Disabling Password Encryption

8.3 Disabling Password Encryption

This section provides the procedure to disable password encryption in cnDBTier deployments.

Disable password encryption in the custom_values.yaml file:
```
global:
  encryption:
    enable: false
```

Perform an Helm upgrade from encryption enabled to encryption disabled with --no-hooks:

$ helm upgrade mysql-cluster occndbtier -f occndbtier/custom_values.yaml -n <CNDBTIER_NAMESPACE_NAME> --no-hooks

For example:

helm upgrade mysql-cluster cluster1 -f occndbtier/custom_values.yaml -n cluster1 --no-hooks

Log in to the Bastion Host and scale down all the replication service deployment immediately after performing the previous step:

$ kubectl -n <namespace of cnDBTier cluster> get deployments | egrep 'replication' | awk '{print $1}' | xargs -L1 -r kubectl -n <namespace of cnDBTier cluster> scale deployment --replicas=0

For example:

$ kubectl -n cluster1 get deployments | egrep 'replication' | awk '{print $1}' | xargs -L1 -r kubectl -n cluster1 scale deployment --replicas=0

Sample output:

deployment.apps/mysql-cluster-cluster1-cluster2-replication-svc scaled

Perform the following steps to update the replication_info database table on the site where you performed the upgrade to non-encrypted username and password:

$ kubectl -n <namespace> exec -it ndbappmysqld-0 -- mysql -h::1 -uroot -p<password>

For example:

$ kubectl -n cluster1 exec -it ndbappmysqld-0 -- mysql -h::1 -uroot -samplePassword

Run the following command to change authentication plugin:

mysql> UPDATE ${DBTIER_REPLICATION_SVC_DATABASE}.DBTIER_REPL_SITE_INFO SET mate_db_username='$updatedUsername',mate_db_password='$updatedPassword' where site_name='$SITE_NAME';

For example:

mysql> UPDATE replication_info.DBTIER_REPL_SITE_INFO SET mate_db_username='occnerepluser',mate_db_password='NextGenCne' where site_name='cluster1';

Perform the Upgrading cnDBTier Clusters procedure to upgrade the cnDBTier site using the updated custom_values.yaml file.
After upgrading each site, run the following command on the site to ensure that the replication is UP:
```
$ kubectl -n <namespace> exec -it ndbmysqld-0 -- curl http://mysql-cluster-db-monitor-svc.<namespace>:8080/db-tier/status/replication/realtime
```
where, <namespace> is the namespace name of the cnDBTier cluster.
The value of replicationStatus in the output indicates if the local site is able to replicate data from that remote site:
- "UP": Indicates that the local site is able to replicate data from that remote site.
- "DOWN": Indicates that the local site is not able to replicate data from the respective remote site.
For example, run the following command to check the georeplication status of cnDBTier cluster2 configured with other remote sites:
```
$ kubectl -n cluster2 exec -it ndbmysqld-0 -- curl http://mysql-cluster-db-monitor-svc.cluster2:8080/db-tier/status/replication/realtime
```
Sample output:
```
[
  {
    "localSiteName": "cluster1",
    "remoteSiteName": "cluster2",
    "replicationStatus": "UP",
    "secondsBehindRemote": 0,
    "replicationGroupDelay": [
      {
        "replchannel_group_id": "1",
        "secondsBehindRemote": 0
      }
    ]
  },
  {
    "localSiteName": "cluster1",
    "remoteSiteName": "cluster3",
    "replicationStatus": "UP",
    "secondsBehindRemote": 0,
    "replicationGroupDelay": [
      {
        "replchannel_group_id": "1",
        "secondsBehindRemote": 0
      }
    ]
  },
  {
    "localSiteName": "cluster1",
    "remoteSiteName": "cluster4",
    "replicationStatus": "UP",
    "secondsBehindRemote": 0,
    "replicationGroupDelay": [
      {
        "replchannel_group_id": "1",
        "secondsBehindRemote": 0
      }
    ]
  }
]
```
In the sample output, the replicationStatus is "UP" for the localSiteName cluster1 for remotesiteName cluster2, cluster3, and cluster4. This indicates that the localSiteName cluster2 is able to replicate data from remotesiteName cluster2, cluster3, and cluster4.
Perform Steps 1 through 6 on all cnDBTier setups.