From: Vladimir Davydov <vdavydov.dev@gmail.com> To: Konstantin Osipov <kostja@tarantool.org> Cc: tarantool-patches@freelists.org, Serge Petrenko <sergepetrenko@tarantool.org> Subject: Re: [tarantool-patches] Re: [PATCH v2] iproto: introduce a proxy module. Date: Wed, 17 Oct 2018 11:35:01 +0300 [thread overview] Message-ID: <20181017083500.kznvogmbghukee74@esperanza> (raw) In-Reply-To: <20181016183958.GE5454@chai> On Tue, Oct 16, 2018 at 09:39:58PM +0300, Konstantin Osipov wrote: > * Vladimir Davydov <vdavydov.dev@gmail.com> [18/10/11 09:55]: > > On Tue, Oct 02, 2018 at 09:05:54PM +0300, Serge Petrenko wrote: > > > Since salt proxy sends to a client differs from the salt it recieves > > > from a remote instance, forwarding auth requests to establish non-guest > > > connections is a little bit tricky: > > > let hash1 = sha1(password), > > > hash2 = sha1(hash1) > > > then upon auth proxy recieves such a string from the client: > > > reply = xor(hash1, sha1(proxy_salt, hash2)) > > > proxy has to send an auth request of such form to an instance: > > > request = xor(hash1, sha1(instance_salt, hash2)) > > > proxy fetches hash2 via a special message to tx thread (again, it is > > > accessible, since proxy is run on one of the cluster instances). > > > Then proxy computes hash1 = xor(reply, sha1(proxy_salt, hash2)) and > > > computes the request using hash1, hash2 and instance_salt. > > > > So unless the user is fine with guest access (which is rather unlikely > > AFAIU), it doesn't make sense to run a proxy on a standalone instance, > > does it? > > > > If so, may be we could simplify both configuration and the code by > > requiring a proxy to be a part of the replica set? > > It's OK to simplify the patch now and only make it work within a > replica set. In future we will have replication groups, remember, > and this way we'll get a standalone proxy for free. > > > I mean instead of netbox.listen(), we could add a knob to box.cfg, say > > box.cfg.proxy_enable = true|false. If this knob was set, the instance > > would automatically forward all incoming iproto requests to members of > > the replica set (including self). What do you think? > > We need a new knob for two reasons: > - we need to be able to turn on listen port before box.cfg; it's > albeit separate, a popular user request. Then it should be done in a separate patch before introducing proxy. > - we need backward compatibility. i.e. old listen should work the > old way, to not surprise users How? Two iproto threads? > > > > > Proxy may be configured like this: > > > ``` > > > netbox = require("net.box") > > > netbox.listen(uri_to_listen, {cluster={ > > > {uri=uri1, is_master=false}, > > > {uri=uri2, is_master=true}, > > > ... > > > }}) > > > ``` > > > > I don't like that the user has to explicitly configure which participant > > is rw and which is ro. How will it work when box.ctl.promote is finally > > implemented? > > Can we please implement a proxy in which there is no > {cluster=} option? As we were discussing with Vlad, proxy should > be integrated with box.ctl.promote() and learn about ro/rw masters > from it. Agree, but how can we implement proxy before promote then? May be, we could use IPROTO_VOTE to inquire which replica is rw and which is ro?
next prev parent reply other threads:[~2018-10-17 8:35 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-10-02 18:05 [tarantool-patches] " Serge Petrenko 2018-10-03 8:49 ` Vladimir Davydov 2018-10-04 11:54 ` [tarantool-patches] " Georgy Kirichenko 2018-10-08 10:44 ` [tarantool-patches] " Vladimir Davydov 2018-10-16 18:35 ` [tarantool-patches] " Konstantin Osipov 2018-10-08 16:48 ` [tarantool-patches] " Vladimir Davydov 2018-10-16 18:39 ` [tarantool-patches] " Konstantin Osipov 2018-10-17 8:35 ` Vladimir Davydov [this message] 2018-10-17 15:31 ` Konstantin Osipov 2018-10-08 19:45 ` [tarantool-patches] " Vladimir Davydov 2018-10-16 18:42 ` [tarantool-patches] " Konstantin Osipov 2018-10-23 17:26 ` Konstantin Osipov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181017083500.kznvogmbghukee74@esperanza \ --to=vdavydov.dev@gmail.com \ --cc=kostja@tarantool.org \ --cc=sergepetrenko@tarantool.org \ --cc=tarantool-patches@freelists.org \ --subject='Re: [tarantool-patches] Re: [PATCH v2] iproto: introduce a proxy module.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox