maintenance socket: provide a default path

Question

maintenance socket: provide a default path

piodul opened this issue 23 days ago · comments

The maintenance socket, introduced in #16172, provides a CQL interface through a Unix socket. Its intention is to allow administrative access.

However, the socket is not enabled by default. Initially, we wanted to have a default path but it was decided otherwise on the PR (discussion starts here: #16172 (comment)). We would like to revisit this decision.

One of the reasons that we want to reconsider is schema backup for Scylla Manager. Until now, SM has been saving sstables of the schema tables as a way to backup schema, but this method doesn't work with raft-based schema. We would like it to switch to using DESCRIBE SCHEMA WITH INTERNALS command via maintenance socket. However, because the maintenance socket is not enabled by default, the switch to the new method is not seamless as it requires additional configuration changes from the users.

Kamil Braun · Answer 1 · Tue May 14 2024 18:33:25 GMT+0800 (China Standard Time)

Due to the SM backup issue, marking this as release blocker. (@mykaul please review the decision.)

Gleb Natapov · Answer 2 · Mon May 20 2024 23:54:41 GMT+0800 (China Standard Time)

Why do you have to use maintenance socket as opposite to regular connection?

Piotr Dulikowski · Answer 3 · Tue May 21 2024 14:57:03 GMT+0800 (China Standard Time)

AFAIK regular connections may require authentication while the maintenance socket does not. Providing CQL credentials for Scylla Manager is optional.

Yaniv Kaul · Answer 4 · Tue May 21 2024 15:25:20 GMT+0800 (China Standard Time)

AFAIK regular connections may require authentication while the maintenance socket does not. Providing CQL credentials for Scylla Manager is optional.

I personally would make it mandatory (@tzach - unsure if we reached a decision here).

@piodul - is there a patch for this? (I know we are still waiting for gocql to support this!)

Piotr Dulikowski · Answer 5 · Tue May 21 2024 17:34:26 GMT+0800 (China Standard Time)

I personally would make it mandatory (@tzach - unsure if we reached a decision here).

@piodul - is there a patch for this? (I know we are still waiting for gocql to support this!)

@mykaul Do you mean making it mandatory to provide CQL credentials for SM? AFAIK if SM uses the Unix socket then credentials will not be mandatory.

As for the support for the Unix socket in SM, there is the issue scylladb/scylla-manager#3831 but no patches yet.

Yaniv Kaul · Answer 6 · Tue May 21 2024 18:20:26 GMT+0800 (China Standard Time)

@piodul - patch to providing a default path to the maint. socket.

Piotr Dulikowski · Answer 7 · Tue May 21 2024 18:25:10 GMT+0800 (China Standard Time)

@piodul - patch to providing a default path to the maint. socket.

It looks like there isn't one yet.
Just to be clear - this task is currently in @kbr-scylla's team scope, core-backend is not working on this.

Tzach Livyatan · Answer 8 · Sun May 26 2024 17:30:15 GMT+0800 (China Standard Time)

Lets assume Manager / Admin has premission during restore / backup

Kamil Braun · Answer 9 · Mon May 27 2024 17:18:33 GMT+0800 (China Standard Time)

Taking off release blocker label then.