hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82105d20e1c9650ee69fb2099e92e3df374f6b7f
MaxScale/Documentation/Routers/CLI.md
Johan Wikman a9b0a5550c Allow socket and address/port to be used with maxadmin 
It's now possible to use both a Unix domain socket and host/port
when connecting with MaxAdmin to MaxScale.

By default MaxAdmin will attempt to use the default Unix domain
socket, but if host and/or port has been specified, then an inet
socket will be used.

maxscaled will authenticate the connection attempt differently
depending on whether a Unix domain socket is used or not. If
a Unix domain socket is used, then the Linux user id will be
used for the authorization, otherwise the 1.4.3 username/password
handshake will be performed.

adminusers has now been extended so that there is one set of
functions for local users (connecting locally over a Unix socket)
and one set of functions for remote users (connecting locally
or remotely over an Inet socket).

The local users are stored in the new .../maxscale-users and the
remote users in .../passwd. That is, the old users of a 1.4
installation will work as such in 2.0.

One difference is that there will be *no* default remote user.
That is, remote users will always have to be added manually using
a local user.

The implementation is shared; the local and remote alternatives
use common functions to which the hashtable and filename to be
used are forwarded.

The commands "[add|remove] user" behave now exactly like they did
in 1.4.3, and also all existing users work out of the box.

In addition there is now the commands "[enable|disable] account"
using which Linux accounts can be enabled for MaxAdmin usage.
2016-09-02 13:47:16 +03:00

1.5 KiB
Raw Blame History

CLI

The command line interface as used by maxadmin. The CLI router requires the use of the maxscaled protocol.

Configuration

Two components are required in order to run the command line interface for use with maxadmin; a service and a listener. The listener may either use a Unix domain socket or an internet socket.

The default entries required are shown below.

[CLI]
type=service
router=cli

# Unix Domain Socket
[CLI Unix Listener]
type=listener
service=CLI
protocol=maxscaled
socket=default

# Internet Socket
[CLI Inet Listener]
type=listener
service=CLI
protocol=maxscaled
address=localhost
port=6603

In the example above, two listeners have been specified; one that listens on the default Unix domain socket and one that listens on the default port. In the latter case, if the address= entry is removed, connections are allowed from any machine on your network.

In the former case, if the value of socket is changed and in the latter case, if the value of port is changed, maxadmin must be invoked with the -S and -P options respectively.

Note that if Unix domain sockets are used, the connection is secure, but maxadmin can only be used on the same host where MariaDB MaxScale runs. If internet sockets are used, the connection is inherently insecure but maxadmin can be used from another host than the one where MariaDB MaxScale runs.

Note that the latter approach is deprecated and will be removed in a future version of MariaDB MaxScale.