Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Done
-
None
-
None
Description
Current MaxScale's Authentication mechanism has a limit, MaxScale's host should be added to every
{Username, Password}tuple, as descriped in the Configuration Docments;
If there is a ip white list mechanism, put MaxScale's host in the white list, Server Authentication skip those host in the list will let MaxScale be much easier to use, especially in cloud environment;
Proposal:
1. server privide a white ip list variable;
2. In mysql monitor, after connected to backend, set host to the white list;
Attachments
Issue Links
- is blocked by
-
MDEV-15501 Dynamic config `proxy_protocol_networks`
-
- Closed
-
Activity
thanks it exactly what we need, but if MySQLMon can add host to @@GLOBAL.proxy_protocol_networks could be better, cause we may dynamically add or remove mxs nodes for a mysql cluster;
That's a slightly dangerous thing from a security perspective as it depends only on the authentication of the monitor user but it should be doable. This assumes that the MaxScale user has the permissions to add itself into the list of allowed proxied networks.
Closing this as Done since 2.2 implemented PROXY Protocol support. If you want MaxScale to automatically add itself to the list of proxied hosts, please open a separate feature request for it.
Fixed in 10.3 when PROXY protocol is added.