Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2751

Documentation for maxkeys missing changing the .secrets file ownership

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.3.13
    • Fix Version/s: N/A
    • Component/s: maxkeys
    • Labels:
      None

      Description

      Folks,

      when setting up MaxScale or even moving clear text passwords to encrypted ones using maxkeys, we need to create the key with root user and then change the ownership of the .secrets files created for encrypting the passwords you pass as a parameter of maxpasswd.

      https://mariadb.com/kb/en/mariadb-maxscale-23-encrypting-passwords/

      One of our customers wasn't getting maxscale up and running after executing the process from the current feature documentation as it misses the chown command that needs to be entered to make that files as maxscale:maxscale to avoid the below:

      Oct 18 11:21:44 x.net maxscale[7980]: (secrets_readKeys): Access for secrets file [/var/lib/maxscale/.secrets] failed. Error 13, Permission denied.
      Oct 18 11:21:44 x.net maxscale[7980]: [MariaDBAuth] (check_server_permissions): [readconn-service-master] Failed to connect to server 'x' ([192.168.100.247]:3306) when checking authentication user credentials and permissions: 1045 Access denied for user 'maxusr'@'192.168.100.197' (using password: YES)
      

      Can we have the below added to the documentation?

      Once the key has been created, you need to change the key ownership as the maxscale user must read it and be able to authenticate to the backends with the real password after decrypting it:

      chown maxscale:maxscale /var/lib/maxscale/.secrets

      Finally, use the maxpasswd command to generate the encrypted version of the user's password.

      maxpasswd plainpassword

      96F99AA1315BDC3604B006F427DD9484

      It's going to make it better.

      Thanks!!

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            wagnerbianchi Wagner Bianchi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration