From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 8 Oct 2018 19:48:07 +0300 From: Vladimir Davydov Subject: Re: [tarantool-patches] [PATCH v2] iproto: introduce a proxy module. Message-ID: <20181008164807.ewiv7lwfh4e4decg@esperanza> References: <20181002180554.1142-1-sergepetrenko@tarantool.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181002180554.1142-1-sergepetrenko@tarantool.org> To: Serge Petrenko Cc: tarantool-patches@freelists.org List-ID: On Tue, Oct 02, 2018 at 09:05:54PM +0300, Serge Petrenko wrote: > Since salt proxy sends to a client differs from the salt it recieves > from a remote instance, forwarding auth requests to establish non-guest > connections is a little bit tricky: > let hash1 = sha1(password), > hash2 = sha1(hash1) > then upon auth proxy recieves such a string from the client: > reply = xor(hash1, sha1(proxy_salt, hash2)) > proxy has to send an auth request of such form to an instance: > request = xor(hash1, sha1(instance_salt, hash2)) > proxy fetches hash2 via a special message to tx thread (again, it is > accessible, since proxy is run on one of the cluster instances). > Then proxy computes hash1 = xor(reply, sha1(proxy_salt, hash2)) and > computes the request using hash1, hash2 and instance_salt. So unless the user is fine with guest access (which is rather unlikely AFAIU), it doesn't make sense to run a proxy on a standalone instance, does it? If so, may be we could simplify both configuration and the code by requiring a proxy to be a part of the replica set? I mean instead of netbox.listen(), we could add a knob to box.cfg, say box.cfg.proxy_enable = true|false. If this knob was set, the instance would automatically forward all incoming iproto requests to members of the replica set (including self). What do you think? > Proxy may be configured like this: > ``` > netbox = require("net.box") > netbox.listen(uri_to_listen, {cluster={ > {uri=uri1, is_master=false}, > {uri=uri2, is_master=true}, > ... > }}) > ``` I don't like that the user has to explicitly configure which participant is rw and which is ro. How will it work when box.ctl.promote is finally implemented?