Earlier today, we ran an article detailing that Oracle released 270 critical security updates for many of its products, including MySQL cluster which we use here to provide high uptime and reliability for SoylentNews. Needless to say, it was time to upgrade both NDB backends, and the four MySQLd frontends. While the upgrade did not go completely smoothly due to the fact that MySQL strict mode got enabled, and broke the site briefly, our total downtime was less than five minutes or so. Right now, we had to do a full flush and purge of all caches, which means the site is running a bit larky until they can repopulate but I'm pleased to announce we're up to date and secure!
ndb_mgm> show Cluster Configuration --------------------- [ndbd(NDB)] 2 node(s) id=2 @redacted (mysql-5.7.17 ndb-7.5.5, Nodegroup: 0) id=3 @redacted (mysql-5.7.17 ndb-7.5.5, Nodegroup: 0, *) [ndb_mgmd(MGM)] 2 node(s) id=101 @redacted (mysql-5.7.17 ndb-7.5.5) id=102 @redacted (mysql-5.7.17 ndb-7.5.5) [mysqld(API)] 4 node(s) id=11 @redacted (mysql-5.7.17 ndb-7.5.5) id=12 @redacted (mysql-5.7.17 ndb-7.5.5) id=13 @redacted (mysql-5.7.17 ndb-7.5.5) id=14 @redacted (mysql-5.7.17 ndb-7.5.5)
If you notice any unusual breakages or slowdowns, please let me know in the comments. Otherwise, keep calm and carry on!
~ NCommander
(Score: 2) by ikanreed on Friday January 20 2017, @07:35PM
Yeah, but the MySQL servers, if properly setup, aren't on any public IP.
(Score: 2) by NCommander on Friday January 20 2017, @10:39PM
Ours aren't, but if someone manages to get a non-root shell on one of our machines, I don't want them to be able to break into the database. For logistical reasons, there are several machines on our network that can access the mysqld endpoints for backup and maintenance reasons. If someone scored access to the right box, they'd be in a position that they could talk to 3306 on one of the DB servers.
Still always moving
(Score: 2) by ikanreed on Friday January 20 2017, @11:01PM
Can't believe I didn't think of that kinda obvious case.