Step 2: Start and Configure MariaDB Xpand
This page is part of MariaDB's Documentation.
The parent of this page is: Deploy Xpand Topology
Topics on this page:
Overview
This page details step 2 of the 6-step procedure "Deploy Xpand Topology".
This step starts and configures MariaDB Xpand 23.09.
Several actions require connection to Xpand. A command-line client (mysql) was included with your Xpand installation. Alternatively, a different client and connection method could be used.
Interactive commands are detailed. Alternatively, the described operations can be performed using automation.
Check and Start Xpand Process
This action is performed as the xpandm user account on each Xpand node.
To start the Xpand process:
Check that the Xpand service is running:
$ clx statusIf the Xpand service is not running, start the Xpand service:
$ clx dbstart
For additional information, see "clx (Command-Line Reference)" and "MariaDB Xpand System User Accounts".
License Configuration
An Xpand license key must be configured. The license key is a JSON-formatted string. This license key is obtained from MariaDB.
This action is performed on one Xpand node.
Make a note of which Xpand node was used for this action. A later action will need to be performed from this Xpand node.
To set the license key:
Connect to MariaDB Xpand:
$ mysql --user=root --password --no-auto-rehashSet the license variable to your license key (replace
YOUR_LICENSE_KEY_JSON_GOES_HERE):SET GLOBAL license = 'YOUR_LICENSE_KEY_JSON_GOES_HERE';
Additional nodes can be brought online from the Xpand node used to set the Xpand license key.
Add Xpand Nodes
This action is performed on the Xpand node used for MariaDB Xpand license configuration.
Results of this action:
The Xpand node performs a short group change.
The Xpand node connects to each new Xpand node. Each new Xpand node is configured to receive connections.
The rebalancer process redistributes data and replicas.
To add Xpand nodes:
Connect to the Xpand node used to set the Xpand license:
$ mysql --user=root --password --no-auto-rehashAdd each additional Xpand node by its IP address:
ALTER CLUSTER ADD '192.0.2.2', '192.0.2.3' COORDINATE;
For additional information, see "ALTER CLUSTER (SQL statement)".
Set Root Password
By default, Xpand does not set a password for the root@127.0.0.1 database user account. A password should be set to prevent unauthorized database access by users on the local system.
This action is performed on one Xpand node.
To set a password for the the root@127.0.0.1 database user account:
Connect to MariaDB Xpand:
$ mysql --user=root --no-auto-rehashSet a password for the user account:
SET PASSWORD FOR root@127.0.0.1 = PASSWORD("xpand_root_passwd");Passwords should meet your organization's password policies.
SSH Configuration
MariaDB Xpand depends on the xpand and xpandm user accounts. For additional information, see "MariaDB Xpand System User Accounts".
Passwordless SSH should be configured between Xpand nodes for the xpand and xpandm user accounts. Xpand can automatically configure passwordless SSH if sshd is configured to allow password authentication on each node. Otherwise, passwordless SSH should be manually configured on each node.
To determine which instructions to use, follow the procedure below.
This action is performed on each Xpand node.
On each node, confirm that password authentication is enabled for SSH:
$ sudo grep -i -E "^PasswordAuthentication" /etc/ssh/sshd_configIf the result is "yes" on all nodes, use Automatic Setup:
PasswordAuthentication yesIf the result is "no" on any node, use Manual Setup:
PasswordAuthentication no
Automatic Setup
All Xpand nodes should have the same password for the same user account, but the passwords should differ for each separate user account.
This action is performed on each Xpand node.
Set the password for the
xpandsystem user account:$ sudo passwd xpandSet the password for the
xpandmsystem user account:$ sudo passwd xpandm
After per-node steps are completed, this action is performed on one Xpand node.
Switch to the
xpanduser and change to its home directory:$ su xpand $ cd
Configure public keys for the
xpandsystem user account:$ clx pubkeyinstallThe command prompts for the
xpanduser account password, and then connects to each Xpand node to configure passwordless SSH.Switch to the
xpandmuser and change to its home directory:$ su xpandm $ cd
Configure public keys for the
xpandmsystem user account:$ clx pubkeyinstallThe command prompts for the
xpandmuser account password, and then connects to each Xpand node to configure passwordless SSH.
Manual Setup
For compact instructions, we have shortened the sample SSH public key strings with [ ... ].
These instructions are used twice, once for the xpandm user, and a second time for the xpand user.
Each step of this action is performed on each Xpand node before advancing to the next step.
On each Xpand node, create an SSH key pair:
$ ssh-keygen -t rsaOn each Xpand node, copy the public key from
~/.ssh/id_rsa.pub:$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1
On each Xpand node, add all of the public keys to
~/.ssh/authorized_keys:ssh-rsa AAAAB3NzaC[ ... ]Vk81q0FxYQm5 xpandm@xpand-node1 ssh-rsa AAAAB3NzaC[ ... ]tqUkwyatF3nH xpandm@xpand-node2 ssh-rsa AAAAB3NzaC[ ... ]PPI9ifXqjg8/ xpandm@xpand-node3
This should include the public key for the current Xpand node and all other Xpand nodes.
On each Xpand node, ensure proper file permissions of
~/.ssh/authorized_keys:chmod 0600 ~/.ssh/authorized_keysOn each Xpand node, test passwordless SSH access to each other Xpand node:
$ ssh 192.0.2.2Substitute the IP address of each other Xpand node.
MaxScale Database User
MaxScale requires a database user account to manage and monitor Xpand.
This action is performed on one Xpand node. The user account will automatically be created on the other Xpand nodes.
Connect to MariaDB Xpand:
$ mysql --user=root --password --no-auto-rehashCreate the
mxsdatabase user account:CREATE USER 'mxs'@'192.0.2.10' IDENTIFIED BY 'mxs_user_passwd';
Replace
192.0.2.10with the relevant IP address specification for your MaxScale node.Passwords should meet your organization's password policies.
Grant the
mxsdatabase user account the privileges required:GRANT SELECT ON system.membership TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.nodeinfo TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.softfailed_nodes TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.user_acl TO 'mxs'@'192.0.2.10'; GRANT SELECT ON system.users TO 'mxs'@'192.0.2.10'; GRANT SHOW DATABASES ON *.* TO 'mxs'@'192.0.2.10';
Softfail and Unsoftfail (Optional)
MaxScale supports putting nodes into maintenance mode (softfail) and removing nodes from maintenance mode (unsoftfail).
Without MaxScale, these operations are usually performed using the ALTER CLUSTER SOFTFAIL and ALTER CLUSTER UNSOFTFAIL statements.
MaxScale can perform the same operations by executing softfail and unsoftfail with the monitor using the REST API. For example, to softfail the node xpand1:
$ maxctrl call command xpandmon softfail xpand_monitor xpand1
If you want to softfail and unsoftfail nodes via MaxScale, the CLUSTER ADMIN privilege is also required:
GRANT CLUSTER ADMIN ON *.*
TO 'mxs'@'192.0.2.10';
For additional information, see "Softfail".
Configure Proxy Protocol
Xpand 6.1 adds support for the proxy protocol, which can be used to simplify authentication when used with a load balancer, such as MariaDB MaxScale.
To enable the proxy protocol in Xpand for a specific network, set the proxy_protocol_networks system variable to a space-separated list of IPv4 networks:
SET GLOBAL proxy_protocol_networks='192.0.2.0/24 198.51.100.0/24';
For additional information, see "Proxy Protocol".