scylladb icon indicating copy to clipboard operation
scylladb copied to clipboard

Published 20 hours ago verified publisher icon scylladb

maintenance socket: provide a default path

Open piodul opened this issue 9 months ago • 9 comments

The maintenance socket, introduced in https://github.com/scylladb/scylladb/pull/16172, provides a CQL interface through a Unix socket. Its intention is to allow administrative access.

However, the socket is not enabled by default. Initially, we wanted to have a default path but it was decided otherwise on the PR (discussion starts here: https://github.com/scylladb/scylladb/pull/16172#issuecomment-1852209272). We would like to revisit this decision.

One of the reasons that we want to reconsider is schema backup for Scylla Manager. Until now, SM has been saving sstables of the schema tables as a way to backup schema, but this method doesn't work with raft-based schema. We would like it to switch to using DESCRIBE SCHEMA WITH INTERNALS command via maintenance socket. However, because the maintenance socket is not enabled by default, the switch to the new method is not seamless as it requires additional configuration changes from the users.

piodul avatar May 14 '24 10:05 piodul

Due to the SM backup issue, marking this as release blocker. (@mykaul please review the decision.)

kbr-scylla avatar May 14 '24 10:05 kbr-scylla

Why do you have to use maintenance socket as opposite to regular connection?

gleb-cloudius avatar May 20 '24 15:05 gleb-cloudius

AFAIK regular connections may require authentication while the maintenance socket does not. Providing CQL credentials for Scylla Manager is optional.

piodul avatar May 21 '24 06:05 piodul

AFAIK regular connections may require authentication while the maintenance socket does not. Providing CQL credentials for Scylla Manager is optional.

I personally would make it mandatory (@tzach - unsure if we reached a decision here).

@piodul - is there a patch for this? (I know we are still waiting for gocql to support this!)

mykaul avatar May 21 '24 07:05 mykaul

I personally would make it mandatory (@tzach - unsure if we reached a decision here).

@piodul - is there a patch for this? (I know we are still waiting for gocql to support this!)

@mykaul Do you mean making it mandatory to provide CQL credentials for SM? AFAIK if SM uses the Unix socket then credentials will not be mandatory.

As for the support for the Unix socket in SM, there is the issue https://github.com/scylladb/scylla-manager/issues/3831 but no patches yet.

piodul avatar May 21 '24 09:05 piodul

@piodul - patch to providing a default path to the maint. socket.

mykaul avatar May 21 '24 10:05 mykaul

@piodul - patch to providing a default path to the maint. socket.

It looks like there isn't one yet. Just to be clear - this task is currently in @kbr-scylla's team scope, core-backend is not working on this.

piodul avatar May 21 '24 10:05 piodul

Lets assume Manager / Admin has premission during restore / backup

tzach avatar May 26 '24 09:05 tzach

Taking off release blocker label then.

kbr-scylla avatar May 27 '24 09:05 kbr-scylla