hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db134fd314d6cba1c205051c1f71af5a6b7b0826
MaxScale/Documentation/Upgrading/Upgrading-To-MaxScale-1.4.md
Markus Mäkelä 08c51aa598 Remove broken links 
The links in old upgrading guides and the changelog pointed to documents
that do not exist.
2017-07-27 16:19:50 +03:00

87 lines
2.4 KiB
Markdown
Raw Blame History

# Upgrading MaxScale from 1.3 to 1.4
This document describes upgrading MaxScale from version 1.3 to 1.4.
For more detailed information about MaxScale 1.4, please refer to:
* MaxScale 1.4.3 release notes
* MaxScale 1.4.2 release notes
* MaxScale 1.4.1 release notes
* MaxScale 1.4.0 release notes
## Installation
Before starting the upgrade, we **strongly** recommend you back up your current
configuration file.
## Service user permissions
The service users now also need SELECT privileges on mysql.tables_priv. This is
required for the resolution of table level grants. To grant SELECT privileges
for the service user, replace the user and hostname in the following example.
```
GRANT SELECT ON mysql.tables_priv TO 'username'@'maxscalehost';
```
## Password encryption
MaxScale 1.4 upgrades the used password encryption algorithms to more secure ones.
This requires that the password files are recreated with the `maxkeys` tool.
For more information about how to do this, please read the installation guide:
[MariaDB MaxScale Installation Guide](../Getting-Started/MariaDB-MaxScale-Installation-Guide.md)
## SSL
The SSL configuration parameters are now a part of the listeners. If a service
used the old style SSL configuration parameters, the values should be moved to
the listener which is associated with that service.
Here is an example of an old style configuration.
```
[RW Split Router]
type=service
router=readwritesplit
servers=server1,server2,server3,server4
user=jdoe
passwd=BD26E4139A15280CA882264AA1551C70
ssl=required
ssl_cert=/home/user/certs/server-cert.pem
ssl_key=/home/user/certs/server-key.pem
ssl_ca_cert=/home/user/certs/ca.pem
ssl_version=TLSv12
[RW Split Listener]
type=listener
service=RW Split Router
protocol=MySQLClient
port=3306
```
And here is the new, 1.4 compatible configuration style.
```
[RW Split Router]
type=service
router=readwritesplit
servers=server1,server2,server3,server4
user=jdoe
passwd=BD26E4139A15280CA882264AA1551C70
[RW Split Listener]
type=listener
service=RW Split Router
protocol=MySQLClient
port=3306
ssl=required
ssl_cert=/home/user/certs/server-cert.pem
ssl_key=/home/user/certs/server-key.pem
ssl_ca_cert=/home/user/certs/ca.pem
ssl_version=TLSv12
```
Please also note that the `enabled` SSL mode is no longer supported due to
the inherent security issues with allowing SSL and non-SSL connections on
the same port. In addition to this, SSLv3 is no longer supported due to
vulnerabilities found in it.
Reference in New Issue View Git Blame Copy Permalink