Step 2: Start and Configure MariaDB Xpand
This page is part of MariaDB's Documentation.
The parent of this page is: Deploy Xpand Topology
Topics on this page:
Overview
This page details step 2 of the 6-step procedure "Deploy Xpand Topology".
This step starts and configures MariaDB Xpand 23.09.
Several actions require connection to Xpand. A command-line client (mysql
) was included with your Xpand installation. Alternatively, a different client and connection method could be used.
Interactive commands are detailed. Alternatively, the described operations can be performed using automation.
Check and Start Xpand Process
This action is performed as the xpandm
user account on each Xpand node.
To start the Xpand process:
Check that the Xpand service is running:
$ clx status
If the Xpand service is not running, start the Xpand service:
$ clx dbstart
For additional information, see "clx (Command-Line Reference)" and "MariaDB Xpand System User Accounts".
License Configuration
An Xpand license key must be configured. The license key is a JSON-formatted string. This license key is obtained from MariaDB.
This action is performed on one Xpand node.
Make a note of which Xpand node was used for this action. A later action will need to be performed from this Xpand node.
To set the license key:
Connect to MariaDB Xpand:
$ mysql --user=root --password --no-auto-rehash
Set the license variable to your license key (replace
YOUR_LICENSE_KEY_JSON_GOES_HERE
):SET GLOBAL license = 'YOUR_LICENSE_KEY_JSON_GOES_HERE';
Additional nodes can be brought online from the Xpand node used to set the Xpand license key.
Add Xpand Nodes
This action is performed on the Xpand node used for MariaDB Xpand license configuration.
Results of this action:
The Xpand node performs a short group change.
The Xpand node connects to each new Xpand node. Each new Xpand node is configured to receive connections.
The rebalancer process redistributes data and replicas.
To add Xpand nodes:
Connect to the Xpand node used to set the Xpand license:
$ mysql --user=root --password --no-auto-rehash
Add each additional Xpand node by its IP address:
ALTER CLUSTER ADD '192.0.2.2', '192.0.2.3' COORDINATE;
For additional information, see "ALTER CLUSTER (SQL statement)".
Set Root Password
By default, Xpand does not set a password for the root@127.0.0.1
database user account. A password should be set to prevent unauthorized database access by users on the local system.
This action is performed on one Xpand node.
To set a password for the the root@127.0.0.1
database user account:
Connect to MariaDB Xpand:
$ mysql --user=root --no-auto-rehash
Set a password for the user account:
SET PASSWORD FOR root@127.0.0.1 = PASSWORD("xpand_root_passwd");
Passwords should meet your organization's password policies.
SSH Configuration
MariaDB Xpand depends on the xpand
and xpandm
user accounts. For additional information, see "MariaDB Xpand System User Accounts".
Passwordless SSH should be configured between Xpand nodes for the xpand
and xpandm
user accounts. Xpand can automatically configure passwordless SSH if sshd
is configured to allow password authentication on each node. Otherwise, passwordless SSH should be manually configured on each node.
To determine which instructions to use, follow the procedure below.
This action is performed on each Xpand node.
On each node, confirm that password authentication is enabled for SSH:
$ sudo grep -i -E "^PasswordAuthentication" /etc/ssh/sshd_config
If the result is "yes" on all nodes, use Automatic Setup:
PasswordAuthentication yes
If the result is "no" on any node, use Manual Setup:
PasswordAuthentication no
Automatic Setup
All Xpand nodes should have the same password for the same user account, but the passwords should differ for each separate user account.
This action is performed on each Xpand node.
Set the password for the
xpand
system user account:$ sudo passwd xpand
Set the password for the
xpandm
system user account:$ sudo passwd xpandm
After per-node steps are completed, this action is performed on one Xpand node.
Switch to the
xpand
user and change to its home directory:$ su xpand $ cd
Configure public keys for the
xpand
system user account:$ clx pubkeyinstall
The command prompts for the
xpand
user account password, and then connects to each Xpand node to configure passwordless SSH.Switch to the
xpandm
user and change to its home directory:$ su xpandm $ cd
Configure public keys for the
xpandm
system user account:$ clx pubkeyinstall
The command prompts for the
xpandm
user account password, and then connects to each Xpand node to configure passwordless SSH.
Manual Setup
For compact instructions, we have shortened the sample SSH public key strings with [ ... ]
.
These instructions are used twice, once for the xpandm
user, and a second time for the xpand
user.
Each step of this action is performed on each Xpand node before advancing to the next step.
On each Xpand node, create an SSH key pair:
$ ssh-keygen -t rsa
On each Xpand node, copy the public key from
~/.ssh/id_rsa.pub
:$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1
On each Xpand node, add all of the public keys to
~/.ssh/authorized_keys
:ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1 ssh-rsa AAAAB3NzaC[ ... ]tqUkwyatF3nH xpandm@xpand-node2 ssh-rsa AAAAB3NzaC[ ... ]PPI9ifXqjg8/ xpandm@xpand-node3
This should include the public key for the current Xpand node and all other Xpand nodes.
On each Xpand node, ensure proper file permissions of
~/.ssh/authorized_keys
:chmod 0600 ~/.ssh/authorized_keys
On each Xpand node, test passwordless SSH access to each other Xpand node:
$ ssh 192.0.2.2
Substitute the IP address of each other Xpand node.
MaxScale Database User
MaxScale requires a database user account to manage and monitor Xpand.
This action is performed on one Xpand node. The user account will automatically be created on the other Xpand nodes.
Connect to MariaDB Xpand:
$ mysql --user=root --password --no-auto-rehash
Create the
mxs
database user account:CREATE USER 'mxs'@'192.0.2.10' IDENTIFIED BY 'mxs_user_passwd';
Replace
192.0.2.10
with the relevant IP address specification for your MaxScale node.Passwords should meet your organization's password policies.
Grant the
mxs
database user account the privileges required:GRANT SELECT ON system.membership TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.nodeinfo TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.softfailed_nodes TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.user_acl TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.users TO 'mxs'@'192.0.2.10'; GRANT SHOW DATABASES ON *.* TO 'mxs'@'192.0.2.10';
Softfail and Unsoftfail (Optional)
MaxScale supports putting nodes into maintenance mode (softfail
) and removing nodes from maintenance mode (unsoftfail
).
Without MaxScale, these operations are usually performed using the ALTER CLUSTER SOFTFAIL and ALTER CLUSTER UNSOFTFAIL statements.
MaxScale can perform the same operations by executing softfail
and unsoftfail
with the monitor using the REST API. For example, to softfail
the node xpand1
:
$ maxctrl call command xpandmon softfail xpand_monitor xpand1
If you want to softfail
and unsoftfail
nodes via MaxScale, the CLUSTER ADMIN
privilege is also required:
GRANT CLUSTER ADMIN ON *.*
TO 'mxs'@'192.0.2.10';
For additional information, see "Softfail".
Configure Proxy Protocol
Xpand 6.1 adds support for the proxy protocol, which can be used to simplify authentication when used with a load balancer, such as MariaDB MaxScale.
To enable the proxy protocol in Xpand for a specific network, set the proxy_protocol_networks
system variable to a space-separated list of IPv4 networks:
SET GLOBAL proxy_protocol_networks='192.0.2.0/24 198.51.100.0/24';
For additional information, see "Proxy Protocol".