from to Needs Triage.
Mattflaschen-WMF added a subscriber: Mattflaschen-WMF.

The most likely cause of the "Too many connections" error is an out of date HHVM install. @Manybubbles found a bug in October that would cause this and it has since been fixed both upstream and in the WMF HHVM builds using his patch(es).

That being said, setting up proper privilege separation for the wiki code is a great idea. I honestly didn't know that we weren't using an unprivileged user.

The most likely cause of the "Too many connections" error is an out of date HHVM install. @Manybubbles found a bug in October that would cause this and it has since been fixed both upstream and in the WMF HHVM builds using his patch(es).

I fixed it upstream and I'm proud of it! Two days of learning GDB to find a resource leak and fix it by moving one line from one function to another. I think they've since rewritten that part of the code to make it obvious though.

dduvall triaged this task as High priority.Jan 14 2015, 6:23 PM
dduvall added a subscriber: dduvall.

I wasn't aware of this either. If we're going to be promoting more use of MW-Vagrant in labs, I think we ought to strive for more secure configurations across the board.

Perhaps this refactoring should include random/secure password generation for mysql root, and a more restrictive account for the vagrant user (at least in labs).

dduvall moved this task from Backlog to Upcoming on the MediaWiki-Vagrant board.Jan 14 2015, 6:24 PM
bd808 set Security to None.

Change 260097 had a related patch set uploaded (by Mattflaschen):
WIP: Don't use MySQL root account for DB connection

https://gerrit.wikimedia.org/r/260097

Restricted Application added a subscriber: Luke081515. · View Herald TranscriptDec 23 2015, 12:11 AM

Change 260097 merged by jenkins-bot:
Don't use MySQL root account for DB connection

https://gerrit.wikimedia.org/r/260097

bd808 moved this task from Upcoming to Done on the MediaWiki-Vagrant board.Jan 17 2016, 11:06 PM
bd808 closed this task as Resolved.Jan 26 2016, 2:58 AM