diff --git a/Documentation/Reference/MaxAdmin.md b/Documentation/Reference/MaxAdmin.md index 08a49a947..3e0225132 100644 --- a/Documentation/Reference/MaxAdmin.md +++ b/Documentation/Reference/MaxAdmin.md @@ -1456,9 +1456,8 @@ You can alter server parameters with the `alter server` command. Any changes to the address or port of the server will take effect for new connections only. Changes to other parameters will take effect immediately. -Please note that in order for SSL to be enabled for a created server, all of the -required SSL parameters (`ssl`, `ssl_key`, `ssl_cert` and `ssl_ca_cert`) must be -given in the same command. +Please note that SSL cannot be enabled via MaxAdmin in MaxScale 2.4. Please use +the MaxCtrl client or the REST API to create servers with SSL. ``` alter server - Alter server parameters @@ -1475,15 +1474,6 @@ address Server address port Server port monuser Monitor user for this server monpw Monitor password for this server -ssl Enable SSL, value must be 'required' -ssl_key Path to SSL private key -ssl_cert Path to SSL certificate -ssl_ca_cert Path to SSL CA certificate -ssl_version SSL version -ssl_cert_verify_depth Certificate verification depth - -To configure SSL for a newly created server, the 'ssl', 'ssl_cert', -'ssl_key' and 'ssl_ca_cert' parameters must be given at the same time. Example: alter server my-db-1 address=192.168.0.202 port=3307 ``` diff --git a/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md b/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md index f6f5a0776..e3f5c1fc4 100644 --- a/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md +++ b/Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md @@ -45,14 +45,28 @@ improvement over the older MD5 hashing algorithm. New users will use the stronger algorithm but old users will continue using the weaker one. To upgrade administrative users, recreate the user. -### REST API - Server creation +### REST API + +#### Mandatory `protocol` parameter on server creation The `protocol` parameter must now always be defined when a server is created. The previously undocumented default value of `mariadbbackend` now must be explicitly defined when a server is created via the REST API. +#### TLS on server creation + +To create encrypted connection to a server, the TLS parameters must be defined +at server creation time. To enable TLS for a server that doesn't have it, +destroy the old one and recreate it afterwards. + ## Dropped Features +### Enabling server TLS via MaxAdmin + +As TLS for servers must now be defined at creation time, enabling TLS at runtime +via MaxAdmin is no longer possible. Use MaxCtrl to create servers with TLS +enabled. + ### `debugcli` and `telnetd` The `debugcli` router and the `telnetd` protocol module it uses have been diff --git a/server/modules/routing/cli/debugcmd.cc b/server/modules/routing/cli/debugcmd.cc index e511fcc15..d1a9d0d94 100644 --- a/server/modules/routing/cli/debugcmd.cc +++ b/server/modules/routing/cli/debugcmd.cc @@ -1643,19 +1643,9 @@ struct subcommand alteroptions[] = "port Server port\n" "monitoruser Monitor user for this server\n" "monitorpw Monitor password for this server\n" - "ssl Enable SSL, value must be 'required'\n" - "ssl_key Path to SSL private key\n" - "ssl_cert Path to SSL certificate\n" - "ssl_ca_cert Path to SSL CA certificate\n" - "ssl_version SSL version\n" - "ssl_cert_verify_depth Certificate verification depth\n" - "ssl_verify_peer_certificate Peer certificate verification\n" "persistpoolmax Persisted connection pool size\n" "persistmaxtime Persisted connection maximum idle time\n" "\n" - "To configure SSL for a newly created server, the 'ssl', 'ssl_cert',\n" - "'ssl_key' and 'ssl_ca_cert' parameters must be given at the same time.\n" - "\n" "Example: alter server my-db-1 address=192.168.0.202 port=3307", { ARG_TYPE_SERVER, ARG_TYPE_STRING, ARG_TYPE_STRING, ARG_TYPE_STRING,