Step 2: Start and Configure MariaDB Xpand

Overview

This page details step 2 of the 6-step procedure "Deploy Xpand Topology".

This step starts and configures MariaDB Xpand 6.1.

Several actions require connection to Xpand. A command-line client (mysql) was included with your Xpand installation. Alternatively, a different client and connection method could be used.

Interactive commands are detailed. Alternatively, the described operations can be performed using automation.

Check and Start Xpand Process

This action is performed as the xpandm user account on each Xpand node.

To start the Xpand process:

  1. Check that the Xpand service is running:

    $ clx status
    
  2. If the Xpand service is not running, start the Xpand service:

    $ clx dbstart
    

For additional information, see "clx (Command-Line Reference)" and "MariaDB Xpand System User Accounts".

License Configuration

An Xpand license key must be configured. The license key is a JSON-formatted string. This license key is obtained from MariaDB.

This action is performed on one Xpand node.

Make a note of which Xpand node was used for this action. A later action will need to be performed from this Xpand node.

To set the license key:

  1. Connect to MariaDB Xpand:

    $ mysql --user=root --password --no-auto-rehash
    
  2. Set the license variable to your license key (replace YOUR_LICENSE_KEY_JSON_GOES_HERE):

    SET GLOBAL license = 'YOUR_LICENSE_KEY_JSON_GOES_HERE';
    

Additional nodes can be brought online from the Xpand node used to set the Xpand license key.

Add Xpand Nodes

This action is performed on the Xpand node used for MariaDB Xpand license configuration.

Results of this action:

  • The Xpand node performs a short group change.

  • The Xpand node connects to each new Xpand node. Each new Xpand node is configured to receive connections.

  • The rebalancer process redistributes data and replicas.

To add Xpand nodes:

  1. Connect to the Xpand node used to set the Xpand license:

    $ mysql --user=root --password --no-auto-rehash
    
  2. Add each additional Xpand node by its IP address:

    ALTER CLUSTER ADD '192.0.2.2', '192.0.2.3' COORDINATE;
    

For additional information, see "ALTER CLUSTER (SQL statement)".

Set Root Password

By default, Xpand does not set a password for the root@127.0.0.1 database user account. A password should be set to prevent unauthorized database access by users on the local system.

This action is performed on one Xpand node.

To set a password for the the root@127.0.0.1 database user account:

  1. Connect to MariaDB Xpand:

    $ mysql --user=root --no-auto-rehash
    
  2. Set a password for the user account:

    SET PASSWORD FOR root@127.0.0.1 = PASSWORD("xpand_root_passwd");
    

    Passwords should meet your organization's password policies.

SSH Configuration

MariaDB Xpand depends on the xpand and xpandm user accounts. For additional information, see "MariaDB Xpand System User Accounts".

Passwordless SSH should be configured between Xpand nodes for the xpand and xpandm user accounts. Xpand can automatically configure passwordless SSH if sshd is configured to allow password authentication on each node. Otherwise, passwordless SSH should be manually configured on each node.

To determine which instructions to use, follow the procedure below.

This action is performed on each Xpand node.

  1. On each node, confirm that password authentication is enabled for SSH:

    $ sudo grep -i -E "^PasswordAuthentication" /etc/ssh/sshd_config
    
  2. If the result is "yes" on all nodes, use Automatic Setup:

    PasswordAuthentication yes
    
  3. If the result is "no" on any node, use Manual Setup:

    PasswordAuthentication no
    

Automatic Setup

All Xpand nodes should have the same password for the same user account, but the passwords should differ for each separate user account.

This action is performed on each Xpand node.

  1. Set the password for the xpand system user account:

    $ sudo passwd xpand
    
  2. Set the password for the xpandm system user account:

    $ sudo passwd xpandm
    

After per-node steps are completed, this action is performed on one Xpand node.

  1. Switch to the xpand user and change to its home directory:

    $ su xpand
    $ cd
    
  2. Configure public keys for the xpand system user account:

    $ clx pubkeyinstall
    

    The command prompts for the xpand user account password, and then connects to each Xpand node to configure passwordless SSH.

  3. Switch to the xpandm user and change to its home directory:

    $ su xpandm
    $ cd
    
  4. Configure public keys for the xpandm system user account:

    $ clx pubkeyinstall
    

    The command prompts for the xpandm user account password, and then connects to each Xpand node to configure passwordless SSH.

Manual Setup

For compact instructions, we have shortened the sample SSH public key strings with [ ... ].

These instructions are used twice, once for the xpandm user, and a second time for the xpand user.

Each step of this action is performed on each Xpand node before advancing to the next step.

  1. On each Xpand node, create an SSH key pair:

    $ ssh-keygen -t rsa
    
  2. On each Xpand node, copy the public key from ~/.ssh/id_rsa.pub:

    $ cat ~/.ssh/id_rsa.pub
    ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1
    
  3. On each Xpand node, add all of the public keys to ~/.ssh/authorized_keys:

    ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1
    ssh-rsa AAAAB3NzaC[ ... ]tqUkwyatF3nH xpandm@xpand-node2
    ssh-rsa AAAAB3NzaC[ ... ]PPI9ifXqjg8/ xpandm@xpand-node3
    

    This should include the public key for the current Xpand node and all other Xpand nodes.

  4. On each Xpand node, ensure proper file permissions of ~/.ssh/authorized_keys:

    chmod 0600 ~/.ssh/authorized_keys
    
  5. On each Xpand node, test passwordless SSH access to each other Xpand node:

    $ ssh 192.0.2.2
    

    Substitute the IP address of each other Xpand node.

MaxScale Database User

MaxScale requires a database user account to manage and monitor Xpand.

This action is performed on one Xpand node. The user account will automatically be created on the other Xpand nodes.

  1. Connect to MariaDB Xpand:

    $ mysql --user=root --password --no-auto-rehash
    
  2. Create the mxs database user account:

    CREATE USER 'mxs'@'192.0.2.10'
       IDENTIFIED BY 'mxs_user_passwd';
    

    Replace 192.0.2.10 with the relevant IP address specification for your MaxScale node.

    Passwords should meet your organization's password policies.

  3. Grant the mxs database user account the privileges required:

    GRANT SELECT ON system.membership
       TO 'mxs'@'192.0.2.10';
    
    GRANT SELECT ON system.nodeinfo
       TO 'mxs'@'192.0.2.10';
    
    GRANT SELECT ON system.softfailed_nodes
       TO 'mxs'@'192.0.2.10';
    
    GRANT SELECT ON system.user_acl
       TO 'mxs'@'192.0.2.10';
    
    GRANT SELECT ON system.users
       TO 'mxs'@'192.0.2.10';
    
    GRANT SHOW DATABASES ON *.*
       TO 'mxs'@'192.0.2.10';
    

Softfail and Unsoftfail (Optional)

MaxScale supports putting nodes into maintenance mode (softfail) and removing nodes from maintenance mode (unsoftfail).

Without MaxScale, these operations are usually performed using the ALTER CLUSTER SOFTFAIL and ALTER CLUSTER UNSOFTFAIL statements.

MaxScale can perform the same operations by executing softfail and unsoftfail with the monitor using the REST API. For example, to softfail the node xpand1:

$ maxctrl call command xpandmon softfail xpand_monitor xpand1

If you want to softfail and unsoftfail nodes via MaxScale, the CLUSTER ADMIN privilege is also required:

GRANT CLUSTER ADMIN ON *.*
   TO 'mxs'@'192.0.2.10';

For additional information, see "Softfail".

Configure Proxy Protocol

Xpand 6.1 adds support for the proxy protocol, which can be used to simplify authentication when used with a load balancer, such as MariaDB MaxScale.

To enable the proxy protocol in Xpand for a specific network, set the proxy_protocol_networks system variable to a space-separated list of IPv4 networks:

SET GLOBAL proxy_protocol_networks='192.0.2.0/24 198.51.100.0/24';

For additional information, see "Proxy Protocol".

Next Step

Navigation in the procedure "Deploy Xpand Topology":

  • This page was step 2 of 6.