Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
cli/flags,config: new flag for SQL listen addr
This patch introduces the ability to split off the SQL server into a
separate port, using the new command-line flag `--sql-addr`.
The remainder of this commit message details:
- the motivation for the change
- some usage documentation for users of the new feature
- how to introduce this feature in existing clusters
- reading recommendations to reviewers of this change
- release note
**Motivation**
This is a long- and oft-requested feature, aimed at facilitating
deployments in professional networks that use firewalls to fence off
"internal" (server-side) traffic from external (client) traffic.
**Usage**
How it works (simplified):
- the flag `--sql-addr` indicates on which host/port to listen to for
SQL connections.
- it is possible to specify `--sql-addr` to be equal to
`--listen-addr`, in which case both will share a single TCP
connection (internally: using `cmux`).
- in fact, the default for `--sql-addr` is to be equal to
`--listen-addr`, for compatibility with previous versions
of CockroachDB.
- when `--sql-addr` and `--listen-addr` are different, then
the server does not accept SQL connections any more on the
`--listen-addr` address.
- the flag `--advertise-sql-addr` complements `--sql-addr` in
the same way as `--advertise-addr` complements `--listen-addr`.
In addition, the output of `cockroach node status` (and the contents
of `crdb_internal.gossip_nodes`) is extended to display the SQL
address.
Note (intermediate): the new flags enables both using separate ports
on the same host address (e.g. listening on 127.0.0.1 with separate
ports for SQL and RPC), and also using the same port on separate
host addresses (e.g. listening on 127.0.0.1:26257 for SQL, and
192.168.2.123:26257 for RPC). Both use cases are legitimate
and have seen demand in the wild.
Note (advanced): the computation of defaults is performed separately
for the host and port part of the flag. The logic is the same as that
used for `--http-addr`, using default port 26257. For example,
`--sql-addr=localhost` (without port number) is equivalent to
`--sql-addr=localhost:26257`.
Note (advanced): the computation of defaults for
`--advertise-sql-addr` is a bit non-trivial as it pulls its address
and port part separately from `--sql-addr`, `--listen-addr` and
`--advertise-addr`. Effort was made to ensure sane defaults when some
flags but not all are omitted. This is best explained by examples, see
the unit tests in flags_test.go for details.
**Upgrading a cluster to use separate ports**
If a cluster is already online and the need arises to split the ports,
the flag can be introduced as follows:
- when keeping port 26257 for SQL:
1. restart all nodes in a rolling fashion, updating the `--join`
flag on each node to add the new RPC address.
2. restart all nodes in a rolling fashion, adding
`--sql-addr=:26257` and setting `--listen-addr=xxx` to the new
RPC address. The previous address with port 26257 can also be
removed from `--join` in the same step.
- when keeping port 26257 for RPC, introducing a new SQL addr/port:
1. if load balancers are in use, extend the load balancer
config to also attempt connections on the new SQL address.
If load balancers are not in use, temporarily add one
that accepts clients on the old addr/port and redirects the
connection on both the new addr/port and the old.
2. restart all nodes in a rolling fashion, updating the `--sql-addr`
flag.
**Review notes**
This change was constructed as follows:
1. introducing new fields in `base.Config`
2. implementing the address validation logic
in `addr_validation.go` and corresponding unit tests.
3. picking up the new fields to listen separately
in `(s *Server) startListenRPCAndSQL()`
4. adding the command line flag parsing and default
logic in `flags.go` and corresponding unit tests.
5. manually testing that indeed the server can
listen separately on separate ports.
6. to ensure that most unit tests also exercise
the split ports, make TestServer/TestCluster
set the new flags `SplitListenSQL`
7. extend the TestServer interface to make the SQL
address available alongside the RPC address.
8. update all the tests using a SQL connection
to use the SQL address
9. update the CLI test logic from `cli_test.go`
to configure the `--host` flag to the RPC
or SQL address depending on the command
being invoked.
At this point all tests except for `TestZip` would pass
successfully. The remainder of the work is for the benefit of
`cockroach zip`, which needs to discover the reachable address of
every node in a cluster from the address of just 1 of them, doing so
by inspecting all the node descriptors. `cockroach zip` is also
peculiar in that it uses both the RPC and SQL interfaces.
1. equip the node descriptor with a field for the SQL address
and ensure it gets populated.
2. make the zip logic fetch the SQL address of the primary
node by a Node() status request over RPC.
3. for the loop over all nodes, use the SQL address
in each node's descriptor for SQL queries separately
from the RPC logic.
Release note (cli change): CockroachDB now recognizes a flag
`--sql-addr` which makes it possible to accept connections by clients
on a separate TCP address and/or port number from the one used
for intra-cluster (node-node) connections. This is aimed to enable
firewalling client traffic from server traffic.- Loading branch information
