pico service password file

Major limitation

Currently changing pico_service's password after the cluster has booted will break the cluster. Currently you would need to change the password via clusterwide ACL, which will break creation of any new connections between any 2 live instances of cluster. But granted the password has arrived via already established connections by raft log and then by tarantool replication to replicas (also by already established connections), the instances will need to be restarted manually with the updated password file.

Summary

• test: test using --service-password-file

• test: extract log_crawler to conftest.py

• refactor: remove the last usage of tarantool::net_box

• feat: specify password for pico_service via option at startup

---

• Close #510 (closed), #359
• Follow-up for !855 (merged)
• Target branch: master
• Changes should be cherry-picked to 24.1: yes / no
• Docs follow-up: docs#188 (closed)

src/cli/args.rs

@@ -215,6 +215,16 @@ pub struct Run {
     )]
     /// The amount of memory in bytes to allocate for the database engine.
     pub memtx_memory: u64,
+
+    /// Path to a plain-text file with a password for the system user "pico_service".
+    /// This password will be used for internal communication among instances of
+    /// picodata, so it must be the same on all instances.
+    #[clap(
+        long = "service-password-file",
+        value_name = "PATH",
+        env = "PICODATA_SERVICE_PASSWORD_FILE"
+    )]
+    pub service_password_file: Option<String>,
 }
 
 // Copy enum because clap:ArgEnum can't be derived for the foreign SayLevel.