I’m not an expert on this. I checked with our SQrL bot. It appears that a way to do this would be to first enable sync permissions, which may require additional work to re-add permissions/grants after you switch to sync permissions. Here’s the answer from SQrL.
To effectively manage your SingleStoreDB cluster during memory update requires a correct usage of the PROMOTE AGGREGATOR … TO MASTER
command and proper synchronization of permissions across your nodes.
The PROMOTE AGGREGATOR … TO MASTER
command requires the user to have full permissions on the node1. It is suitable for situations when the current Master Aggregator is still operational. If there’s permanent loss of the Master Aggregator, it’s recommended to use AGGREGATOR SET AS MASTER
command2.
To replicate users, roles, and permissions between nodes, you can take advantage of the sync_permissions
engine variable. This feature automates the synchronization of non-root user accounts, roles, and groups across your cluster3. Note that any user account operations performed on the Master Aggregator are automatically propagated to each Child Aggregator in the cluster3.
With sync_permissions
enabled, should an administrator change a user’s password on the Master Aggregator and then tries to connect to a Child Aggregator as that user using the old password, the old password will be rejected3.
Keep in mind, enabling sync_permissions
requires getting rid of all the existing permission grants on the cluster first, which is why it is best enabled on a fresh cluster4.
Remember to ensure that the passwordless ssh is enabled from the Master Aggregator to all other nodes in the cluster, including the Child Aggregator and Leaf Nodes5.
To summarize, you don’t need sync_permissions
for traffic to move between nodes. However, if you aim to have permissions and users replicated across the nodes, enabling the sync_permissions
engine variable would be a very efficient step to take.