MariaDB MaxScale — Replica Rebuild – Part 4

Part 4— Configure SSH access

This multi-part series breaks down each section into easy logical steps.

If you have not completed part 1, start here.

SSH Configuration

For MaxScale to communicate with the database servers to be able to rebuild the replica servers, we must configure a passwordless user with an SSH key. This means that your MaxScale servers need to be able to communicate with your database servers via SSH through any firewall that might be in place.

On all three database servers, we need to create a user for SSH and configure some Sudo Access.

For this to work, each Database server needs to have a user added:

Bash
adduser maxscaleUser

Then create an authorized keys folder on the three DB Servers:

Bash
mkdir -p /home/maxscaleUser/.ssh
touch /home/maxscaleUser/.ssh/authorized_keys
chmod 700 /home/maxscaleUser/.ssh
chmod 600 /home/maxscaleUser/.ssh/authorized_keys
chown -R maxscaleUser:maxscaleUser /home/maxscaleUser/.ssh

You will then need to create a sudoers.d file called maxscale, I am doing this with vi, but use whichever editor you are most comfortable with:

Bash
vi /etc/sudoers.d/maxscale

and insert the following lines:

Bash
maxscaleUser ALL= NOPASSWD: /bin/systemctl stop mariadb
maxscaleUser ALL= NOPASSWD: /bin/systemctl start mariadb
maxscaleUser ALL= NOPASSWD: /usr/sbin/lsof
maxscaleUser ALL= NOPASSWD: /bin/kill
maxscaleUser ALL= NOPASSWD: /bin/mariabackup
maxscaleUser ALL= NOPASSWD: /bin/mbstream
maxscaleUser ALL= NOPASSWD: /bin/rm -rf /var/lib/mysql/*
maxscaleUser ALL= NOPASSWD: /bin/chown -R mysql\:mysql /var/lib/mysql/*
maxscaleUser ALL= NOPASSWD: /bin/du
maxscaleUser ALL= NOPASSWD: /bin/cat

Save the file and move on to the MaxScale server.

On the MaxScale server, we need to create an SSH key and configure the file permissions accordingly:

Bash
mkdir -p /etc/maxscale/.ssh
ssh-keygen -N '' -t rsa -b 4096 -f /etc/maxscale/.ssh/id_rsa
chown -R maxscale:maxscale /etc/maxscale/.ssh
chmod 700 /etc/maxscale/.ssh
chmod 600 /etc/maxscale/.ssh/id_rsa.pub
chmod 600 /etc/maxscale/.ssh/id_rsa

and also on the MaxScale server make sure the known hosts file exists:

Bash
mkdir -p /home/maxscale/.ssh
touch /home/maxscale/.ssh/known_hosts
chown maxscale /home/maxscale/.ssh/known_hosts

 Now on the MaxScale server cat the output of the known hosts:

Bash
cat /etc/maxscale/.ssh/id_rsa.pub

You need to very carefully paste this output from the MaxScale server into the database servers into an authorized_keys file, adding a new line if some content already exists:

Bash
vi /home/maxscaleUser/.ssh/authorized_keys

Once this file is saved we can move on to configuring MaxScale in Part 5 of this series. 

Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6 | Part 7 | Part 8 | Part 9

Kester Riley

Kester Riley is a Senior Solutions Engineer who leverages his website to establish his brand and build strong business relationships. Through his blog posts, Kester shares his expertise as a consultant, mentor, trainer, and presenter, providing innovative ideas and code examples to empower ambitious professionals.

CentOS (15) Connector (5) Continuous Availability (1) Cooperative Monitoring (3) High Availability (12) Java (3) MariaDB (16) MaxScale (14) Python (2) Replica Rebuild (10) Rocky Linux (15)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.