1 of 100

MariaDB MaxScale 22.08

MaxScale 22.08 Filters

MaxScale 22.08 Binlog Filter

Binlog Filter

This filter was introduced in MariaDB MaxScale 2.3.0.

Overview

The binlogfilter can be combined with a binlogrouter service to selectively replicate the binary log events to slave servers.

The filter uses two settings, match and exclude, to determine which events are replicated. If a binlog event does not match or is excluded, the event is replaced with an empty data event. The empty event is always 35 bytes which translates to a space reduction in most cases.

When statement-based replication is used, any query events that are filtered out are replaced with a SQL comment. This causes the query event to do nothing and thus the event will not modify the contents of the database. The GTID position of the replicating database will still advance which means that downstream servers replicating from it keep functioning correctly.

The filter works with both row based and statement based replication but we recommend using row based replication with the binlogfilter. This guarantees that there are no ambiguities in the event filtering.

Configuration

`match`

Type:
Mandatory: No
Dynamic: Yes
Default: None

Include queries that match the regex. See next entry, exclude, for more information.

`exclude`

Type:
Mandatory: No
Dynamic: Yes
Default: None

Exclude queries that match the regex.

If neither match nor exclude are defined, the filter does nothing and all events are replicated. This filter does not accept regular expression options as a separate setting, such settings must be defined in the patterns themselves. See the for more information.

The two settings are matched against the database and table name concatenated with a period. For example, the string the patterns are matched against for the database test and table t1 is test.t1.

For statement based replication, the pattern is matched against all the tables in the statements. If any of the tables matches the match pattern, the event is replicated. If any of the tables matches the exclude pattern, the event is not replicated.

`rewrite_src`

Type:
Mandatory: No
Dynamic: Yes
Default: None

See the next entry, rewrite_dest, for more information.

`rewrite_dest`

Type:
Mandatory: No
Dynamic: Yes
Default: None

rewrite_src and rewrite_dest control the statement rewriting of the binlogfilter. The rewrite_src setting is a PCRE2 regular expression that is matched against the default database and the SQL of statement based replication events (query events). rewrite_dest is the replacement string which supports the normal PCRE2 backreferences (e.g the first capture group is $1, the second is $2, etc.).

Both rewrite_src and rewrite_dest must be defined to enable statement rewriting.

When statement rewriting is enabled must be used. The filter will disallow replication for all slaves that attempt to replicate with traditional file-and-position based replication.

The replacement is done both on the default database as well as the SQL statement in the query event. This means that great care must be taken when defining the rewriting rules. To prevent accidental modification of the SQL into a form that is no longer valid, use database and table names that never occur in the inserted data and is never used as a constant value.

Example Configuration

With the following configuration, only events belonging to database customers are replicated. In addition to this, events for the table orders are excluded and thus are not replicated.

For more information about the binlogrouter and how to use it, refer to the .

CC BY-SA / Gnu FDL

MaxScale 22.08 Consistent Critical Read Filter

Consistent Critical Read Filter

This filter was introduced in MariaDB MaxScale 2.1.

MaxScale 22.08 Insert Stream Filter

Insert Stream Filter

This filter was introduced in MariaDB MaxScale 2.1.

Note

MaxScale 22.08 REST API

MaxScale 22.08 About

About MariaDB MaxScale

MariaDB MaxScale is a database proxy that forwards database statements to one or more database servers.

The forwarding is performed using rules based on the semantic understanding of the database statements and on the roles of the servers within the backend cluster of databases.

MariaDB MaxScale is designed to provide, transparently to applications, load balancing and high availability functionality. MariaDB MaxScale has a scalable and flexible architecture, with plugin components to support different protocols and routing approaches.

MariaDB MaxScale makes extensive use of the asynchronous I/O capabilities of the Linux operating system, combined with a fixed number of worker threads. epoll is used to provide the event driven framework for the input and output via sockets.

Many of the services provided by MariaDB MaxScale are implemented as external shared object modules loaded at runtime. These modules support a fixed interface, communicating the entry points via a structure consisting of a set of function pointers. This structure is called the "module object". Additional modules can be created to work with MariaDB MaxScale.

Commonly used module types are protocol, router and filter. Protocol modules implement the communication between clients and MariaDB MaxScale, and between MariaDB MaxScale and backend servers. Routers inspect the queries from clients and decide the target backend. The decisions are usually based on routing rules and backend server status. Filters work on data as it passes through MariaDB MaxScale. Filter are often used for logging queries or modifying server responses.

A Google Group exists for MariaDB MaxScale. The Group is used to discuss ideas, issues and communicate with the MariaDB MaxScale community. Send email to or use the interface.

Bugs can be reported in the MariaDB Jira

Installing MariaDB MaxScale

Information about installing MariaDB MaxScale, either from a repository or by building from source code, is included in the .

The same guide also provides basic information on running MariaDB MaxScale. More detailed information about configuring MariaDB MaxScale can be found in the .

CC BY-SA / Gnu FDL

MariaDB MaxScale 22.08 Authenticators

MariaDB MaxScale 22.08 Connectors

MaxScale 22.08 MaxScale CDC Connector

Maxscale CDC Connector

The C++ connector for the .

MariaDB MaxScale 22.08 Getting Started

Installing MariaDB MaxScale Using a Tarball

Installing MariaDB MaxScale using a tarball

MariaDB MaxScale is also made available as a tarball, which is named likemaxscale-x.y.z.OS.tar.gz

Getting Started Monitors

MariaDB MaxScale 22.08 Monitors

MaxScale 22.08 Aurora Monitor

Aurora Monitor

Note The Aurora Monitor is deprecated in 22.08.2 and will be removed in 23.02.0.

This module monitors the status of Aurora cluster replicas. These replicas do not use the standard MySQL protocol replication but rely on a mechanism provided by AWS to replicate changes.

MariaDB MaxScale 22.08 Protocols

MaxScale 22.08 Change Data Capture CDC Protocol

Change Data Capture (CDC) Protocol

CDC is a new protocol that allows compatible clients to authenticate and register for Change Data Capture events. The new protocol must be use in conjunction with AVRO router which currently converts MariaDB binlog events into AVRO records. Change Data Capture protocol is used by clients in order to interact with stored AVRO file and also allows registered clients to be notified with the new events coming from MariaDB 10.0/10.1 database.

Creating Users

The users and their hashed passwords are stored in /var/cache/maxscale/<service name>/cdcusers where <service name> is the name of the service.

For example, the following service entry will look into /var/cache/maxscale/CDC-Service/ for a file called cdcusers. If that file is found, the users in that file will be used for authentication.

If the cdcusers file cannot be found, the service user (maxuser:maxpwd in the example) can be used to connect through the CDC protocol.

For more details, refer to the .

Protocol Phases

Connection and Authentication

Client connects to MaxScale CDC protocol listener.
Send the authentication message which includes the user and the SHA1 of the password

In the future, optional flags could be implemented.

Registration

Sending UUID
Specify the output format (AVRO or JSON) for data retrieval.

Data Request

Send CDC commands to retrieve router statistics or to query for data events

Protocol Details

Authentication

The authentication starts when the client sends the hexadecimal representation of the username concatenated with a colon (:) and the SHA1 of the password.

bin2hex(username + ':' + SHA1(password))

For example the user foobar with a password of foopasswd should send the following hexadecimal string

Server returns OK on success and ERR on failure.

Registration

REGISTER

REGISTER UUID=UUID, TYPE={JSON | AVRO}

Example:

Server returns OK on success and ERR on failure.

Change Data Capture Commands

REQUEST-DATA

REQUEST-DATA DATABASE.TABLE[.VERSION] [GTID]

This command fetches data from specified table in a database and returns the output in the requested format (AVRO or JSON). Data records are sent to clients and if new AVRO versions are found (e.g. mydb.mytable.0000002.avro) the new schema and data will be sent as well.

The data will be streamed until the client closes the connection.

Clients should continue reading from network in order to automatically gets new events.

Example:

Example Client

MaxScale includes an example CDC client application written in Python 3. You can find the source code for it .

CC BY-SA / Gnu FDL

MaxScale 22.08 Change Data Capture CDC Users

Change Data Capture (CDC) users

Change Data Capture (CDC) is a new MaxScale protocol that allows compatible clients to authenticate and register for Change Data Capture events. The new protocol must be use in conjunction with AVRO router which currently converts MariaDB binlog events into AVRO records. Clients connect to CDC listener and authenticate using credentials provided in a format described in the

MaxScale 22.08 MariaDB Protocol Module

MariaDB Protocol Module

The mariadbprotocol module implements the MariaDB client-server protocol.

The legacy protocol names mysqlclient, mariadb and mariadbclient are all aliases to mariadbprotocol.

Configuration

Protocol level parameters are defined in the listeners. They must be defined using the scoped parameter syntax where the protocol name is used as the prefix.

For the MariaDB protocol module, the prefix is always mariadbprotocol.

`allow_replication`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Whether the use of the replication protocol is allowed through this listener. If disabled with mariadbprotocol.allow_replication=false, all attempts to start replication will be rejected with a ER_FEATURE_DISABLED error (error number 1289).

CC BY-SA / Gnu FDL

MariaDB MaxScale 22.08 Reference

MaxScale 22.08 Module Commands

Module commands

Introduced in MaxScale 2.1, the module commands are special, module-specific commands. They allow the modules to expand beyond the capabilities of the module API. Currently, only MaxCtrl implements an interface to the module commands.

MariaDB MaxScale 22.08 Routers

MaxScale 22.08 Cat

Cat

The cat router is a special router that concatenates result sets.

MaxScale 22.08 HintRouter

HintRouter

HintRouter was introduced in 2.2 and is still beta.

MariaDB MaxScale 22.08 Tutorials

MaxScale 22.08 Configuring the Galera Monitor

Configuring the Galera Monitor

This document describes how to configure a Galera cluster monitor.

Configuring the Monitor

Define the monitor that monitors the servers.

The mandatory parameters are the object type, the monitor module to use, the list of servers to monitor and the username and password to use when connecting to the servers. The monitor_interval parameter controls for how long the monitor waits between each monitoring loop.

This monitor module will assign one node within the Galera Cluster as the current master and other nodes as slave. Only those nodes that are active members of the cluster are considered when making the choice of master node. The master node will be the node with the lowest value of wsrep_local_index.

Monitor User

The monitor user does not require any special grants to monitor a Galera cluster. To create a user for the monitor, execute the following SQL.

CC BY-SA / Gnu FDL

MaxScale 22.08 Configuring the MariaDB Monitor

Configuring the MariaDB Monitor

This document describes how to configure a MariaDB master-slave cluster monitor to be used with MaxScale.

Configuring the Monitor

Define the monitor that monitors the servers.

Monitor User

The monitor user requires the REPLICATION CLIENT privileges to do basic monitoring. To create a user with the proper grants, execute the following SQL.

Note: If the automatic failover of the MariaDB Monitor will used, the user will require additional grants. Execute the following SQL to grant them.

CC BY-SA / Gnu FDL

MaxScale 22.08 Connection Routing with MariaDB MaxScale

Connection Routing with MariaDB MaxScale

The goal of this tutorial is to configure a system that has two ports available, one for write connections and another for read connections. The read connections are load- balanced across slave servers.

MaxScale 22.08 Encrypting Passwords

Encrypting Passwords

Note: The password encryption format changed in MaxScale 2.5. All encrypted passwords created with MaxScale 2.4 or older need to be re-encrypted.

Upgrading MariaDB MaxScale From 6 to 22.08

Upgrading MariaDB MaxScale from 6 to 22.08

This document describes possible issues when upgrading MariaDB MaxScale from version 6 to 22.08.

Upgrading MariaDB MaxScale From 2.4 to 2.5

Upgrading MariaDB MaxScale from 2.4 to 2.5

This document describes possible issues when upgrading MariaDB MaxScale from version 2.4 to 2.5.

[BinlogFilter]
type=filter
module=binlogfilter
match=/customers[.]/
exclude=/[.]orders/

[BinlogServer]
type=service
router=binlogrouter
server_id=33
filters=BinlogFilter

[BinlogListener]
type=listener
service=BinlogServer
port=4000

All registered module commands can be shown with maxctrl list commands and they can be executed with maxctrl call command <module> <name> ARGS... whereis the name of the module and is the name of the command.ARGS is a command specific list of arguments.

#include <maxscale/modulecmd.hh>

bool my_simple_cmd(const MODULECMD_ARG *argv)
{
    printf("%d arguments given\n", argv->argc);
}

int main(int argc, char **argv)
{
    modulecmd_arg_type_t my_args[] =
    {
        {MODULECMD_ARG_BOOLEAN, "This is a boolean parameter"},
        {MODULECMD_ARG_STRING | MODULECMD_ARG_OPTIONAL, "This is an optional string parameter"}
    };

    // Register the command
    modulecmd_register_command("my_module", "my_command", my_simple_cmd, 2, my_args);

    // Find the registered command
    const MODULECMD *cmd = modulecmd_find_command("my_module", "my_command");

    // Parse the arguments for the command
    const void *arglist[] = {"true", "optional string"};
    MODULECMD_ARG *arg = modulecmd_arg_parse(cmd, arglist, 2);

    // Call the module command
    modulecmd_call_command(cmd, arg);

    // Free the parsed arguments
    modulecmd_arg_free(arg);
    return 0;
}

x.y.z

OS

maxscale-2.5.6.centos.7.tar.gz

There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys, use the maxkeys command.

$ sudo groupadd maxscale
$ sudo useradd -g maxscale maxscale
$ cd /usr/local
$ sudo tar -xzvf maxscale-x.y.z.OS.tar.gz
$ sudo ln -s maxscale-x.y.z.OS maxscale
$ cd maxscale
$ sudo chown -R maxscale var

[Write-Service]
type=service
router=readconnroute
router_options=master
servers=dbserv1, dbserv2, dbserv3
user=maxscale
password=maxscale_pw

[Read-Service]
type=service
router=readconnroute
router_options=slave
servers=dbserv1, dbserv2, dbserv3
user=maxscale
password=maxscale_pw

MaxScale 22.08 Hintfilter

Hintfilter

This filter adds routing hints to a service. The filter has no parameters.

Hint Syntax

Note: If a query has more than one comment only the first comment is processed. Always place any MaxScale related comments first before any other comments that might appear in the query.

Comments and comment types

The client connection will need to have comments enabled. For example themariadb and mysql command line clients have comments disabled by default and they need to be enabled by passing the --comments or -c option to it. Most, if not all, connectors keep all comments intact in executed queries.

For comment types, use either -- (notice the whitespace after the double hyphen) or # after the semicolon or /* ... */ before the semicolon.

Inline comment blocks, i.e. /* .. */, do not require a whitespace character after the start tag or before the end tag but adding the whitespace is advised.

Hint body

All hints must start with the maxscale tag.

The hints have two types, ones that define a server type and others that contain name-value pairs.

Routing destination hints

These hints will instruct the router to route a query to a certain type of a server.

Route to master

A master value in a routing hint will route the query to a master server. This can be used to direct read queries to a master server for a up-to-date result with no replication lag.

Route to slave

A slave value will route the query to a slave server. Please note that the hints will override any decisions taken by the routers which means that it is possible to force writes to a slave server.

Route to named server

A server value will route the query to a named server. The value of<server name> needs to be the same as the server section name in maxscale.cnf. If the server is not used by the service, the hint is ignored.

Route to last used server

A last value will route the query to the server that processed the last query. This hint can be used to force certain queries to be grouped to the same server.

Name-value hints

These control the behavior and affect the routing decisions made by the router. Currently the only accepted parameter is the readwritesplit parametermax_slave_replication_lag. This will route the query to a server with a lower replication lag than this parameter's value.

Hint stack

Hints can be either single-use hints, which makes them affect only one query, or named hints, which can be pushed on and off a stack of active hints.

Defining named hints:

Pushing a hint onto the stack:

Popping the topmost hint off the stack:

You can define and activate a hint in a single command using the following:

You can also push anonymous hints onto the stack which are only used as long as they are on the stack:

Prepared Statements

The hintfilter supports routing hints in prepared statements for both thePREPARE and EXECUTE SQL commands as well as the binary protocol prepared statements.

Binary Protocol

With binary protocol prepared statements, a routing hint in the prepared statement is applied to the execution of the statement but not the preparation of it. The preparation of the statement is routed normally and is sent to all servers.

For example, when the following prepared statement is prepared with the MariaDB Connector-C function mariadb_stmt_prepare and then executed withmariadb_stmt_execute the result is always returned from the master:

Support for binary protocol prepared statements was added in MaxScale 6.0 ().

The protocol commands that the routing hints are applied to are:

COM_STMT_EXECUTE
COM_STMT_BULK_EXECUTE
COM_STMT_SEND_LONG_DATA
COM_STMT_FETCH

Support for direct execution of prepared statements was added in MaxScale 6.2.0. For example the MariaDB Connector-C uses direct execution whenmariadb_stmt_execute_direct is used.

Text Protocol

Text protocol prepared statements (i.e. the PREPARE and EXECUTE SQL commands) behave differently. If a PREPARE command has a routing hint, it will be routed according to the routing hint. Any subsequent EXECUTE command will not be affected by the routing hint in the PREPARE statement. This means they must have their own routing hints.

The following example is the recommended method of executing text protocol prepared statements with hints:

The PREPARE is routed normally and will be routed to all servers. TheEXECUTE will be routed to the master as a result of it having the route to master hint.

Examples

Routing `SELECT` queries to master

In this example, MariaDB MaxScale is configured with the readwritesplit router and the hint filter.

Behind MariaDB MaxScale is a master server and a slave server. If there is replication lag between the master and the slave, read queries sent to the slave might return old data. To guarantee up-to-date data, we can add a routing hint to the query.

The first INSERT query will be routed to the master. The following SELECT query would normally be routed to the slave but with the added routing hint it will be routed to the master. This way we can do an INSERT and a SELECT right after it and still get up-to-date data.

CC BY-SA / Gnu FDL

Building MariaDB MaxScale from Source Code

MariaDB MaxScale can be built on any system that meets the requirements. The main requirements are as follows:

CMake version 3.16 or later (Packaging requires CMake 3.25.1 or later)
GCC version 4.9 or later
OpenSSL version 1.0.1 or later
GNUTLS

This is the minimum set of requirements that must be met to build the MaxScale core package. Some modules in MaxScale require optional extra dependencies.

libuuid (binlogrouter)
boost (binlogrouter)
Bison 2.7 or later (dbfwfilter)
Flex 2.5.35 or later (dbfwfilter)

Some of these dependencies are not available on all operating systems and are downloaded automatically during the build step. To skip the building of modules that need automatic downloading of the dependencies, use -DBUNDLE=N when configuring CMake.

Quickstart

This installs MaxScale as if it was installed from a package. Install git before running the following commands.

Required Packages

For a definitive list of packages, consult the script.

Configuring the Build

The tests and other parts of the build can be controlled via CMake arguments.

Here is a small table with the names of the most common parameters and what they control. These should all be given as parameters to the -D switch inNAME=VALUE format (e.g. -DBUILD_TESTS=Y).

Argument Name

Explanation

Note: You can look into for a list of the CMake variables.

Running unit tests

To run the MaxScale unit test suite, configure the build with -DBUILD_TESTS=Y, compile and then run the make test command.

Building MariaDB MaxScale packages

If you wish to build packages, just add -DPACKAGE=Y to the CMake invocation and build the package with make package instead of installing MaxScale withmake install. This process will create a RPM/DEB package depending on your system.

To build a tarball, add -DTARBALL=Y to the cmake invokation. This will create a maxscale-x.y.z.tar.gz file where x.y.z is the version number.

Some Debian and Ubuntu systems suffer from a bug where make package fails with errors from dpkg-shlibdeps. This can be fixed by running make beforemake package and adding the path to the libmaxscale-common.so library to the LD_LIBRARY_PATH environment variable.

Installing optional components

The MaxScale build system is split into multiple components. The main component is the core MaxScale package which contains MaxScale and all the modules. This is the default component that is build, installed and packaged. There is also the experimental component that contains all experimental modules which are not considered as part of the core MaxScale package and are either alpha or beta quality modules.

To build the experimental modules along with the MaxScale core components, invoke CMake with -DTARGET_COMPONENT=core,experimental.

CC BY-SA / Gnu FDL

git clone https://github.com/mariadb-corporation/MaxScale
mkdir build
cd build
../MaxScale/BUILD/install_build_deps.sh
cmake ../MaxScale -DCMAKE_INSTALL_PREFIX=/usr
make
sudo make install
sudo ./postinst

MaxScale 22.08 GSSAPI Client Authenticator

GSSAPI Client Authenticator

GSSAPI is an authentication protocol that is commonly implemented with Kerberos on Unix or Active Directory on Windows. This document describes GSSAPI authentication in MaxScale. The authentication module name in MaxScale is_GSSAPIAuth_.

Preparing the GSSAPI system

For Unix systems, the usual GSSAPI implementation is Kerberos. This is a short guide on how to set up Kerberos for MaxScale.

The first step is to configure MariaDB to use GSSAPI authentication. The MariaDB documentation for the is a good example on how to set it up.

The next step is to copy the keytab file from the server where MariaDB is installed to the server where MaxScale is located. The keytab file must be placed in the configured default location which almost always is/etc/krb5.keytab. Alternatively, the keytab filepath can be given as an authenticator option.

The location of the keytab file can be changed with the KRB5_KTNAME environment variable:

To take GSSAPI authentication into use, add the following to the listener.

The principal name should be the same as on the MariaDB servers.

Authenticator options

`principal_name`

Type: string
Mandatory: No
Dynamic: No
Default: mariadb/localhost.localdomain

The service principal name to send to the client. This parameter is a string parameter which is used by the client to request the token.

This parameter must be the same as the principal name that the backend MariaDB server uses.

`gssapi_keytab_path`

Type: path
Mandatory: No
Dynamic: No
Default: Kerberos Default

Keytab file location. This should be an absolute path to the file containing the keytab. If not defined, Kerberos will search from a default location, usually/etc/krb5.keytab. This path is set to an environment variable. This means that multiple listeners with GSSAPIAuth will override each other. If using multiple GSSAPI authenticators, either do not set this option or use the same value for all listeners.

Implementation details

Read the document for more details on how authentication modules work in MaxScale.

GSSAPI authentication

The GSSAPI plugin authentication starts when the database server sends the service principal name in the AuthSwitchRequest packet. The principal name will usually be in the form service@REALM.COM.

The client searches its local cache for a token for the service or may request it from the GSSAPI server. If found, the client sends the token to the database server. The database server verifies the authenticity of the token using its keytab file and sends the final OK packet to the client.

Building the module

The GSSAPI authenticator modules require the GSSAPI development libraries (krb5-devel on CentOS 7).

CC BY-SA / Gnu FDL

The address and port parameters tell where the server is located.

MaxScale 22.08 Named Server Filter

Named Server Filter

Overview

The namedserverfilter is a MariaDB MaxScale filter module able to route queries to servers based on regular expression (regex) matches. Since it is a filter instead of a router, the NamedServerFilter only sets routing suggestions. It requires a compatible router to be effective. Currently, bothreadwritesplit and hintrouter take advantage of routing hints in the data packets. This filter uses the PCRE2 library for regular expression matching.

Configuration

The filter accepts settings in two modes: legacy and indexed. Only one of the modes may be used for a given filter instance. The legacy mode is meant for backwards compatibility and allows only one regular expression and one server name in the configuration. In indexed mode, up to 25 regex-server pairs are allowed in the form match01 - target01, match02 - target02 and so on. Also, in indexed mode, the server names (targets) may contain a list of names or special tags ->master or ->slave.

All parameters except the deprecated match and target parameters can be modified at runtime. Any modifications to the filter configuration will only affect sessions created after the change has completed.

Below is a configuration example for the filter in indexed-mode. The legacy mode is not recommended and may be removed in a future release. In the example, a SELECT on TableOne (match01) results in routing hints to two named servers, while a SELECT on TableTwo is suggested to be routed to the master server of the service. Whether a list of server names is interpreted as a route-to-any or route-to-all is up to the attached router. The HintRouter sees a list as a suggestion to route-to-any. For additional information on hints and how they can also be embedded into SQL-queries, see .

Filter Parameters

NamedServerFilter requires at least one matchXY - targetXY pair.

`matchXY`

Type:
Mandatory: No
Dynamic: Yes
Default: None

matchXY defines a against which the incoming SQL query is matched. XY must be a number in the range 01 - 25. Each match-setting pairs with a similarly indexed target-setting. If one is defined, the other must be defined as well. If a query matches the pattern, the filter attaches a routing hint defined by the target-setting to the query. The_options_-parameter affects how the patterns are compiled.

options

Type:
Mandatory: No
Dynamic: Yes
Values: ignorecase, case, extended

for matchXY.

`targetXY`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

The hint which is attached to the queries matching the regular expression defined by_matchXY_. If a compatible router is used in the service the query will be routed accordingly. The target can be one of the following:

a server or service name (adds a HINT_ROUTE_TO_NAMED_SERVER hint)
a list of server names, comma-separated (adds severalHINT_ROUTE_TO_NAMED_SERVER hints)
->master (adds a HINT_ROUTE_TO_MASTER hint)

The support for service names was added in MaxScale 6.3.2. Older versions of MaxScale did not accept service names in the target parameters.

`source`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

This optional parameter defines an IP address or mask which a connecting client's IP address is matched against. Only sessions whose address matches this setting will have this filter active and performing the regex matching. Traffic from other client IPs is simply left as is and routed straight through.

Since MaxScale 2.1 it's also possible to use % wildcards:

Note that using source=% to match any IP is not allowed.

Since MaxScale 2.3 it's also possible to specify multiple addresses separated by comma. Incoming client connections are subsequently checked against each.

`user`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

This optional parameter defines a username the connecting client username is matched against. Only sessions that are connected using this username will have the match and routing hints applied to them. Traffic from other users is simply left as is and routed straight through.

Additional remarks

The maximum number of accepted match - target pairs is 25.

In the configuration file, the indexed match and target settings may be in any order and may skip numbers. During SQL-query matching, however, the regexes are tested in ascending order: match01, match02, match03 and so on. As soon as a match is found for a given query, the routing hints are written and the packet is forwarded to the next filter or router. Any remaining match regexes are ignored. This means the match - target pairs should be indexed in priority order, or, if priority is not a factor, in order of decreasing match probability.

Binary-mode prepared statements (COM_STMT_PREPARE) are handled by matching the prepared sql against the match-parameters. If a match is found, the routing hints are attached to any execution of that prepared statement. Text- mode prepared statements are not supported in this way. To divert them, use regular expressions which match the specific "EXECUTE"-query.

Examples

Example 1 - Route queries targeting a specific table to a server

This will route all queries matching the regular expression *from *users to the server named server2. The filter will ignore character case in queries.

A query like SELECT * FROM users would be routed to server2 where as a query like SELECT * FROM accounts would be routed according to the normal rules of the router.

CC BY-SA / Gnu FDL

Limitations and Known Issues within MariaDB MaxScale

This document lists known issues and limitations in MariaDB MaxScale and its plugins. Since limitations are related to specific plugins, this document is divided into several sections.

Configuration limitations

In versions 2.1.2 and earlier, the configuration files are limited to 1024 characters per line. This limitation was increased to 16384 characters in MaxScale 2.1.3. MaxScale 2.3.0 increased this limit to 16777216 characters.

In versions 2.2.12 and earlier, the section names in the configuration files were limited to 49 characters. This limitation was increased to 1023 characters in MaxScale 2.2.13.

Multiple MaxScales on same server

Starting with MaxScale 2.4.0, on systems with Linux kernels 3.9 or newer due to the addition of SO_REUSEPORT support, it is possible for multiple MaxScale instances to listen on the same network port if the directories used by both instances are completely separate and there are no conflicts which can cause unexpected splitting of connections. This will only happen if users explicitly tell MaxScale to ignore the default directories and will not happen in normal use.

Security limitiations

MariaDB 10.2

The parser of MaxScale correctly parses WITH statements, but fails to collect columns, functions and tables used in the SELECT defining theWITH clause.

Consequently, the database firewall will not block WITH statements where the SELECT of the WITH clause refers to forbidden columns.

MariaDB Default Values

MaxScale assumes that certain configuration parameters in MariaDB are set to their default values. These include but are not limited to:

autocommit: Autocommit is enabled for all new connections.
tx_read_only: Transactions use READ WRITE permissions by default.

Query Classification

Transaction Boundary Detection

If a module in MaxScale requires tracking of transaction boundaries but does not require query classification, a custom parser is used to detect them. Currently the only situation in which this parser is used is when a readconnroute service uses the cache filter.

The custom parser detects a subset of the full SQL syntax used to start transactions. This means that more complex statements will not be fully parsed and will cause the transaction state to not match the real state on the database. For example, SET @my_var = (SELECT 1), autocommit = 0 is not parsed by the custom parser and causes the autocommit modification to not be noticed.

XA Transactions

MaxScale will treat statements executed after XA START and before XA END as if they were executed in a normal read-write transaction started with START TRANSACTION. This means that only XA transactions in the ACTIVE state will be routed as transactions and all statements after XA END are routed normally.

XA transactions and normal transactions are mutually exclusive in MariaDB. This means that a START TRANSACTION command will fail if the connection already has an open XA transaction. MaxScale currently only inspects the SQL and deduces the transaction state from that. If a transaction fails to start due to an open XA transaction, the state in MaxScale and in MariaDB can be different and MaxScale will keep routing statements as if they were inside of a transaction. However, as this is an unlikely scenario, usually no action needs to be taken.

Prepared Statements

For its proper functioning, MaxScale needs in general to be aware of the transaction state and autocommit mode. In order to be that, MaxScale parses statements going through it.

However, if a transaction is commited or rolled back, or the autocommit mode is changed using a prepared statement, MaxScale will miss that and its internal state will be incorrect, until the transaction state or autocommit mode is changed using an explicit statement.

For instance, after the following sequence of commands, MaxScale will still think autocommit is on:

To ensure that MaxScale functions properly, do not commit or rollback a transaction or change the autocommit mode using a prepared statement.

Protocol limitations

Limitations with MySQL/MariaDB Protocol support (MariaDBClient)

Compression is not included in the server handshake.
If a KILL [CONNECTION] <ID> statement is executed, MaxScale will intercept it. If the ID matches a MaxScale session ID, it will be closed by sending modified KILL commands of the same type to all backend server to which the session in question is connected to. This results in behavior that is similar to how MariaDB does it. If the KILL CONNECTION USER <user> form is given, all connections with a matching username will be closed instead.
MariaDB MaxScale does not support KILL QUERY ID <query_id>

Authenticator limitations

Limitations in the MySQL authenticator (MariaDBAuth)

MySQL old style passwords are not supported. MySQL versions 4.1 and newer use a new authentication protocol which does not support pre-4.1 style passwords.
When users have different passwords based on the host from which they connect MariaDB MaxScale is unable to determine which password it should use to connect to the backend database. This results in failed connections and unusable usernames in MariaDB MaxScale.

Filter limitations

Tee filter limitations (tee)

The Tee filter does not support binary protocol prepared statements. The execution of a prepared statements through a service that uses the tee filter is not guaranteed to succeed on the service where the filter branches to as it does on the original service.

This possibility exists due to the fact that the binary protocol prepared statements are identified by a server-generated ID. The ID sent to the client from the main service is not guaranteed to be the same that is sent by the branch service.

Monitor limitations

A server can only be monitored by one monitor. Two or more monitors monitoring the same server is considered an error.

Limitations with Galera Cluster Monitoring (galeramon)

The default master selection is based only on MIN(wsrep_local_index). This can be influenced with the server priority mechanic described in the manual.

Router limitations

Refer to individual router documentation for a list of their limitations.

CC BY-SA / Gnu FDL

MaxScale 22.08 Authentication Modules

Authentication Modules

This document describes general MySQL protocol authentication in MaxScale. For REST-api authentication, see the configuration guide and the REST-api guide.

Similar to the MariaDB Server, MaxScale uses authentication plugins to implement different authentication schemes for incoming clients. The same plugins also handle authenticating the clients to backend servers. The authentication plugins available in MaxScale are , and .

Most of the authentication processing is performed on the protocol level, before handing it over to one of the plugins. This shared part is described in this document. For information on an individual plugin, see its documentation.

User account management

Every MaxScale service with a MariaDB protocol listener requires knowledge of the user accounts defined on the backend databases. The service maintains this information in an internal component called the user account manager (UAM). The UAM queries relevant data from the mysql-database of the backends and stores it. Typically, only the current master server is queried, as all servers are assumed to have the same users. The service settings user and password define the credentials used when fetching user accounts.

The service uses the stored data when authenticating clients, checking their passwords and database access rights. This results in an authentication process very similar to the MariaDB Server itself. Unauthorized users are generally detected already at the MaxScale level instead of the backend servers. This may not apply in some cases, for example if MaxScale is using old user account data.

If authentication fails, the UAM updates its data from a backend. MaxScale may attempt authenticating the client again with the refreshed data without communicating the first failure to the client. This transparent user data update does not always work, in which case the client should try to log in again.

As the UAM is shared between all listeners of a service, its settings are defined in the service configuration. For more information, search the for users_refresh_time, users_refresh_interval and_auth_all_servers_. Other settings which affect how the UAM connects to backends are the global settings auth_connect_timeout and local_address, and the various server-level ssl-settings.

Required grants

To properly fetch user account information, the MaxScale service user must be able to read from various tables in the mysql-database: user, db,tables_priv, columns_priv, procs_priv, proxies_priv and roles_mapping. The user should also have the SHOW DATABASES-grant.

If using MariaDB ColumnStore, the following grant is required:

Limitations and troubleshooting

When a client logs in to MaxScale, MaxScale sees the client's IP address. When MaxScale then connects the client to backends (using the client's username and password), the backends see the connection coming from the IP address of MaxScale. If the client user account is to a wildcard host ('alice'@'%'), this is not an issue. If the host is restricted ('alice'@'123.123.123.123'), authentication to backends will fail.

There are two primary ways to deal with this:

Duplicate user accounts. For every user account with a restricted hostname an equivalent user account for MaxScale is added ('alice'@'maxscale-ip').
Use .

Option 1 limits the passwords for user accounts with shared usernames. Such accounts must use the same password since they will effectively share the MaxScale-to-backend user account. Option 2 requires server support.

See for additional information on how to solve authentication issues.

Wildcard database grants

MaxScale supports wildcards _ and % for database-level grants. As with MariaDB Server, grant select on test_.* to 'alice'@'%'; gives access totest_ as well as test1, test2 and so on. If the GRANT command escapes the wildcard (grant select on test_.* to 'alice'@'%';) both MaxScale and the MariaDB Server interpret it as only allowing access to test_. _ and % are only interpreted as wildcards when the grant is to a database:grant select on test_.t1 to 'alice'@'%'; only grants access to the_test_.t1_-table, not to test1.t1.

Authenticator options

The listener configuration defines authentication options which only affect the listener. authenticator defines the authentication plugins to use.authenticator_options sets various options. These options may affect an individual authentication plugin or the authentication as a whole. The latter are explained below. Multiple options can be given as a comma-separated list.

`skip_authentication`

Type:
Mandatory: No
Dynamic: No
Default: false

If enabled, MaxScale will not check the passwords of incoming clients and just assumes that they are correct. Wrong passwords are instead detected when MaxScale tries to authenticate to the backend servers.

This setting is mainly meant for failure tolerance in situations where the password check is performed outside of MaxScale. If, for example, MaxScale cannot use an LDAP-server but the backend databases can, enabling this setting allows clients to log in. Even with this setting enabled, a user account matching the incoming client username and IP must exist on the backends for MaxScale to accept the client.

This setting is incompatible with standard MariaDB/MySQL authentication plugin (MariaDBAuth in MaxScale). If enabled, MaxScale cannot authenticate clients to backend servers using standard authentication.

`match_host`

Type:
Mandatory: No
Dynamic: No
Default: true

If disabled, MaxScale does not require that a valid user account entry for incoming clients exists on the backends. Specifically, only the client username needs to match a user account, hostname/IP is ignored.

This setting may be used to force clients to connect through MaxScale. Normally, creating the user jdoe@% will allow the user jdoe to connect from any IP-address. By disabling match_host and replacing the user with_jdoe@maxscale-IP_, the user can still connect from any client IP but will be forced to go through MaxScale.

`lower_case_table_names`

Type: number
Mandatory: No
Dynamic: No
Default: 0

Controls database name matching for authentication when an incoming client logs in to a non-empty database. The setting functions similar to the MariaDB Server setting and should be set to the value used by the backends.

The setting accepts the values 0, 1 or 2:

0: case-sensitive matching (default)
1: convert the requested database name to lower case before using case-insensitive matching. Assumes that database names on the server are stored in lower case.
2: use case-insensitive matching.

true and false are also accepted for backwards compatibility. These map to 1 and 0, respectively.

The identifier names are converted using an ASCII-only function. This means that non-ASCII characters will retain their case-sensitivity.

Starting with MaxScale versions 2.5.25, 6.4.6, 22.08.5 and 23.02.2, the behavior of lower_case_table_names=1 is identical with how the MariaDB server behaves. In older releases the comparisons were done in a case-sensitive manner after the requested database name was converted into lowercase. Usinglower_case_table_names=2 will behave identically in all versions which makes it a safe alternative to use when a mix of older and newer MaxScale versions is being used.

CC BY-SA / Gnu FDL

MaxScale 22.08 Read-Write Splitting with MariaDB MaxScale

Read-Write Splitting with MariaDB MaxScale

The goal of this tutorial is to configure a system that appears to the client as a single database. MariaDB MaxScale will split the statements such that write statements are sent to the master server and read statements are balanced across the slave servers.

Setting up MariaDB MaxScale

This tutorial is a part of . Please read it and follow the instructions. Return here once basic setup is complete.

Configuring the service

After configuring the servers and the monitor, we create a read-write-splitter service configuration. Create the following section in your configuration file. The section name is also the name of the service and should be meaningful. For this tutorial, we use the name Splitter-Service.

router defines the routing module used. Here we use readwritesplit for query-level read-write-splitting.

A service needs a list of servers where queries will be routed to. The server names must match the names of server sections in the configuration file and not the hostnames or addresses of the servers.

The user and password parameters define the credentials the service uses to populate user authentication data. These users were created at the start of the .

For increased security, see .

Configuring the Listener

To allow network connections to a service, a network ports must be associated with it. This is done by creating a separate listener section in the configuration file. A service may have multiple listeners but for this tutorial one is enough.

The service parameter tells which service the listener connects to. For the_Splitter-Listener_ we set it to Splitter-Service.

A listener must define the network port to listen on.

The optional address-parameter defines the local address the listener should bind to. This may be required when the host machine has multiple network interfaces. The default behavior is to listen on all network interfaces (the IPv6 address ::).

Starting MariaDB MaxScale

For the last steps, please return to .

CC BY-SA / Gnu FDL

[MyRegexFilter]
type=filter
module=regexfilter
match=some string
replace=replacement string

[MyService]
type=service
router=readconnroute
servers=server1
user=myuser
password=mypasswd
filters=MyRegexfilter

[CreateTableFilter]
type=filter
module=regexfilter
options=ignorecase
match=TYPE\s*=
replace=ENGINE=

[MyService]
type=service
router=readconnroute
servers=server1
user=myuser
password=mypasswd
filters=CreateTableFilter

[maxscale]

[row_server_1]
type = server
address = <ip>
port = <port>

[row_server_2]
type = server
address = <ip>
port = <port>

[Row-Monitor]
type = monitor
module = mariadbmon
servers = row_server_1, row_server_2
user = <user>
password = <password>
monitor_interval = 2000ms

[column_server_1]
type = server
address = <ip>
port = <port>

[Column-Monitor]
type = monitor
module = csmon
servers = column_server_1
user = <user>
password = <password>
monitor_interval = 2000ms

# Row Read write split
[RWS-Row]
type = service
router = readwritesplit
servers = row_server_1, row_server_2
user = <user>
password = <password>

[RWS-Row-Listener]
type = listener
service = RWS-Row
socket = /tmp/rws-row.sock

# Columnstore Read write split
[RWS-Column]
type = service
router = readwritesplit
servers = column_server_1
user = <user>
password = <password>

[RWS-Column-Listener]
type = listener
service = RWS-Column
socket = /tmp/rws-col.sock

# Smart Query router
[SmartQuery]
type = service
router = smartrouter
targets = RWS-Row, RWS-Column
master = RWS-Row
user = <user>
password = <password>

[SmartQuery-Listener]
type = listener
service = SmartQuery
port = <port>

Note that the versioning scheme has changed and that version 6 immediately follows version 2.5. Effectively, the non-changing 2.-prefix has been dropped and henceforth at a major release, the major, instead of the minor version number, will be bumped. This change also affects how maintenance releases are versioned. For instance, 2.5.1, the first GA version of MaxScale 2.5, was followed by the maintenace release 2.5.2. 6.1, the first GA version of MaxScale 6, will be followed by the maintenance release 6.2.

[NamedServerFilter]
type=filter
module=namedserverfilter
match01=^Select.*TableOne$
target01=server2,server3
match22=^SELECT.*TableTwo$
target22=->master

[MyService]
type=service
router=readwritesplit
servers=server1,server2,server3
user=myuser
password=mypasswd
filters=NamedServerFilter

[NamedServerFilter]
type=filter
module=namedserverfilter
match02= *from *users
target02=server2

[MyService]
type=service
router=readwritesplit
servers=server1,server2
user=myuser
password=mypasswd
filters=NamedServerFilter

{
    "data": {
        "attributes": {
            "account": "admin",
            "created": "Thu, 20 Jul 2023 15:29:02 GMT",
            "last_login": "Thu, 20 Jul 2023 15:29:12 GMT",
            "last_update": null,
            "name": "admin"
        },
        "id": "admin",
        "links": {
            "self": "http://localhost:8989/v1/users/inet/admin/"
        },
        "type": "inet"
    },
    "links": {
        "self": "http://localhost:8989/v1/users/inet/admin/"
    }
}

{
    "data": [
        {
            "attributes": {
                "account": "admin",
                "created": "Thu, 20 Jul 2023 15:29:02 GMT",
                "last_login": "Thu, 20 Jul 2023 15:29:12 GMT",
                "last_update": null,
                "name": "admin"
            },
            "id": "admin",
            "links": {
                "self": "http://localhost:8989/v1/users/inet/admin/"
            },
            "type": "inet"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/users/inet/"
    }
}

{
    "data": [
        {
            "attributes": {
                "account": "admin",
                "created": "Thu, 20 Jul 2023 15:29:02 GMT",
                "last_login": "Thu, 20 Jul 2023 15:29:12 GMT",
                "last_update": null,
                "name": "admin"
            },
            "id": "admin",
            "links": {
                "self": "http://localhost:8989/v1/users/inet/admin/"
            },
            "type": "inet"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/users/inet/"
    }
}

{
    "data": {
        "id": "my-user", // The user to create
        "type": "inet", // The type of the user
        "attributes": {
            "password": "my-password", // The password to use for the user
            "account": "basic" // The type of the account
        }
    }
}

{
    "data": {
        "id": "jdoe", // Account name
        "type": "unix" // Account type
        "attributes": {
            "account": "basic" // Type of the user account in MaxScale
        }
    }
}

CREATE USER 'maxscale'@'maxscalehost' IDENTIFIED BY 'maxscale-password';
GRANT SELECT ON mysql.user TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.db TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.columns_priv TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.procs_priv TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.proxies_priv TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'maxscalehost';
GRANT SHOW DATABASES ON *.* TO 'maxscale'@'maxscalehost';

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬────────────────┐
│ Server  │ Address         │ Port │ Connections │ State          │
├─────────┼─────────────────┼──────┼─────────────┼────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Down           │
├─────────┼─────────────────┼──────┼─────────────┼────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Slave, Running │
├─────────┼─────────────────┼──────┼─────────────┼────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running │
├─────────┼─────────────────┼──────┼─────────────┼────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running │
└─────────┴─────────────────┴──────┴─────────────┴────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Down            │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Running         │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬────────────────────────┐
│ Server  │ Address         │ Port │ Connections │ State                  │
├─────────┼─────────────────┼──────┼─────────────┼────────────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Down                   │
├─────────┼─────────────────┼──────┼─────────────┼────────────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Master, Slave, Running │
├─────────┼─────────────────┼──────┼─────────────┼────────────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running         │
├─────────┼─────────────────┼──────┼─────────────┼────────────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running         │
└─────────┴─────────────────┴──────┴─────────────┴────────────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Down            │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

$ maxctrl list servers
┌─────────┬─────────────────┬──────┬─────────────┬─────────────────┐
│ Server  │ Address         │ Port │ Connections │ State           │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server1 │ 192.168.121.51  │ 3306 │ 0           │ Master, Running │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server2 │ 192.168.121.190 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server3 │ 192.168.121.112 │ 3306 │ 0           │ Slave, Running  │
├─────────┼─────────────────┼──────┼─────────────┼─────────────────┤
│ server4 │ 192.168.121.201 │ 3306 │ 0           │ Slave, Running  │
└─────────┴─────────────────┴──────┴─────────────┴─────────────────┘

MaxScale 22.08 Session Resource

Session Resource

A session is an abstraction of a client connection, any number of related backend connections, a router module session and possibly filter module sessions. Each session is created on a service and each service can have multiple sessions.

Resource Operations

Get a session

Get a single session. :id must be a valid session ID. The session ID is the same that is exposed to the client as the connection ID.

This endpoint also supports the rdns=true parameter, which instructs MaxScale to perform reverse DNS on the client IP address. As this requires communicating with an external server, the operation may be expensive.

Response

Status: 200 OK

Get all sessions

Get all sessions.

Response

Status: 200 OK

Update a Session

The request body must be a JSON object which represents the new configuration of the session. The :id must be a valid session ID that is active.

The log_debug, log_info, log_notice, log_warning and log_error boolean parameters control whether the associated logging level is enabled:

The filters that a session uses can be updated by re-defining the filter relationship of the session. This causes new filter sessions to be opened immediately. The old filter session are closed and replaced with the new filter session the next time the session is idle. The order in which the filters are defined in the request body is the order in which the filters are installed, similar to how the filter relationship for services behaves.

Response

Session is modified:

Status: 204 No Content

Restart a Session

This endpoint causes the session to re-read the configuration from the service. As a result of this, all backend connections will be closed and then opened again. All router and filter sessions will be created again which means that for modules that perform something whenever a new module session is opened, this behaves as if a new session was started.

This endpoint can be used to apply configuration changes that were done after the session was started. This can be useful for situations where the client connections live for a long time and connections are not recycled often enough.

Response

Session is was restarted:

Status: 204 No Content

Restart all Sessions

This endpoint does the same thing as the /v1/sessions/:id/restart endpoint except that it applies to all sessions.

Response

Session is was restarted:

Status: 204 No Content

Kill a Session

This endpoint causes the session to be forcefully closed.

Request Parameters

This endpoint supports the following request parameters.

ttl
The time after which the session is killed. If this parameter is not given, the session is killed immediately. This can be used to give the session time to finish the work it is performing before the connection is closed.

Response

Session was killed:

Status: 204 No Content

CC BY-SA / Gnu FDL

MaxScale 22.08 PAM Authenticator

PAM Authenticator

Pluggable authentication module (PAM) is a general purpose authentication API. An application using PAM can authenticate a user without knowledge about the underlying authentication implementation. The actual authentication scheme is defined in the operating system PAM config (e.g. /etc/pam.d/), and can be quite elaborate. MaxScale supports a very limited form of the PAM protocol, which this document details.

Configuration

The MaxScale PAM module requires little configuration. All that is required is to change the listener authenticator module to "PAMAuth".

MaxScale uses the PAM authenticator plugin to authenticate users with plugin set to "pam" in the mysql.user-table. The PAM service name of a user is read from the authetication_string-column. The matching PAM service in the operating system PAM config is used for authenticating the user. If the_authetication_string_ for a user is empty, the fallback service "mysql" is used.

PAM service configuration is out of the scope of this document, see for more information. A simple service definition used for testing this module is below.

`pam_use_cleartext_plugin`

Type:
Mandatory: No
Dynamic: No
Default: false

If enabled, MaxScale communicates with the client as if using . This setting has no effect on MaxScale-to-backend communication, which adapts to either "dialog" or "mysql_clear_password", depeding on which one the backend suggests. This setting is meant to be used with the similarly named MariaDB Server setting.

`pam_mode`

Type:
Mandatory: No
Dynamic: No
Values: password, password_2FA

This setting defines the authentication mode used. Two values are supported:

password Normal password-based authentication
password_2FA Password + 2FA-code based authentication

If set to "password_2FA", any users authenticating via PAM will be asked two passwords ("Password" and "Verification code") during login. MaxScale uses the normal password when either the local PAM api or a backend asks for "Password". MaxScale answers any other password prompt (e.g. "Verification code") with the second password. See for more details. Two-factor mode is incompatible with_pam_use_cleartext_plugin_.

`pam_backend_mapping`

Type:
Mandatory: No
Dynamic: No
Values: none, mariadb

Defines backend authentication mapping, i.e. switch of authentication method between client-to-MaxScale and MaxScale-to-backend. Supported values:

none No mapping
mariadb Map users to normal MariaDB accounts

If set to "mariadb", MaxScale will authenticate clients to backends using standard MariaDB authentication. Authentication to MaxScale itself still uses PAM. MaxScale asks the local PAM system if the client username was mapped to another username during authentication, and use the mapped username when logging in to backends. Passwords for the mapped users can be given in a file, see pam_mapped_pw_file below. If passwords are not given, MaxScale will try to authenticate without a password. Because of this, normal PAM users and mapped users cannot be used on the same listener.

Because the client still needs to authenticate to MaxScale normally, an anonymous user may be required. If the backends do not allow such a user, one can be manually added using the service setting .

To map usernames, the PAM service needs to use a module such as_pam_user_map.so_. This module is not a standard Linux component and needs to be installed separately. It is included in recent MariaDB Server packages and can also be compiled from source. See for more information on how to configure the module. If the goal is to only map users from PAM to MariaDB in MaxScale, then configuring user mapping on just the machine running MaxScale is enough.

Instead of using pam_backend_mapping, consider using the listener setting , as it is easier to configure. pam_backend_mapping should only be used when the user mapping needs to be defined by pam.

`pam_mapped_pw_file`

Type: path
Mandatory: No
Dynamic: No
Default: None

Path to a json-text file with user passwords. Default value is empty, which disables the feature.

This feature only works together with pam_backend_mapping=mariadb. The file is only read during listener creation (typically MaxScale start) or when a listener is modified during runtime. The file should contain passwords for the mapped users. When a client is authenticating, MaxScale searches the password data for a matching username. If one is found, MaxScale uses the supplied password when logging in to backends. Otherwise, MaxScale tries to authenticate without a password.

One array, "users_and_passwords", is read from the file. Each array element in the array must define the following fields:

"user": String. Mapped client username.
"password": String. Backend server password. Can be encrypted with maxpasswd.

An example file is below.

Anonymous user mapping

When backend authenticator mapping is not in use (authenticator_options=pam_backend_mapping=none), the PAM authenticator supports a limited version of . It requires less configuration but is also less accurate than proper mapping. Anonymous mapping is enabled in MaxScale if the following user exists:

Empty username (e.g. ''@'%' or ''@'myhost.com')
plugin = 'pam'
Proxy grant is on (The query SHOW GRANTS FOR user@host; returns at least one row with GRANT PROXY ON ...)

When the authenticator detects such users, anonymous account mapping is enabled for the hosts of the anonymous users. To verify this, enable the info log (log_info=1 in MaxScale config file). When a client is logging in using the anonymous user account, MaxScale will log a message starting with "Found matching anonymous user ...".

When mapping is on, the MaxScale PAM authenticator does not require client accounts to exist in the mysql.user-table received from the backend. MaxScale only requires that the hostname of the incoming client matches the host field of one of the anonymous users (comparison performed using LIKE). If a match is found, MaxScale attempts to authenticate the client to the local machine with the username and password supplied. The PAM service used for authentication is read from the authentication_string-field of the anonymous user. If authentication was successful, MaxScale then uses the username and password to log to the backends.

Anonymous mapping is only attempted if the client username is not found in themysql.user-table as explained in . This means, that if a user is found and the authentication fails, anonymous authentication is not attempted even when it could use a different PAM service with a different outcome.

Setting up PAM group mapping for the MariaDB server is a more involved process as the server requires details on which Unix user or group is mapped to which MariaDB user. See for more details. Performing all the steps in the guide also on the MaxScale machine is not required, as the MaxScale PAM plugin only checks that the client host matches an anonymous user and that the client (with the username and password it provided) can log into the local PAM configuration. If using normal password authentication, simply generating the Unix user and password should be enough.

Implementation details and limitations

The general PAM authentication scheme is difficult for a proxy such as MaxScale. An application using the PAM interface needs to define a conversation function to allow the OS PAM modules to communicate with the client, possibly exchanging multiple messages. This works when a client logs in to a normal server, but not with MaxScale since it needs to autonomously log into multiple backends. For MaxScale to successfully log into the servers, the messages and answers need to be predefined. The passwords given to MaxScale need to work as is when MaxScale logs into the backends. This requirement prevents the use of one-time passwords.

The MaxScale PAM authentication module supports two password modes. In normal mode, client authentication begins with MaxScale sending an AuthSwitchRequest packet. In addition to the command, the packet contains the client plugin name ("dialog" or "mysql_clear_password"), a message type byte (4) and the message "Password: ". In the next packet, the client should send the password, which MaxScale will forward to the PAM api running on the local machine. If the password is correct, an OK packet is sent to the client. If the local PAM api asks for additional credentials as is typical in two-factor authentication schemes, authentication fails. Informational messages such as password expiration notifications are allowed. These are simply printed to the log.

On the backend side, MaxScale expects the servers to act as MaxScale did towards the client. The servers should send an AuthSwitchRequest packet as defined above, MaxScale responds with the password received by the client authenticator and finally backend replies with OK. Informational messages from backends are only printed to the info-log.

Two-factor authentication support

MaxScale supports a limited form of two-factor authentication with thepam_mode=password_2FA-option. Since MaxScale uses the 2FA-code given by the client to log in to the local PAM api as well as all the backends, the code must be reusable. This prevents the use of any kind of centrally checked one-use codes. Time-based codes work, assuming the backends are checking the codes independently of each other. Automatic reconnection features (e.g. readwritesplit-router) will not work, as the code has likely changed since original authentication.

Optionally, the PAM configuration on the backend servers can be weakened such that the servers only asks for the normal password. This way, MaxScale will check the 2FA-code of the incoming client, while MaxScale logs into the backends using only the password.

Due to technical reasons, MaxScale does not forward the password prompts from the PAM api to the client. MaxScale will always ask for "Password" and "Verification code", even if the PAM api asks for other items. This prevents the use of authentication schemes where a specific question must be answered (e.g. "Input code Nr. 5"). This is not a significant limitation, as such schemes would not work with backend servers anyway.

Test tool

MaxScale binary directory contains the test_pam_login-executable. This simple program asks for a username, password and PAM service and then uses the given credentials to login to the given service. test_pam_login uses the same code as MaxScale itself to communicate with the OS PAM interface and may be useful for diagnosing PAM login issues.

CC BY-SA / Gnu FDL

MaxScale 22.08 Galera Monitor

Galera Monitor

Overview

The Galera Monitor is a monitoring module for MaxScale that monitors a Galera cluster. It detects whether nodes are a part of the cluster and if they are in sync with the rest of the cluster. It can also assign master and slave roles inside MaxScale, allowing Galera clusters to be used with modules designed for traditional master-slave clusters.

By default, the Galera Monitor will choose the node with the lowest wsrep_local_index value as the master. This will mean that two MaxScales running on different servers will choose the same server as the master.

WSREP Variables and Their Effects

The following WSREP variables are inspected by galeramon to see whether a node is usable. If the node is not usable, it loses the Master and Slave labels and will be in the Running state.

If wsrep_ready=0, the WSREP system is not yet ready and the Galera node cannot accept queries.
If wsrep_desync=1 is set, the node is desynced and is not participating in the Galera replication.
If wsrep_reject_queries=[ALL|ALL_KILL] is set, queries are refused and the node is unusable.

Galera clusters and slaves replicating from it

MaxScale 2.4.0 added support for slaves replicating off of Galera nodes. If a non-Galera server monitored by galeramon is replicating from a Galera node also monitored by galeramon, it will be assigned the Slave, Running status as long as the replication works. This allows read-scaleout with Galera servers without increasing the size of the Galera cluster.

Required Grants

The Galera Monitor requires the REPLICA MONITOR grant to work:

With MariaDB Server 10.4 and earlier, REPLICATION CLIENT is required instead.

If set_donor_nodes is configured, the SUPER grant is required:

Configuration

A minimal configuration for a monitor requires a set of servers for monitoring and a username and a password to connect to these servers. The user requires the REPLICATION CLIENT privilege to successfully monitor the state of the servers.

Common Monitor Parameters

For a list of optional parameters that all monitors support, read the document.

Galera Monitor optional parameters

These are optional parameters specific to the Galera Monitor.

`disable_master_failback`

Type: boolean
Default: false
Dynamic: Yes

If a node marked as master inside MaxScale happens to fail and the master status is assigned to another node MaxScale will normally return the master status to the original node after it comes back up. With this option enabled, if the master status is assigned to a new node it will not be reassigned to the original node for as long as the new master node is running. In this case the Master Stickiness status bit is set which will be visible in the maxctrl list servers output.

`available_when_donor`

Type: boolean
Default: false
Dynamic: Yes

This option allows Galera nodes to be used normally when they are donors in an SST operation when the SST method is non-blocking (e.g. wsrep_sst_method=mariadb-backup).

Normally when an SST is performed, both participating nodes lose their Synced, Master or Slave statuses. When this option is enabled, the donor is treated as if it was a normal member of the cluster (i.e. wsrep_local_state = 4). This is especially useful if the cluster drops down to one node and an SST is required to increase the cluster size.

The current list of non-blocking SST methods are xtrabackup, xtrabackup-v2 and mariadb-backup. Read the documentation for more details.

`disable_master_role_setting`

Type: boolean
Default: false
Dynamic: Yes

This disables the assignment of master and slave roles to the Galera cluster nodes. If this option is enabled, Synced is the only status assigned by this monitor.

`use_priority`

Type: boolean
Default: false
Dynamic: Yes

Enable interaction with server priorities. This will allow the monitor to deterministically pick the write node for the monitored Galera cluster and will allow for controlled node replacement.

`root_node_as_master`

Type: boolean
Default: false
Dynamic: Yes

This option controls whether the write master Galera node requires a wsrep_local_index value of 0. This option was introduced in MaxScale 2.1.0 and it is disabled by default in versions 2.1.5 and newer. In versions 2.1.4 and older, the option was enabled by default.

A Galera cluster will always have a node which has a wsrep_local_index value of 0. Based on this information, multiple MaxScale instances can always pick the same node for writes.

If the root_node_as_master option is disabled for galeramon, the node with the lowest index will always be chosen as the master. If it is enabled, only the node with a wsrep_local_index value of 0 can be chosen as the master.

This parameter can work with disable_master_failback but using them together is not advisable: the intention of root_node_as_master is to make sure that all MaxScale instances that are configured to use the same Galera cluster will send writes to the same node. If disable_master_failback is enabled, this is no longer true if the Galera cluster reorganizes itself in a way that a different node gets the node index 0, writes would still be going to the old node that previously had the node index 0. A restart of one of the MaxScales or a new MaxScale joining the cluster will cause writes to be sent to the wrong node, thus resulting in an increasing the rate of deadlock errors and sub-optimal performance.

`set_donor_nodes`

Type: boolean
Default: false
Dynamic: Yes

This option controls whether the global variable wsrep_sst_donor should be set in each cluster node with slave' status. The variable contains a list of slave servers, automatically sorted, with possible master candidates at its end.

The sorting is based either on wsrep_local_index or node server priority depending on the value of use_priority option. If no server has priority defined the sorting switches to wsrep_local_index. Node names are collected by fetching the result of the variable wsrep_node_name.

Example of variable being set in all slave nodes, assuming three nodes:

Note: in order to set the global variable wsrep_sst_donor, proper privileges are required for the monitor user that connects to cluster nodes. This option is disabled by default and was introduced in MaxScale 2.1.0.

Interaction with Server Priorities

If the use_priority option is set and a server is configured with the priority=<int> parameter, galeramon will use that as the basis on which the master node is chosen. This requires the disable_master_role_setting to be undefined or disabled. The server with the lowest positive value of priority will be chosen as the master node when a replacement Galera node is promoted to a master server inside MaxScale. If all candidate servers have the same priority, the order of the servers in the servers parameter dictates which is chosen as the master.

Nodes with a negative value (priority < 0) will never be chosen as the master. This allows you to mark some servers as permanent slaves by assigning a non-positive value into priority. Nodes with the default priority of 0 are only selected if no nodes with higher priority are present and the normal node selection rules apply to them (i.e. selection is based on wsrep_local_index).

Here is an example.

In this example node-1 is always used as the master if available. If node-1 is not available, then the next node with the highest priority rank is used. In this case it would be node-3. If both node-1 and node-3 were down, then node-2 would be used. Because node-4 has a value of -1 in priority, it will never be the master. Nodes without priority parameter are considered as having a priority of 0 and will be used only if all nodes with a positive priority value are not available.

With priority ranks you can control the order in which MaxScale chooses the master node. This will allow for a controlled failure and replacement of nodes.

Switchover

Priorities can be used to force a runtime change of the primary server in a Galera Cluster. For example, if server1 has a priority of 1 and server2 a priority of 2 (with server1 being primary), the roles can be reversed with MaxCtrl:

This does not affect the Galera Cluster itself, just the roles MaxScale assigns to the servers. If multiple MaxScales monitor the same Galera Cluster without , the commands should be run on all MaxScales.

CC BY-SA / Gnu FDL

MaxScale 22.08 Mirror

Mirror

Overview

The mirror router is designed for data consistency and database behavior verification during system upgrades. It allows statement duplication to multiple servers in a manner similar to that of the with exporting of collected query metrics.

For each executed query the router exports a JSON object that describes the query results and has the following fields:

Key

Description

The objects in the results array describe an individual query result and have the following fields:

Key

Description

Configuration Parameters

`main`

Type: target
Mandatory: Yes
Dynamic: Yes

The main target from which results are returned to the client. This is a mandatory parameter and must define one of the targets configured in thetargets parameter of the service.

If the connection to the main target cannot be created or is lost mid-session, the client connection will be closed. Connection failures to other targets are not fatal errors and any open connections to them will be closed. The router does not create new connections after the initial connections are created.

`exporter`

Type:
Mandatory: Yes
Dynamic: Yes
Values: log, file, kafka

The exporter where the data is exported. This is a mandatory parameter. Possible values are:

log
Exports metrics to MaxScale log on INFO level. No configuration parameters.
file
Exports metrics to a file. Configured with the parameter.

`file`

Type: string
Default: No default value
Mandatory: No
Dynamic: Yes

The output file where the metrics will be written. The file must be writable by the user that is running MaxScale, usually the maxscale user.

When the file parameter is altered at runtime, the old file is closed before the new file is opened. This makes it a convenient way of rotating the file where the metrics are exported. Note that the file name alteration must change the value for it to take effect.

This is a mandatory parameter when configured with exporter=file.

`kafka_broker`

Type: string
Default: No default value
Mandatory: No
Dynamic: Yes

The Kafka broker list. Must be given as a comma-separated list of broker hosts with optional ports in host:port format.

This is a mandatory parameter when configured with exporter=kafka.

`kafka_topic`

Type: string
Default: No default value
Mandatory: No
Dynamic: Yes

The kafka topic where the metrics are sent.

This is a mandatory parameter when configured with exporter=kafka.

`on_error`

Type:
Default: ignore
Mandatory: No
Dynamic: Yes

What to do when a backend network connection fails. Accepted values are:

ignore
Ignore the failing backend if it's not the backend that the main parameter points to.
close

This parameter was added in MaxScale 6.0. Older versions always ignored failing backends.

`report`

Type:
Default: always
Mandatory: No
Dynamic: Yes

When to report the result of the queries. Accepted values are:

always
Always report the result for all queries.
on_conflict
Only report when one or more backends returns a conflicting result.

This parameter was added in MaxScale 6.0. Older versions always reported the result.

Example Configuration

Limitations

Broken network connections are not recreated.
Prepared statements are not supported.
Contents of non-SQL statements are not added to the exported metrics.
Data synchronization in dynamic environments (e.g. when replication is in use) is not guaranteed. This means that result mismatches can be reported when the data is only eventually consistent.

CC BY-SA / Gnu FDL

MaxScale 22.08 Lua Filter

Lua Filter

The luafilter is a filter that calls a set of functions in a Lua script.

Read the Lua language documentation for information on how to write Lua scripts.

Note: This module is experimental and must be built from source. The module is deprecated in MaxScale 23.08 and might be removed in a future release.

Filter Parameters

The luafilter has two parameters. They control which scripts will be called by the filter. Both parameters are optional but at least one should be defined. If both global_script and session_script are defined, the entry points in both scripts will be called.

`global_script`

The global Lua script. The parameter value is a path to a readable Lua script which will be executed.

This script will always be called with the same global Lua state and it can be used to build a global view of the whole service.

`session_script`

The session level Lua script. The parameter value is a path to a readable Lua script which will be executed once for each session.

Each session will have its own Lua state meaning that each session can have a unique Lua environment. Use this script to do session specific tasks.

Lua Script Calling Convention

The entry points for the Lua script expect the following signatures:

nil createInstance(name) - global script only, called when the script is first loaded
- When the global script is loaded, it first executes on a global level before the luafilter calls the createInstance function in the Lua script with the filter's name as its argument.
nil newSession(string, string) - new session is created

These functions, if found in the script, will be called whenever a call to the matching entry point is made.

Script Template

Here is a script template that can be used to try out the luafilter. Copy it into a file and add global_script=<path to script> into the filter configuration. Make sure the file is readable by the maxscale user.

Functions Exposed by the Luafilter

The luafilter exposes the following functions that can be called inside the Lua script API endpoints.

string mxs_get_type_mask()
Returns the type of the current query being executed as a string. The values are the string versions of the query types defined in query_classifier.h are separated by vertical bars (|). This function can only be called from the routeQuery entry point.
string mxs_get_operation()

Example Configuration and Script

Here is a minimal configuration entry for a luafilter definition.

And here is a script that opens a file in /tmp/ and logs output to it.

CC BY-SA / Gnu FDL

MaxScale 22.08 Filters

Filters

What Are Filters?

The filter mechanism in MariaDB MaxScale is a means by which processing can be inserted into the flow of requests and responses between the client connection to MariaDB MaxScale and the MariaDB MaxScale connection to the backend database servers. The path from the client side of MariaDB MaxScale out to the actual database servers can be considered a pipeline, filters can then be placed in that pipeline to monitor, modify, copy or block the content that flows through that pipeline.

Types Of Filter

Filters can be divided into a number of categories

Logging filters

Logging filters do not in any way alter the statement or results of the statements that are passed through MariaDB MaxScale. They merely log some information about some or all of the statements and/or result sets.

Two examples of logging filters are contained within the MariaDB MaxScale, a filter that will log all statements and another that will log only a number of statements, based on the duration of the execution of the query.

Statement rewriting filters

Statement rewriting filters modify the statements that are passed through the filter. This allows a filter to be used as a mechanism to alter the statements that are seen by the database, an example of the use of this might be to allow an application to remain unchanged when the underlying database changes or to compensate for the migration from one database schema to another.

Result set manipulation filters

A result set manipulation filter is very similar to a statement rewriting but applies to the result set returned rather than the statement executed. An example of this may be obfuscating the values in a column.

Routing hint filters

Routing hint filters are filters that embed hints in the request that can be used by the router onto which the query is passed. These hints include suggested destinations as well as metric that may be used by the routing process.

Firewall filters

A firewall filter is a mechanism that allows queries to be blocked within MariaDB MaxScale before they are sent on to the database server for execution. They allow constructs or individual queries to be intercepted and give a level of access control that is more flexible than the traditional database grant mechanism.

Pipeline control filters

A pipeline filter is one that has an affect on how the requests are routed within the internal MariaDB MaxScale components. The most obvious version of this is the ability to add a "tee" connector in the pipeline, duplicating the request and sending it to a second MariaDB MaxScale service for processing.

Filter Definition

Filters are defined in the configuration file, typically maxscale.cnf, using a section for each filter instance. The content of the filter sections in the configuration file various from filter to filter, however there are always to entries present for every filter, the type and module.

The type is used by the configuration manager within MariaDB MaxScale to determine what this section is defining and the module is the name of the plugin that implements the filter.

When a filter is used within a service in MariaDB MaxScale the entry filters= is added to the service definition in the ini file section for the service. Multiple filters can be defined using a syntax akin to the Linux shell pipe syntax.

The names used in the filters= parameter are the names of the filter definition sections in the ini file. The same filter definition can be used in multiple services and the same filter module can have multiple instances, each with its own section in the ini file.

Filter Examples

The filters that are bundled with the MariaDB MaxScale are documented separately, in this section a short overview of how these might be used for some simple tasks will be discussed. These are just examples of how these filters might be used, other filters may also be easily added that will enhance the MariaDB MaxScale functionality still further.

Log The 30 Longest Running Queries

The top filter can be used to measure the execution time of every statement within a connection and log the details of the longest running statements.

The first thing to do is to define a filter entry in the ini file for the top filter. In this case we will call it "top30". The type is filter and the module that implements the filter is called topfilter.

In the definition above we have defined two filter specific parameters, the count of the number of statement to be logged and a filebase that is used to define where to log the information. This filename is a stem to which a session id is added for each new connection that uses the filter.

The filter keeps track of every statement that is executed, monitors the time it takes for a response to come back and uses this as the measure of execution time for the statement. If the time is longer than the other statements that have been recorded, then this is added to the ordered list within the filter. Once 30 statements have been recorded those statements that have been recorded with the least time are discarded from the list. The result is that at any time the filter has a list of the 30 longest running statements in each session.

When the session ends a report will be written for the session into the logfile defined. That report will include the top 30 longest running statements, plus summary data for the session;

The time the connection was opened.
The host the connection was from.
The username used in the connection.
The duration of the connection.

Duplicate Data From Your Application Into Cassandra

The scenario we are using in this example is one in which you have an online gaming application that is designed to work with a MariaDB database. The database schema includes a high score table which you would like to have access to in a Cassandra cluster. The application is already using MariaDB MaxScale to connect to a MariaDB Galera cluster, using a service names BubbleGame. The definition of that service is as follows

The table you wish to store in Cassandra in called HighScore and will contain the same columns in both the MariaDB table and the Cassandra table. The first step is to install a MariaDB instance with the Cassandra storage engine to act as a bridge server between the relational database and Cassandra. In this bridge server add a table definition for the HighScore table with the engine type set to Cassandra. See for details. Add this server into the MariaDB MaxScale configuration and create a service that will connect to this server.

Next add a filter definition for the tee filter that will duplication insert statements that are destined for the HighScore table to this new service.

The above filter definition will cause all statements that match the regular expression inset.*HighScore.*values to be duplication and sent not just to the original destination, via the router but also to the service named Cassandra.

The final step is to add the filter to the BubbleGame service to enable the use of the filter.

CC BY-SA / Gnu FDL

MariaDB MaxScale MaxGUI Guide

Introduction

MaxGUI is a browser-based interface for MaxScale REST-API and query execution.

Enabling MaxGUI

To enable MaxGUI in a testing mode, add admin_host=0.0.0.0 andadmin_secure_gui=false under the [maxscale] section of the MaxScale configuration file. Once enabled, MaxGUI will be available on port 8989:http://127.0.0.1:8989/

Securing the GUI

To make MaxGUI secure, set admin_secure_gui=true and configure both theadmin_ssl_key and admin_ssl_cert parameters.

See and for instructions on how to harden your MaxScale installation for production use.

Authentication

MaxGUI uses the same credentials as maxctrl. The default username is admin with mariadb as the password.

Internally, MaxGUI uses as the authentication method for persisting the user's session. If the Remember me checkbox is ticked, the session will persist for 24 hours. Otherwise, the session will expire as soon as MaxGUI is closed.

To log out, simply click the username section in the top right corner of the page header to access the logout menu.

Pages

Dashboard

This page provides an overview of MaxScale configuration which includes Monitors, Servers, Services, Sessions, Listeners, and Filters.

By default, the refresh interval is 10 seconds.

Detail

This page shows information on each and allow to edit its parameter, relationships and perform other manipulation operations.

Access this page by clicking on the MaxScale object name on the

Visualization

This page visualizes MaxScale configuration and clusters.

Configuration: Visualizing MaxScale configuration.
Cluster: Visualizing a replication cluster into a tree graph and provides manual cluster manipulation operations such asswitchover, reset-replication, release-locks, failover, rejoin . At the moment, it supports only servers monitored by Monitor using module.

Access this page by clicking the graph icon on the sidebar navigation.

Settings

This page shows and allows editing of MaxScale parameters.

Access this page by clicking the gear icon on the sidebar navigation.

Logs Archive

Realtime MaxScale logs can be accessed by clicking the logs icon on the sidebar navigation.

Query Editor

Query Editor is a SQL editor tool allowing to run queries on a server, service, or listener. The query results can be visualized into a line, bar, or scatter graph and exported as CSV or JSON.

CC BY-SA / Gnu FDL

{
    "data": {
        "attributes": {
            "filter_diagnostics": null,
            "module": "qlafilter",
            "parameters": {
                "append": false,
                "duration_unit": "ms",
                "exclude": null,
                "filebase": "/tmp/qla.log",
                "flush": true,
                "log_data": "date,user,query",
                "log_type": "unified",
                "match": null,
                "module": "qlafilter",
                "newline_replacement": " ",
                "options": "",
                "separator": ",",
                "source": null,
                "use_canonical_form": false,
                "user": null
            },
            "source": {
                "file": "/etc/maxscale.cnf",
                "type": "static"
            }
        },
        "id": "QLA",
        "links": {
            "self": "http://localhost:8989/v1/filters/QLA/"
        },
        "relationships": {
            "services": {
                "data": [
                    {
                        "id": "Read-Connection-Router",
                        "type": "services"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/services/",
                    "self": "http://localhost:8989/v1/filters/QLA/relationships/services/"
                }
            }
        },
        "type": "filters"
    },
    "links": {
        "self": "http://localhost:8989/v1/filters/QLA/"
    }
}

{
    "data": [
        {
            "attributes": {
                "filter_diagnostics": null,
                "module": "qlafilter",
                "parameters": {
                    "append": false,
                    "duration_unit": "ms",
                    "exclude": null,
                    "filebase": "/tmp/qla.log",
                    "flush": true,
                    "log_data": "date,user,query",
                    "log_type": "unified",
                    "match": null,
                    "module": "qlafilter",
                    "newline_replacement": " ",
                    "options": "",
                    "separator": ",",
                    "source": null,
                    "use_canonical_form": false,
                    "user": null
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                }
            },
            "id": "QLA",
            "links": {
                "self": "http://localhost:8989/v1/filters/QLA/"
            },
            "relationships": {
                "services": {
                    "data": [
                        {
                            "id": "Read-Connection-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/filters/QLA/relationships/services/"
                    }
                }
            },
            "type": "filters"
        },
        {
            "attributes": {
                "module": "hintfilter",
                "parameters": {
                    "module": "hintfilter"
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                }
            },
            "id": "Hint",
            "links": {
                "self": "http://localhost:8989/v1/filters/Hint/"
            },
            "relationships": {
                "services": {
                    "data": [
                        {
                            "id": "Read-Connection-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/filters/Hint/relationships/services/"
                    }
                }
            },
            "type": "filters"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/filters/"
    }
}

{
    "data": {
        "id": "test-filter", // Name of the filter
        "type": "filters",
        "attributes": {
            "module": "qlafilter", // The filter uses the qlafilter module
            "parameters": { // Filter parameters
                "filebase": "/tmp/qla.log"
            }
        }
    }
}

CREATE TABLE IF NOT EXISTS my_table (
  data LONGTEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL,
  id VARCHAR(1024) AS (JSON_EXTRACT(data, '$._id')) UNIQUE KEY,
  CONSTRAINT data_is_json CHECK(JSON_VALID(data)),
  CONSTRAINT id_is_not_null CHECK(JSON_EXTRACT(data, '$._id') IS NOT NULL)
);

[PerformanceLogger]
type=filter
module=tpmfilter
delimiter=:::
query_delimiter=@@@
filename=/var/logs/tpm/perf.log
named_pipe=/tmp/tpmfilter

[Product-Service]
type=service
router=readconnroute
servers=server1
user=myuser
password=mypasswd
filters=PerformanceLogger

1484086477::::server1::::root::::3::::0.165@@@@0.108@@@@0.102@@@@0.092@@@@0.121@@@@0.122@@@@0.110@@@@2.081::::UPDATE WAREHOUSE SET W_YTD = W_YTD + 3630.48  WHERE W_ID = 2 @@@@SELECT W_STREET_1, W_STREET_2, W_CITY, W_STATE, W_ZIP, W_NAME FROM WAREHOUSE WHERE W_ID = 2@@@@UPDATE DISTRICT SET D_YTD = D_YTD + 3630.48 WHERE D_W_ID = 2 AND D_ID = 9@@@@SELECT D_STREET_1, D_STREET_2, D_CITY, D_STATE, D_ZIP, D_NAME FROM DISTRICT WHERE D_W_ID = 2 AND D_ID = 9@@@@SELECT C_FIRST, C_MIDDLE, C_LAST, C_STREET_1, C_STREET_2, C_CITY, C_STATE, C_ZIP, C_PHONE, C_CREDIT, C_CREDIT_LIM, C_DISCOUNT, C_BALANCE, C_YTD_PAYMENT, C_PAYMENT_CNT, C_SINCE FROM CUSTOMER WHERE C_W_ID = 2 AND C_D_ID = 9 AND C_ID = 1025@@@@UPDATE CUSTOMER SET C_BALANCE = 1007749.25, C_YTD_PAYMENT = 465215.47, C_PAYMENT_CNT = 203 WHERE C_W_ID = 2 AND C_D_ID = 9 AND C_ID = 1025@@@@INSERT INTO HISTORY (H_C_D_ID, H_C_W_ID, H_C_ID, H_D_ID, H_W_ID, H_DATE, H_AMOUNT, H_DATA)  VALUES (9,2,1025,9,2,'2017-01-10 17:14:37',3630.48,'locfljbe    xtnfqn')
1484086477::::server1::::root::::6::::0.123@@@@0.087@@@@0.091@@@@0.098@@@@0.078@@@@0.106@@@@0.094@@@@0.074@@@@0.089@@@@0.073@@@@0.098@@@@0.073@@@@0.088@@@@0.072@@@@0.087@@@@0.071@@@@0.085@@@@0.078@@@@0.088@@@@0.098@@@@0.081@@@@0.076@@@@0.082@@@@0.073@@@@0.077@@@@0.070@@@@0.105@@@@0.093@@@@0.088@@@@0.089@@@@0.087@@@@0.087@@@@0.086@@@@1.883::::SELECT C_DISCOUNT, C_LAST, C_CREDIT, W_TAX  FROM CUSTOMER, WAREHOUSE WHERE W_ID = 2 AND C_W_ID = 2 AND C_D_ID = 10 AND C_ID = 1267@@@@SELECT D_NEXT_O_ID, D_TAX FROM DISTRICT WHERE D_W_ID = 2 AND D_ID = 10 FOR UPDATE@@@@UPDATE DISTRICT SET D_NEXT_O_ID = D_NEXT_O_ID + 1 WHERE D_W_ID = 2 AND D_ID = 10@@@@INSERT INTO OORDER (O_ID, O_D_ID, O_W_ID, O_C_ID, O_ENTRY_D, O_OL_CNT, O_ALL_LOCAL) VALUES (286871, 10, 2, 1267, '2017-01-10 17:14:37', 7, 1)@@@@INSERT INTO NEW_ORDER (NO_O_ID, NO_D_ID, NO_W_ID) VALUES ( 286871, 10, 2)@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 24167@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 24167 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 96982@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 96982 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 40679@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 40679 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 31459@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 31459 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 6143@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 6143 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 12001@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 12001 AND S_W_ID = 2 FOR UPDATE@@@@SELECT I_PRICE, I_NAME , I_DATA FROM ITEM WHERE I_ID = 40407@@@@SELECT S_QUANTITY, S_DATA, S_DIST_01, S_DIST_02, S_DIST_03, S_DIST_04, S_DIST_05,        S_DIST_06, S_DIST_07, S_DIST_08, S_DIST_09, S_DIST_10 FROM STOCK WHERE S_I_ID = 40407 AND S_W_ID = 2 FOR UPDATE@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,1,24167,2,7,348.31998,'btdyjesowlpzjwnmxdcsion')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,2,96982,2,1,4.46,'kudpnktydxbrbxibbsyvdiw')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,3,40679,2,7,528.43,'nhcixumgmosxlwgabvsrcnu')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,4,31459,2,9,341.82,'qbglbdleljyfzdpfbyziiea')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,5,6143,2,3,152.67,'tmtnuupaviimdmnvmetmcrc')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,6,12001,2,5,304.3,'ufytqwvkqxtmalhenrssfon')@@@@INSERT INTO ORDER_LINE (OL_O_ID, OL_D_ID, OL_W_ID, OL_NUMBER, OL_I_ID, OL_SUPPLY_W_ID,  OL_QUANTITY, OL_AMOUNT, OL_DIST_INFO) VALUES (286871,10,2,7,40407,2,1,30.32,'hvclpfnblxchbyluumetcqn')@@@@UPDATE STOCK SET S_QUANTITY = 65 , S_YTD = S_YTD + 7, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 24167 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 97 , S_YTD = S_YTD + 1, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 96982 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 58 , S_YTD = S_YTD + 7, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 40679 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 28 , S_YTD = S_YTD + 9, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 31459 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 86 , S_YTD = S_YTD + 3, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 6143 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 13 , S_YTD = S_YTD + 5, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 12001 AND S_W_ID = 2@@@@UPDATE STOCK SET S_QUANTITY = 44 , S_YTD = S_YTD + 1, S_ORDER_CNT = S_ORDER_CNT + 1, S_REMOTE_CNT = S_REMOTE_CNT + 0  WHERE S_I_ID = 40407 AND S_W_ID = 2
...

{
    "data": {
        "attributes": {
            "client": {
                "cipher": ""
            },
            "connected": "Thu Jul 20 15:29:12 2023",
            "connections": [
                {
                    "cipher": "",
                    "connection_id": 169,
                    "server": "server1"
                },
                {
                    "cipher": "",
                    "connection_id": 90,
                    "server": "server2"
                }
            ],
            "idle": 0.10000000000000001,
            "log": [],
            "memory": {
                "connection_buffers": 67982,
                "exec_metadata": 0,
                "last_queries": 0,
                "sescmd_history": 369,
                "total": 68351,
                "variables": 0
            },
            "parameters": {
                "log_error": false,
                "log_info": false,
                "log_notice": false,
                "log_warning": false
            },
            "port": 45558,
            "queries": [],
            "remote": "::ffff:127.0.0.1",
            "state": "Session started",
            "user": "maxuser"
        },
        "id": "1",
        "links": {
            "self": "http://localhost:8989/v1/sessions/1/"
        },
        "relationships": {
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/services/",
                    "self": "http://localhost:8989/v1/sessions/1/relationships/services/"
                }
            }
        },
        "type": "sessions"
    },
    "links": {
        "self": "http://localhost:8989/v1/sessions/1/"
    }
}

{
    "data": [
        {
            "attributes": {
                "client": {
                    "cipher": ""
                },
                "connected": "Thu Jul 20 15:29:12 2023",
                "connections": [
                    {
                        "cipher": "",
                        "connection_id": 169,
                        "server": "server1"
                    },
                    {
                        "cipher": "",
                        "connection_id": 90,
                        "server": "server2"
                    }
                ],
                "idle": 0.10000000000000001,
                "log": [],
                "memory": {
                    "connection_buffers": 67982,
                    "exec_metadata": 0,
                    "last_queries": 0,
                    "sescmd_history": 369,
                    "total": 68351,
                    "variables": 0
                },
                "parameters": {
                    "log_error": false,
                    "log_info": false,
                    "log_notice": false,
                    "log_warning": false
                },
                "port": 45558,
                "queries": [],
                "remote": "::ffff:127.0.0.1",
                "state": "Session started",
                "user": "maxuser"
            },
            "id": "1",
            "links": {
                "self": "http://localhost:8989/v1/sessions/1/"
            },
            "relationships": {
                "services": {
                    "data": [
                        {
                            "id": "RW-Split-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/sessions/1/relationships/services/"
                    }
                }
            },
            "type": "sessions"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/sessions/"
    }
}

{
    "data": {
        "attributes": {
            "relationships": {
                "filters": {
                    "data": [
                        { "id": "my-cache-filter" },
                        { "id": "my-log-filter" }
                    ]
                }
            }
        }
    }
}

[server1]
type=server
address=127.0.0.1
port=3000

[server2]
type=server
address=127.0.0.1
port=3001

[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1,server2
user=maxuser
password=maxpwd
monitor_interval=2s

[Mirror-Router]
type=service
router=mirror
user=maxuser
password=maxpwd
targets=server1,server2
main=server1
exporter=file
file=/tmp/Mirror-Router.log

[Mirror-Listener]
type=listener
service=Mirror-Router
port=3306

function createInstance(name)

end

function newSession(user, host)

end

function closeSession()

end

function routeQuery(query)

end

function clientReply(server)

end

function diagnostic()

end

f = io.open("/tmp/test.log", "a+")

function createInstance(name)
    f:write("createInstance for " .. name .. "\n")
end

function newSession(user, host)
    f:write("newSession for: " .. user .. "@" .. host .. "\n")
end

function closeSession()
    f:write("closeSession\n")
end

function routeQuery(query)
    f:write("routeQuery: " .. query .. " -- type: " .. mxs_qc_get_type_mask() .. " operation: " .. mxs_qc_get_operation() .. "\n")
end

function clientReply(server)
    f:write("clientReply: " .. server .. "\n")
end

function diagnostic()
    f:write("diagnostics\n")
    return "Hello from Lua!"
end

[CassandraDB]
type=server
address=192.168.4.28
port=3306

[Cassandra]
type=service
router=readconnroute
router_options=running
servers=CassandraDB
user=maxscale
password=6628C50E07CCE1F0392EDEEB9D1203F3

MaxScale 22.08 Rewrite Filter

Rewrite Filter

Overview

The rewrite filter allows modification of sql queries on the fly. Reasons for modifying queries can be to rewrite a query for performance, or to change a specific query when the client query is incorrect and cannot be changed in a timely manner.

The examples will use Rewrite Filter file format. See below.

Syntax

Native syntax

Rewriter native syntax uses placeholders to grab and replace parts of text.

Placeholders

The syntax for a plain placeholder is @{N} where N is a positive integer.

The syntax for a placeholder regex is @{N:regex}. It allows more control when needed.

The below is a valid entry in rf format. For demonstration, all options are set. This entry is a do-nothing entry, but illustrates placeholders.

If the input sql is select id, name from my_table where id = 42 then @{2} = "id, name" and @{3} = "42". Since the replace template is identical to the match template the end result is that the output sql will be the same as the input sql.

Placeholders can be used as forward references.@{1:^}select @{2}, count(*) from @{3} group by @{2}. For a match, the two @{2} text grabs must be equal.

Match template

The match template is used to match against the sql to be rewritten.

The match template can be partial from mytable. But the actual underlying regex match is always for the whole sql. If the match template does not start or end with a placeholder, placeholders are automatically added so that the above becomes @{1}from mytable@{2}. The automatically added placeholders cannot be used in the replace template.

Matching the whole input also means that Native syntax does not support (and is not intended to support) scan and replace. Only the first occurrance of the above from mytable can be modified in the replace template. However, one can selectively choose to modify e.g. the first through third occurrance of from mytable by writingfrom mytable @{1} from mytable @{2} from mytable @{3}.

For scan and replace use a different regex_grammar (see below).

Replace template

The replace template uses the placeholders from the match template to rewrite sql.

An important option for smooth matching is ignore_whitespace, which is on (true) by default. It creates the match regex in such a way that the amount and kind of whitespace does not affect matching. However, to make ignore_whitespace always work, it is important to add whitespace where allowed. If "id=42" is in the match template then only the exact "id=42" can match. But if "id = 42" is used, andignore_whitespace is on, both "id=42" and "id = 42" will match.

Another example, and what not to do:

That works, but because the match lacks specific detail about the expected sql, things are likely to break. In this caseshow indexes from my_table would no longer work.

The minimum detail in this case could be:

but if more detail is known, like something specific in the where clause, that too should be added.

Placeholder Regex

Syntax: @{N:regex}

In a placeholder regex the character } must be escaped to \} (for literal matching). Plain parenthesis "()" indicate capturing groups, which are internally used by the Native grammar. Thus plain parentheses in a placeholder regex will break matching. However, non-capturing groups can be used: e.g. @{1:(:?Jane|Joe)}. To match a literal parenthesis use an escape, e.g. \(.

Suppose an application is misbehaving after an upgrade and a quick fix is needed. This query select zip from address_book where str_id = "AZ-124" is correct, but if the id is an integer the where clause should be id = 1234.

Using plain regular expressions

For scan and replace the regex_grammar must be set to something else than Native. An example will illustrate the usage.

Replace all occurrances of "wrong_table_name" with "correct_table_name". Further, if the replacement was made then replace all occurrances of wrong_column_name with correct_column_name.

Configuration

Adding a rewrite filter.

Parameters in maxscale.cnf

template_file

Type: string
Mandatory: Yes
Dynamic: Yes
Default: No default value

Path to the template file.

regex_grammar

Type: string
Mandatory: No
Dynamic: Yes
Default: Native

Default regex_grammar for templates

case_sensitive

Type: boolean
Mandatory: No
Dynamic: Yes
Default: true

Default case sensitivity for templates

log_replacement

Type: boolean
Mandatory: No
Dynamic: Yes
Default: false

Log replacements at NOTICE level.

Parameters per template in the template file

regex_grammar

Type: string
Values: Native, ECMAScript, Posix, EPosix, Awk, Grep, EGrep

Overrides the global regex_grammar of a template.

case_sensitive

Type: boolean
Default: From maxscale.cnf

Overrides the global case sensitivity of a template.

ignore_whitespace

Type: boolean
Default: true

Ignore whitespace differences in the match template and input sql.

continue_if_matched

Type: boolean
Default: false

If a template matches and the replacement is done, continue to the next template and apply it to the result of the previous rewrite.

what_if

Type: boolean
Default: false

Do not make the replacement, only log what would have been replaced (NOTICE level).

Rewrite file format

The rf format for an entry is:

The character # starts a single line comment when it is the first character on a line.

Empty lines are ignored.

The rf format does not need any additional escaping to what the basic format requires (see Placeholder Regex).

Options are specified as follows:

The colon must stick to the option name.

The separators % and %% must be the exact content of their respective separator lines.

The templates can span multiple lines. Whitespace does not matter as long as ignore_whitespace = true. Always use space where space is allowed to maximize the utility ofignore_whitespace.

Example

Json file format

The json file format is harder to read and edit manually. It will be needed if support for editing of rewrite templates is added to the GUI.

All double quotes and escape characters have to be escaped in json, i.e '"' and '\'.

The same example as above is:

Reload template file

The configuration is re-read if any dynamic value is updated even if the value does not change.

Reference

ECMAScript
Posix
EPosix
Awk

CC BY-SA / Gnu FDL

MaxScale 22.08 Setting Up MariaDB MaxScale

Setting up MariaDB MaxScale

This document is designed as a quick introduction to setting up MariaDB MaxScale.

The installation and configuration of the MariaDB Server is not covered in this document. See the following MariaDB documentation articles for more information on setting up a master-slave-cluster or a Galera-cluster: and .

This tutorial assumes that one of the standard MaxScale binary distributions is used and that MaxScale is installed using default options.

Building from source code in GitHub is covered in .

Installing MaxScale

The precise installation process varies from one distribution to another. Details on package installation can be found in the .

Creating a user account for MaxScale

MaxScale checks that incoming clients are valid. To do this, MaxScale needs to retrieve user authentication information from the backend databases. Create a special user account for this purpose by executing the following SQL commands on the master server of your database cluster. The following tutorials will use these credentials.

MariaDB versions 10.2.2 to 10.2.10 also require GRANT SELECT ON mysql.* TO 'maxscale'@'%';

Creating client user accounts

Because MariaDB MaxScale sits between the clients and the backend databases, the backend databases will see all clients as if they were connecting from MaxScale's address. This usually means that two sets of grants for each user are required.

For example, assume that the user 'jdoe'@'client-host' exists and MaxScale is located at_maxscale-host_. If 'jdoe'@'client-host' needs to be able to connect through MaxScale, another user, 'jdoe'@'maxscale-host', must be created. The second user must have the same password and similar grants as 'jdoe'@'client-host'.

The quickest way to do this is to first create the new user:

Then do a SHOW GRANTS query:

Then copy the same grants to the 'jdoe'@'maxscale-host' user.

An alternative to generating two separate accounts is to use one account with a wildcard host ('jdoe'@'%') which covers both hosts. This is more convenient but less secure than having specific user accounts as it allows access from all hosts.

Creating the configuration file

MaxScale reads its configuration from /etc/maxscale.cnf. A template configuration is provided with the MaxScale installation.

A global maxscale section is included in every MaxScale configuration file. This section sets the values of various global parameters, such as the number of threads MaxScale uses to handle client requests. To set thread count to the number of available cpu cores, set the following.

Configuring the servers

Read the mini-tutorial for server configuration instructions.

Configuring the monitor

The type of monitor used depends on the type of cluster used. For a master-slave cluster read . For a Galera cluster read .

Configuring the services and listeners

This part is covered in two different tutorials. For a fully automated read-write-splitting setup, read the . For a simple connection based setup, read the .

Starting MaxScale

After configuration is complete, MariaDB MaxScale is ready to start. For systems that use systemd, use the systemctl command.

For older SysV systems, use the service command.

If MaxScale fails to start, check the error log in /var/log/maxscale/maxscale.log to see if any errors are detected in the configuration file.

Checking MaxScale status with MaxCtrl

The maxctrl-command can be used to confirm that MaxScale is running and the services, listeners and servers have been correctly configured. The following shows expected output when using a read-write-splitting configuration.

MariaDB MaxScale is now ready to start accepting client connections and route queries to the backend cluster.

More options can be found in the , and .

For more information about MaxCtrl and how to secure it, see the .

CC BY-SA / Gnu FDL

MaxScale 22.08 Simple Sharding with Two Servers

Simple Sharding with Two Servers

Sharding is the method of splitting a single database server into separate parts. This tutorial describes a very simple way of sharding. Each schema is located on a different database server and MariaDB MaxScale's schemarouter module is used to combine them into a single database server.

MariaDB MaxScale will appear to the client as a database server with the combination of all the schemas in all the configured servers.

Environment & Solution Space

This document is designed as a simple tutorial on schema-based sharding using MariaDB MaxScale in an environment in which you have two servers. The object of this tutorial is to have a system that, to the client side, acts like a single MariaDB database but actually is sharded between the two servers.

The database users should be configured according to . The contains easy to follow instructions on how to set up MaxScale.

This tutorial will assume the user is using of the binary distributions available and has installed this in the default location. The process of configuring MariaDB MaxScale will be covered within this document. The installation and configuration of the MariaDB servers will not be covered in-depth.

Preparing MaxScale

Follow the to install and prepare the required database users for MaxScale. You don't need to create the configuration file for MaxScale as it will be covered in the next section.

Creating Your MariaDB MaxScale Configuration

The first step in the creation of your maxscale.cnf file is to define the global maxscale section. This section configures the number of threads MariaDB MaxScale uses. A good rule of thumb is to use at most as may threads as you have CPUs. MariaDB MaxScale uses few threads for internal operations so one or two threads less than the maximum should be enough.

After this we configure two servers we will use to shard our database. The accounts_east server will hold one schema and the accounts_west will hold another schema. We will use these two servers to create our sharded database.

The next step is to configure the service which the users connect to. This section defines which router to use, which servers to connect to and the credentials to use. The router we use in this tutorial is the schemarouter.

After this we configure a listener for the service. The listener is the actual port the user connects to. We will use the port 4000.

The final step is to configure a monitor which will monitor the state of the servers. The monitor will notify MariaDB MaxScale if the servers are down. We add the two servers to the monitor, define the credentials to use and we set the monitoring cycle interval.

After this we have a fully working configuration and we can move on to starting MariaDB MaxScale.

Starting MariaDB MaxScale

Upon completion of the configuration process MariaDB MaxScale is ready to be started . This may either be done manually by running the maxscale command or via the service interface. The service scripts are located in the /etc/init.d/ folder and are accessible through both the service and systemctl commands.

MariaDB MaxScale is now ready to start accepting client connections and routing them. Queries are routed to the right servers based on the database they target and switching between the shards is seamless since MariaDB MaxScale keeps the session state intact between servers.

If MariaDB MaxScale fails to start, check the error log in /var/log/maxscale to see what sort of errors were detected.

Note: As the sharding solution in MaxScale is relatively simple, cross-database queries between two or more shards are not supported.

CC BY-SA / Gnu FDL

{
    "users_and_passwords": [
        {
            "user": "my_mapped_user1",
            "password": "my_mapped_pw1"
        },
        {
            "user": "my_mapped_user2",
            "password": "A6D4C53619FFFF4DF252A0E595EDB0A12CA44E16AF154D0ED08F687E81604BFF42218B4EBA9F3EF8D907CF35E74ABDAA"
        }
    ]
}

[node-1]
type=server
address=192.168.122.101
port=3306
priority=1

[node-2]
type=server
address=192.168.122.102
port=3306
priority=3

[node-3]
type=server
address=192.168.122.103
port=3306
priority=2

[node-4]
type=server
address=192.168.122.104
port=3306
priority=-1

[Orders]
type=service
router=readconnroute
servers=server1, server2, server3, server4
user=massi
password=6628C50E07CCE1F0392EDEEB9D1203F3
filters=ReplicateOrders

[ReplicateOrders]
type=filter
module=tee
target=DataMart
match=insert[   ]*into[     ]*orders

[DataMart]
type=service
router=readconnroute
servers=datamartserver
user=massi
password=6628C50E07CCE1F0392EDEEB9D1203F3
filters=QLA-DataMart

[QLA-DataMart]
type=filter
module=qlafilter
options=/var/log/DataMart/InsertsLog

[Orders-Listener]
type=listener
target=Orders
port=4011

[DataMart-Listener]
type=listener
target=DataMart
port=4012

# The Replication Proxy service
[replication-service]
type=service
router=binlogrouter
server_id=4000
master_id=3000
filestem=binlog
user=maxuser
password=maxpwd

# The Avro conversion service
[avro-service]
type=service
router=avrorouter
source=replication-service
filestem=binlog
start_index=15

# The listener for the replication-service
[replication-listener]
type=listener
service=replication-service
port=3306

# The client listener for the avro-service
[avro-listener]
type=listener
service=avro-service
protocol=CDC
port=4001

CHANGE MASTER TO MASTER_HOST='172.18.0.1',
       MASTER_PORT=3000,
       MASTER_LOG_FILE='binlog.000015',
       MASTER_LOG_POS=4,
       MASTER_USER='maxuser',
       MASTER_PASSWORD='maxpwd';

START SLAVE;

{"namespace": "MaxScaleChangeDataSchema.avro", "type": "record", "name": "ChangeRecord", "fields": [{"name": "domain", "type": "int"}, {"name": "server_id", "type": "int"}, {"name": "sequence", "type": "int"}, {"name": "event_number", "type": "int"}, {"name": "timestamp", "type": "int"}, {"name": "event_type", "type": {"type": "enum", "name": "EVENT_TYPES", "symbols": ["insert", "update_before", "update_after", "delete"]}}, {"name": "id", "type": "int", "real_type": "int", "length": -1}]}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 1, "timestamp": 1537429419, "event_type": "insert", "id": 1}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 2, "timestamp": 1537429419, "event_type": "insert", "id": 2}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 3, "timestamp": 1537429419, "event_type": "insert", "id": 3}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 4, "timestamp": 1537429419, "event_type": "insert", "id": 4}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 5, "timestamp": 1537429419, "event_type": "insert", "id": 5}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 6, "timestamp": 1537429419, "event_type": "insert", "id": 6}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 7, "timestamp": 1537429419, "event_type": "insert", "id": 7}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 8, "timestamp": 1537429419, "event_type": "insert", "id": 8}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 9, "timestamp": 1537429419, "event_type": "insert", "id": 9}
{"domain": 0, "server_id": 3000, "sequence": 11, "event_number": 10, "timestamp": 1537429419, "event_type": "insert", "id": 10}

Values: Native, ECMAScript, Posix, EPosix, Awk, Grep, EGrep

The ColumnStore monitor, csmon, is a monitor module for MariaDB ColumnStore servers. The monitor supports ColumnStore version 1.5.

%%
# options
regex_grammar: Native
case_sensitive: true
what_if: false
continue_if_matched: false
ignore_whitespace: true
%
# match template
@{1:^}select @{2} from my_table where id = @{3}
%
# replace template
select @{2} from my_table where id = @{3}

%%
# use default options by leaving this blank
%
@{1:^}select count(distinct @{2}) from @{3}
%
select count(*) from (select distinct @{1} from @{2}) as t123

Input: select count(distinct author) from books where entity != "AI"

Rewritten: select count(*) from (select distinct author from books where entity != "AI") as t123

%%
%
@{1:^}select zip_code from address_book where str_id = @{1:["]}@{2:[[:digit:]]+}@{3:["]}
%
select zip_code from address_book where id = @{2}

Input: select zip_code from address_book where str_id = "1234"

Rewritten: select zip_code from address_book where id = 1234

{ "templates" :
    [
        {
            "case_sensitive" : false,
            "match_template" : "@{1:^}select @{2} from mytable where user = @{3}",
            "replace_template" : "select @{2} from mytable where user = @{3}
and @{3} in (select user from approved_users)"
        }
    ]
}

{
    "data": {
        "attributes": {
            "parameters": {
                "address": "::",
                "authenticator": null,
                "authenticator_options": null,
                "connection_init_sql_file": null,
                "port": 4006,
                "protocol": "MariaDBProtocol",
                "service": "RW-Split-Router",
                "socket": null,
                "sql_mode": "default",
                "ssl": false,
                "ssl_ca": null,
                "ssl_cert": null,
                "ssl_cert_verify_depth": 9,
                "ssl_cipher": null,
                "ssl_crl": null,
                "ssl_key": null,
                "ssl_verify_peer_certificate": false,
                "ssl_verify_peer_host": false,
                "ssl_version": "MAX",
                "type": "listener",
                "user_mapping_file": null
            },
            "source": {
                "file": "/etc/maxscale.cnf",
                "type": "static"
            },
            "state": "Running"
        },
        "id": "RW-Split-Listener",
        "relationships": {
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/services/",
                    "self": "http://localhost:8989/v1/listeners/RW-Split-Listener/relationships/services/"
                }
            }
        },
        "type": "listeners"
    },
    "links": {
        "self": "http://localhost:8989/v1/listeners/RW-Split-Listener/"
    }
}

{
    "data": [
        {
            "attributes": {
                "parameters": {
                    "address": "::",
                    "authenticator": null,
                    "authenticator_options": null,
                    "connection_init_sql_file": null,
                    "port": 4006,
                    "protocol": "MariaDBProtocol",
                    "service": "RW-Split-Router",
                    "socket": null,
                    "sql_mode": "default",
                    "ssl": false,
                    "ssl_ca": null,
                    "ssl_cert": null,
                    "ssl_cert_verify_depth": 9,
                    "ssl_cipher": null,
                    "ssl_crl": null,
                    "ssl_key": null,
                    "ssl_verify_peer_certificate": false,
                    "ssl_verify_peer_host": false,
                    "ssl_version": "MAX",
                    "type": "listener",
                    "user_mapping_file": null
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "state": "Running"
            },
            "id": "RW-Split-Listener",
            "relationships": {
                "services": {
                    "data": [
                        {
                            "id": "RW-Split-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/listeners/RW-Split-Listener/relationships/services/"
                    }
                }
            },
            "type": "listeners"
        },
        {
            "attributes": {
                "parameters": {
                    "address": "::",
                    "authenticator": null,
                    "authenticator_options": null,
                    "connection_init_sql_file": null,
                    "port": 4008,
                    "protocol": "MariaDBProtocol",
                    "service": "Read-Connection-Router",
                    "socket": null,
                    "sql_mode": "default",
                    "ssl": false,
                    "ssl_ca": null,
                    "ssl_cert": null,
                    "ssl_cert_verify_depth": 9,
                    "ssl_cipher": null,
                    "ssl_crl": null,
                    "ssl_key": null,
                    "ssl_verify_peer_certificate": false,
                    "ssl_verify_peer_host": false,
                    "ssl_version": "MAX",
                    "type": "listener",
                    "user_mapping_file": null
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "state": "Running"
            },
            "id": "Read-Connection-Listener",
            "relationships": {
                "services": {
                    "data": [
                        {
                            "id": "Read-Connection-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/listeners/Read-Connection-Listener/relationships/services/"
                    }
                }
            },
            "type": "listeners"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/listeners/"
    }
}

{
    "data": {
        "id": "my-listener",
        "type": "listeners",
        "attributes": {
            "parameters": {
                "port": 3306
            }
        },
        "relationships": {
            "services": {
                "data": [
                    {"id": "RW-Split-Router", "type": "services"}
                ]
            }
        }
    }
}

[CsBootstrap1]
type=server
address=mcs1
port=3306

[CsBootstrap2]
type=server
address=mcs2
port=3306

[CsMonitor]
type=monitor
module=csmon
servers=CsBootstrap1, CsBootstrap2
dynamic_node_detection=true
...

┌──────────────────┬─────────┬──────┬─────────────┬─────────────────┬──────┐
│ Server           │ Address │ Port │ Connections │ State           │ GTID │
├──────────────────┼─────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@CSMonitor:mcs2 │ mcs2    │ 3306 │ 0           │ Slave, Running  │      │
├──────────────────┼─────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@CSMonitor:mcs3 │ mcs3    │ 3306 │ 0           │ Master, Running │      │
├──────────────────┼─────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@CSMonitor:mcs1 │ mcs1    │ 3306 │ 0           │ Slave, Running  │      │
├──────────────────┼─────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsBootstrap1     │ mcs1    │ 3306 │ 0           │ Slave, Running  │      │
├──────────────────┼─────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsBootstrap2     │ mcs2    │ 3306 │ 0           │ Slave, Running  │      │
└──────────────────┴─────────┴──────┴─────────────┴─────────────────┴──────┘

┌─────────┬─────────────┬──────┬─────────────┬─────────────────┬──────┐
│ Server  │ Address     │ Port │ Connections │ State           │ GTID │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode1 │ 10.10.10.10 │ 3306 │ 0           │ Master, Running │      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode2 │ 10.10.10.11 │ 3306 │ 0           │ Slave, Running  │      │
└─────────┴─────────────┴──────┴─────────────┴─────────────────┴──────┘

{
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/csmon/add-node"
    },
    "meta": {
        "message": "Node mcs3 successfully added to cluster.",
        "result": {
            "node_id": "mcs3",
            "timestamp": "2020-08-07 10:03:49.474539"
        },
        "success": true
    }
}

┌─────────┬─────────────┬──────┬─────────────┬─────────────────┬──────┐
│ Server  │ Address     │ Port │ Connections │ State           │ GTID │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode3 │ 10.10.10.12 │ 3306 │ 0           │ Down            │      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode1 │ 10.10.10.10 │ 3306 │ 0           │ Master, Running │      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode2 │ 10.10.10.11 │ 3306 │ 0           │ Slave, Running  │      │
└─────────┴─────────────┴──────┴─────────────┴─────────────────┴──────┘

┌───────────┬─────────┬──────────────────┐
│ Monitor   │ State   │ Servers          │
├───────────┼─────────┼──────────────────┤
│ CsMonitor │ Running │ CsNode1, CsNode2 │
└───────────┴─────────┴──────────────────┘

┌───────────┬─────────┬───────────────────────────┐
│ Monitor   │ State   │ Servers                   │
├───────────┼─────────┼───────────────────────────┤
│ CsMonitor │ Running │ CsNode1, CsNode2, CsNode3 │
└───────────┴─────────┴───────────────────────────┘

┌─────────┬─────────────┬──────┬─────────────┬─────────────────┬──────┐
│ Server  │ Address     │ Port │ Connections │ State           │ GTID │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode3 │ 10.10.10.12 │ 3306 │ 0           │ Slave, Running  │      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode1 │ 10.10.10.10 │ 3306 │ 0           │ Master, Running │      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼──────┤
│ CsNode2 │ 10.10.10.11 │ 3306 │ 0           │ Slave, Running  │      │
└─────────┴─────────────┴──────┴─────────────┴─────────────────┴──────┘

┌───────────┬─────────┬───────────────────────────┐
│ Monitor   │ State   │ Servers                   │
├───────────┼─────────┼───────────────────────────┤
│ CsMonitor │ Running │ CsNode1, CsNode2, CsNode3 │
└───────────┴─────────┴───────────────────────────┘

┌───────────┬─────────┬──────────────────┐
│ Monitor   │ State   │ Servers          │
├───────────┼─────────┼──────────────────┤
│ CsMonitor │ Running │ CsNode1, CsNode2 │
└───────────┴─────────┴──────────────────┘

maxctrl --timeout 30s call command csmon remove-node CsMonitor mcs3 20s
{
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/csmon/remove-node"
    },
    "meta": {
        "message": "Node mcs3 removed from the cluster.",
        "result": {
            "node_id": "mcs3",
            "timestamp": "2020-08-07 11:41:36.573425"
        },
        "success": true
    }
}

{
    "links": {
        "self": "http://127.0.0.1:8989/v1/filters/"
    },
    "data": [
        {
            "id": "Hint",
            "type": "filters",
            "relationships": {
                "services": {
                    "links": {
                        "self": "http://127.0.0.1:8989/v1/services/"
                    },
                    "data": [
                        {
                            "id": "RW-Split-Hint-Router",
                            "type": "services"
                        }
                    ]
                }
            },
            "attributes": {
                "module": "hintfilter",
                "parameters": {}
            },
            "links": {
                "self": "http://127.0.0.1:8989/v1/filters/Hint"
            }
        },
        {
            "id": "Logger",
            "type": "filters",
            "relationships": {
                "services": {
                    "links": {
                        "self": "http://127.0.0.1:8989/v1/services/"
                    },
                    "data": []
                }
            },
            "attributes": {
                "module": "qlafilter",
                "parameters": {
                    "match": null,
                    "exclude": null,
                    "user": null,
                    "source": null,
                    "filebase": "/tmp/log",
                    "options": "ignorecase",
                    "log_type": "session",
                    "log_data": "date,user,query",
                    "newline_replacement": "\" \"",
                    "separator": ",",
                    "flush": false,
                    "append": false
                },
                "filter_diagnostics": {
                    "separator": ",",
                    "newline_replacement": "\" \""
                }
            },
            "links": {
                "self": "http://127.0.0.1:8989/v1/filters/Logger"
            }
        }
    ]
}

{
    "links": {
        "self": "http://127.0.0.1:8989/v1/filters/Logger"
    },
    "data": {
        "id": "Logger",
        "type": "filters",
        "relationships": {
            "services": {
                "links": {
                    "self": "http://127.0.0.1:8989/v1/services/"
                },
                "data": []
            }
        },
        "attributes": {
            "module": "qlafilter",
            "parameters": {
                "match": null,
                "exclude": null,
                "user": null,
                "source": null,
                "filebase": "/tmp/log",
                "options": "ignorecase",
                "log_type": "session",
                "log_data": "date,user,query",
                "newline_replacement": "\" \"",
                "separator": ",",
                "flush": false,
                "append": false
            },
            "filter_diagnostics": {
                "separator": ",",
                "newline_replacement": "\" \""
            }
        },
        "links": {
            "self": "http://127.0.0.1:8989/v1/filters/Logger"
        }
    }
}

{
    "data": {
        "id": "server1",
        "type": "servers",
        "attributes": {
            "parameters": {
                "address": "127.0.0.1",
                "port": 3003
            }
        }
    }
}

{
    "data": {
        "id": "server1",
        "type": "servers",
        "relationships": {
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    }
                ]
            }
        },
        "attributes":  ...
    }
}

CREATE USER 'maxscale-monitor'@'maxscalehost' IDENTIFIED BY 'maxscale-monitor-password';
GRANT SELECT ON system.membership TO 'maxscale-monitor'@'maxscalehost';
GRANT SELECT ON system.nodeinfo TO 'maxscale-monitor'@'maxscalehost';
GRANT SELECT ON system.softfailed_nodes TO 'maxscale-monitor'@'maxscalehost';

┌───────────────────┬──────────────┬──────┬─────────────┬─────────────────┬──────┐
│ Server            │ Address      │ Port │ Connections │ State           │ GTID │
├───────────────────┼──────────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@Xpand:node-7    │ 10.2.224.102 │ 3306 │ 0           │ Master, Running │      │
├───────────────────┼──────────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@Xpand:node-8    │ 10.2.224.103 │ 3306 │ 0           │ Master, Running │      │
├───────────────────┼──────────────┼──────┼─────────────┼─────────────────┼──────┤
│ @@Xpand:node-6    │ 10.2.224.101 │ 3306 │ 0           │ Master, Running │      │
├───────────────────┼──────────────┼──────┼─────────────┼─────────────────┼──────┤
│ Bootstrap-1       │ 10.2.224.101 │ 3306 │ 0           │ Master, Running │      │
└───────────────────┴──────────────┴──────┴─────────────┴─────────────────┴──────┘

CREATE USER 'maxscale-service'@'maxscalehost' IDENTIFIED BY 'maxscale-service-password';
GRANT SELECT ON system.users TO 'maxscale-service'@'maxscalehost';
GRANT SELECT ON system.user_acl TO 'maxscale-service'@'maxscalehost';

MaxScale 22.08 Query Log All Filter

Query Log All Filter

Overview

The Query Log All (QLA) filter logs query content. Logs are written to a file in CSV format. Log elements are configurable and include the time submitted and the SQL statement text, among others.

Configuration

A minimal configuration is below.

Log Rotation

The qlafilter logs can be rotated by executing the maxctrl rotate logs command. This will cause the log files to be reopened when the next message is written to the file. This applies to both unified and session type logging.

Filter Parameters

The QLA filter has one mandatory parameter, filebase, and a number of optional parameters. These were introduced in the 1.0 release of MariaDB MaxScale.

`filebase`

Type: string
Mandatory: Yes
Dynamic: No

The basename of the output file created for each session. A session index is added to the filename for each written session file. For unified log files,.unified is appended.

`match`

Type:
Mandatory: No
Dynamic: Yes
Default: None

Include queries that match the regex.

`exclude`

Type:
Mandatory: No
Dynamic: Yes
Default: None

Exclude queries that match the regex.

`options`

Type:
Mandatory: No
Dynamic: Yes
Values: case, ignorecase, extended

The extended option enables PCRE2 extended regular expressions.

`user`

Type: string
Mandatory: No
Dynamic: Yes
Default: ""

Limit logging to sessions with this user.

`source`

Type: string
Mandatory: No
Dynamic: Yes
Default: ""

Limit logging to sessions with this client source address.

`log_type`

Type:
Mandatory: No
Dynamic: Yes
Values: session, unified, stdout

The type of log file to use.

Value

Description

`log_data`

Type:
Mandatory: No
Dynamic: Yes
Values: service, session, date

Type of data to log in the log files.

Value

Description

The durations reply_time and total_reply_time are by default in milliseconds, but can be specified to another unit using duration_unit.

The log entry is written when the last reply from the server is received. Prior to version 6.2 the entry was written when the query was received from the client, or if reply_time was specified, on first reply from the server.

NOTE The error_msg is the raw message from the server. Even if use_canonical_form is set the error message may contain user defined constants. For example:

`duration_unit`

Type: string
Mandatory: No
Dynamic: Yes
Default: milliseconds

The unit for logging a duration. The unit can be milliseconds or microseconds. The abbreviations ms for milliseconds and us for microseconds are also valid. This option is available as of MaxScale version 6.2.

`use_canonical_form`

Type:
Mandatory: No
Dynamic: Yes
Default: false

When this option is true the canonical form of the query is logged. In the canonical form all user defined constants are replaced with question marks. This option is available as of MaxScale version 6.2.

`flush`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Flush log files after every write.

`append`

Type:
Mandatory: No
Dynamic: Yes
Default: true

`separator`

Type: string
Mandatory: No
Dynamic: Yes
Default: ","

Defines the separator string between elements of log entries. The value should be enclosed in quotes.

`newline_replacement`

Type: string
Mandatory: No
Dynamic: Yes
Default: " "

Default value is " " (one space). SQL-queries may include line breaks, which, if printed directly to the log, may break automatic parsing. This parameter defines what should be written in the place of a newline sequence (\r, \n or \r\n). If this is set as the empty string, then newlines are not replaced and printed as is to the output. The value should be enclosed in quotes.

Examples

Example 1 - Query without primary key

Imagine you have observed an issue with a particular table and you want to determine if there are queries that are accessing that table but not using the primary key of the table. Let's assume the table name is PRODUCTS and the primary key is called PRODUCT_ID. Add a filter with the following definition:

The result of using this filter with the service used by the application would be a log file of all select queries querying PRODUCTS without using the PRODUCT_ID primary key in the predicates of the query. Executing SELECT * FROM PRODUCTS would log the following into /var/logs/qla/SelectProducts:

CC BY-SA / Gnu FDL

MaxScale 22.08 SQL Resource

SQL Resource

The SQL resource represents a database connection.

SQL Connection Interface

The following endpoints provide a simple REST API interface for executing SQL queries on servers and services in MaxScale.

This document uses the :id value in the URL to represent a connection ID and the :query_id to represent a query ID. These values do not need to be manually added as the relevant links are returned in the request body of each endpoint.

The endpoints use JSON Web Tokens to uniquely identify open SQL connections. A connection token can be acquired with a POST /v1/sql request and can be used with the POST /v1/sql/:id/query, GET /v1/sql/:id/results/:query_id andDELETE /v1/sql endpoints. All of these endpoints accept a connection token in the token parameter of the request:

In addition to request parameters, the token can be stored in cookies in which case they are automatically used by the REST API. For more information about token storage in cookies, see the documentation for POST /v1/sql.

Request Parameters

All of the endpoints that operate on a single connection support the following request parameters. The GET /v1/sql and GET /v1/sql/:id endpoints are an exception as they ignore the current connection token.

token
The connection token to use for the request. If provided, the value is unconditionally used even if a cookie with a valid token exists.

Get one SQL connection

Response

Response contains the requested resource.

Status: 200 OK

Get all SQL connections

Response

Response contains a resource collection with all the open SQL connections.

Status: 200 OK

Open SQL connection to server

The request body must be a JSON object consisting of the following fields:

target
The object in MaxScale to connect to. This is a mandatory value and the given value must be the name of a valid server, service or listener in MaxScale.
user
The username to use when creating the connection. This is a mandatory value.

Here is an example request body:

The response will contain the new connection with the token stored atmeta.token. If the request uses the persist=yes request parameter, the token is stored in cookies instead of the metadata object and the response body will not contain the token.

The location of the newly created connection will be stored at links.self in the response body as well as in the Location header.

The token must be given to all subsequent requests that use the connection. It must be either given in the token parameter of a request or it must be stored in the cookies. If both a token parameter and a cookie exist at the same time, the token parameter will be used instead of the cookie.

Request Parameters

This endpoint supports the following request parameters.

persist
Store the connection token in cookies instead of returning it as the response body. This parameter expects only one value, yes, as its argument. Whenpersist=yes is set, the token is stored in the conn_id_sig_<id> cookie where the <id> part is replaced by the ID of the connection.

Response

Connection was opened:

The request body must be a JSON object with the value of the sql field set to the SQL to be executed:

The request body must be a JSON object consisting of the following fields:

sql
The SQL to be executed. If the SQL contain multiple statements, multiple results are returned in the response body.
max_rows
The maximum number of rows returned in the response. By default this is 1000 rows. Setting the value to 0 means no limit. Any extra rows in the result will be discarded.

By default, the complete result is returned in the response body. If the SQL query returns more than one result, the results array will contain all the results.

The results array can have three types of objects: resultsets, errors, and OK responses.

A resultset consists of the data field with the result data stored as a two dimensional array. The names of the fields are stored in an array in thefields field. These types of results will be returned for any operation that returns rows (i.e. SELECT statements)

An error consists of an object with the errno field set to the MariaDB error code, the message field set to the human-readable error message and thesqlstate field set to the current SQLSTATE of the connection.

An OK response is returned for any result that completes successfully but not return rows (e.g. an INSERT or UPDATE statement). The affected_rows field contains the number of rows affected by the operation, thelast_insert_id contains the auto-generated ID and the warnings field contains the number of warnings raised by the operation.

It is also possible for the fields of the error response to be present in the resultset response if the result ended with an error but still generated some data. Usually this happens when query execution is interrupted but a partial result was generated by the server.

Response

Query successfully executed:

Status: 201 Created

Invalid payload or missing connection token:

Status: 400 Bad Request

Fatal connection error:

Status: 503 Service Unavailable

If the API returns this response, the connection to the database server was lost. The only valid action to take at this point is to close it with theDELETE /v1/sql/:id endpoint.

CC BY-SA / Gnu FDL

MaxScale 22.08 Using MaxGUI Tutorial

Using MaxGUI Tutorial

Introduction

This tutorial is an overview of what the MaxGUI offers as an alternative solution to .

Dashboard

Annotation

. i.e. Service, Server, Monitor, Filter, and Listener (Clicking on it will navigate to its detail page)
Create a new MaxScale object.
Dashboard Tab Navigation.
Search Input. This can be used as a quick way to search for a keyword in tables.

SESSIONS graph illustrates the total number of current sessions.
CONNECTIONS graph shows servers current connections.
LOAD graph shows the last second load of thread.

Logout of the app.
Sidebar navigation menu. Access to the following pages: Dashboard, Visualization, Settings, Logs Archive, Query Editor

Create a new MaxScale object

Clicking on the Create New button (Annotation 2) to open a dialog for creating a new object.

View Replication Status

The replication status of a server monitored by can be viewed by mousing over the server name. A tooltip will be displayed with the following information: replication_state, seconds_behind_master, slave_io_running, slave_sql_running.

Detail

This page shows information on each MaxScale object and allow to edit its parameter, relationships and perform other manipulation operations. Most of the control buttons will be shown on the mouseover event. Below is a screenshot of a Monitor Detail page, other Detail pages also have a similar layout structure so this is used for illustration purpose.

Annotation

Settings option. Clicking on the gear icon will show icons allowing to do different operations depending on the type of the Detail page.

Monitor Detail page, there are icons to Stop, Start, and Destroy monitor.
Service Detail page, there are icons to Stop, Start, and Destroy service.
Server Detail page, there are icons to Set maintenance mode, Clear server state, Drain and Delete server.
Filter and Listener Detail page, there is a delete icon to delete the object.

Switchover button. This button is shown on the mouseover event allowing to swap the running primary server with a designated secondary server.
Edit parameters button. This button is shown on the mouseover event allowing to edit the MaxScale object's parameter. Clicking on it will enable editable mode on the table. After finishing editing the parameters, simply click the Done Editing button.
A Detail page has tables showing "Relationship" between other MaxScale object. This "unlink" icon is shown on the mouseover event allowing to remove the relationship between two objects.
This button is used to link other MaxScale objects to the relationship.

Visualization

This page visualizes MaxScale configuration and clusters.

Configuration

This page visualizes MaxScale configuration as shown in the figure below.

Annotation

A MaxScale object (a node graph). The position of the node in the graph can be changed by dragging and dropping it.
Anchor link. The detail page of each MaxScale object can be accessed by clicking on the name of the node.
Filter visualization button. By default, if the number of filters used by a service is larger than 3, filter nodes aren't visualized as shown in the figure. Clicking this button will visualize them.
Hide filter visualization button.

Clusters

This page shows all monitor clusters using module in a card-like view. Clicking on the card will visualize the cluster into a tree graph as shown in the figure below.

Annotation

Drag a secondary server on top of a primary server to promote the secondary server as the new primary server.
Server manipulation operations button. Showing a dropdown with the following operations:

Set maintenance mode: Setting a server to a maintenance mode.
Clear server state: Clear current server state.
Drain server: Drain the server of connections.

Quick access to query editor button. Opening the Query Editor page for this server. If the connection is already created for that server, it'll use it. Otherwise, it creates a blank worksheet and shows a connection dialog to connect to that server.
Carousel navigation button. Viewing more information about the server in the next slide.
Collapse the carousel.
Anchor link of the server. Opening the detail page of the server in a new tab.

Stop monitor.
Start monitor.
Reset Replication.
Release Locks.

Refresh rate dropdown. The frequency with which the data is refreshed.
Create a new MaxScale object button.

Settings

This page shows and allows editing of MaxScale parameters.

Annotation

Edit parameters button. This button is shown on the mouseover event allowing to edit the MaxScale parameter. Clicking on it will enable editable mode on the table..
Editable parameters are visible as it's illustrated in the screenshot.
After finishing editing the parameters, simply click the Done Editing button.

Logs Archive

This page show real-time MaxScale logs with filter options.

Annotation

Filter by dropdown. All logs types are selected to be shown by default
Uncheck the box to disable showing a particular log type.

Query Editor

A SQL editor tool to run queries and perform other SQL operations.

Annotation

Worksheet tab navigation. Each worksheet is bound to a connection, so sessions querying within a worksheet is not yet supported.
Add a new worksheet button.
Connection manager dropdown. With this dropdown, you can create a new connection or change the connection for the current active worksheet. A new connection can be created by selecting the last option in the dropdown labeled as New connection. Once a connection is created, it automatically binds the connection to the current active worksheet.

Each object has its own context menu providing different options. e.g. For the table object as shown in the figure above, it has options toPreview Data (top 1000) and View Details. The query result for these options is shown in the Data Preview result tab which is annotated as number 12. The context menu can be shown by right-clicking on the object or clicking on the three dots icon placed on the right side of the object.
Quick access to the Preview Data (top 1000) context menu option. For a table object, its preview data can also be seen by clicking on its name.

Refresh schema objects button. After deleting or creating schema object, theSchemas sidebar needs to be manually refreshed.
Collapse the Schemas sidebar button.
SQL editor. The editor is powered by which means its functionalities are similar to VS code. Available commands can be seen by pressing F1 while the cursor is active on the editor. This is an intention to prevent conflict between the browser's shortcut keys and the SQL editor's. This also means the editor shortcut key commands are valid only when the cursor is active on the SQL editor with an exception for the

How to kill a session

A session can be killed easily on the "Current Sessions" table which can be found on the , Server detail, and Service detail page.

Annotation

Kill session button. This button is shown on the mouseover event.
Confirm killing the session dialog.

CC BY-SA / Gnu FDL

-bash-4.1$ cat /var/logs/top/Employees-top-10.137

Top 10 longest running queries in session.

==========================================

Time (sec) | Query

-----------+-----------------------------------------------------------------

    22.985 |  select sum(salary), year(from_date) from salaries s, (select distinct year(from_date) as y1 from salaries) y where (makedate(y.y1, 1) between s.from_date and s.to_date) group by y.y1

     5.304 |  select d.dept_name as "Department", y.y1 as "Year", count(*) as "Count" from departments d, dept_emp de, (select distinct year(from_date) as y1 from dept_emp order by 1) y where d.dept_no = de.dept_no and (makedate(y.y1, 1) between de.from_date and de.to_date) group by y.y1, d.dept_name order by 1, 2

     2.896 |  select year(now()) - year(birth_date) as age, gender, avg(salary) as "Average Salary" from employees e, salaries s where e.emp_no = s.emp_no and ("1988-08-01"  between from_date AND to_date) group by year(now()) - year(birth_date), gender order by 1,2

     2.160 |  select dept_name as "Department", sum(salary) / 12 as "Salary Bill" from employees e, departments d, dept_emp de, salaries s where e.emp_no = de.emp_no and de.dept_no = d.dept_no and ("1988-08-01"  between de.from_date AND de.to_date) and ("1988-08-01"  between s.from_date AND s.to_date) and s.emp_no = e.emp_no group by dept_name order by 1

     0.845 |  select dept_name as "Department", avg(year(now()) - year(birth_date)) as "Average Age", gender from employees e, departments d, dept_emp de where e.emp_no = de.emp_no and de.dept_no = d.dept_no and ("1988-08-01"  between from_date AND to_date) group by dept_name, gender

     0.668 |  select year(hire_date) as "Hired", d.dept_name, count(*) as "Count" from employees e, departments d, dept_emp de where de.emp_no = e.emp_no and de.dept_no = d.dept_no group by d.dept_name, year(hire_date)

     0.249 |  select moves.n_depts As "No. of Departments", count(moves.emp_no) as "No. of Employees" from (select de1.emp_no as emp_no, count(de1.emp_no) as n_depts from dept_emp de1 group by de1.emp_no) as moves group by moves.n_depts order by 1

     0.245 |  select year(now()) - year(birth_date) as age, gender, count(*) as "Count" from employees group by year(now()) - year(birth_date), gender order by 1,2

     0.179 |  select year(hire_date) as "Hired", count(*) as "Count" from employees group by year(hire_date)

     0.160 |  select year(hire_date) - year(birth_date) as "Age", count(*) as Count from employees group by year(hire_date) - year(birth_date) order by 1

-----------+-----------------------------------------------------------------

Session started Wed Jun 18 18:41:03 2014

Connection from 127.0.0.1

Username        massi

Total of 24 statements executed.

Total statement execution time      35.701 seconds

Average statement execution time     1.488 seconds

Total connection time               46.500 seconds

-bash-4.1$

CREATE USER 'maxscale'@'%' IDENTIFIED BY 'maxscale_pw';
GRANT SELECT ON mysql.user TO 'maxscale'@'%';
GRANT SELECT ON mysql.db TO 'maxscale'@'%';
GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'%';
GRANT SELECT ON mysql.columns_priv TO 'maxscale'@'%';
GRANT SELECT ON mysql.procs_priv TO 'maxscale'@'%';
GRANT SELECT ON mysql.proxies_priv TO 'maxscale'@'%';
GRANT SELECT ON mysql.roles_mapping TO 'maxscale'@'%';
GRANT SHOW DATABASES ON *.* TO 'maxscale'@'%';

MariaDB [(none)]> SHOW GRANTS FOR 'jdoe'@'client-host';
+-----------------------------------------------------------------------+
| Grants for jdoe@client-host                                           |
+-----------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'jdoe'@'client-host'   |
+-----------------------------------------------------------------------+
1 row in set (0.01 sec)

% sudo maxctrl list services

┌──────────────────┬────────────────┬─────────────┬───────────────────┬───────────────────────────┐
│ Service          │ Router         │ Connections │ Total Connections │ Servers                   │
├──────────────────┼────────────────┼─────────────┼───────────────────┼───────────────────────────┤
│ Splitter-Service │ readwritesplit │ 1           │ 1                 │ dbserv1, dbserv2, dbserv3 │
└──────────────────┴────────────────┴─────────────┴───────────────────┴───────────────────────────┘

% sudo maxctrl list servers

┌─────────┬─────────────┬──────┬─────────────┬─────────────────┬───────────┐
│ Server  │ Address     │ Port │ Connections │ State           │ GTID      │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼───────────┤
│ dbserv1 │ 192.168.2.1 │ 3306 │ 0           │ Master, Running │ 0-3000-62 │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼───────────┤
│ dbserv2 │ 192.168.2.2 │ 3306 │ 0           │ Slave, Running  │ 0-3000-62 │
├─────────┼─────────────┼──────┼─────────────┼─────────────────┼───────────┤
│ dbserv3 │ 192.168.2.3 │ 3306 │ 0           │ Slave, Running  │ 0-3000-62 │
└─────────┴─────────────┴──────┴─────────────┴─────────────────┴───────────┘

% sudo maxctrl list listeners Splitter-Service

┌───────────────────┬──────┬──────┬─────────┐
│ Name              │ Port │ Host │ State   │
├───────────────────┼──────┼──────┼─────────┤
│ Splitter-Listener │ 3306 │      │ Running │
└───────────────────┴──────┴──────┴─────────┘

Master failover. Manually performing a master failover. This option is visible only when the auto_failover parameter is disabled.

Active database dropdown. Right-click on the database name and clickUse database option to quickly change the default (current) database

Run all statements

Run selected statements

Save statements to favorite

max-age

{
    "data": {
        "id": "5",
        "links": {
            "related": "http://localhost:8989/v1/sql/5/queries/",
            "self": "http://localhost:8989/v1/sql/5/"
        },
        "type": "sql"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/5/"
    },
    "meta": {
        "token": "eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiI1IiwiZXhwIjoxNjIwMjM1Mzc3LCJpYXQiOjE2MjAyMDY1NzcsImlzcyI6Im14cy1xdWVyeSJ9.2CJ8DsEPbGlvs2DrBUC6FJA64VMSU8kbX1U4FSu2-OY"
    }
}

{
    "data": [
        {
            "id": "10",
            "links": {
                "related": "http://localhost:8989/v1/sql/10/queries/",
                "self": "http://localhost:8989/v1/sql/10/"
            },
            "type": "sql"
        },
        {
            "id": "11",
            "links": {
                "related": "http://localhost:8989/v1/sql/11/queries/",
                "self": "http://localhost:8989/v1/sql/11/"
            },
            "type": "sql"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/sql/"
    }
}

{
    "data": {
        "id": "5",
        "attributes": {
            "thread_id": 12,
            "seconds_idle": 5
        }
        "links": {
                 // The "related" endpoint is the URL to the query endpoint for this connection.
            "related": "http://localhost:8989/v1/sql/5/queries/",
            "self": "http://localhost:8989/v1/sql/5/"
        },
        "type": "sql"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/5/"
    },
    "meta": {
        "token": "eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiI1IiwiZXhwIjoxNjIwMjM1Mzc3LCJpYXQiOjE2MjAyMDY1NzcsImlzcyI6Im14cy1xdWVyeSJ9.2CJ8DsEPbGlvs2DrBUC6FJA64VMSU8kbX1U4FSu2-OY"
    }
}

{
    "data": {
        "attributes": {
            "results": [
                {
                    "data": [
                        [
                            1
                        ],
                        [
                            2
                        ],
                        [
                            3
                        ]
                    ],
                    "fields": [
                        "id"
                    ]
                }
            ],
            "sql": "select * from t1"
        },
        "id": "9-1",
        "type": "queries"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/9/queries/9-1/"
    }
}

{
    "data": {
        "attributes": {
            "results": [
                {
                    "errno": 1064,
                    "message": "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'table t1' at line 1",
                    "sqlstate": "42000"
                }
            ],
            "sql": "select syntax_error from table t1"
        },
        "id": "4-1",
        "type": "queries"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/4/queries/4-1/"
    }
}

{
    "data": {
        "attributes": {
            "results": [
                {
                    "affected_rows": 0,
                    "last_insert_id": 0,
                    "warnings": 0
                }
            ],
            "sql": "drop table t1"
        },
        "id": "6-1",
        "type": "queries"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/6/queries/6-1/"
    }
}

{
    "data": {
        "attributes": {
            "results": [
                {
                    "affected_rows": 0,
                    "last_insert_id": 0,
                    "warnings": 0
                }
            ],
            "sql": "drop table t1"
        },
        "id": "6-1",
        "type": "queries"
    },
    "links": {
        "self": "http://localhost:8989/v1/sql/6/queries/6-1/"
    }
}

CREATE USER 'maxscale'@'maxscalehost' IDENTIFIED BY 'maxscale-password';
GRANT SELECT ON system.membership TO 'maxscale'@'maxscalehost';
GRANT SELECT ON system.nodeinfo TO 'maxscale'@'maxscalehost';
GRANT SELECT ON system.softfailed_nodes TO 'maxscale'@'maxscalehost';

[TheXpandMonitor]
type=monitor
module=xpandmon
servers=server1,server2,server3
user=myuser
password=mypwd

[MyService]
type=service
router=readconnroute
cluster=TheXpandMonitor
user=myuser
password=mypwd

user

reply_time

total_reply_time

query

default_db

num_rows

reply_size

transaction

transaction_time

num_warnings

error_msg

Cross-database queries (e.g. SELECT column FROM database1.table UNION select column FROM database2.table) are not properly supported. Such queries are routed either to the first explicit database in the query, the current database in use or to the first available database, depending on which succeeds.
Without a default database, queries that do not use fully qualified table names and which do not modify the session state (e.g. SELECT * FROM t1) will be routed to the first available server. This includes queries such as explicit transaction commands (BEGIN, COMMIT, ROLLBACK), all non-table CREATE commands (CREATE DATABASE, CREATE SEQUENCE) as well as any SELECT statements that do not directly refer to a table. CREATE commands should be done directly on the node or the router should be equipped with the hint filter and a routing hint should be used. Queries that modify the session state (e.g. SET autocommit=1) will be routed to all servers regardless of the default database. For explicit transactions, the recommended way is to use SET autocommit=0 to start a transaction and SET autocommit=1 to commit it, otherwise routing hints are required to correctly route the transaction control commands. changed the routing of transaction control commands to route them to all servers used by the schemarouter.
SELECT queries that modify session variables are not supported because uniform results can not be guaranteed. If such a query is executed, the behavior of the router is undefined. To work around this limitation, the query must be executed in separate parts.
If a query targets a database the SchemaRouter has not mapped to a server, the query will be routed to the first available server. This possibly returns an error about database rights instead of a missing database.
Prepared statement support is limited. PREPARE, EXECUTE and DEALLOCATE are routed to the correct backend if the statement is known and only requires one backend server. EXECUTE IMMEADIATE is not supported and is routed to the first available backend and may give wrong results. Similarly, preparing a statement from a variable (e.g. PREPARE stmt FROM @a) is not supported and may be routed wrong.
SHOW DATABASES is handled by the router instead of routed to a server. The router only answers correctly to the basic version of the query. Any modifiers such as LIKE are ignored. Starting with MaxScale 22.08, the database names will always be in lowercase.
SHOW TABLES is routed to the server with the current database. If using table-level sharding, the results will be incomplete. Similarly, SHOW TABLES FROM db1 is routed to the server with database db1, ignoring table sharding. Use SHOW SHARDS to get results from the router itself. Starting with MaxScale 22.08, the database names will always be in lowercase.
USE db1 is routed to the server with db1. If the database is divided to multiple servers, only one server will get the command.

MaxScale 22.08 Binlogrouter 2.4

Binlogrouter 2.4

NOTE This is the documentation for the binlogrouter in MaxScale 2.4 and is only provided for reference. The documentation for the binlogrouter in MaxScale 2.5 is provided here.

Introduction

The binlogrouter is a replication protocol proxy module for MariaDB MaxScale. This module allows MariaDB MaxScale to connect to a master server and retrieve binary logs while slave servers can connect to MariaDB MaxScale like they would connect to a normal master server. If the master server goes down, the slave servers can still connect to MariaDB MaxScale and read binary logs. You can switch to a new master server without the slaves noticing that the actual master server has changed. This allows for a more highly available replication setup where replication is high-priority.

Configuration

Mandatory Router Parameters

The binlogrouter requires the user and password parameters. These should be configured according to the .

In addition to these two parameters, the server_id and binlogdir parameters needs to be defined.

Router Parameters

The binlogrouter accepts the following parameters.

Note: Earlier versions of MaxScale supported the configuration of the binlogrouter only via router_options (a the comma-separated list of key-value pairs). As of MaxScale 2.1, all of the router options should be defined as parameters. The values defined in router_options will have priority over the parameters to support legacy configurations. The use of router_options is deprecated.

binlogdir

This parameter controls the location where MariaDB MaxScale stores the binary log files. This is a mandatory parameter.

The binlogdir also contains the cache subdirectory which stores data retrieved from the master during the slave registration phase. The master.ini file also resides in the binlogdir. This file keeps track of the current master configuration and it is updated when a CHANGE MASTER TO query is executed.

From 2.1 onwards, the 'cache' directory is stored in the same location as other user credential caches. This means that with the default options, the user credential cache is stored in/var/cache/maxscale/<Service Name>/<Listener Name>/cache/.

Read the documentation for instructions on how to define a custom location for the user cache.

server_id

MariaDB MaxScale must have a unique server_id. This parameter configures the value of the server_id that MariaDB MaxScale will use when connecting to the master. This is a mandatory parameter.

Older versions of MaxScale allowed the ID to be specified using server-id. This has been deprecated and will be removed in a future release of MariaDB MaxScale.

master_id

The server_id value that MariaDB MaxScale should use to report to the slaves that connect to MariaDB MaxScale.

This may either be the same as the server id of the real master or can be chosen to be different if the slaves need to be aware of the proxy layer. The real master server ID will be used if the option is not set.

Older versions of MaxScale allowed the ID to be specified using master-id. This has been deprecated and will be removed in a future release of MariaDB MaxScale.

uuid

This is used to set the unique UUID that the binlog router uses when it connects to the master server. By default the UUID will be generated.

master_uuid

It is a requirement of replication that each server has a unique UUID value. If this option is not set, binlogrouter will identify itself to the slaves using the UUID of the real master.

master_version

By default, the router will identify itself to the slaves using the server version of the real master. This option allows the router to use a custom version string.

master_hostname

By default, the router will identify itself to the slaves using the hostname of the real master. This option allows the router to use a custom hostname.

slave_hostname

Since MaxScale 2.1.6 the router can optionally identify itself to the master using a custom hostname. The specified hostname can be seen in the master viaSHOW SLAVE HOSTS command. The default is not to send any hostname string during registration.

user

Note: This is option can only be given to the router_options parameter. Use the user parameter of the service instead.

This is the user name that MariaDB MaxScale uses when it connects to the master. This user name must have the rights required for replication as with any other user that a slave uses for replication purposes. If the user parameter is not given in the router options then the same user as is used to retrieve the credential information will be used for the replication connection, i.e. the user in the service entry.

This user is the only one available for MySQL connection to MaxScale Binlog Server for administration when master connection is not done yet.

In MaxScale 2.1, the service user injection is done by the MySQLAuth authenticator module. Read the documentation for more details.

The user that is used for replication must be granted replication privileges on the database server.

password

Note: This is option can only be given to the router_options parameter. Use the password parameter of the service instead.

The password for the user. If the password is not explicitly given then the password in the service entry will be used. For compatibility with other username and password definitions within the MariaDB MaxScale configuration file it is also possible to use the parameter passwd.

heartbeat

This defines the value of the heartbeat interval for the connection to the master. The duration can be specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the parameter is seconds, a value specified in milliseconds will be rejected, even if the duration is longer than a second. The default value for the heartbeat period is every 5 minutes.

MariaDB MaxScale requests the master to ensure that a binlog event is sent at least every heartbeat period. If there are no real binlog events to send the master will sent a special heartbeat event. The current interval value is reported in the diagnostic output.

burstsize

This parameter is used to define the maximum amount of data that will be sent to a slave by MariaDB MaxScale when that slave is lagging behind the master. The default value is 1M.

The burst size can be provided as specified , except that IEC binary prefixes can be used as suffixes only from MaxScale 2.1 onwards. MaxScale 2.0 and earlier only support burstsize defined in bytes.

In this situation the slave is said to be in "catchup mode", this parameter is designed to both prevent flooding of that slave and also to prevent threads within MariaDB MaxScale spending disproportionate amounts of time with slaves that are lagging behind the master.

mariadb10-compatibility

This parameter allows binlogrouter to replicate from a MariaDB 10.0 master server: this parameter is enabled by default since MaxScale 2.2.0. In earlier versions the parameter was disabled by default.

Additionally, since MaxScale 2.2.1, MariaDB 10.x slave servers can connect to binlog server using GTID value instead of binlog name and position.

Example of a MariaDB 10.x slave connection to MaxScale

Note:

Slave servers can connect either with file and pos or GTID.
MaxScale saves all the incoming MariaDB GTIDs (DDLs and DMLs) in a sqlite3 database located in binlogdir (gtid_maps.db). When a slave server connects with a GTID request a lookup is made for the value match and following binlog events will be sent.

transaction_safety

This parameter is used to enable/disable incomplete transactions detection in binlog router. The default value is off.

When MariaDB MaxScale starts an error message may appear if current binlog file is corrupted or an incomplete transaction is found. During normal operations binlog events are not distributed to the slaves until a COMMIT is seen. Set transaction_safety=on to enable detection of incomplete transactions.

send_slave_heartbeat

This defines whether MariaDB MaxScale sends the heartbeat packet to the slave when there are no real binlog events to send. This parameter takes a boolean value and the default value is false. This means that no heartbeat events are sent to slave servers.

If value is set to true the interval value (requested by the slave during registration) is reported in the diagnostic output and the packet is send after the time interval without any event to send.

semisync

This parameter controls whether binlog server could ask Master server to start the Semi-Synchronous replication. This parameter takes a boolean value and the default value is false.

In order to get semi-sync working, the Master server must have the_rpl_semi_sync_master_ plugin installed. The availability of the plugin and the value of the GLOBAL VARIABLE rpl_semi_sync_master_enabled are checked in the Master registration phase: if the plugin is installed in the Master database, the binlog server subsequently requests the semi-sync option.

Note:

the network replication stream from Master has two additional bytes before each binlog event.
the Semi-Sync protocol requires an acknowledge packet to be sent back to Master only when requested: the semi-sync flag will have value of 1. This flag is set only if rpl_semi_sync_master_enabled=1 is set in the Master, otherwise it will always have value of 0 and no ack packet is sent back.

Please note that semi-sync replication is only related to binlog server to Master communication.

ssl_cert_verification_depth

This parameter sets the maximum length of the certificate authority chain that will be accepted. Legal values are positive integers. This applies to SSL connection to master server that could be acivated either by writing options in master.ini or later via a CHANGE MASTER TO command. This parameter cannot be modified at runtime. The default verification depth is 9.

encrypt_binlog

Whether to encrypt binlog files: the default is off.

When set to on the binlog files will be encrypted using specified AES algorithm and the KEY in the specified key file.

Note: binlog encryption must be used while replicating from a MariaDB 10.1 server and serving data to MariaDB 10.x slaves. In order to use binlog encryption the master server MariaDB 10.1 must have encryption active (encrypt-binlog=1 in my.cnf). This is required because both master and maxscale must store encrypted data for a working scenario for Secure data-at-rest. Additionally, as long as Master server doesn't send the StartEncryption event (which contains encryption setup information for the binlog file), there is a position gap between end of FormatDescription event pos and next event start pos. The StartEncryption event size is 36 or 40 (depending on CRC32 being used), so the gap has that size.

MaxScale binlog server adds its own StartEncryption to binlog files consequently the binlog events positions in binlog file are the same as in the master binlog file and there is no position mismatch.

encryption_algorithm

The encryption algorithm, either 'aes_ctr' or 'aes_cbc'. The default is 'aes_cbc'

encryption_key_file

The specified key file must contains lines with following format:

id;HEX(KEY)

Id is the scheme identifier, which must have the value 1 for binlog encryption , the ';' is a separator and HEX(KEY) contains the hex representation of the KEY. The KEY must have exact 16, 24 or 32 bytes size and the selected algorithm (aes_ctr or aes_cbc) with 128, 192 or 256 ciphers will be used.

Note: the key file has the same format as MariaDB 10.1 server so it's possible to use an existing key file (not encrypted) which could contain severalscheme;key values: only key id with value 1 will be parsed, and if not found an error will be reported.

Example key file with multiple keys:

mariadb10_master_gtid

This option allows MaxScale binlog router to register with MariaDB 10.X master using GTID instead of binlog_file name and position in CHANGE MASTER TO admin command. This feature is disabled by default.

The user can set a known GTID or an empty value (in this case the Master server will send events from it's first available binlog file).

Example of MaxScale connection to a MariaDB 10.X Master

If using GTID request then it's no longer possible to use MASTER_LOG_FILE and MASTER_LOG_POS in CHANGE MASTER TO command: an error will be reported.

If this feature is enabled, the transaction_safety option will be automatically enabled. The binlog files will also be stored in a hierarchical directory tree instead of a single directory.

Note:

When the option is On, the connecting slaves can only use GTID request: specifying file and pos will end up in an error sent by MaxScale and replication cannot start.
The GTID request could cause the writing of events in any position of the binlog file, whose name has been sent by the master server before any event. In order to avoid holes in the binlog files, MaxScale will fill all gaps in the binlog files with ignorable events.
It's not possible to specify the GTID _domain_id: the master one is being used for all operations. All slave servers must use the same replication domain as the master server.

master_retry_count

This option sets the maximum number of connection retries when the master server is disconnected or not reachable. Default value is 1000.

connect_retry

The option sets the time interval for a new connection retry to master server. The duration can be specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the parameter is seconds, a value specified in milliseconds will be rejected, even if the duration is longer than a second. The default value is 60 seconds.

A complete example of a service entry for a binlog router service would be as follows.

Using secondary masters

From MaxScale 2.3 onwards it is possible to specify secondary masters that the binlog router can use in case the connection to the default master fails.

Note: This is only supported in a Galera Cluster environment in which:

Wsrep GTID mode is enabled in the cluster.
All of the requirements for wsrep GTID mode are met by the cluster.

Wsrep GTID mode is also imperfect, so this secondary master functionality is only guaranteed to work if GTIDs have not become inconsistent within the cluster.

See for more information.

The initial setup is performed exactly like when there is but one default master.

After the setup of the default master, secondary masters can be configured as follows:

That is, a connection name must be provided and the name must be of the format :N where N is a positive integer. If several secondary masters are specified, they must be numbered consecutively, starting from 2.

All settings that are not explicitly specified are copied from the default master. That is, the following is equivalent with the command above:

If a particular master configuration exists already, then any specified definitions will be changed and unspecified ones will remain unchanged. For instance, the following command would only change the password of :2.

It is not possible to delete a particular secondary master, but ifMASTER_HOST is set on the default master, even if it is set to the same value, then all secondary master configurations are deleted.

When START SLAVE is issued, MaxScale will first attempt to connect to the default master and if that fails, try the secondary masters in order, until a connection can be created. Only if all connection attempts fail, will MaxScale wait as specified with connect_retry, before doing the cycle over again.

Once the binlog router has successfully connected to a server, it will stay connected to that server until the connection breaks or STOP SLAVE is issued.

The configurations of the secondary masters are also stored to themaster.ini in sections whose name include the connection name.

CC BY-SA / Gnu FDL

MariaDB [test]> select secret from T where x password="clear text pwd";
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the right syntax to
use near 'password="clear text pwd"' at line 1

[ProductsSelectLogger]
type=filter
module=qlafilter
match=SELECT.*from.*PRODUCTS .*
exclude=WHERE.*PRODUCT_ID.*
filebase=/var/logs/qla/SelectProducts

[Product-Service]
type=service
router=readconnroute
servers=server1
user=myuser
password=mypasswd
filters=ProductsSelectLogger

MaxScale 22.08 KafkaCDC

KafkaCDC

Overview

The KafkaCDC module reads data changes in MariaDB via replication and converts them into JSON objects that are then streamed to a Kafka broker.

DDL events (CREATE TABLE, ALTER TABLE) are streamed as JSON objects in the following format (example created by CREATE TABLE test.t1(id INT)):

The domain, server_id and sequence fields contain the GTID that this event belongs to. The event_number field is the sequence number of events inside the transaction starting from 1. The timestamp field is the UNIX timestamp when the event occurred. The event_type field contains the type of the event, one of:

insert: the event is the data that was added to MariaDB
delete: the event is the data that was removed from MariaDB
update_before: the event contains the data before an update statement modified it

All remaining fields contains data from the table. In the example event this would be the fields id and data.

The sending of these schema objects is optional and can be disabled usingsend_schema=false.

DML events (INSERT, UPDATE, DELETE) are streamed as JSON objects that follow the format specified in the DDL event. The objects are in the following format (example created by INSERT INTO test.t1 VALUES (1)):

The table_name and table_schema fields were added in MaxScale 2.5.3. These contain the table name and schema the event targets.

The router stores table metadata in the MaxScale data directory. The default value is /var/lib/maxscale/<service name>. If data for a table is replicated before a DDL event for it is replicated, the CREATE TABLE will be queried from the master server.

During shutdown, the Kafka event queue is flushed. This can take up to 60 seconds if the network is slow or there are network problems.

Configuration

In order for kafkacdc to work, the binary logging on the source server must be configured to use row-based replication and the row image must be set to full by configuring binlog_format=ROW and binlog_row_image=FULL.
The servers parameter defines the set of servers where the data is replicated from. The replication will be done from the first master server that is found.
The

Parameters

`bootstrap_servers`

Type: string
Mandatory: Yes
Dynamic: No

The list of Kafka brokers to use in host:port format. Multiple values can be separated with commas. This is a mandatory parameter.

`topic`

Type: string
Mandatory: Yes
Dynamic: No

The Kafka topic where the replicated events will be sent. This is a mandatory parameter.

`enable_idempotence`

Type:
Mandatory: No
Dynamic: No
Default: false

Enable idempotent producer mode. This feature requires Kafka version 0.11 or newer to work and is disabled by default.

When enabled, the Kafka producer enters a strict mode which avoids event duplication due to broker outages or other network errors. In HA scenarios where there are more than two MaxScale instances, event duplication can still happen as there is no synchronization between the MaxScale instances.

The Kafka C library,, describes the parameter as follows:

When set to true, the producer will ensure that messages are successfully produced exactly once and in the original produce order. The following configuration properties are adjusted automatically (if not modified by the user) when idempotence is enabled: max.in.flight.requests.per.connection=5 (must be less than or equal to 5), retries=INT32_MAX (must be greater than 0), acks=all, queuing.strategy=fifo.

`timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

The connection and read timeout for the replication stream.

`gtid`

Type: string
Mandatory: No
Dynamic: No
Default: ""

The initial GTID position from where the replication is started. By default the replication is started from the beginning. The value of this parameter is only used if no previously replicated events with GTID positions can be retrieved from Kafka.

Once the replication has started and a GTID position has been recorded, this parameter will be ignored. To reset the recorded GTID position, delete thecurrent_gtid.txt file located in /var/lib/maxscale/<SERVICE>/ where<SERVICE> is the name of the KafkaCDC service.

`server_id`

Type: number
Mandatory: No
Dynamic: No
Default: 1234

The used when replicating from the master in direct replication mode. The default value is 1234. This parameter was added in MaxScale 2.5.7.

`match`

Type:
Mandatory: No
Dynamic: Yes
Default: ""

Only include data from tables that match this pattern.

For example, if configured with match=accounts[.].*, only data from theaccounts database is sent to Kafka.

The pattern is matched against the combined database and table name separated by a period. This means that the event for the table t1 in the test database would appear as test.t1. The behavior is the same even if the database or the table name contains a period. This means that an event for the test.table table in the my.data database would appear as my.data.test.table.

Here is an example configuration that only sends events for tables from thedb1 database. The accounts and users tables in the db1 database are filtered out using the exclude parameter.

`exclude`

Type:
Mandatory: No
Dynamic: Yes
Default: ""

Exclude data from tables that match this pattern.

For example, if configured with exclude=mydb[.].*, all data from the tables in the mydb database is not sent to Kafka.

The pattern matching works the same way for both of the exclude and match parameters. See for an explanation on how the patterns are matched against the database and table names.

`cooperative_replication`

Type:
Mandatory: No
Dynamic: No
Default: false

Controls whether multiple instances cooperatively replicate from the same cluster. This is a boolean parameter and is disabled by default. It was added in MaxScale 6.0.

When this parameter is enabled and the monitor pointed to by the cluster parameter supports cooperative monitoring (currently only mariadbmon), the replication is only active if the monitor owns the cluster it is monitoring.

Whenever an instance that does not own the cluster gains ownership of the cluster, the replication will continue from the latest GTID that was delivered to Kafka.

This means that multiple MaxScale instances can replicate from the same set of servers and the event is only processed once. This feature does not provide exactly-once semantics for the Kafka event delivery. However, it does provide high-availability for the kafkacdc instances which allows automated failover between multiple MaxScale instances.

`send_schema`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Send JSON schema object into the stream whenever the table schema changes. These events, as described , can be used to detect whenever the format of the data being sent changes.

If this information in these schema change events is not needed or the code that processes the Kafka stream can't handle them, they can be disabled with this parameter.

`read_gtid_from_kafka`

Type:
Mandatory: No
Dynamic: No
Default: true

On startup, the latest GTID is by default read from the Kafka cluster. This makes it possible to recover the replication position stored by another MaxScale. Sometimes this is not desirable and the GTID should only be read from the local file or started anew. Examples of these are when the GTIDs are reset or the replication topology has changed.

`kafka_ssl`

Type:
Mandatory: No
Dynamic: No
Default: false

Enable SSL for Kafka connections. This is a boolean parameter and is disabled by default.

`kafka_ssl_ca`

Type: path
Mandatory: No
Dynamic: No
Default: ""

Path to the certificate authority file in PEM format. If this is not provided, the default system certificates will be used.

`kafka_ssl_cert`

Type: path
Mandatory: No
Dynamic: No
Default: ""

Path to the public certificate in PEM format.

The client must provide a certificate if the Kafka server performs authentication of the client certificates. This feature is enabled by default in Kafka and is controlled by .

If kafka_ssl_cert is provided, kafka_ssl_key must also be provided.

`kafka_ssl_key`

Type: path
Mandatory: No
Dynamic: No
Default: ""

Path to the private key in PEM format.

If kafka_ssl_key is provided, kafka_ssl_cert must also be provided.

`kafka_sasl_user`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Username for SASL authentication.

If kafka_sasl_user is provided, kafka_sasl_password must also be provided.

`kafka_sasl_password`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Password for SASL authentication.

If kafka_sasl_password is provided, kafka_sasl_user must also be provided.

`kafka_sasl_mechanism`

Type:
Mandatory: No
Dynamic: No
Values: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512

The SASL mechanism used. The default value is PLAIN which uses plaintext authentication. It is recommended to enable SSL whenever plaintext authentication is used.

Allowed values are:

PLAIN
SCRAM-SHA-256
SCRAM-SHA-512

The value that should be used depends on the SASL mechanism used by the Kafka broker.

Example Configuration

The following configuration defines the minimal setup for streaming replication events from MariaDB into Kafka as JSON:

Limitations

The KafkaCDC module provides at-least-once semantics for the generated events. This means that each replication event is delivered to kafka at least once but there can be duplicate events in case of failures.

CC BY-SA / Gnu FDL

MariaDB> SET @@global.gtid_slave_pos='0-10122-230';
MariaDB> CHANGE MASTER TO
         MASTER_HOST='192.168.10.8',
         MASTER_PORT=5306,
         MASTER_USE_GTID=Slave_pos;
MariaDB> START SLAVE;

#
# This is the Encryption Key File
# key id 1 is for binlog files encryption: it's mandatory
# The keys come from a 32bytes value, 64 bytes with HEX format
#
2;abcdef1234567890abcdef12345678901234567890abcdefabcdef1234567890
1;5132bbabcde33ffffff12345ffffaaabbbbbbaacccddeee11299000111992aaa
3;bbbbbbbbbaaaaaaabbbbbccccceeeddddd3333333ddddaaaaffffffeeeeecccd

# mysql -h $MAXSCALE_HOST -P $MAXCALE_PORT
MariaDB> SET @@global.gtid_slave_pos='0-198-123';
MariaDB> CHANGE MASTER TO
         MASTER_HOST='192.168.10.5',
         MASTER_PORT=3306,
         MASTER_USE_GTID=Slave_pos;
MariaDB> START SLAVE;

[Replication]
type=service
router=binlogrouter
user=maxscale
password=maxpwd
server_id=3
binlogdir=/var/lib/maxscale/
mariadb10-compatibility=1
encrypt_binlog=1
encryption_algorithm=aes_ctr
encryption_key_file=/var/binlogs/enc_key.txt

# mysql -h $MAXSCALE_HOST -P $MAXCALE_PORT
MariaDB> SET @@global.gtid_slave_pos='0-198-123';
MariaDB> CHANGE MASTER TO
         MASTER_HOST='192.168.10.5',
         MASTER_PORT=3306,
         MASTER_USER='repl',
         MASTER_PASSWORD='repl',
         MASTER_USE_GTID=Slave_pos;

update_after: the event contains the data after an update statement modified it

user

password

REPLICATION SLAVE

{
  "namespace": "MaxScaleChangeDataSchema.avro",
  "type": "record",
  "name": "ChangeRecord",
  "table": "t2",              // name of the table
  "database": "test",         // the database the table is in
  "version": 1,               // schema version, incremented when the table format changes
  "gtid": "0-3000-14",        // GTID that created the current version of the table
  "fields": [
    {
      "name": "domain",       // First part of the GTID
      "type": "int"
    },
    {
      "name": "server_id",    // Second part of the GTID
      "type": "int"
    },
    {
      "name": "sequence",     // Third part of the GTID
      "type": "int"
    },
    {
      "name": "event_number", // Sequence number of the event inside the GTID
      "type": "int"
    },
    {
      "name": "timestamp",    // UNIX timestamp when the event was created
      "type": "int"
    },
    {
      "name": "event_type",   // Event type
      "type": {
        "type": "enum",
        "name": "EVENT_TYPES",
        "symbols": [
          "insert",           // The row that was inserted
          "update_before",    // The row before it was updated
          "update_after",     // The row after it was updated
          "delete"            // The row that was deleted
        ]
      }
    },
    {
      "name": "id",           // Field name
      "type": [
        "null",
        "long"
      ],
      "real_type": "int",     // Field type
      "length": -1,           // Field length, if found
      "unsigned": false       // Whether the field is unsigned
    }
  ]
}

# The server we're replicating from
[server1]
type=server
address=127.0.0.1
port=3306

# The monitor for the server
[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1
user=maxuser
password=maxpwd
monitor_interval=5s

# The MariaDB-to-Kafka CDC service
[Kafka-CDC]
type=service
router=kafkacdc
servers=server1
user=maxuser
password=maxpwd
bootstrap_servers=127.0.0.1:9092
topic=my-cdc-topic

{
    "data": {
        "attributes": {
            "module": "mariadbmon",
            "monitor_diagnostics": {
                "master": "server1",
                "master_gtid_domain_id": 0,
                "primary": null,
                "server_info": [
                    {
                        "gtid_binlog_pos": "0-3000-5",
                        "gtid_current_pos": "0-3000-5",
                        "lock_held": null,
                        "master_group": null,
                        "name": "server1",
                        "read_only": false,
                        "server_id": 3000,
                        "slave_connections": [],
                        "state_details": null
                    },
                    {
                        "gtid_binlog_pos": "0-3000-5",
                        "gtid_current_pos": "0-3000-5",
                        "lock_held": null,
                        "master_group": null,
                        "name": "server2",
                        "read_only": false,
                        "server_id": 3001,
                        "slave_connections": [
                            {
                                "connection_name": "",
                                "gtid_io_pos": "",
                                "last_io_error": "",
                                "last_sql_error": "",
                                "master_host": "127.0.0.1",
                                "master_port": 3000,
                                "master_server_id": 3000,
                                "master_server_name": "server1",
                                "seconds_behind_master": 0,
                                "slave_io_running": "Yes",
                                "slave_sql_running": "Yes"
                            }
                        ],
                        "state_details": null
                    }
                ],
                "state": "Idle"
            },
            "parameters": {
                "assume_unique_hostnames": true,
                "auto_failover": false,
                "auto_rejoin": false,
                "backend_connect_attempts": 1,
                "backend_connect_timeout": "3000ms",
                "backend_read_timeout": "3000ms",
                "backend_write_timeout": "3000ms",
                "cooperative_monitoring_locks": "none",
                "cs_admin_api_key": null,
                "cs_admin_base_path": "/cmapi/0.4.0",
                "cs_admin_port": 8640,
                "demotion_sql_file": null,
                "disk_space_check_interval": "0ms",
                "disk_space_threshold": null,
                "enforce_read_only_slaves": false,
                "enforce_simple_topology": false,
                "enforce_writable_master": false,
                "events": "all,master_down,master_up,slave_down,slave_up,server_down,server_up,synced_down,synced_up,donor_down,donor_up,lost_master,lost_slave,lost_synced,lost_donor,new_master,new_slave,new_synced,new_donor",
                "failcount": 5,
                "failover_timeout": "90000ms",
                "handle_events": true,
                "journal_max_age": "28800000ms",
                "maintenance_on_low_disk_space": true,
                "mariadb-backup_parallel": 1,
                "mariadb-backup_use_memory": "1G",
                "master_conditions": "primary_monitor_master",
                "master_failure_timeout": "10000ms",
                "module": "mariadbmon",
                "monitor_interval": "5000ms",
                "password": "*****",
                "promotion_sql_file": null,
                "rebuild_port": 4444,
                "replication_master_ssl": false,
                "replication_password": "*****",
                "replication_user": "maxuser",
                "script": null,
                "script_max_replication_lag": -1,
                "script_timeout": "90000ms",
                "servers_no_promotion": null,
                "slave_conditions": "",
                "ssh_check_host_key": true,
                "ssh_keyfile": null,
                "ssh_port": 22,
                "ssh_timeout": "10000ms",
                "ssh_user": null,
                "switchover_on_low_disk_space": false,
                "switchover_timeout": "90000ms",
                "type": "monitor",
                "user": "maxuser",
                "verify_master_failure": true
            },
            "source": {
                "file": "/etc/maxscale.cnf",
                "type": "static"
            },
            "state": "Running",
            "ticks": 4
        },
        "id": "MariaDB-Monitor",
        "links": {
            "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/"
        },
        "relationships": {
            "servers": {
                "data": [
                    {
                        "id": "server1",
                        "type": "servers"
                    },
                    {
                        "id": "server2",
                        "type": "servers"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/servers/",
                    "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/relationships/servers/"
                }
            },
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/services/",
                    "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/relationships/services/"
                }
            }
        },
        "type": "monitors"
    },
    "links": {
        "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/"
    }
}

{
    "data": [
        {
            "attributes": {
                "module": "mariadbmon",
                "monitor_diagnostics": {
                    "master": "server1",
                    "master_gtid_domain_id": 0,
                    "primary": null,
                    "server_info": [
                        {
                            "gtid_binlog_pos": "0-3000-5",
                            "gtid_current_pos": "0-3000-5",
                            "lock_held": null,
                            "master_group": null,
                            "name": "server1",
                            "read_only": false,
                            "server_id": 3000,
                            "slave_connections": [],
                            "state_details": null
                        },
                        {
                            "gtid_binlog_pos": "0-3000-5",
                            "gtid_current_pos": "0-3000-5",
                            "lock_held": null,
                            "master_group": null,
                            "name": "server2",
                            "read_only": false,
                            "server_id": 3001,
                            "slave_connections": [
                                {
                                    "connection_name": "",
                                    "gtid_io_pos": "",
                                    "last_io_error": "",
                                    "last_sql_error": "",
                                    "master_host": "127.0.0.1",
                                    "master_port": 3000,
                                    "master_server_id": 3000,
                                    "master_server_name": "server1",
                                    "seconds_behind_master": 0,
                                    "slave_io_running": "Yes",
                                    "slave_sql_running": "Yes"
                                }
                            ],
                            "state_details": null
                        }
                    ],
                    "state": "Idle"
                },
                "parameters": {
                    "assume_unique_hostnames": true,
                    "auto_failover": false,
                    "auto_rejoin": false,
                    "backend_connect_attempts": 1,
                    "backend_connect_timeout": "3000ms",
                    "backend_read_timeout": "3000ms",
                    "backend_write_timeout": "3000ms",
                    "cooperative_monitoring_locks": "none",
                    "cs_admin_api_key": null,
                    "cs_admin_base_path": "/cmapi/0.4.0",
                    "cs_admin_port": 8640,
                    "demotion_sql_file": null,
                    "disk_space_check_interval": "0ms",
                    "disk_space_threshold": null,
                    "enforce_read_only_slaves": false,
                    "enforce_simple_topology": false,
                    "enforce_writable_master": false,
                    "events": "all,master_down,master_up,slave_down,slave_up,server_down,server_up,synced_down,synced_up,donor_down,donor_up,lost_master,lost_slave,lost_synced,lost_donor,new_master,new_slave,new_synced,new_donor",
                    "failcount": 5,
                    "failover_timeout": "90000ms",
                    "handle_events": true,
                    "journal_max_age": "28800000ms",
                    "maintenance_on_low_disk_space": true,
                    "mariadb-backup_parallel": 1,
                    "mariadb-backup_use_memory": "1G",
                    "master_conditions": "primary_monitor_master",
                    "master_failure_timeout": "10000ms",
                    "module": "mariadbmon",
                    "monitor_interval": "5000ms",
                    "password": "*****",
                    "promotion_sql_file": null,
                    "rebuild_port": 4444,
                    "replication_master_ssl": false,
                    "replication_password": "*****",
                    "replication_user": "maxuser",
                    "script": null,
                    "script_max_replication_lag": -1,
                    "script_timeout": "90000ms",
                    "servers_no_promotion": null,
                    "slave_conditions": "",
                    "ssh_check_host_key": true,
                    "ssh_keyfile": null,
                    "ssh_port": 22,
                    "ssh_timeout": "10000ms",
                    "ssh_user": null,
                    "switchover_on_low_disk_space": false,
                    "switchover_timeout": "90000ms",
                    "type": "monitor",
                    "user": "maxuser",
                    "verify_master_failure": true
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "state": "Running",
                "ticks": 4
            },
            "id": "MariaDB-Monitor",
            "links": {
                "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/"
            },
            "relationships": {
                "servers": {
                    "data": [
                        {
                            "id": "server1",
                            "type": "servers"
                        },
                        {
                            "id": "server2",
                            "type": "servers"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/servers/",
                        "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/relationships/servers/"
                    }
                },
                "services": {
                    "data": [
                        {
                            "id": "RW-Split-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/monitors/MariaDB-Monitor/relationships/services/"
                    }
                }
            },
            "type": "monitors"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/monitors/"
    }
}

{
    data: {
        "id": "test-monitor", // Name of the monitor
        "type": "monitors",
        "attributes": {
            "module": "mariadbmon", // The monitor uses the mariadbmon module
            "parameters": { // Monitor parameters
                "monitor_interval": 1000,
                "user": "maxuser,
                "password": "maxpwd"
            }
        },
        "relationships": { // List of server relationships that this monitor uses
            "servers": {
                "data": [ // This monitor uses two servers
                    {
                        "id": "server1",
                        "type": "servers"
                    },
                    {
                        "id": "server2",
                        "type": "servers"
                    }
                ]
            }
        }
    }
}

MaxScale 22.08 Binlogrouter

Binlogrouter

NOTE: The binlog router delivered with 2.5 is completely new and is not 100% backward compatible with the binlog router delivered with earlier versions of MaxScale.

The binlogrouter is a router that acts as a replication proxy for MariaDB master-slave replication. The router connects to a master, retrieves the binary logs and stores them locally. Slave servers can connect to MaxScale like they would connect to a normal master server. If the master server goes down, replication between MaxScale and the slaves can still continue up to the latest point to which the binlogrouter replicated to. The master can be changed without disconnecting the slaves and without them noticing that the master server has changed. This allows for a more highly available replication setup.

In addition to the high availability benefits, the binlogrouter creates only one connection to the master whereas with normal replication each individual slave will create a separate connection. This reduces the amount of work the master database has to do which can be significant if there are a large number of replicating slaves.

Differences Between Old and New Binlogrouter Implementations

The binlogrouter in MaxScale 2.5.0 is a new and improved version of the original binlogrouter found in older MaxScale versions. The new implementation contains most of the features that were in the original binlogrouter but some of them were removed as they were either redundant or not useful.

The major differences between the new and old binlog router are:

The list of servers where the database users for authentication are loaded must be explicitly configured with the cluster, servers ortargets parameter. Alternatively, the users can be read from a file. See for more information.
The old binlog router had both server_id and master_id, the new onlyserver_id.

The documentation for the binlogrouter in MaxScale 2.4 is provided for reference .

Supported SQL Commands

The binlogrouter supports a subset of the SQL constructs that the MariaDB server supports. The following commands are supported:

CHANGE MASTER TO
The binlogrouter supports the same syntax as the MariaDB server but only the following values are allowed:
- MASTER_HOST

NOTE: MASTER_LOG_FILE and MASTER_LOG_POS are not supported as binlogrouter only supports GTID based replication.

STOP SLAVE
Stops replication, same as MariaDB.
START SLAVE
Starts replication, same as MariaDB.

Configuration Parameters

The binlogrouter is configured similarly to how normal routers are configured in MaxScale. It requires at least one listener where clients can connect to and one server from which the database user information can be retrieved. An example configuration can be found in the section of this document.

`datadir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/lib/maxscale/binlogs

Directory where binary log files are stored.

`server_id`

Type: number
Mandatory: No
Dynamic: No
Default: 1234

The server ID that MaxScale uses when connecting to the master and when serving binary logs to the slaves.

`net_timeout`

Type:
Mandatory: No
Dynamic: No
Default: 10s

Network connection and read timeout in seconds for the connection to the master.

`select_master`

Type:
Mandatory: No
Dynamic: No
Default: false

Automatically select the master server to replicate from.

When this feature is enabled, the master which binlogrouter will replicate from will be selected from the servers defined by a monitor cluster=TheMonitor. Alternatively servers can be listed in servers. The servers should be monitored by a monitor. Only servers with the Master status are used. If multiple master servers are available, the first available master server will be used.

If a CHANGE MASTER TO command is received while select_master is on, the command will be honored and select_master turned off until the next reboot. This allows the Monitor to perform failover, and more importantly, switchover. It also allows the user to manually redirect the Binlogrouter. The current master is "sticky", meaning that the same master will be chosen on reboot.

NOTE: Do not use the mariadbmon parameter if the monitor is monitoring a binlogrouter. The binlogrouter does not support all the SQL commands that the monitor will send and the rejoin will fail. This restriction will be lifted in a future version.

The GTID the replication will start from, will be based on the latest replicated GTID. If no GTID has been replicated, the router will start replication from the start. Manual configuration of the GTID can be done by first configuring the replication manually with CHANGE MASTER TO.

`expire_log_duration`

Type:
Mandatory: No
Dynamic: No
Default: 0s

Duration after which a binary log file can be automatically removed.

The duration is measured from the last modification of the log file. Files are purged in the order they were created. The automatic purge works in a similar manner to PURGE BINARY LOGS TO <filename> in that it will stop the purge if an eligible file is in active use, i.e. being read by a slave.

`expire_log_minimum_files`

Type: number
Mandatory: No
Dynamic: No
Default: 2

The minimum number of log files the automatic purge keeps. At least one file is always kept.

`ddl_only`

Type: boolean
Default: false
Dynamic: No

When enabled, only DDL events are written to the binary logs. This means thatCREATE, ALTER and DROP events are written but INSERT, UPDATE andDELETE events are not.

This mode can be used to keep a record of all the schema changes that occur on a database. As only the DDL events are stored, it becomes very easy to set up an empty server with no data in it by simply pointing it at a binlogrouter instance that has ddl_only enabled.

`encryption_key_id`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Encryption key ID used to encrypt the binary logs. If configured, an must also be configured and it must contain the key with the given ID. If the encryption key manager supports versioning, new binary logs will be encrypted using the latest encryption key. Old binlogs will remain encrypted with older key versions and remain readable as long as the key versions used to encrypt them are available.

Once binary log encryption has been enabled, the encryption key ID cannot be changed and the key must remain available to MaxScale in order for replication to work. If an encryption key is not available or the key manager fails to retrieve it, the replication from the currently selected master server will stop. If the replication is restarted manually, the encryption key retrieval is attempted again.

Re-encryption of binlogs using another encryption key is not possible. However, this is possible if the data is replicated to a second MaxScale server that uses a different encryption key. The same approach can also be used to decrypt binlogs.

`encryption_cipher`

Type:
Mandatory: No
Dynamic: No
Values: AES_CBC, AES_CTR, AES_GCM

The encryption cipher to use. The encryption key size also affects which mode is used: only 128, 192 and 256 bit encryption keys are currently supported.

Possible values are:

AES_GCM (default)
.
AES_CBC
.

New installation

Configure and start MaxScale.
If you have not configured select_master=true (automatic master selection), issue a CHANGE MASTER TO command to binlogrouter.

Redirect each slave to replicate from Binlogrouter

Upgrading to version 2.5

Binlogrouter does not read any of the data that a version prior to 2.5 has saved. By default binlogrouter will request the replication stream from the blank state (from the start of time), which is basically meant for new systems. If a system is live, the entire replication data probably does not exist, and if it does, it is not necessary for binlogrouter to read and store all the data.

Before you start

Note that binlogrouter only supports GTID based replication.
Make sure that the configured data directory for the new binlogrouter is different from the old one, or move old data away. See .
If the master contains binlogs from the blank state, and there is a large amount of data, consider purging old binlogs. See .

Deployment

The method described here inflicts the least downtime. Assuming you have configured version 2.5, and it is ready to go:

Redirect each slave that replicates from Binlogrouter to replicate from the master.

Stop the old version of MaxScale, and start the new one. Verify routing functionality.
Issue a CHANGE MASTER TO command, or use .

Run maxctrl list servers. Make sure all your servers are accounted for. Pick the lowest gtid state (e.g. 0-1000-1234,1-1001-5678) on display and issue this command to Binlogrouter:

NOTE: Even with select_master=true you have to set @@global.gtid_slave_pos if any binlog files have been purged on the master. The server will only stream from the start of time if the first binlog file is present. See .

Redirect each slave to replicate from Binlogrouter.

Galera cluster

When replicating from a Galera cluster, must be set to true, and the servers must be monitored by the . Configuring binlogrouter is the same as described above.

The Galera cluster must be configured to use .

The MariaDB version must be 10.5.1 or higher. The required GTID related server settings for MariaDB/Galera to work with Binlogrouter are listed here:

Example

The following is a small configuration file with automatic master selection. With it, the service will accept connections on port 3306.

Limitations

Old-style replication with binlog name and file offset is not supported and the replication must be started by setting up the GTID to replicate from.
Only replication from MariaDB servers (including Galera) is supported.
Old encrypted binary logs are not re-encrypted with newer key versions ()
The MariaDB server where the replication is done from must be configured withbinlog_checksum=CRC32

CC BY-SA / Gnu FDL

{
    "rules": [
        {
            "replace": {
                "database": "db1",
                "table": "person",
                "column": "ssn"
            },
            "with": { ... },
            "applies_to": [ ... ],
            "exempted": [ ... ]
        }
    ]
}

{
    "rules": [
        {
            "replace": {
                "column": "ssn"
            },
            "with": {
                "value": "XXX-XX-XXXX"
            },
            "applies_to": [ ... ],
            "exempted": [ ... ]
        },
        {
            "replace": {
                "column": "age"
            },
            "with": {
                "fill": "*"
            },
            "applies_to": [ ... ],
            "exempted": [ ... ]
        },
        {
            "replace": {
                "column": "creditcard"
            },
            "with": {
                "value": "1234123412341234",
                "fill": "0"
            },
            "applies_to": [ ... ],
            "exempted": [ ... ]
        },
    ]
}

{
    "rules": [
        {
            "replace": { ... },
            "with": { ... },
            "applies_to": [ "'alice'@'host'", "'bob'@'%'" ],
            "exempted": [ ... ]
        }
    ]
}

{
    "rules": [
        {
            "replace": {
                "column": "ssn"
            },
            "with": {
                "value": "012345-ABCD",
                "fill": "X"
            }
        }
    ]
}

MASTER_PORT

MaxScale 22.08 Common Monitor Parameters

Common Monitor Parameters

This document settings supported by all monitors. These should be defined in the monitor section of the configuration file.

Parameters

`module`

Type: string
Mandatory: Yes
Dynamic: No

The monitor module this monitor should use. Typically mariadbmon orgaleramon.

`user`

Type: string
Mandatory: Yes
Dynamic: Yes

Username used by the monitor to connect to the backend servers. If a server defines the monitoruser parameter, that value will be used instead.

`password`

Type: string
Mandatory: Yes
Dynamic: Yes

Password for the user defined with the user parameter. If a server defines the monitorpw parameter, that value will be used instead.

Note: In older versions of MaxScale this parameter was called passwd. The use of passwd was deprecated in MaxScale 2.3.0.

`servers`

Type: string
Mandatory: Yes
Dynamic: Yes

A comma-separated list of servers the monitor should monitor.

`monitor_interval`

Type:
Mandatory: No
Dynamic: Yes
Default: 2s

Defines how often the monitor updates the status of the servers. Choose a lower value if servers should be queried more often. The smallest possible value is 100 milliseconds. If querying the servers takes longer than monitor_interval, the effective update rate is reduced.

The interval is specified as documented . If no explicit unit is provided, the value is interpreted as milliseconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected.

`backend_connect_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 3s

This parameter controls the timeout for connecting to a monitored server. The interval is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second. The minimum value is 1 second.

`backend_write_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 3s

This parameter controls the timeout for writing to a monitored server. The timeout is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second. The minimum value is 1 seconds.

`backend_read_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 3s

This parameter controls the timeout for reading from a monitored server. The timeout is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second. The minimum value is 1 second.

`backend_connect_attempts`

Type: number
Mandatory: No
Dynamic: Yes
Default: 1

This parameter defines the maximum times a backend connection is attempted every monitoring loop. Every attempt may take up to backend_connect_timeout seconds to perform. If none of the attempts are successful, the backend is considered to be unreachable and down.

`disk_space_threshold`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

This parameter duplicates the disk_space_threshold. If the parameter has not been specified for a server, then the one specified for the monitor is applied.

NOTE: Since MariaDB 10.4.7, MariaDB 10.3.17 and MariaDB 10.2.26, the information will be available only if the monitor user has the FILE privilege.

That is, if the disk configuration is the same on all servers monitored by the monitor, it is sufficient (and more convenient) to specify the disk space threshold in the monitor section, but if the disk configuration is different on all or some servers, then the disk space threshold can be specified individually for each server.

For example, suppose server1, server2 and server3 are identical in all respects. In that case we can specify disk_space_threshold in the monitor.

However, if the servers are heterogeneous with the disk used for the data directory mounted on different paths, then the disk space threshold must be specified separately for each server.

If most of the servers have the data directory disk mounted on the same path, then the disk space threshold can be specified on the monitor and separately on the server with a different setup.

Above, server1 has the disk used for the data directory mounted at /DbData while both server2 and server3 have it mounted on/data and thus the setting in the monitor covers them both.

`disk_space_check_interval`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

With this parameter it can be specified the minimum amount of time between disk space checks. The interval is specified as documented . If no explicit unit is provided, the value is interpreted as milliseconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. The default value is 0, which means that by default the disk space will not be checked.

Note that as the checking is made as part of the regular monitor interval cycle, the disk space check interval is affected by the value ofmonitor_interval. In particular, even if the value ofdisk_space_check_interval is smaller than that of monitor_interval, the checking will still take place at monitor_interval intervals.

`script`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

This command will be executed on a server state change. The parameter should be an absolute path to a command or the command should be in the executable path. The user running MaxScale should have execution rights to the file itself and the directory it resides in. The script may have placeholders which MaxScale will substitute with useful information when launching the script.

The placeholders and their substitution results are:

$INITIATOR -> IP and port of the server which initiated the event
$EVENT -> event description, e.g. "server_up"
$LIST -> list of IPs and ports of all servers

The expanded variable value can be an empty string if no servers match the variable's requirements. For example, if no masters are available $MASTERLIST will expand into an empty string. The list-type substitutions will only contain servers monitored by the current monitor.

The above script could be executed as:

See section below for an example script.

Any output by the executed script will be logged into the MaxScale log. Each outputted line will be logged as a separate log message.

The log level on which the messages are logged depends on the format of the messages. If the first word in the output line is one of alert:, error:,warning:, notice:, info: or debug:, the message will be logged on the corresponding level. If the message is not prefixed with one of the keywords, the message will be logged on the notice level. Whitespace before, after or between the keyword and the colon is ignored and the matching is case-insensitive.

Currently, the script must not execute any of the following MaxCtrl calls as they cause a deadlock:

alter monitor to the monitor executing the script
stop monitor to the monitor executing the script
call command to a MariaDB-Monitor that is executing the script

`script_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 90s

The timeout for the executed script. The interval is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second.

If the script execution exceeds the configured timeout, it is stopped by sending a SIGTERM signal to it. If the process does not stop, a SIGKILL signal will be sent to it once the execution time is greater than twice the configured timeout.

`events`

Type: enum
Mandatory: No
Dynamic: Yes
Values: master_down, master_up, slave_down

A list of event names which cause the script to be executed. If this option is not defined, all events cause the script to be executed. The list must contain a comma separated list of event names.

The following table contains all the possible event types and their descriptions.

Event Name

Description

`journal_max_age`

Type:
Mandatory: No
Dynamic: Yes
Default: 28800s

The maximum journal file age. The interval is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the max age is seconds, a max age specified in milliseconds will be rejected, even if the duration is longer than a second.

When the monitor starts, it reads any stored journal files. If the journal file is older than the value of journal_max_age, it will be removed and the monitor starts with no prior knowledge of the servers.

Monitor Crash Safety

Starting with MaxScale 2.2.0, the monitor modules keep an on-disk journal of the latest server states. This change makes the monitors crash-safe when options that introduce states are used. It also allows the monitors to retain stateful information when MaxScale is restarted.

For MySQL monitor, options that introduce states into the monitoring process are the detect_stale_master and detect_stale_slave options, both of which are enabled by default. Galeramon has the disable_master_failback parameter which introduces a state.

The default location for the server state journal is in/var/lib/maxscale/<monitor name>/monitor.dat where <monitor name> is the name of the monitor section in the configuration file. If MaxScale crashes or is shut down in an uncontrolled fashion, the journal will be read when MaxScale is started. To skip the recovery process, manually delete the journal file before starting MaxScale.

Script example

Below is an example monitor configuration which launches a script with all supported substitutions. The example script reads the results and prints it to file and sends it as email.

File "maxscale_monitor_alert_script.sh":

initiator="" parent="" children="" event="" node_list="" list="" master_list="" slave_list="" synced_list=""

process_arguments() { while [ "$1" != "" ]; do if [[ "$1" =~ ^--initiator=.* ]]; then initiator=${1#'--initiator='} elif [[ "$1" =~ ^--parent.* ]]; then parent=${1#'--parent='} elif [[ "$1" =~ ^--children.* ]]; then children=${1#'--children='} elif [[ "$1" =~ ^--event.* ]]; then event=${1#'--event='} elif [[ "$1" =~ ^--node_list.* ]]; then node_list=${1#'--node_list='} elif [[ "$1" =~ ^--list.* ]]; then list=${1#'--list='} elif [[ "$1" =~ ^--master_list.* ]]; then master_list=${1#'--master_list='} elif [[ "$1" =~ ^--slave_list.* ]]; then slave_list=${1#'--slave_list='} elif [[ "$1" =~ ^--synced_list.* ]]; then synced_list=${1#'--synced_list='} fi shift done }

process_arguments $@ read -r -d '' MESSAGE << EOM A server has changed state. The following information was provided:

Initiator: $initiator Parent: $parent Children: $children Event: $event Node list: $node_list List: $list Master list: $master_list Slave list: $slave_list Synced list: $synced_list EOM

print message to file

echo "$MESSAGE" > /path/to/script_output.txt

email the message

echo "$MESSAGE" | mail -s "MaxScale received $event event for initiator $initiator." mariadb_admin@domain.com |

CC BY-SA / Gnu FDL

Upgrading MariaDB MaxScale

For more information about what has changed, please refer to the ChangeLog and to the release notes.

Before starting the upgrade, any existing configuration files should be backed up.

Upgrading MariaDB MaxScale from 21.06 to 22.08

Removed Features

The support for legacy encryption keys generated with maxkeys from pre-2.5 versions has been removed. This feature was deprecated in MaxScale 2.5 when the new key storage format was introduced. To migrate to the new key storage format, create a new key file with maxkeys and re-encrypt the passwords withmaxpasswd.
The deprecated Database Firewall filter has been removed.

Upgrading MariaDB MaxScale from 2.5 to 21.06

NOTE MaxScale 6.4 was renamed to 21.06 in May 2024. Thus, what would have been released as 6.4.16 in June, was released as 21.06.16. The purpose of this change is to make the versioning scheme used by all MaxScale series identical. 21.06 denotes the year and month when the first 6 release was made.

Duration Type Parameters

Using duration type parameters without an explicit suffix has been deprecated in MaxScale 2.4. In MaxScale 6 they are no longer allowed when used with the REST API or MaxCtrl. This means that any create or alter commands in MaxCtrl that use a duration type parameter must explicitly specify the suffix of the unit.

For example, the following command:

should be replaced with:

Duration type parameters can still be defined in the configuration file without an explicit suffix but this behavior is deprecated. The recommended approach is to add explicit suffixes to all duration type parameters when upgrading to MaxScale 6.

Changed Parameters

`threads`

The default value of threads was changed to auto.

Removed Parameters

Core Parameters

The following deprecated core parameters have been removed:

thread_stack_size

Schemarouter

The deprecated aliases for the schemarouter parameters ignore_databases andignore_databases_regex have been removed. They can be replaced withignore_tables and ignore_tables_regex.

In addition, the preferred_server parameter that was deprecated in 2.5 has also been removed.

`mariadbmon`

MariaDBMonitor settings ignore_external_masters, detect_replication_lagdetect_standalone_master, detect_stale_master and detect_stale_slave have been removed. The first two were ineffective, the latter three are replaced by master_conditions and slave_conditions.

Session Command History

The prune_sescmd_history, max_sescmd_history and disable_sescmd_history have been made into generic service parameters that are shared between all routers that support it.

The default value of prune_sescmd_history was changed from false totrue. This was done as most MaxScale installations either benefit from it being enabled or are not affected by it.

Upgrading MariaDB MaxScale from 2.4 to 2.5

MaxAdmin

The deprecated MaxAdmin interface has been removed in 2.5.0 in favor of the REST API and the MaxCtrl command line client. The cli and maxscaled modules can no longer be used.

Authentication

The credentials used by services now require additional grants. For a full list of required grants, refer to the .

MariaDB-Monitor

The settings detect_stale_master, detect_standalone_master anddetect_stale_slave are replaced by master_conditions andslave_conditions. The old settings may still be used, but will be removed in a later version.

Password encryption

The encrypted passwords feature has been updated to be more secure. Users are recommended to generate a new encryption key and re-encrypt their passwords using the maxkeys and maxpasswd utilities. Old passwords still work.

Default Server State

The default state of servers in 2.4 was Running and in 2.5 it is nowDown. This was done to prevent newly added servers from being accidentally used before they were monitored.

Columnstore Monitor

It is now mandatory to specify in the configuration what version the monitored Columnstore cluster is.

Please see the for details.

New binlog router

The binlog router delivered with MaxScale 2.5 is completely new and not 100% backward compatible with the binlog router delivered with earlier MaxScale versions. If you use the binlog router, carefully assess whether the functionality provided by the new one fulfills your requirements, before upgrading MaxScale.

Tee Filter

The tee filter parameter service has been deprecated in favor of the target parameter. All usages of service can be replaced with target.

Upgrading MariaDB MaxScale from 2.3 to 2.4

Section Names

Reserved Names

Section and object names starting with @@ are now reserved for internal use by MaxScale.

In case such names have been used, they must manually be changed in all configuration files of MaxScale, before MaxScale 2.4 is started.

Those files are:

The main configuration file; typically /etc/maxscale.cnf.
All nested configuration files; typically /etc/maxscale.cnf.d/*.
All dynamic configuration files; typically /var/lib/maxscale/maxscale.cnd.d/*.

Whitespace in Names

Whitespace in section names that was deprecated in MaxScale 2.2 will now be rejected, which will cause the startup of MaxScale to fail.

To prevent that, section names like

must be changed, for instance, to

Durations

Durations can now be specified using one of the suffixes h, m, s and ms for specifying durations in hours, minutes, seconds and milliseconds, respectively.

Not providing an explicit unit has been deprecated in MaxScale 2.4, so it is adviseable to add suffixes to durations. For instance,

Improved Admin User Encryption

MaxScale 2.4 will use a SHA2-512 hash for new admin user passwords. To upgrade a user to use the better hashing algorithm, either recreate the user or use themaxctrl alter user command.

MariaDB-Monitor

The following settings have been removed and cause a startup error if defined:

mysql51_replication
multimaster
allow_cluster_recovery.

ReadWriteSplit

If multiple masters are available for a readwritesplit service, the one with the lowest connection count is selected.
If a master server is placed into maintenance mode, all open transactions are allowed to gracefully finish before the session is closed. To forcefully close the connections, use the --force option for maxctrl set server.
The lazy_connect feature can be used as a workaround to . It also reduces the overall load on the system when connections are rapidly opened and closed.

Upgrading MariaDB MaxScale from 2.2 to 2.3

Increased Memory Use

Starting with MaxScale 2.3.0 up to 40% of the memory can be used for caching parsed queries. The most noticeable change is that it improves performance in almost all cases where queries need to be parsed. Most of the time this happens when the readwritesplit router or filters are used.

The amount of memory that MaxScale uses can be controlled with thequery_classifier_cache_size parameter. For example, to limit the total memory to 1GB, add query_classifier_cache_size=1G to your configuration. To disable it, set the value to 0.

In addition to the aforementioned query classifier caching, the readwritesplit session command history is enabled by default in 2.3 but is limited to a maximum of 50 commands after which the history is disabled. This is unlikely to show in any metrics but it contributes to the increased memory foorprint of MaxScale.

Unknown Global Parameters

All unknown parameters are now treated as errors. Check your configuration for errors if MaxScale fails to start after upgrading to 2.3.1.

`passwd` is deprecated

In the configuration file, passwords for monitors and services should be specified using password; the support for the deprecatedpasswd will be removed in the future. That is, the following

should be changed to

`authenticator_options` for servers is ignored

Authenticator options are now only used with listeners.

Upgrading MariaDB MaxScale from 2.1 to 2.2

Administrative Users

The file format for the administrative users used by MaxScale has been changed. Old style files are automatically upgraded and a backup of the old file is stored in /var/lib/maxscale/passwd.backup.

Regular Expression Parameters

Modules may now use a built-in regular expression string parameter type instead of a normal string when accepting patterns. The modules that use the new regex parameter type are qlafilter and tee. When inputting pattern, enclose the string in slashes, e.g. match=/^select/ defines the pattern ^select.

Binlog Server

Binlog server automatically accepts GTID connection from MariaDB 10 slave servers by saving all incoming GTIDs into a SQLite map database.

MaxCtrl Included in Main Package

In the 2.2.1 beta version MaxCtrl was in its own package whereas in 2.2.2 it is in the main maxscale package. If you have a previous installation of MaxCtrl, please remove it before upgrading to MaxScale 2.2.2.

Upgrading MariaDB MaxScale from 2.0 to 2.1

IPv6 Support

MaxScale 2.1.2 added support for IPv6 addresses. The default interface that listeners bind to was changed from the IPv4 address 0.0.0.0 to the IPv6 address ::. To bind to the old IPv4 address, add address=0.0.0.0 to the listener definition.

Persisted Configuration Files

Starting with MaxScale 2.1, any changes made with the newly added will be persisted in a configuration file. These files are located in /var/lib/maxscale/maxscale.cnf.d/.

MaxScale Log Files

The name of the log file was changed from maxscaleN.log to maxscale.log. The default location for the log file is /var/log/maxscale/maxscale.log.

Rotating the log files will cause MaxScale to reopen the file instead of renaming them. This makes the MaxScale logging facility logrotate compatible.

ReadWriteSplit

The disable_sescmd_history option is now enabled by default. This means that slaves will not be recovered mid-session even if a replacement slave is available. To enable the legacy behavior, add the disable_sescmd_history=true parameter to the service definition.

Persistent Connections

The MariaDB session state is reset in MaxScale 2.1 for persistent connections. This means that any modifications to the session state (default database, user variable etc.) will not survive if the connection is put into the connection pool. For most users, this is the expected behavior.

User Data Cache

The location of the MariaDB user data cache was moved from/var/cache/maxscale/<Service> to /var/cache/maxscale/<Service>/<Listener>.

Galeramon Monitoring Algorithm

Galeramon will assign the master status only to the node which has a_wsrep_local_index_ value of 0. This will guarantee consistent writes with multiple MaxScales but it also causes slower changes of the master node.

To enable the legacy behavior, add root_node_as_master=false to the Galera monitor configuration.

MaxAdmin Editing Mode

The default editing mode was changed from vim to emacs mode. To start maxadmin in the legacy mode, use the -i option.

Upgrading MariaDB MaxScale from 1.4 to 2.0

MaxAdmin

The default way the communication between MaxAdmin and MariaDB MaxScale is handled has been changed from an internet socket to a Unix domain socket. The former alternative is still available but has been deprecated.

If no arguments are given to MaxAdmin, it will attempt to connect to MariaDB MaxScale using a Unix domain socket. After the upgrade you will need to provide at least one internet socket related flag - -h, -P,-u or -p - to force MaxAdmin to use the internet socket approach.

E.g.

MySQL Monitor

The MySQL Monitor now assigns the stale state to the master server by default. In addition to this, the slave servers receive the stale slave state when they lose the connection to the master. This should not cause changes in behavior but the output of MaxAdmin will show new states when replication is broken.

Upgrading MaxScale from 1.3 to 1.4

Service user permissions

The service users now also need SELECT privileges on mysql.tables_priv. This is required for the resolution of table level grants. To grant SELECT privileges for the service user, replace the user and hostname in the following example.

Password encryption

MaxScale 1.4 upgrades the used password encryption algorithms to more secure ones. This requires that the password files are recreated with the maxkeys tool. For more information about how to do this, please read the installation guide:

SSL

The SSL configuration parameters are now a part of the listeners. If a service used the old style SSL configuration parameters, the values should be moved to the listener which is associated with that service.

Here is an example of an old style configuration.

And here is the new, 1.4 compatible configuration style.

Please also note that the enabled SSL mode is no longer supported due to the inherent security issues with allowing SSL and non-SSL connections on the same port. In addition to this, SSLv3 is no longer supported due to vulnerabilities found in it.

Upgrading MaxScale from 1.2 to 1.3

Binlog Router

The master server details are now provided with a master.ini file located in the binlog directory and it can be changed using a CHANGE MASTER TO command issued via a MySQL connection to MaxScale.

This file, properly filled, is now mandatory and without it the binlog router cannot connect to the master database.

Before starting binlog router after MaxScale 1.3 upgrade, please add relevant information to master.ini, example:

Additionally, the option servers=masterdb in the service definition is no longer required.

Upgrading MaxScale from 1.1 to 1.2

This document describes upgrading MaxScale from version 1.1.1 to 1.2 and the major differences in the new version compared to the old version. The major changes can be found in the Changelog.txt file in the installation directory and the official release notes in the ReleaseNotes.txt file.

Installation

Upgrading MaxScale will copy the MaxScale.cnf file in/usr/local/mariadb-maxscale/etc/ to /etc/ and renamed to maxscale.cnf. Binary log files are not automatically copied and should be manually moved from /usr/local/mariadb-maxscale to /var/lib/maxscale/.

File location changes

MaxScale 1.2 follows the and installs to /usr/ and /var/ subfolders. Here are the major changes and file locations.

Configuration files are located in /etc/ and use lowercase letters: /etc/maxscale.cnf
Binary files are in /usr/bin/
Libraries and modules are in /usr/lib64/maxscale/. If you are using custom modules, please make sure they are in this directory before starting MaxScale.

Running MaxScale without root permissions

MaxScale can run as a non-root user with the 1.2 version. RPM and DEB packages install the maxscale user and maxscale group which are used by the init scripts and systemd configuration files. If you are installing from a binary tarball, you can run the postinst script included in it to manually create these groups.

Upgrading MaxScale from 1.0 to 1.1

This document describes upgrading MaxScale from version 1.0.5 to 1.1.0 and the major differences in the new version compared to the old version. The major changes can be found in the Changelog.txt file in the installation directory and the official release notes in the ReleaseNotes.txt file.

Installation

If you are installing MaxScale from a RPM package, we recommend you back up your configuration and log files and that you remove the old installation of MaxScale completely. If you choose to upgrade MaxScale instead of removing it and re-installing it afterwards, the init scripts in /etc/init.d folder will be missing. This is due to the RPM packaging system but the script can be re-installed by running the postinst script found in the/usr/local/mariadb-maxscale folder.

The 1.1.0 version of MaxScale installs into /usr/local/mariadb-maxscale instead of /usr/local/skysql/maxscale. This will cause external references to MaxScale's home directory to stop working so remember to update all paths with the new version.

MaxAdmin changes

The MaxAdmin client's default password in MaxScale 1.1.0 is mariadb instead of skysql.

CC BY-SA / Gnu FDL

mysql -u USER -pPASSWORD -h maxscale-IP -P binlog-PORT
CHANGE MASTER TO master_host="master-IP", master_port=master-PORT, master_user=USER, master_password="PASSWORD", master_use_gtid=slave_pos;
START SLAVE;

mysql -u USER -pPASSWORD -h slave-IP -P slave-PORT
STOP SLAVE;
CHANGE MASTER TO master_host="maxscale-IP", master_port=binlog-PORT,
master_user="USER", master_password="PASSWORD", master_use_gtid=slave_pos;
START SLAVE;
SHOW SLAVE STATUS \G

mysql -u USER -pPASSWORD -h slave-IP -P slave-PORT
STOP SLAVE;
CHANGE MASTER TO master_host="master-IP", master_port=master-PORT,
master_user="USER", master_password="PASSWORD", master_use_gtid=slave_pos;
START SLAVE;
SHOW SLAVE STATUS \G

mysql -u USER -pPASSWORD -h slave-IP -P slave-PORT
STOP SLAVE;
CHANGE MASTER TO master_host="maxscale-IP", master_port=binlog-PORT,
master_user="USER", master_password="PASSWORD",
master_use_gtid=slave_pos;
START SLAVE;
SHOW SLAVE STATUS \G

[mariadb]
log_slave_updates = ON
log_bin = pinloki       # binlog file base name. Must be the same on all servers
gtid_domain_id = 1001   # Must be different for each galera server
binlog_format = ROW

[galera]
wsrep_on = ON
wsrep_gtid_mode = ON
wsrep_gtid_domain_id = 42  # Must be the same for all servers

[server1]
type=server
address=192.168.0.1
port=3306

[server2]
type=server
address=192.168.0.2
port=3306

[MariaDB-Monitor]
type=monitor
module=mariadbmon
servers=server1, server2
user=maxuser
password=maxpwd
monitor_interval=10s

[Replication-Proxy]
type=service
router=binlogrouter
cluster=MariaDB-Monitor
select_master=true
expire_log_duration=5h
expire_log_minimum_files=3
user=maxuser
password=maxpwd

[Replication-Listener]
type=listener
service=Replication-Proxy
port=3306

[maxscale]
threads=auto

[server1]
type=server
address=127.0.0.1
port=3306

[cdc-service]
type=service
router=avrorouter
servers=server1
user=maxuser
password=maxpwd

[cdc-listener]
type=listener
service=cdc-service
protocol=CDC
port=4001

[replication-router]
type=service
router=binlogrouter
router_options=server-id=4000,binlogdir=/var/lib/mysql,filestem=binlog
user=maxuser
password=maxpwd

[avro-router]
type=service
router=avrorouter
binlogdir=/var/lib/mysql
filestem=binlog
avrodir=/var/lib/maxscale

[avro-converter]
type=service
router=avrorouter
user=myuser
password=mypasswd
router_options=binlogdir=/var/lib/mysql/,
        filestem=binlog,
        avrodir=/var/lib/maxscale/avro/

[avro-listener]
type=listener
service=avro-converter
protocol=CDC
port=4001

$NODELIST -> list of IPs and ports of all running servers

slave_up

server_down

server_up

lost_master

lost_slave

new_master

new_slave

[server1]
type=server
disk_space_threshold=/data:80
...

[server2]
type=server
disk_space_threshold=/Data:80
...

[server3]
type=server
disk_space_threshold=/DBData:80
...

[monitor]
type=monitor
servers=server1,server2,server3
...

[server1]
type=server
disk_space_threshold=/DbData:80
...

[server2]
type=server
...

[server3]
type=server
...

[monitor]
type=monitor
servers=server1,server2,server3
disk_space_threshold=/data:80
...

[MyMonitor]
type=monitor
module=mariadbmon
servers=C1N1,C1N2,C1N3
user=maxscale
password=password
monitor_interval=10s
script=/path/to/maxscale_monitor_alert_script.sh --initiator=$INITIATOR --parent=$PARENT --children=$CHILDREN --event=$EVENT --node_list=$NODELIST --list=$LIST --master_list=$MASTERLIST --slave_list=$SLAVELIST --synced_list=$SYNCEDLIST

MaxScale 22.08 MariaDB MaxScale Administration Tutorial

MariaDB MaxScale Administration Tutorial

The purpose of this tutorial is to introduce the MariaDB MaxScale Administrator to a few of the common administration tasks. This is intended to be an introduction for administrators who are new to MariaDB MaxScale and not a reference to all the tasks that may be performed.

Starting and Stopping MariaDB MaxScale

MaxScale uses systemd for managing the process. This means that normalsystemctl commands can be used to start and stop MaxScale. To start MaxScale, use systemctl start maxscale. To stop it, use systemctl stop maxscale.

The systemd service file for MaxScale is located in/lib/systemd/system/maxscale.service.

Additional Options for MaxScale

Additional command line options and other systemd configuration options can be given to MariaDB MaxScale by creating a drop-in file for the service unit file. You can do this with the systemctl edit maxscale.service command. For more information about systemd drop-in files, refer to and .

Checking The Status Of The MariaDB MaxScale Services

It is possible to use the maxctrl command to obtain statistics about the services that are running within MaxScale. The maxctrl command list services will give very basic information regarding services. This command may be either run in interactive mode or passed on the maxctrl command line.

Network listeners count as a user of the service, therefore there will always be one user per network port in which the service listens. More details can be obtained by using the "show service" command.

What Clients Are Connected To MariaDB MaxScale

To determine what client are currently connected to MariaDB MaxScale, you can use the list sessions command within maxctrl. This will give you IP address and the ID of the session for that connection. As with any maxctrl command this can be passed on the command line or typed interactively in maxctrl.

Rotating the Log File

MariaDB MaxScale logs messages of different priority into a single log file. With the exception if error messages that are always logged, whether messages of a particular priority should be logged or not can be enabled via the maxctrl interface or in the configuration file. By default, MaxScale keeps on writing to the same log file. To prevent the file from growing indefinitely, the administrator must take action.

The name of the log file is maxscale.log. When the log is rotated, MaxScale closes the current log file and opens a new one using the same name.

Log file rotation is achieved by use of the rotate logs command in maxctrl.

As there currently is only the maxscale log, that is the only one that will be rotated.

This may be integrated into the Linux logrotate mechanism by adding a configuration file to the /etc/logrotate.d directory. If we assume we want to rotate the log files once per month and wish to keep 5 log files worth of history, the configuration file would look as follows.

MariaDB MaxScale will also rotate all of its log files if it receives the USR1 signal. Using this the logrotate configuration script can be rewritten as

In older versions MaxScale renamed the log file, behavior which is not fully compliant with the assumptions of logrotate and may lead to issues, depending on the used logrotate configuration file. From version 2.1 onward, MaxScale will not itself rename the log file, but when the log is rotated, MaxScale will simply close and reopen the same log file. That will make the behavior fully compliant with logrotate.

Taking Objects Temporarily Out of Use

Putting Servers into Maintenance

MariaDB MaxScale supports the concept of maintenance mode for servers within a cluster. This allows for planned, temporary removal of a database from the cluster without the need to change the MariaDB MaxScale configuration.

To achieve this, you can use the set server command in maxctrl to set the maintenance mode flag for the server. This may be done interactively within maxctrl or by passing the command on the command line.

This will cause MariaDB MaxScale to stop routing any new requests to the server, however if there are currently requests executing on the server these will not be interrupted. Connections to servers in maintenance mode are closed as soon as the next request arrives. To close them immediately, use the --force option for maxctrl set server.

Clearing the maintenance mode for a server will bring it back into use. If multiple MariaDB MaxScale instances are configured to use the node then maintenance mode must be set within each MariaDB MaxScale instance.

Stopping and Starting Services

Services can be stopped to temporarily halt their use. Stopping a service will cause it to stop accepting new connections until it is started. New connections are not refused if the service is stopped and are queued instead. This means that connecting clients will wait until the service is started again.

Starting a service will cause it to accept all queued connections that were created while it was stopped.

Stopping and Starting Monitors

Stopping a monitor will cause it to stop monitoring the state of the servers assigned to it. This is useful when the state of the servers is assigned manually with maxctrl set server.

Starting a monitor will make it resume monitoring of the servers. Any manually assigned states will be overwritten by the monitor.

Runtime Configuration Modification

The MaxScale configuration can be changed at runtime by using the create,alter and destroy commands of maxctrl. These commands either create, modify or destroy objects (servers, services, monitors etc.) inside MaxScale. The exact syntax for each of the commands and any additional options that they take can be seen with maxctrl --help <command>.

Not all parameters can be modified at runtime. Refer to the module documentation for more information on which parameters can be modified at runtime. If a parameter cannot be modified at runtime, the object can be destroyed and recreated in order to change it.

All runtime changes are persisted in files stored by default in/var/lib/maxscale/maxscale.cnf.d/. This means that any changes done at runtime persist through restarts. Any changes done to objects in the main configuration file are ignored if a persisted entry is found for it.

For example, if the address of a server is modified with maxctrl alter server db-server-1 address 192.168.0.100, the file/var/lib/maxscale/maxscale.cnf.d/db-server-1.cnf is created with the complete configuration for the object. To remove all runtime changes for all objects, remove all files found in /var/lib/maxscale/maxscale.cnf.d.

Core Parameter Configuration

Modify global MaxScale parameters:

Some global parameters cannot be modified at runtime. Refer to the for a full list of parameters that can be modified at runtime.

Managing Servers

Create a new server

Modify a Server

Destroy a Server

A server can only be destroyed if it is not used by any services or monitors. To automatically remove the server from the services and monitors that use it, use the --force flag.

Drain a Server

When a server is set into the drain state, no new connections to it are created. Unlike to the maintenance state which immediately stops all new requests and closes all connections if used with the --force option, thedrain state allows existing connections to continue routing requests to them in order to be gracefully closed once the client disconnects.

To remove the drain state, use clear server command:

Servers with the Master state cannot be drained. To drain them, first perform a switchover to another node and then drain the server.

Managing Monitors

Create a new Monitor

Modify a Monitor

Add Server to a Monitor

Remove a Server from a Monitor

Destroy a Monitor

A monitor can only be destroyed if it is not monitoring any servers. To automatically remove the servers from the monitor, use the --force flag.

Managing Services

Create a New Service

Modify a Service

Add Servers to a Service

Any servers added to services will only be used by new sessions. Existing sessions will use the servers that were available when they connected.

Remove Servers from a Service

Similarly to adding servers, removing servers from a service will only affect new sessions. Existing sessions keep using the servers even if they are removed from a service.

Change the Filters of a Service

The order of the filters is significant: the first filter will be the first to receive the query. The new set of filters will only be used by new sessions. Existing sessions will keep using the filters that were configured when they connected.

Destroy a Service

The service can only be destroyed if it uses no servers or clusters and has no listeners associated with it. To force destruction of a service even if it does use servers or has listeners, use the --force flag. This will also destroy any listeners associated with the service.

Managing Filters

Create a New Filter

Destroy a Filter

A filter can only be destroyed if it is not used by any services. To automatically remove the filter from all services using it, use the --force flag.

Filters cannot be altered at runtime in MaxScale 2.5. To modify the parameters of a filter, destroy it and recreate it with the modified parameters.

Managing Listeners

Create a New Listener

Destroy a Listener

Destroying a listener will close the network socket and stop it from accepting new connections. Existing connections that were created through it will keep displaying it as the originating listener.

Listeners cannot be moved from one service to another. In order to do this, the listener must be destroyed and then recreated with the new service.

Managing MaxCtrl and REST API Users

MaxCtrl uses the same credentials as the MaxScale REST API. These users can be managed via MaxCtrl.

Create a New MaxCtrl User

By default new users are only allowed to read data. To make the account an administrative account, add the --type=admin option to the command:

Administrative accounts are allowed to use all MaxCtrl commands and modify any parts of MaxScale.

Change the Password of an Existing User

Remove a User

CC BY-SA / Gnu FDL

[RW-Split-Router]
type=service
router=readwritesplit
servers=server1,server2,server3,server4
user=jdoe
passwd=BD26E4139A15280CA882264AA1551C70
ssl=required
ssl_cert=/home/user/certs/server-cert.pem
ssl_key=/home/user/certs/server-key.pem
ssl_ca_cert=/home/user/certs/ca.pem
ssl_version=TLSv12

[RW-Split-Listener]
type=listener
service=RW-Split-Router
port=3306

[RW-Split-Router]
type=service
router=readwritesplit
servers=server1,server2,server3,server4
user=jdoe
passwd=BD26E4139A15280CA882264AA1551C70

[RW-Split-Listener]
type=listener
service=RW-Split-Router
port=3306
ssl=required
ssl_cert=/home/user/certs/server-cert.pem
ssl_key=/home/user/certs/server-key.pem
ssl_ca_cert=/home/user/certs/ca.pem
ssl_version=TLSv12

pretty
Pretty-print output. If this parameter is set to true then the returned objects are formatted in a more human readable format. If the parameter is set to false then the returned objects are formatted in a compact format. All resources support this parameter. The default value for this parameter is true.
fields[TYPE]=field1,field2...
Return a This parameter controls which fields are returned in the REST API response. The TYPE value in the fields parameter must be the resource type that is being retrieved (i.e. the servers in /v1/servers and/v1/server/server1). The value of the parameter must be a comma-separated list of that mark which fields of the object to return. Only fields in objects in the attributes and relationships objects are inspected. This means that if the path marked by the JSON Pointer contains an array in it, it will not advance past this array. For example, to return only the server state output from the /servers endpoint, the fields[servers]=state parameter can be used. This would return only the
filter=json_ptr=expr
Filter the output of the result This parameter controls which rows are returned in a REST API response that returns an array in the data member (i.e. a request to a resource collection). Requests to individual resources are not filtered. The argument to the filter parameter must be a key-value pair with a valid as the key and either a valid JSON type as the value or a . The comparison is done for each individual object in the data array of the result. If given only a JSON value, the stored value is compared for equality. If an expression is used, the expression is evaluated and only rows that match are returned. For example, if the object stored in data[0] has a value pointed by the given JSON pointer and that value compares equal to the given JSON value, the array row is kept in the result. Examples for filtering expression can be found . A practical use for this parameter is to return only sessions for a particular service. For example, to return sessions for theRW-Split-Router service, thefilter=/relationships/services/data/0/id="RW-Split-Router" parameter can be used. Note the double quotes around the "RW-Split-Router", they are required to correctly convert strings into JSON values.
filter[json_path]=expr
Filter based on a JSONPath and a filtering expression. Similar to the filter parameter that takes a JSON Pointer, this version of the filter controls which rows are returned in a REST API response for a resource collection. Requests to individual resources are never filtered. The value inside the brackets must be a valid expression that MaxScale supports. The currently supported syntax is:
- dot notation: $.store.book
- bracket notation: $['store']['book']

$ maxctrl list services
┌────────────────────────┬────────────────┬─────────────┬───────────────────┬────────────────────────────────────┐
│ Service                │ Router         │ Connections │ Total Connections │ Servers                            │
├────────────────────────┼────────────────┼─────────────┼───────────────────┼────────────────────────────────────┤
│ CLI                    │ cli            │ 1           │ 1                 │                                    │
├────────────────────────┼────────────────┼─────────────┼───────────────────┼────────────────────────────────────┤
│ RW-Split-Router        │ readwritesplit │ 1           │ 1                 │ server1, server2, server3, server4 │
├────────────────────────┼────────────────┼─────────────┼───────────────────┼────────────────────────────────────┤
│ RW-Split-Hint-Router   │ readwritesplit │ 1           │ 1                 │ server1, server2, server3, server4 │
├────────────────────────┼────────────────┼─────────────┼───────────────────┼────────────────────────────────────┤
│ SchemaRouter-Router    │ schemarouter   │ 1           │ 1                 │ server1, server2, server3, server4 │
├────────────────────────┼────────────────┼─────────────┼───────────────────┼────────────────────────────────────┤
│ Read-Connection-Router │ readconnroute  │ 1           │ 1                 │ server1                            │
└────────────────────────┴────────────────┴─────────────┴───────────────────┴────────────────────────────────────┘

$ maxctrl list sessions
┌────┬─────────┬──────────────────┬──────────────────────────┬──────┬─────────────────┐
│ Id │ User    │ Host             │ Connected                │ Idle │ Service         │
├────┼─────────┼──────────────────┼──────────────────────────┼──────┼─────────────────┤
│ 6  │ maxuser │ ::ffff:127.0.0.1 │ Thu Aug 27 10:39:16 2020 │ 4    │ RW-Split-Router │
└────┴─────────┴──────────────────┴──────────────────────────┴──────┴─────────────────┘

/var/log/maxscale/maxscale.log {
monthly
rotate 5
missingok
nocompress
sharedscripts
postrotate
\# run if maxscale is running
if test -n "`ps acx|grep maxscale`"; then
/usr/bin/maxctrl rotate logs
fi
endscript
}

{
    "meta": {
        "token": "eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJhZG1pbiIsImV4cCI6MTU4MzI1NDE1MSwiaWF0IjoxNTgzMjI1MzUxLCJpc3MiOiJtYXhzY2FsZSJ9.B1BqhjjKaCWKe3gVXLszpOPfeu8cLiwSb4CMIJAoyqw"
    }
}

data.attributes.state

data.attributes.statistics.connections

fields[servers]=statistics/connections

Timeline 1                 Timeline 2

Clients execute       INSERT ...                 SELECT COUNT(*) FROM tbl
MaxScale -> DB                                   SELECT COUNT(*) FROM tbl
MaxScale -> DB        INSERT ...

* `never`: No invalidation is performed. This is the default.
* `current`: When a modification is made, entries in the cache used by
  the current session are invalidated. Other sessions that use the same
  cache will also be affected, but sessions that use another cache will
  not.

* `mixed`: The data of different users is stored in the same
  cache. This is the default and may cause that a user can
  access data he should not have access to.
* `isolated`: Each user has a unique cache and there can be
  no unintended sharing.

MySQL [testdb]> select current_user();
+----------------+
| current_user() |
+----------------+
| bob@127.0.0.1  |
+----------------+
1 row in set (0.00 sec)

MySQL [testdb]> select * from access;
+------+------+
| a    | b    |
+------+------+
|   47 |   11 |
+------+------+

{
    "store": [
        {
            "attribute": "table",
            "op": "=",
            "value": "access"
        }
    ],
    "use": [
        {
            "attribute": "user",
            "op": "=",
            "value": "'alice'@'%'"
        }
    ]
}

MaxScale 22.08 Service Resource

Service Resource

A service resource represents a service inside MaxScale. A service is a collection of network listeners, filters, a router and a set of backend servers.

Resource Operations

The :name in all of the URIs must be the name of a service in MaxScale.

Get a service

Get a single service.

Response

Status: 200 OK

Get all services

Get all services.

Response

Status: 200 OK

Create a service

Create a new service by defining the resource. The posted object must define at least the following fields.

data.id
Name of the service
data.type
Type of the object, must be services

The data.attributes.parameters object is used to define router and service parameters. All configuration parameters that can be defined in the configuration file can also be added to the parameters object. The exceptions to this are the type, router, servers and filters parameters which must not be defined.

As with other REST API resources, the data.relationships field defines the relationships of the service to other resources. Services can have two types of relationships: servers and filters relationships.

If the request body defines a valid relationships object, the service is linked to those resources. For servers, this is equivalent to adding the list of server names into the parameter. For filters, this is equivalent to adding the filters in thedata.relationships.filters.data array to the parameter in the order they appear. For other services, this is equivalent to adding the list of server names into the parameter.

The following example defines a new service with both a server and a filter relationship.

Response

Service is created:

Status: 204 No Content

Destroy a service

A service can only be destroyed if the service uses no servers or filters and all the listeners pointing to the service have been destroyed. This means that the data.relationships must be an empty object and data.attributes.listeners must be an empty array in order for the service to qualify for destruction.

If there are open client connections that use the service when it is destroyed, they are allowed to gracefully close before the service is destroyed. This means that the destruction of a service can be acknowledged via the REST API before the destruction process has fully completed.

To find out whether a service is still in use after it has been destroyed, the resource should be used. If a session for the service is still open, it has not yet been destroyed.

This endpoint also supports the force=yes parameter that will unconditionally delete the service by first unlinking it from all servers and filters that it uses.

Response

Service is destroyed:

Status: 204 No Content

Update a service

The request body must be a JSON object which represents a set of new definitions for the service.

All standard service parameters can be modified. Refer to the documentation on the details of these parameters.

In addition to the standard service parameters, router parameters can be updated at runtime if the router module supports it. Refer to the individual router documentation for more details on whether the router supports it and which parameters can be updated at runtime.

The following example modifies a service by changing the user parameter to admin.

Response

Service is modified:

Status: 204 No Content

Update service relationships

The :type in the URI must be either servers, services or filters, depending on which relationship is being modified.

The request body must be a JSON object that defines only the data field. The value of the data field must be an array of relationship objects that define the id and type fields of the relationship. This object will replace the existing relationships of this type for the service.

Note: The order of the values in the filters relationship will define the order the filters are set up in. The order in which the filters appear in the array will be the order in which the filters are applied to each query. Refer to the parameter for more details.

The following is an example request and request body that defines a single server relationship for a service that is equivalent to a servers=my-server parameter.

All relationships for a service can be deleted by sending an empty array as the_data_ field value. The following example removes all servers from a service.

Response

Service relationships modified:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Stop a service

Stops a started service.

Parameters

This endpoint supports the following parameters:

force=yes
Close all existing connections that were created through this listener.

Response

Service is stopped:

Status: 204 No Content

Start a service

Starts a stopped service.

Response

Service is started:

Status: 204 No Content

Reload users of a service

Reloads the list of database users used for authentication.

Response

Users are reloaded:

Status: 204 No Content

Get service listeners

This endpoint is deprecated, use the listeners endpoint instead.

Get a single service listener

This endpoint is deprecated, use the listeners endpoint instead.

Create a new listener

This endpoint is deprecated, use the listeners endpoint instead.

Destroy a listener

This endpoint is deprecated, use the listeners endpoint instead.

CC BY-SA / Gnu FDL

MaxScale 22.08 Server Resource

Server Resource

A server resource represents a backend database server.

Resource Operations

The :name in all of the URIs must be the name of a server in MaxScale.

Get a server

Get a single server.

Response

Status: 200 OK

Get all servers

Response

Response contains a resource collection with all servers.

Status: 200 OK

Create a server

Create a new server by defining the resource. The posted object must define at least the following fields.

data.id
Name of the server
data.type
Type of the object, must be servers

The following is the minimal required JSON object for defining a new server.

The relationships of a server can also be defined at creation time. This allows new servers to be created and immediately taken into use.

Refer to the for a full list of server parameters.

Response

Server created:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Update a server

The request body must be a valid JSON document representing the modified server.

Modifiable Fields

In addition to the server , the services and monitors fields of the relationships object can be modified. Removal, addition and modification of the links will change which service and monitors use this server.

For example, removing the first value in the services list in the_relationships_ object from the following JSON document will remove the_server1_ from the service RW-Split-Router.

Removing a service from a server is analogous to removing the server from the service. Both unlink the two objects from each other.

Request for PATCH /v1/servers/server1 that modifies the address of the server:

Request for PATCH /v1/servers/server1 that modifies the server relationships:

If parts of the resource are not defined (e.g. the attributes field in the above example), those parts of the resource are not modified. All parts that are defined are interpreted as the new definition of those part of the resource. In the above example, the relationships of the resource are completely redefined.

Response

Server modified:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Update server relationships

The :type in the URI must be either services, for service relationships, or monitors, for monitor relationships.

The following is an example request and request body that defines a single service relationship for a server.

All relationships for a server can be deleted by sending an empty array as the_data_ field value. The following example removes the server from all services.

Response

Server relationships modified:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Destroy a server

A server can only be deleted if it is not used by any services or monitors.

This endpoint also supports the force=yes parameter that will unconditionally delete the server by first unlinking it from all services and monitors that use it.

Response

Server is destroyed:

Status: 204 No Content

Server is in use:

Status: 400 Bad Request

Set server state

This endpoint requires that the state parameter is passed with the request. The value of state must be one of the following values.

Value

State Description

For example, to set the server db-server-1 into maintenance mode, a request to the following URL must be made:

This endpoint also supports the force=yes parameter that will cause all connections to the server to be closed if state=maintenance is also set. By default setting a server into maintenance mode will cause connections to be closed only after the next request is sent.

The following example forcefully closes all connections to server db-server-1 and sets it into maintenance mode:

Response

Server state modified:

Status: 204 No Content

Missing or invalid parameter:

Status: 400 Bad Request

Clear server state

This endpoint requires that the state parameter is passed with the request. The value of state must be one of the values defined in the_set_ endpoint documentation.

Response

Server state modified:

Status: 204 No Content

Missing or invalid parameter:

Status: 400 Bad Request

CC BY-SA / Gnu FDL

{
    "data": {
        "attributes": {
            "connections": 0,
            "listeners": [
                {
                    "attributes": {
                        "parameters": {
                            "address": "::",
                            "authenticator": null,
                            "authenticator_options": null,
                            "connection_init_sql_file": null,
                            "port": 4008,
                            "protocol": "MariaDBProtocol",
                            "service": "Read-Connection-Router",
                            "socket": null,
                            "sql_mode": "default",
                            "ssl": false,
                            "ssl_ca": null,
                            "ssl_cert": null,
                            "ssl_cert_verify_depth": 9,
                            "ssl_cipher": null,
                            "ssl_crl": null,
                            "ssl_key": null,
                            "ssl_verify_peer_certificate": false,
                            "ssl_verify_peer_host": false,
                            "ssl_version": "MAX",
                            "type": "listener",
                            "user_mapping_file": null
                        },
                        "source": {
                            "file": "/etc/maxscale.cnf",
                            "type": "static"
                        },
                        "state": "Running"
                    },
                    "id": "Read-Connection-Listener",
                    "relationships": {
                        "services": {
                            "data": [
                                {
                                    "id": "Read-Connection-Router",
                                    "type": "services"
                                }
                            ],
                            "links": {
                                "related": "http://localhost:8989/v1/services/",
                                "self": "http://localhost:8989/v1/listeners/Read-Connection-Listener/relationships/services/"
                            }
                        }
                    },
                    "type": "listeners"
                }
            ],
            "parameters": {
                "auth_all_servers": false,
                "connection_keepalive": "300000ms",
                "connection_timeout": "0ms",
                "disable_sescmd_history": false,
                "enable_root_user": false,
                "idle_session_pool_time": "-1ms",
                "localhost_match_wildcard_host": true,
                "log_auth_warnings": true,
                "log_debug": false,
                "log_info": false,
                "log_notice": false,
                "log_warning": false,
                "master_accept_reads": true,
                "max_connections": 0,
                "max_replication_lag": "0ms",
                "max_sescmd_history": 50,
                "multiplex_timeout": "60000ms",
                "net_write_timeout": "0ms",
                "password": "*****",
                "prune_sescmd_history": true,
                "rank": "primary",
                "retain_last_statements": -1,
                "router": "readconnroute",
                "router_options": "master",
                "session_trace": false,
                "session_track_trx_state": false,
                "strip_db_esc": true,
                "type": "service",
                "user": "maxuser",
                "user_accounts_file": null,
                "user_accounts_file_usage": "add_when_load_ok",
                "version_string": null
            },
            "router": "readconnroute",
            "router_diagnostics": {
                "queries": 0,
                "server_query_statistics": []
            },
            "source": {
                "file": "/etc/maxscale.cnf",
                "type": "static"
            },
            "started": "Thu Jul 20 15:29:02 2023",
            "state": "Started",
            "statistics": {
                "active_operations": 0,
                "connections": 0,
                "failed_auths": 0,
                "max_connections": 0,
                "routed_packets": 0,
                "total_connections": 0
            },
            "total_connections": 0,
            "users": [
                {
                    "default_role": "",
                    "global_priv": false,
                    "host": "localhost",
                    "plugin": "mysql_native_password",
                    "proxy_priv": false,
                    "ssl": false,
                    "super_priv": false,
                    "user": "mariadb.sys"
                },
                {
                    "default_role": "",
                    "global_priv": true,
                    "host": "127.0.0.1",
                    "plugin": "mysql_native_password",
                    "proxy_priv": false,
                    "ssl": false,
                    "super_priv": true,
                    "user": "maxuser"
                },
                {
                    "default_role": "",
                    "global_priv": true,
                    "host": "%",
                    "plugin": "mysql_native_password",
                    "proxy_priv": false,
                    "ssl": false,
                    "super_priv": true,
                    "user": "maxuser"
                },
                {
                    "default_role": "",
                    "global_priv": true,
                    "host": "localhost",
                    "plugin": "mysql_native_password",
                    "proxy_priv": false,
                    "ssl": false,
                    "super_priv": true,
                    "user": "root"
                },
                {
                    "default_role": "",
                    "global_priv": true,
                    "host": "%",
                    "plugin": "mysql_native_password",
                    "proxy_priv": false,
                    "ssl": false,
                    "super_priv": true,
                    "user": "root"
                }
            ],
            "users_last_update": "Thu Jul 20 15:29:03 2023"
        },
        "id": "Read-Connection-Router",
        "links": {
            "self": "http://localhost:8989/v1/services/Read-Connection-Router/"
        },
        "relationships": {
            "filters": {
                "data": [
                    {
                        "id": "QLA",
                        "type": "filters"
                    },
                    {
                        "id": "Hint",
                        "type": "filters"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/filters/",
                    "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/filters/"
                }
            },
            "listeners": {
                "data": [
                    {
                        "id": "Read-Connection-Listener",
                        "type": "listeners"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/listeners/",
                    "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/listeners/"
                }
            },
            "servers": {
                "data": [
                    {
                        "id": "server1",
                        "type": "servers"
                    },
                    {
                        "id": "server2",
                        "type": "servers"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/servers/",
                    "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/servers/"
                }
            }
        },
        "type": "services"
    },
    "links": {
        "self": "http://localhost:8989/v1/services/Read-Connection-Router/"
    }
}

{
    "data": [
        {
            "attributes": {
                "connections": 1,
                "listeners": [
                    {
                        "attributes": {
                            "parameters": {
                                "address": "::",
                                "authenticator": null,
                                "authenticator_options": null,
                                "connection_init_sql_file": null,
                                "port": 4006,
                                "protocol": "MariaDBProtocol",
                                "service": "RW-Split-Router",
                                "socket": null,
                                "sql_mode": "default",
                                "ssl": false,
                                "ssl_ca": null,
                                "ssl_cert": null,
                                "ssl_cert_verify_depth": 9,
                                "ssl_cipher": null,
                                "ssl_crl": null,
                                "ssl_key": null,
                                "ssl_verify_peer_certificate": false,
                                "ssl_verify_peer_host": false,
                                "ssl_version": "MAX",
                                "type": "listener",
                                "user_mapping_file": null
                            },
                            "source": {
                                "file": "/etc/maxscale.cnf",
                                "type": "static"
                            },
                            "state": "Running"
                        },
                        "id": "RW-Split-Listener",
                        "relationships": {
                            "services": {
                                "data": [
                                    {
                                        "id": "RW-Split-Router",
                                        "type": "services"
                                    }
                                ],
                                "links": {
                                    "related": "http://localhost:8989/v1/services/",
                                    "self": "http://localhost:8989/v1/listeners/RW-Split-Listener/relationships/services/"
                                }
                            }
                        },
                        "type": "listeners"
                    }
                ],
                "parameters": {
                    "auth_all_servers": false,
                    "causal_reads": "false",
                    "causal_reads_timeout": "10000ms",
                    "connection_keepalive": "300000ms",
                    "connection_timeout": "0ms",
                    "delayed_retry": false,
                    "delayed_retry_timeout": "10000ms",
                    "disable_sescmd_history": false,
                    "enable_root_user": false,
                    "idle_session_pool_time": "-1ms",
                    "lazy_connect": false,
                    "localhost_match_wildcard_host": true,
                    "log_auth_warnings": true,
                    "log_debug": false,
                    "log_info": false,
                    "log_notice": false,
                    "log_warning": false,
                    "master_accept_reads": false,
                    "master_failure_mode": "fail_instantly",
                    "master_reconnection": false,
                    "max_connections": 0,
                    "max_sescmd_history": 50,
                    "max_slave_connections": 255,
                    "max_slave_replication_lag": "0ms",
                    "multiplex_timeout": "60000ms",
                    "net_write_timeout": "0ms",
                    "optimistic_trx": false,
                    "password": "*****",
                    "prune_sescmd_history": true,
                    "rank": "primary",
                    "retain_last_statements": -1,
                    "retry_failed_reads": true,
                    "reuse_prepared_statements": false,
                    "router": "readwritesplit",
                    "session_trace": false,
                    "session_track_trx_state": false,
                    "slave_connections": 255,
                    "slave_selection_criteria": "LEAST_CURRENT_OPERATIONS",
                    "strict_multi_stmt": false,
                    "strict_sp_calls": false,
                    "strip_db_esc": true,
                    "transaction_replay": false,
                    "transaction_replay_attempts": 5,
                    "transaction_replay_checksum": "full",
                    "transaction_replay_max_size": 1048576,
                    "transaction_replay_retry_on_deadlock": false,
                    "transaction_replay_retry_on_mismatch": false,
                    "transaction_replay_timeout": "0ms",
                    "type": "service",
                    "use_sql_variables_in": "all",
                    "user": "maxuser",
                    "user_accounts_file": null,
                    "user_accounts_file_usage": "add_when_load_ok",
                    "version_string": null
                },
                "router": "readwritesplit",
                "router_diagnostics": {
                    "avg_sescmd_history_length": 0,
                    "max_sescmd_history_length": 0,
                    "queries": 2,
                    "replayed_transactions": 0,
                    "ro_transactions": 0,
                    "route_all": 1,
                    "route_master": 1,
                    "route_slave": 0,
                    "rw_transactions": 0,
                    "server_query_statistics": [
                        {
                            "avg_selects_per_session": 0,
                            "avg_sess_duration": "0ns",
                            "id": "server1",
                            "read": 2,
                            "total": 2,
                            "write": 0
                        },
                        {
                            "avg_selects_per_session": 0,
                            "avg_sess_duration": "0ns",
                            "id": "server2",
                            "read": 1,
                            "total": 1,
                            "write": 0
                        }
                    ]
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "started": "Thu Jul 20 15:29:02 2023",
                "state": "Started",
                "statistics": {
                    "active_operations": 0,
                    "connections": 1,
                    "failed_auths": 0,
                    "max_connections": 1,
                    "routed_packets": 2,
                    "total_connections": 1
                },
                "total_connections": 1,
                "users": [
                    {
                        "default_role": "",
                        "global_priv": false,
                        "host": "localhost",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": false,
                        "user": "mariadb.sys"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "127.0.0.1",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "maxuser"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "%",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "maxuser"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "localhost",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "root"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "%",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "root"
                    }
                ],
                "users_last_update": "Thu Jul 20 15:29:03 2023"
            },
            "id": "RW-Split-Router",
            "links": {
                "self": "http://localhost:8989/v1/services/RW-Split-Router/"
            },
            "relationships": {
                "listeners": {
                    "data": [
                        {
                            "id": "RW-Split-Listener",
                            "type": "listeners"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/listeners/",
                        "self": "http://localhost:8989/v1/services/RW-Split-Router/relationships/listeners/"
                    }
                },
                "monitors": {
                    "data": [
                        {
                            "id": "MariaDB-Monitor",
                            "type": "monitors"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/monitors/",
                        "self": "http://localhost:8989/v1/services/RW-Split-Router/relationships/monitors/"
                    }
                }
            },
            "type": "services"
        },
        {
            "attributes": {
                "connections": 0,
                "listeners": [
                    {
                        "attributes": {
                            "parameters": {
                                "address": "::",
                                "authenticator": null,
                                "authenticator_options": null,
                                "connection_init_sql_file": null,
                                "port": 4008,
                                "protocol": "MariaDBProtocol",
                                "service": "Read-Connection-Router",
                                "socket": null,
                                "sql_mode": "default",
                                "ssl": false,
                                "ssl_ca": null,
                                "ssl_cert": null,
                                "ssl_cert_verify_depth": 9,
                                "ssl_cipher": null,
                                "ssl_crl": null,
                                "ssl_key": null,
                                "ssl_verify_peer_certificate": false,
                                "ssl_verify_peer_host": false,
                                "ssl_version": "MAX",
                                "type": "listener",
                                "user_mapping_file": null
                            },
                            "source": {
                                "file": "/etc/maxscale.cnf",
                                "type": "static"
                            },
                            "state": "Running"
                        },
                        "id": "Read-Connection-Listener",
                        "relationships": {
                            "services": {
                                "data": [
                                    {
                                        "id": "Read-Connection-Router",
                                        "type": "services"
                                    }
                                ],
                                "links": {
                                    "related": "http://localhost:8989/v1/services/",
                                    "self": "http://localhost:8989/v1/listeners/Read-Connection-Listener/relationships/services/"
                                }
                            }
                        },
                        "type": "listeners"
                    }
                ],
                "parameters": {
                    "auth_all_servers": false,
                    "connection_keepalive": "300000ms",
                    "connection_timeout": "0ms",
                    "disable_sescmd_history": false,
                    "enable_root_user": false,
                    "idle_session_pool_time": "-1ms",
                    "localhost_match_wildcard_host": true,
                    "log_auth_warnings": true,
                    "log_debug": false,
                    "log_info": false,
                    "log_notice": false,
                    "log_warning": false,
                    "master_accept_reads": true,
                    "max_connections": 0,
                    "max_replication_lag": "0ms",
                    "max_sescmd_history": 50,
                    "multiplex_timeout": "60000ms",
                    "net_write_timeout": "0ms",
                    "password": "*****",
                    "prune_sescmd_history": true,
                    "rank": "primary",
                    "retain_last_statements": -1,
                    "router": "readconnroute",
                    "router_options": "master",
                    "session_trace": false,
                    "session_track_trx_state": false,
                    "strip_db_esc": true,
                    "type": "service",
                    "user": "maxuser",
                    "user_accounts_file": null,
                    "user_accounts_file_usage": "add_when_load_ok",
                    "version_string": null
                },
                "router": "readconnroute",
                "router_diagnostics": {
                    "queries": 0,
                    "server_query_statistics": []
                },
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "started": "Thu Jul 20 15:29:02 2023",
                "state": "Started",
                "statistics": {
                    "active_operations": 0,
                    "connections": 0,
                    "failed_auths": 0,
                    "max_connections": 0,
                    "routed_packets": 0,
                    "total_connections": 0
                },
                "total_connections": 0,
                "users": [
                    {
                        "default_role": "",
                        "global_priv": false,
                        "host": "localhost",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": false,
                        "user": "mariadb.sys"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "127.0.0.1",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "maxuser"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "%",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "maxuser"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "localhost",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "root"
                    },
                    {
                        "default_role": "",
                        "global_priv": true,
                        "host": "%",
                        "plugin": "mysql_native_password",
                        "proxy_priv": false,
                        "ssl": false,
                        "super_priv": true,
                        "user": "root"
                    }
                ],
                "users_last_update": "Thu Jul 20 15:29:03 2023"
            },
            "id": "Read-Connection-Router",
            "links": {
                "self": "http://localhost:8989/v1/services/Read-Connection-Router/"
            },
            "relationships": {
                "filters": {
                    "data": [
                        {
                            "id": "QLA",
                            "type": "filters"
                        },
                        {
                            "id": "Hint",
                            "type": "filters"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/filters/",
                        "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/filters/"
                    }
                },
                "listeners": {
                    "data": [
                        {
                            "id": "Read-Connection-Listener",
                            "type": "listeners"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/listeners/",
                        "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/listeners/"
                    }
                },
                "servers": {
                    "data": [
                        {
                            "id": "server1",
                            "type": "servers"
                        },
                        {
                            "id": "server2",
                            "type": "servers"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/servers/",
                        "self": "http://localhost:8989/v1/services/Read-Connection-Router/relationships/servers/"
                    }
                }
            },
            "type": "services"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/services/"
    }
}

{
    "data": {
        "id": "my-service",
        "type": "services",
        "attributes": {
            "router": "readwritesplit",
            "parameters": {
                "user": "maxuser",
                "password": "maxpwd"
            }
        },
        "relationships": {
            "filters": {
                "data": [
                    {
                        "id": "QLA",
                        "type": "filters"
                    }
                ]
            },
            "servers": {
                "data": [
                    {
                        "id": "server1",
                        "type": "servers"
                    }
                ]
            }
        }
    }
}

{
    "data": {
        "attributes": {
            "gtid_binlog_pos": "0-3000-5",
            "gtid_current_pos": "0-3000-5",
            "last_event": "master_up",
            "lock_held": null,
            "master_group": null,
            "master_id": -1,
            "name": "server1",
            "node_id": 3000,
            "parameters": {
                "address": "127.0.0.1",
                "disk_space_threshold": null,
                "extra_port": 0,
                "max_routing_connections": 0,
                "monitorpw": null,
                "monitoruser": null,
                "persistmaxtime": "0ms",
                "persistpoolmax": 0,
                "port": 3000,
                "priority": 0,
                "proxy_protocol": false,
                "rank": "primary",
                "socket": null,
                "ssl": false,
                "ssl_ca": null,
                "ssl_cert": null,
                "ssl_cert_verify_depth": 9,
                "ssl_cipher": null,
                "ssl_key": null,
                "ssl_verify_peer_certificate": false,
                "ssl_verify_peer_host": false,
                "ssl_version": "MAX"
            },
            "read_only": false,
            "replication_lag": 0,
            "server_id": 3000,
            "slave_connections": [],
            "source": {
                "file": "/etc/maxscale.cnf",
                "type": "static"
            },
            "state": "Master, Running",
            "state_details": null,
            "statistics": {
                "active_operations": 0,
                "adaptive_avg_select_time": "0ns",
                "connection_pool_empty": 0,
                "connections": 1,
                "failed_auths": 0,
                "max_connections": 1,
                "max_pool_size": 0,
                "persistent_connections": 0,
                "response_time_distribution": {
                    "read": {
                        "distribution": [
                            {
                                "count": 0,
                                "time": "0.000001",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.000010",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.000100",
                                "total": 0.0
                            },
                            {
                                "count": 1,
                                "time": "0.001000",
                                "total": 0.00026678900000000002
                            },
                            {
                                "count": 0,
                                "time": "0.010000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.100000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "1.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "10.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "100.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "1000.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "10000.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "100000.000000",
                                "total": 0.0
                            }
                        ],
                        "operation": "read",
                        "range_base": 10
                    },
                    "write": {
                        "distribution": [
                            {
                                "count": 0,
                                "time": "0.000001",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.000010",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.000100",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "0.001000",
                                "total": 0.0
                            },
                            {
                                "count": 1,
                                "time": "0.010000",
                                "total": 0.001274311
                            },
                            {
                                "count": 0,
                                "time": "0.100000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "1.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "10.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "100.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "1000.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "10000.000000",
                                "total": 0.0
                            },
                            {
                                "count": 0,
                                "time": "100000.000000",
                                "total": 0.0
                            }
                        ],
                        "operation": "write",
                        "range_base": 10
                    }
                },
                "reused_connections": 0,
                "routed_packets": 2,
                "total_connections": 1
            },
            "triggered_at": "Thu, 20 Jul 2023 15:29:02 GMT",
            "uptime": 387,
            "version_string": "10.5.19-MariaDB-1:10.5.19+maria~ubu2004-log"
        },
        "id": "server1",
        "links": {
            "self": "http://localhost:8989/v1/servers/server1/"
        },
        "relationships": {
            "monitors": {
                "data": [
                    {
                        "id": "MariaDB-Monitor",
                        "type": "monitors"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/monitors/",
                    "self": "http://localhost:8989/v1/servers/server1/relationships/monitors/"
                }
            },
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    },
                    {
                        "id": "Read-Connection-Router",
                        "type": "services"
                    }
                ],
                "links": {
                    "related": "http://localhost:8989/v1/services/",
                    "self": "http://localhost:8989/v1/servers/server1/relationships/services/"
                }
            }
        },
        "type": "servers"
    },
    "links": {
        "self": "http://localhost:8989/v1/servers/server1/"
    }
}

{
    "data": [
        {
            "attributes": {
                "gtid_binlog_pos": "0-3000-5",
                "gtid_current_pos": "0-3000-5",
                "last_event": "master_up",
                "lock_held": null,
                "master_group": null,
                "master_id": -1,
                "name": "server1",
                "node_id": 3000,
                "parameters": {
                    "address": "127.0.0.1",
                    "disk_space_threshold": null,
                    "extra_port": 0,
                    "max_routing_connections": 0,
                    "monitorpw": null,
                    "monitoruser": null,
                    "persistmaxtime": "0ms",
                    "persistpoolmax": 0,
                    "port": 3000,
                    "priority": 0,
                    "proxy_protocol": false,
                    "rank": "primary",
                    "socket": null,
                    "ssl": false,
                    "ssl_ca": null,
                    "ssl_cert": null,
                    "ssl_cert_verify_depth": 9,
                    "ssl_cipher": null,
                    "ssl_key": null,
                    "ssl_verify_peer_certificate": false,
                    "ssl_verify_peer_host": false,
                    "ssl_version": "MAX"
                },
                "read_only": false,
                "replication_lag": 0,
                "server_id": 3000,
                "slave_connections": [],
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "state": "Master, Running",
                "state_details": null,
                "statistics": {
                    "active_operations": 0,
                    "adaptive_avg_select_time": "0ns",
                    "connection_pool_empty": 0,
                    "connections": 1,
                    "failed_auths": 0,
                    "max_connections": 1,
                    "max_pool_size": 0,
                    "persistent_connections": 0,
                    "response_time_distribution": {
                        "read": {
                            "distribution": [
                                {
                                    "count": 0,
                                    "time": "0.000001",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000010",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000100",
                                    "total": 0.0
                                },
                                {
                                    "count": 1,
                                    "time": "0.001000",
                                    "total": 0.00026678900000000002
                                },
                                {
                                    "count": 0,
                                    "time": "0.010000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.100000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100000.000000",
                                    "total": 0.0
                                }
                            ],
                            "operation": "read",
                            "range_base": 10
                        },
                        "write": {
                            "distribution": [
                                {
                                    "count": 0,
                                    "time": "0.000001",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000010",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000100",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.001000",
                                    "total": 0.0
                                },
                                {
                                    "count": 1,
                                    "time": "0.010000",
                                    "total": 0.001274311
                                },
                                {
                                    "count": 0,
                                    "time": "0.100000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100000.000000",
                                    "total": 0.0
                                }
                            ],
                            "operation": "write",
                            "range_base": 10
                        }
                    },
                    "reused_connections": 0,
                    "routed_packets": 2,
                    "total_connections": 1
                },
                "triggered_at": "Thu, 20 Jul 2023 15:29:02 GMT",
                "uptime": 387,
                "version_string": "10.5.19-MariaDB-1:10.5.19+maria~ubu2004-log"
            },
            "id": "server1",
            "links": {
                "self": "http://localhost:8989/v1/servers/server1/"
            },
            "relationships": {
                "monitors": {
                    "data": [
                        {
                            "id": "MariaDB-Monitor",
                            "type": "monitors"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/monitors/",
                        "self": "http://localhost:8989/v1/servers/server1/relationships/monitors/"
                    }
                },
                "services": {
                    "data": [
                        {
                            "id": "RW-Split-Router",
                            "type": "services"
                        },
                        {
                            "id": "Read-Connection-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/servers/server1/relationships/services/"
                    }
                }
            },
            "type": "servers"
        },
        {
            "attributes": {
                "gtid_binlog_pos": "0-3000-5",
                "gtid_current_pos": "0-3000-5",
                "last_event": "slave_up",
                "lock_held": null,
                "master_group": null,
                "master_id": 3000,
                "name": "server2",
                "node_id": 3001,
                "parameters": {
                    "address": "127.0.0.1",
                    "disk_space_threshold": null,
                    "extra_port": 0,
                    "max_routing_connections": 0,
                    "monitorpw": null,
                    "monitoruser": null,
                    "persistmaxtime": "0ms",
                    "persistpoolmax": 0,
                    "port": 3001,
                    "priority": 0,
                    "proxy_protocol": false,
                    "rank": "primary",
                    "socket": null,
                    "ssl": false,
                    "ssl_ca": null,
                    "ssl_cert": null,
                    "ssl_cert_verify_depth": 9,
                    "ssl_cipher": null,
                    "ssl_key": null,
                    "ssl_verify_peer_certificate": false,
                    "ssl_verify_peer_host": false,
                    "ssl_version": "MAX"
                },
                "read_only": false,
                "replication_lag": 0,
                "server_id": 3001,
                "slave_connections": [
                    {
                        "connection_name": "",
                        "gtid_io_pos": "",
                        "last_io_error": "",
                        "last_sql_error": "",
                        "master_host": "127.0.0.1",
                        "master_port": 3000,
                        "master_server_id": 3000,
                        "master_server_name": "server1",
                        "seconds_behind_master": 0,
                        "slave_io_running": "Yes",
                        "slave_sql_running": "Yes"
                    }
                ],
                "source": {
                    "file": "/etc/maxscale.cnf",
                    "type": "static"
                },
                "state": "Slave, Running",
                "state_details": null,
                "statistics": {
                    "active_operations": 0,
                    "adaptive_avg_select_time": "0ns",
                    "connection_pool_empty": 0,
                    "connections": 1,
                    "failed_auths": 0,
                    "max_connections": 1,
                    "max_pool_size": 0,
                    "persistent_connections": 0,
                    "response_time_distribution": {
                        "read": {
                            "distribution": [
                                {
                                    "count": 0,
                                    "time": "0.000001",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000010",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000100",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.001000",
                                    "total": 0.0
                                },
                                {
                                    "count": 1,
                                    "time": "0.010000",
                                    "total": 0.0018231790000000001
                                },
                                {
                                    "count": 0,
                                    "time": "0.100000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100000.000000",
                                    "total": 0.0
                                }
                            ],
                            "operation": "read",
                            "range_base": 10
                        },
                        "write": {
                            "distribution": [
                                {
                                    "count": 0,
                                    "time": "0.000001",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000010",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.000100",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.001000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.010000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "0.100000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "1000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "10000.000000",
                                    "total": 0.0
                                },
                                {
                                    "count": 0,
                                    "time": "100000.000000",
                                    "total": 0.0
                                }
                            ],
                            "operation": "write",
                            "range_base": 10
                        }
                    },
                    "reused_connections": 0,
                    "routed_packets": 1,
                    "total_connections": 1
                },
                "triggered_at": "Thu, 20 Jul 2023 15:29:02 GMT",
                "uptime": 387,
                "version_string": "10.5.19-MariaDB-1:10.5.19+maria~ubu2004-log"
            },
            "id": "server2",
            "links": {
                "self": "http://localhost:8989/v1/servers/server2/"
            },
            "relationships": {
                "monitors": {
                    "data": [
                        {
                            "id": "MariaDB-Monitor",
                            "type": "monitors"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/monitors/",
                        "self": "http://localhost:8989/v1/servers/server2/relationships/monitors/"
                    }
                },
                "services": {
                    "data": [
                        {
                            "id": "RW-Split-Router",
                            "type": "services"
                        },
                        {
                            "id": "Read-Connection-Router",
                            "type": "services"
                        }
                    ],
                    "links": {
                        "related": "http://localhost:8989/v1/services/",
                        "self": "http://localhost:8989/v1/servers/server2/relationships/services/"
                    }
                }
            },
            "type": "servers"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/servers/"
    }
}

{
    "data": {
        "id": "server3",
        "type": "servers",
        "attributes": {
            "parameters": {
                "address": "127.0.0.1",
                "port": 3003
            }
        }
    }
}

{
    "data": {
        "id": "server4",
        "type": "servers",
        "attributes": {
            "parameters": {
                "address": "127.0.0.1",
                "port": 3002
            }
        },
        "relationships": {
            "services": {
                "data": [
                    {
                        "id": "RW-Split-Router",
                        "type": "services"
                    },
                    {
                        "id": "Read-Connection-Router",
                        "type": "services"
                    }
                ]
            },
            "monitors": {
                "data": [
                    {
                        "id": "MySQL-Monitor",
                        "type": "monitors"
                    }
                ]
            }
        }
    }
}

{
    "data": {
        "relationships": {
            "services": {
                "data": [
                    { "id": "Read-Connection-Router", "type": "services" }
                ]
            },
            "monitors": {
                "data": [
                    { "id": "MySQL-Monitor", "type": "monitors" }
                ]
            }
        }
    }
}

MaxScale 22.08 Readwritesplit

Readwritesplit

This document provides a short overview of the readwritesplit router module and its intended use case scenarios. It also displays all router configuration parameters with their descriptions. A list of current limitations of the module is included and use examples are provided.

Overview

The readwritesplit router is designed to increase the read-only processing capability of a cluster while maintaining consistency. This is achieved by splitting the query load into read and write queries. Read queries, which do not modify data, are spread across multiple nodes while all write queries will be sent to a single node. For more details on how the load balancing works, refer to and .

The router is designed to be used with a traditional Master-Slave replication cluster. It automatically detects changes in the master server and will use the current master server of the cluster. With a Galera cluster, one can achieve a resilient setup and easy master failover by using one of the Galera nodes as a Write-Master node, where all write queries are routed, and spreading the read load over all the nodes.

Interaction with servers in `Maintenance` and `Draining` state

When a server that readwritesplit uses is put into maintenance mode, any ongoing requests are allowed to finish before the connection is closed. If the server that is put into maintenance mode is a master, open transaction are allowed to complete before the connection is closed. Note that this means neither idle session nor long-running transactions will be closed by readwritesplit. To forcefully close the connections, use the following command:

If a server is put into the Draining state while a connection is open, the connection will be used normally. Whenever a new connection needs to be created, whether that be due to a network error or when a new session being opened, only servers that are neither Draining nor Drained will be used.

Configuration

Readwritesplit router-specific settings are specified in the configuration file of MariaDB MaxScale in its specific section. The section can be freely named but the name is used later as a reference in a listener section.

For more details about the standard service parameters, refer to the .

Starting with 2.3, all router parameters can be configured at runtime. Usemaxctrl alter service to modify them. The changed configuration will only be taken into use by new sessions.

Parameters

`max_slave_connections`

Type: integer
Mandatory: No
Dynamic: Yes
Default: 255

max_slave_connections sets the maximum number of slaves a router session uses at any moment. The default is to use at most 255 slave connections per client connection. In older versions the default was to use all available slaves with no limit.

For MaxScale 2.5.12 and newer, the minimum value is 0.

For MaxScale versions 2.5.11 and older, the minimum value is 1. These versions suffer from a bug () that causes the parameter to accept any values but only function when a value greater than one was given.

Starting with MaxScale 2.5.0, the use of percentage values inmax_slave_connections is deprecated. The support for percentages will be removed in a future release.

For example, if you have configured MaxScale with one master and three slaves and set max_slave_connections=2, for each client connection a connection to the master and two slave connections would be opened. The read query load balancing is then done between these two slaves and writes are sent to the master.

By tuning this parameter, you can control how dynamic the load balancing is at the cost of extra created connections. With a lower value ofmax_slave_connections, less connections per session are created and the set of possible slave servers is smaller. With a higher value inmax_slave_connections, more connections are created which requires more resources but load balancing will almost always give the best single query response time and performance. Longer sessions are less affected by a highmax_slave_connections as the relative cost of opening a connection is lower.

Behavior of max_slave_connections=0

When readwritesplit is configured with max_slave_connections=0, readwritesplit will behave slightly differently in that it will route all reads to the current master server. This is a convenient way to force all of the traffic to go to a single node while still being able to leverage the replay and reconnection features of readwritesplit.

In this mode, the behavior of master_failure_mode=fail_on_write also changes slightly. If the current Master server fails and a read is done when there's no other Master server available, the connection will be closed. This is done to prevent an extra slave connection from being opened that would not be closed if a new Master server would arrive.

`slave_connections`

Type: integer
Mandatory: No
Dynamic: Yes
Default: 255

This parameter controls how many slave connections each new session starts with. The default value is 255 which is the same as the default value ofmax_slave_connections.

In contrast to max_slave_connections, slave_connections serves as a soft limit on how many slave connections are created. The number of slave connections can exceed slave_connections if the load balancing algorithm finds an unconnected slave server better than all other slaves.

Setting this parameter to 1 allows faster connection creation and improved resource usage due to the smaller amount of initial backend connections. It is recommended to use slave_connections=1 when the lifetime of the client connections is short.

`max_slave_replication_lag`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

Specify how many seconds a slave is allowed to be behind the master. The lag of a slave must be less than the configured value in order for it to be used for routing. If set to 0 (the default value), the feature is disabled.

In MaxScale 2.5.0, the slave lag must be less than max_slave_replication_lag whereas in older versions the slave lag had to be less than or equal tomax_slave_replication_lag. This means that in MaxScale 2.5.0 it is possible to define, with max_slave_replication_lag=1, that all slaves must be up to date in order for them to be used for routing.

Note that this feature does not guarantee that writes done on the master are visible for reads done on the slave. This is mainly due to the method of replication lag measurement. For a feature that guarantees this, refer to .

The lag is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the lag is seconds, a lag specified in milliseconds will be rejected, even if the duration is longer than a second.

The Readwritesplit-router does not detect the replication lag itself. A monitor such as the MariaDB-monitor for a Master/Slave-cluster is required. This option only affects Master-Slave clusters. Galera clusters do not have a concept of slave lag even if the application of write sets might have lag. When a server is disqualified from routing because of replication lag, a warning is logged. Similarly, when the server has caught up enough to be a valid routing target, another warning is logged. These messages are only logged when a query is being routed and the replication state changes.

`use_sql_variables_in`

Type:
Mandatory: No
Dynamic: Yes
Values: master, all

This parameter controls how SELECT statements that use SQL user variables are handled. Here is an example of such a query that uses it to return an increasing row number for a resultset:

By default MaxScale will route both the SET and SELECT statements to all nodes. Any future reads of the user variables can also be performed on any node.

The possible values for this parameter are:

all (default)
Modifications to user variables inside SELECT statements as well as reads of user variables are routed to all servers. Versions before MaxScale 22.08 returned an error if a user variable was modified inside of a SELECT statement when use_sql_variables_in=all was used. MaxScale 22.08 will instead route the query to all servers and discard the extra results.
master

DML statements, such as INSERT, UPDATE or DELETE, that modify SQL user variables are still treated as writes and are only routed to the master server. For example, after the following query the value of @myid is no longer the same on all servers and the SELECT statement can return different values depending where it ends up being executed:

`connection_keepalive`

Note: This parameter has been moved into the MaxScale core. For the current documentation, read the section in the configuration guide.

Send keepalive pings to backend servers. This feature was introduced in MaxScale 2.2.0. The default value is 300 seconds starting with 2.3.2 and for older versions the feature was disabled by default. This parameter was converted into a service parameter in MaxScale 2.5.0.

`master_reconnection`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Allow the master server to change mid-session. This feature was introduced in MaxScale 2.3.0 and is disabled by default. This feature requires thatdisable_sescmd_history is not used.

When a readwritesplit session starts, it will pick a master server as the current master server of that session. By default, when this master server is lost or changes to another server, the connection will be closed.

When master_reconnection is enabled, readwritesplit can sometimes recover a lost connection to the master server. This largely depends on the value ofmaster_failure_mode.

With master_failure_mode=fail_instantly, the master server is only allowed to change to another server. This change must happen without a loss of the master server.

With master_failure_mode=fail_on_write, the loss of the master server is no longer a fatal error: if a replacement master server appears before any write queries are received, readwritesplit will transparently reconnect to the new master server.

In both cases the change in the master server can only take place ifprune_sescmd_history is enabled or max_sescmd_history has not yet been exceeded and the session does not have an open transaction.

The recommended configuration is to use master_reconnection=true andmaster_failure_mode=fail_on_write. This provides improved fault tolerance without any risk to the consistency of the database.

`slave_selection_criteria`

Type:
Mandatory: No
Dynamic: Yes
Values: LEAST_CURRENT_OPERATIONS, ADAPTIVE_ROUTING, LEAST_BEHIND_MASTER

This option controls how the readwritesplit router chooses the slaves it connects to and how the load balancing is done. The default behavior is to route read queries to the slave server with the lowest amount of ongoing queries i.e.LEAST_CURRENT_OPERATIONS.

All of the load balancing methods use MaxScale's own accounting. Connections and queries done directly on the database and not through MaxScale are not taken into account by readwritesplit. For example, if server A has 100 queries running all of which are routed through MaxScale and server B has 115 queries but only 95 of those were routed through MaxScale, server B is considered a better candidate even if the absolute number of active queries on it is higher. This is because MaxScale only tracks the connections and queries routed through the same process.

The option syntax:

Where <criteria> is one of the following values.

LEAST_CURRENT_OPERATIONS (default), the slave with least active operations
ADAPTIVE_ROUTING, based on server average response times.
LEAST_BEHIND_MASTER, the slave with smallest replication lag

LEAST_CURRENT_OPERATIONS uses the current number of active operations (i.e. SQL queries) as the load balancing metric and it optimizes for maximal query throughput. Each query gets routed to the server with the least active operations which results in faster servers processing more traffic. If two servers have an equal number of active operations, the one that was least recently used is chosen.

ADAPTIVE_ROUTING uses the server response time and current estimated server load as the load balancing metric. The server that is estimated to finish an additional query first is chosen. A modified average response time for each server is continuously updated to allow slow servers at least some traffic and quickly react to changes in server load conditions. If a server has not received any traffic, the network lag to the server as measured by the monitor is used as the proxy of the true response time. This selection criteria is designed for heterogeneous clusters: servers of differing hardware, differing network distances, or when other loads are running on the servers (including a backup). If the servers are queried by other clients than MaxScale, the load caused by them is indirectly taken into account.

LEAST_BEHIND_MASTER uses the measured replication lag as the load balancing metric. This means that servers that are more up-to-date are favored which increases the likelihood of the data being read being up-to-date. However, this is not as effective as causal_reads would be as there's no guarantee that writes done by the same connection will be routed to a server that has replicated those changes. The recommended approach is to useLEAST_CURRENT_OPERATIONS or ADAPTIVE_ROUTING in combination withcausal_reads

NOTE: LEAST_GLOBAL_CONNECTIONS and LEAST_ROUTER_CONNECTIONS should not be used, they are legacy options that exist only for backwards compatibility. Using them will result in skewed load balancing as the algorithm uses a metric that's too coarse (number of connections) to load balance something that's finer (individual SQL queries).

The LEAST_GLOBAL_CONNECTIONS and LEAST_ROUTER_CONNECTIONS use the connections from MariaDB MaxScale to the server, not the amount of connections reported by the server itself.

Starting with MaxScale versions 2.5.29, 6.4.11, 22.08.9, 23.02.5 and 23.08.1, lowercase versions of the values are also accepted. For example,slave_selection_criteria=LEAST_CURRENT_OPERATIONS andslave_selection_criteria=least_current_operations are both accepted as valid values.

`max_sescmd_history`

This parameter has been moved to in MaxScale 6.0.

`disable_sescmd_history`

This parameter has been moved to in MaxScale 6.0.

`prune_sescmd_history`

This parameter has been moved to in MaxScale 6.0.

`master_accept_reads`

Type:
Mandatory: No
Dynamic: Yes
Default: false

master_accept_reads allows the master server to be used for reads. This is a useful option to enable if you are using a small number of servers and wish to use the master for reads as well.

By default, no reads are sent to the master as long as there is a valid slave server available. If no slaves are available, reads are sent to the master regardless of the value of master_accept_reads.

`strict_multi_stmt`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This option is disabled by default since MaxScale 2.2.1. In older versions, this option was enabled by default.

When a client executes a multi-statement query, it will be treated as if it were a DML statement and routed to the master. If the option is enabled, all queries after a multi-statement query will be routed to the master to guarantee a consistent session state.

If the feature is disabled, queries are routed normally after a multi-statement query.

Warning: Enable the strict mode only if you know that the clients will send statements that cause inconsistencies in the session state.

`strict_sp_calls`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Similar to strict_multi_stmt, this option allows all queries after a CALL operation on a stored procedure to be routed to the master. This option is disabled by default and was added in MaxScale 2.1.9.

All warnings and restrictions that apply to strict_multi_stmt also apply tostrict_sp_calls.

`master_failure_mode`

Type:
Mandatory: No
Dynamic: Yes
Values: fail_instantly, fail_on_write, error_on_write

This option controls how the failure of a master server is handled. By default, the router will close the client connection as soon as the master is lost.

The following table describes the values for this option and how they treat the loss of a master server.

Value

Description

These also apply to new sessions created after the master has failed. This means that in fail_on_write or error_on_write mode, connections are accepted as long as slave servers are available.

When configured with fail_on_write or error_on_write, sessions that are idle will not be closed even if all backend connections for that session have failed. This is done in the hopes that before the next query from the idle session arrives, a reconnection to one of the slaves is made. However, this can leave idle connections around unless the client application actively closes them. To prevent this, use the parameter.

Note: If master_failure_mode is set to error_on_write and the connection to the master is lost, by default, clients will not be able to execute write queries without reconnecting to MariaDB MaxScale once a new master is available. If is enabled, the session can recover if one of the slaves is promoted as the master.

`retry_failed_reads`

Type:
Mandatory: No
Dynamic: Yes
Default: true

This option controls whether autocommit selects are retried in case of failure. This option is enabled by default.

When a simple autocommit select is being executed outside of a transaction and the slave server where the query is being executed fails, readwritesplit can retry the read on a replacement server. This makes the failure of a slave transparent to the client.

`delayed_retry`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Retry queries over a period of time. This parameter takes a boolean value, was added in Maxscale 2.3.0 and is disabled by default.

When this feature is enabled, a failure to route a query due to a connection problem will not immediately result in an error. The routing of the query is delayed until either a valid candidate server is available or the retry timeout is reached. If a candidate server becomes available before the timeout is reached, the query is routed normally and no connection error is returned. If no candidates are found and the timeout is exceeded, the router returns to normal behavior and returns an error.

When combined with the master_reconnection parameter, failures of writes done outside of transactions can be hidden from the client connection. This allows a master to be replaced while writes are being sent.

Starting with MaxScale 21.06.18, 22.08.15, 23.02.12, 23.08.8, 24.02.4 and 24.08.1, delayed_retry will no longer attempt to retry a query if it was already sent to the database. If a query is received while a valid target server is not available, the execution of the query is delayed until a valid target is found or the delayed retry timeout is hit. If a query was already sent, it will not be replayed to prevent duplicate execution of statements.

In older versions of MaxScale, duplicate execution of a statement can occur if the connection to the server is lost or the server crashes but the server comes back up before the timeout for the retrying is exceeded. At this point, if the server managed to read the client's statement, it will be executed. For this reason, it is recommended to only enable delayed_retry for older versions of MaxScale when the possibility of duplicate statement execution is an acceptable risk.

`delayed_retry_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

The duration to wait until an error is returned to the client whendelayed_retry is enabled. The default value is 10 seconds.

The timeout is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second.

`transaction_replay`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Replay interrupted transactions. This parameter was added in MaxScale 2.3.0 and is disabled by default. Enabling this parameter enables both delayed_retry andmaster_reconnection and sets master_failure_mode to fail_on_write, thereby overriding any configured values for these parameters.

When the server where the transaction is in progress fails, readwritesplit can migrate the transaction to a replacement server. This can completely hide the failure of a master node without any visible effects to the client.

If no replacement node becomes available, the client connection is closed.

To control how long a transaction replay can take, usetransaction_replay_timeout.

Please refer to the section for a more detailed explanation of what should and should not be done with transaction replay.

`transaction_replay_max_size`

Type:
Mandatory: No
Dynamic: Yes
Default: 1 MiB

The limit on transaction size for transaction replay in bytes. Any transaction that exceeds this limit will not be replayed. The default value is 1 MiB. This limit applies at a session level which means that the total peak memory consumption can be transaction_replay_max_size times the number of client connections.

The amount of memory needed to store a particular transaction will be slightly larger than the length in bytes of the SQL used in the transaction. If the limit is ever exceeded, a message will be logged at the info level.

Starting with MaxScale 6.4.10, the number of times that this limit has been exceeded is shown in maxctrl show service as trx_max_size_exceeded.

Read for more details on size type parameters in MaxScale.

`transaction_replay_attempts`

Type: integer
Mandatory: No
Dynamic: Yes
Default: 5

The upper limit on how many times a transaction replay is attempted before giving up. The default value is 5.

A transaction replay failure can happen if the server where the transaction is being replayed fails while the replay is in progress. In practice this parameter controls how many server and network failures a single transaction replay tolerates. If a transaction is replayed successfully, the counter for failed attempts is reset.

`transaction_replay_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

The time how long transactions are attempted for. This feature is disabled by default and was added in MaxScale 6.2.1. To explicitly disable this feature, set the value to 0 seconds.

The timeout is and the value must include a unit for the duration.

When transaction_replay_timeout is enabled, the time a transaction replay can take is controlled solely by this parameter. This is a more convenient and predictable method of controlling how long a transaction replay can be attempted before the connection is closed.

If delayed_retry_timeout is less than transaction_replay_timeout, it is set to the same value.

By default the time how long a transaction can be retried is controlled bydelayed_retry_timeout and transaction_replay_attempts. This can result in a maximum replay time limit of delayed_retry_timeout multiplied bytransaction_replay_attempts, by default this is 50 seconds. The minimum replay time limit can be as low as transaction_replay_attempts seconds (5 seconds by default) in cases where the connection fails after it was created. Usually this happens due to problems like the max_connections limit being hit on the database server.

With the introduction of transaction_replay_timeout, these problems are avoided. Starting with MaxScale 6.2.1, this is the recommended method of controlling the timeouts for transaction replay.

`transaction_replay_retry_on_deadlock`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Enable automatic retrying of transactions that end up in a deadlock. This parameter was added in MaxScale 2.4.6 and the feature is disabled by default. MaxScale versions from 2.4.0 to 2.4.5 always tried to replay deadlocked transactions.

If this feature is enabled and a transaction returns a deadlock error (e.g. SQLSTATE 40001: Deadlock found when trying to get lock; try restarting transaction), the transaction is automatically retried. If the retrying of the transaction results in another deadlock error, it is retried until it either succeeds or a transaction checksum error is encountered.

`transaction_replay_retry_on_mismatch`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Retry transactions that end in checksum mismatch. This parameter was added in MaxScale 6.2.1 is disabled by default.

When enabled, any replayed transactions that end with a checksum mismatch are retried until they either succeeds or one of the transaction replay limits is reached (delayed_retry_timeout, transaction_replay_timeout ortransaction_replay_attempts).

`transaction_replay_checksum`

Type:
Mandatory: No
Dynamic: Yes
Values: full, result_only, no_insert_id

Selects which transaction checksum method is used to verify the result of the replayed transaction.

Note that only transaction_replay_checksum=full is guaranteed to retain the consistency of the replayed transaction.

Possible values are:

full (default)
All responses from the server are included in the checksum. This retains the full consistency guarantee of the replayed transaction as it must match exactly the one that was already returned to the client.
result_only

`optimistic_trx`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Enable optimistic transaction execution. This parameter controls whether normal transactions (i.e. START TRANSACTION or BEGIN) are load balanced across slaves. This feature is disabled by default and enabling it implicitly enablestransaction_replay, delayed_retry and master_reconnection parameters.

When this mode is enabled, all transactions are first attempted on slave servers. If the transaction contains no statements that modify data, it is completed on the slave. If the transaction contains statements that modify data, it is rolled back on the slave server and restarted on the master. The rollback is initiated the moment a data modifying statement is intercepted by readwritesplit so only read-only statements are executed on slave servers.

As with transaction_replay and transactions that are replayed, if the results returned by the master server are not identical to the ones returned by the slave up to the point where the first data modifying statement was executed, the connection is closed. If the execution of ROLLBACK statement on the slave fails, the connection to that slave is closed.

All limitations that apply to transaction_replay also apply tooptimistic_trx.

`causal_reads`

Type:
Mandatory: No
Dynamic: Yes
Values: none, local, global

Enable causal reads. This parameter is disabled by default and was introduced in MaxScale 2.3.0.

If a client connection modifies the database and causal_reads is enabled, any subsequent reads performed on slave servers will be done in a manner that prevents replication lag from affecting the results.

The following table contains a comparison of the modes. Read the for more information on what a sync consists of and why minimizing the number of them is important.

Mode

Level of Causality

Latency

The fast and fast_global modes should only be used when low latency is more important than proper distribution of reads. These modes should only be used when the workload is mostly read-only with only occasional writes. If used with a mixed or a write-heavy workload, the traffic will end up being routed almost exclusively to the master server.

Note: This feature requires MariaDB 10.2.16 or newer to function. In addition to this, the session_track_system_variables parameter must includelast_gtid in its list of tracked system variables.

Note: This feature also enables multi-statement execution of SQL in the protocol. This is equivalent to using allowMultiQueries=true in or using CLIENT_MULTI_STATEMENTS and CLIENT_MULTI_RESULTS in the Connector/C. The Implementation of causal_reads section explains why this is necessary.

The possible values for this parameter are:

none (default)
Read causality is disabled.
local
Writes are locally visible. Writes are guaranteed to be visible only to the connection that does it. Unrelated modifications done by other connections are not visible. This mode improves read scalability at the cost of latency and reduces the overall load placed on the master server without breaking causality guarantees.

Before MaxScale 2.5.0, the causal_reads parameter was a boolean parameter. False values translated to none and true values translated tolocal. The use of boolean parameters is deprecated but still accepted in MaxScale 2.5.0.

Implementation of causal_reads

This feature is based on the MASTER_GTID_WAIT function and the tracking of server-side status variables. By tracking the latest GTID that each statement generates, readwritesplit can then perform a synchronization operation with the help of the MASTER_GTID_WAIT function.

If the slave has not caught up to the master within the configured time, as specified by , it will be retried on the master. In MaxScale 2.3.0 an error was returned to the client when the slave timed out.

The exception to this rule is the fast mode which does not do any synchronization at all. This can be done as any reads that would go to out-of-date servers will be re-routed to the current master.

Normal SQL

A practical example can be given by the following set of SQL commands executed with autocommit=1.

As the statements are not executed inside a transaction, from the load balancer's point of view, the latter statement can be routed to a slave server. The problem with this is that if the value that was inserted on the master has not yet replicated to the server where the SELECT statement is being performed, it can appear as if the value we just inserted is not there.

By prefixing these types of SELECT statements with a command that guarantees consistent results for the reads, read scalability can be improved without sacrificing consistency.

The set of example SQL above will be translated by MaxScale into the following statements.

The SET command will synchronize the slave to a certain logical point in the replication stream (see for more details). If the synchronization fails, the query will not run and it will be retried on the server where the transaction was originally done.

Prepared Statements

Binary protocol prepared statements are handled in a different manner. Instead of adding the synchronization SQL into the original SQL query, it is sent as a separate packet before the prepared statement is executed.

We'll use the same example SQL but use a binary protocol prepared statement for the SELECT:

The SQL that MaxScale executes will be the following:

Both the synchronization query and the execution of the prepared statement are sent at the same time. This is done to remove the need to wait for the result of the synchronization query before routing the execution of the prepared statement. This keeps the performance of causal_reads for prepared statements the same as it is for normal SQL queries.

As a result of this, each time the synchronization query times out, the connection will be killed by the KILL statement and readwritesplit will retry the query on the master. This is done to prevent the execution of the prepared statement that follows the synchronization query from being processed by the MariaDB server.

It is recommend that the session command history is enabled whenever prepared statements are used with causal_reads. This allows new connections to be created whenever a causal read times out.

Starting with MaxScale 2.5.17, a failed causal read inside of a read-only transaction started with START TRANSACTION READ ONLY will return the following error:

Older versions of MaxScale attempted to retry the command on the current master server which would cause the connection to be closed and a warning to be logged.

Limitations of Causal Reads

This feature does not work with Galera or any other non-standard replication mechanisms. As Galera does not update the gtid_slave_pos variable when events are replicated via the Galera library, the function used by MaxScale to synchronize reads will wait until the timeout. With Galera this is not a serious issue as it, by nature, is a mostly-synchronous replication mechanism.
If the combination of the original SQL statement and the modifications added to it by readwritesplit exceed the maximum packet size (16777213 bytes), the causal read will not be attempted and a non-causal read is done instead. This applies only to text protocol queries as the binary protocol queries use a different synchronization mechanism.
SQL like INSERT ... RETURNING that commits a transaction and returns a resultset will only work with causal reads if the connector supports the DEPRECATE_EOF protocol feature. The following table contains a list of MariaDB connectors and whether they support the protocol feature.

Connector

Supported

Version

`causal_reads_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

The timeout for the slave synchronization done by causal_reads. The default value is 10 seconds.

`lazy_connect`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Lazy connection creation causes connections to backend servers to be opened only when they are needed. This reduces the load that is placed on the backend servers when the client connections are short. This parameter is a boolean type and is disabled by default.

By default readwritesplit opens as many connections as it can when the session is first opened. This makes the execution of the first query faster when all available connections are already created. When lazy_connect is enabled, this initial connection creation is skipped. If the client executes only read queries, no connection to the master is made. If only write queries are made, only the master connection is used.

`reuse_prepared_statements`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Reuse identical prepared statements inside the same client connection. This is a boolean parameter and is disabled by default. This feature only applies to binary protocol prepared statements.

When this parameter is enabled and the connection prepares an identical prepared statement multiple times, instead of preparing it on the server the existing prepared statement handle is reused. This also means that whenever prepared statements are closed by the client, they will be left open by readwritesplit.

Enabling this feature will increase memory usage of a session. The amount of memory stored per prepared statement is proportional to the length of the prepared SQL statement and the number of parameters the statement has.

Router Diagnostics

The router_diagnostics output for a readwritesplit service contains the following fields.

queries: Number of queries executed through this service.
route_master: Number of writes routed to master.
route_slave: Number of reads routed to slaves.

Server Ranks

The general rule with server ranks is that primary servers will be used before secondary servers. Readwritesplit is an exception to this rule. The following rules govern how readwritesplit behaves with servers that have different ranks.

Sessions will use the current master server as long as possible. This means that sessions with a secondary master will not use the primary master as long as the secondary master is available.
All slave connections will use the same rank as the master connection. Any stale connections with a different rank than the master will be discarded.
If no master connection is available and master_reconnection is enabled, a connection to the best master is created. If the new master has a different priority than existing connections have, the connections with a different rank will be discarded.

Routing hints

The readwritesplit router supports routing hints. For a detailed guide on hint syntax and functionality, please read document.

Note: Routing hints will always have the highest priority when a routing decision is made. This means that it is possible to cause inconsistencies in the session state and the actual data in the database by adding routing hints to DDL/DML statements which are then directed to slave servers. Only use routing hints when you are sure that they can cause no harm.

An exception to this rule is transaction_replay: when it is enabled, all routing hints inside transaction are ignored. This is done to prevent changes done inside a re-playable transaction from affecting servers outside of the transaction. This behavior was added in MaxScale 6.1.4. Older versions allowed routing hints to override the transaction logic.

Known Limitations of Routing Hints

If a SELECT statement with a maxscale route to slave hint is received while autocommit is disabled, the query will be routed to a slave server. This causes some metadata locks to be acquired on the database in question which will block DDL statements on the server until either the connection is closed or autocommit is enabled again.

Module Commands

The readwritesplit router implements the following module commands.

`reset-gtid`

The command resets the global GTID state in the router. It can be used withcausal_reads=global to reset the state. This can be useful when the cluster is reverted to an earlier state and the GTIDs recorded in MaxScale are no longer valid.

The first and only argument to the command is the router name. For example, to reset the GTID state of a readwritesplit named My-RW-Router, the following MaxCtrl command should be used:

Examples

Examples of the readwritesplit router in use can be found in the folder.

Readwritesplit routing decisions

Here is a small explanation which shows what kinds of queries are routed to which type of server.

Routing to Master

Routing to master is important for data consistency and because majority of writes are written to binlog and thus become replicated to slaves.

The following operations are routed to master:

DML statements (INSERT, UPDATE, DELETE etc.)
DDL statements (DROP, CREATE, ALTER etc.)

In addition to these, if the readwritesplit service is configured with themax_slave_replication_lag parameter, and if all slaves suffer from too much replication lag, then statements will be routed to the Master. (There might be other similar configuration parameters in the future which limit the number of statements that will be routed to slaves.)

Transaction Isolation Level Tracking

Use of the SERIALIZABLE transaction isolation level with readwritesplit is not recommended as it somewhat goes against the goals of load balancing.

If either session_track_transaction_info=CHARACTERISTICS orsession_track_system_variables=tx_isolation is configured for the MariaDB server, readwritesplit will track the transaction isolation level and lock the session to the master when the isolation level is set to serializable. This retains the correctness of the isolation level which can otherwise cause problems. Once a session is locked to the master, it will not be unlocked. To reinstate the normal routing behavior, a new connection must be created.

For example, if transaction isolation level tracking cannot be done and an autocommit SELECT is routed to a slave, it no longer behaves in a serializable manner. This can also have an effect on the replication in the slave server.

Routing to Slaves

The ability to route some statements to slaves is important because it also decreases the load targeted to master. Moreover, it is possible to have multiple slaves to share the load in contrast to single master.

Queries which can be routed to slaves must be auto committed and belong to one of the following group:

Read-only statements (i.e. SELECT) that only use read-only built-in functions
All statements within an explicit read-only transaction (START TRANSACTION READ ONLY)
SHOW statements except SHOW MASTER STATUS

The list of supported built-in fuctions can be found .

Routing to every session backend

A third class of statements includes those which modify session data, such as session system variables, user-defined variables, the default database, etc. We call them session commands, and they must be replicated as they affect the future results of read and write operations. They must be executed on all servers that could execute statements on behalf of this client.

Session commands include for example:

Commands that modify the session state (SET, USE, CHANGE USER)
Text protocol PREPARE statements
Binary protocol prepared statements

NOTE: if variable assignment is embedded in a write statement it is routed to Master only. For example, INSERT INTO t1 values(@myvar:=5, 7) would be routed to Master only.

The router stores all of the executed session commands so that in case of a slave failure, a replacement slave can be chosen and the session command history can be repeated on that new slave. This means that the router stores each executed session command for the duration of the session. Applications that use long-running sessions might cause MariaDB MaxScale to consume a growing amount of memory unless the sessions are closed. This can be solved by adjusting the value of max_sescmd_history.

Routing to previous target

In the following cases, a query is routed to the same server where the previous query was executed. If no previous target is found, the query is routed to the current master.

If a query uses the FOUND_ROWS() function, it will be routed to the server where the last query was executed. This is done with the assumption that a query with SQL_CALC_FOUND_ROWS was previously executed.
COM_STMT_FETCH_ROWS will always be routed to the same server where the COM_STMT_EXECUTE was routed.

Limitations

Read queries are routed to the master server in the following situations:

Query is executed inside an open read-write transaction
Statement includes a stored procedure or an UDF call
If there are multiple statements inside one query e.g.INSERT INTO ... ; SELECT LAST_INSERT_ID();

Prepares Statement Limitations

If a prepared statement targets a temporary table on the master, the slave servers will fail to execute it. This will cause all slave connections to be closed (MXS-1816).

Transaction Replay Limitations

If the results from the replacement server are not identical when the transaction is replayed, the client connection is closed. This means that any transaction with a server specific result (e.g. NOW(), @@server_id) cannot be replayed successfully but it will still be attempted.

If a transaction reads data before updating it, the rows should be locked by using SELECT ... FOR UPDATE. This will prevent overlapping transactions when multiple transactions are being replayed that modify the same set of rows.

If the connection to the server where the transaction is being executed is lost when the final COMMIT is being executed, it is impossible to know whether the transaction was successfully committed. This means that there is a possibility for duplicate transaction execution which can result in data duplication in certain cases. Data duplication can happen if the transaction consists of the following statement types:

INSERT of rows into a table that does not have an auto-increment primary key
A "blind update" of one or more rows e.g. UPDATE t SET c = c + 1 WHERE id = 123
A "blind delete" e.g. DELETE FROM t LIMIT 100

This is not an exhaustive list and any operations that do not check the row contents before performing the operation on them might face this problem.

In all cases the problem of duplicate transaction execution can be avoided by including a SELECT ... FOR UPDATE in the statement. This will guarantee that in the case that the transaction fails when it is being committed, the row is only modified if it matches the expected contents.

Similarly, a connection loss during COMMIT can also result in transaction replay failure. This happens due to the same reason as duplicate transaction execution but the retried transaction will not be committed. This can be considered a success case as the transaction replay detected that the results of the two transactions are different. In these cases readwritesplit will abort the transaction and close the client connection.

Statements that result in an implicit commit do not reset the transaction when transaction_replay is enabled. This means that if the transaction is replayed, the transaction will be committed twice due to the implicit commit being present. The exception to this are the transaction management statements such asBEGIN and START TRANSACTION: they are detected and will cause the transaction to be correctly reset.

Any changes to the session state (e.g. autocommit state, SQL mode) done inside a transaction will remain in effect even if the connection to the server where the transaction is being executed fails. When readwritesplit creates a new connection to a server to replay the transaction, it will first restore the session state by executing all session commands that were executed. This means that if the session state is changed mid-transaction in a way that affects the results, transaction replay will fail.

The following partial transaction demonstrates the problem by using inside a transaction.

If this transaction has to be replayed the actual SQL that gets executed is the following.

First the session state is restored by executing all commands that changed the state after which the actual transaction is replayed. Due to the fact that the SQL_MODE was changed mid-transaction, one of the queries will now return an error instead of the result we expected leading to a transaction replay failure.

In a service-to-service configuration (i.e. a service using another service in its targets list ), if the topmost service starts a transaction, all lower-level readwritesplit services will also behave as if a transaction is open. If a connection to a backend database fails during this, it can result in unnecessary transaction replays which in turn can end up with checksum conflicts. The recommended approach is to not use any commands inside a transaction that would be routed to more than one node.

If the connection to the server where a transaction is being executed is lost while a ROLLBACK is being executed, readwritesplit will still attempt to replay the transaction in the hopes that the real response can be delivered to the client. However, this does mean that it is possible that a rolled back transaction which gets replayed ends up with a conflict and is reported as a replay failure when in reality a rolled back transaction could be safely ignored.

Legacy Configuration

In older versions of MaxScale, routers were configured via the router_options parameter. This functionality was deprecated in 2.2 and was removed in 2.3.

JDBC Batched Statements

Readwritesplit does not support pipelining of JDBC batched statements. This is caused by the fact that readwritesplit executes the statements one at a time to track the state of the response.

Limitations in multi-statement handling

When a multi-statement query is executed through the readwritesplit router, it will always be routed to the master. See for more details.

If the multi-statement query creates a temporary table, it will not be detected and reads to this table can be routed to slave servers. To prevent this, always execute the temporary table creation as an individual statement.

Limitations in client session handling

Some of the queries that a client sends are routed to all backends instead of just to one. These queries include USE <db name> and SET autocommit=0, among many others. Readwritesplit sends a copy of these queries to each backend server and forwards the master's reply to the client. Below is a list of MySQL commands which are classified as session commands.

Prior to MaxScale 2.3.0, session commands that were 2²⁴ - 1 bytes or longer were not supported and caused the session to be closed.

There is a possibility for misbehavior. If USE mytable is executed in one of the slaves and fails, it may be due to replication lag rather than the database not existing. Thus, the same command may produce different result in different backend servers. The slaves which fail to execute a session command will be dropped from the active list of slaves for this session to guarantee a consistent session state across all the servers used by the session. In addition, the server will not be used again for routing for the duration of the session.

The above-mentioned behavior for user variables can be partially controlled with the configuration parameter use_sql_variables_in:

WARNING

If a SELECT query modifies a user variable when the use_sql_variables_in parameter is set to all, it will not be routed and the client will receive an error. A log message is written into the log further explaining the reason for the error. Here is an example use of a SELECT query which modifies a user variable and how MariaDB MaxScale responds to it.

Allow user variable modification in SELECT queries by settinguse_sql_variables_in=master. This will route all queries that use user variables to the master.

CC BY-SA / Gnu FDL

LEAST_ROUTER_CONNECTIONS

LEAST_GLOBAL_CONNECTIONS

LEAST_GLOBAL_CONNECTIONS, the slave with least connections from MariaDB MaxScale

INSERT

AUTO_INCREMENT

fast

fast_global

universal

route_all: Number of session commands routed to all servers.

INSERT INTO test.t1 (id) VALUES (1);

-- These are executed as one multi-query
SET @maxscale_secret_variable=(
    SELECT CASE
           WHEN MASTER_GTID_WAIT('0-3000-8', 10) = 0 THEN 1
           ELSE (SELECT 1 FROM INFORMATION_SCHEMA.ENGINES)
    END); SELECT * FROM test.t1 WHERE id = 1;

COM_QUERY:         INSERT INTO test.t1 (id) VALUES (1);
COM_STMT_PREPARE:  SELECT * FROM test.t1 WHERE id = ?;
COM_QUERY:         IF (MASTER_GTID_WAIT('0-3000-8', 10) <> 0) THEN KILL (SELECT CONNECTION_ID()); END IF
COM_STMT_EXECUTE:  ? = 123

SET SQL_MODE='';            -- A session command
BEGIN;
SELECT "hello world";       -- Returns the string "hello world"
SET SQL_MODE='ANSI_QUOTES'; -- A session command
SELECT 'hello world';       -- Returns the string "hello world"

SET SQL_MODE='';            -- Replayed session command
SET SQL_MODE='ANSI_QUOTES'; -- Replayed session command
BEGIN;
SELECT "hello world";       -- Returns an error
SELECT 'hello world';       -- Returns the string "hello world"

COM_INIT_DB (USE <db name> creates this)
COM_CHANGE_USER
COM_STMT_CLOSE
COM_STMT_SEND_LONG_DATA
COM_STMT_RESET
COM_STMT_PREPARE
COM_QUIT (no response, session is closed)
COM_REFRESH
COM_DEBUG
COM_PING
SQLCOM_CHANGE_DB (USE ... statements)
SQLCOM_DEALLOCATE_PREPARE
SQLCOM_PREPARE
SQLCOM_SET_OPTION
SELECT ..INTO variable|OUTFILE|DUMPFILE
SET autocommit=1|0

MySQL [(none)]> set @id=1;
Query OK, 0 rows affected (0.00 sec)

MySQL [(none)]> SELECT @id := @id + 1 FROM test.t1;
ERROR 1064 (42000): Routing query to backend failed. See the error log for further details.

GRANT RELOAD, PROCESS, SHOW DATABASES, EVENT, SET USER, READ_ONLY ADMIN ON *.* TO 'maxscale'@'maxscalehost';
GRANT REPLICATION SLAVE ADMIN, BINLOG ADMIN, CONNECTION ADMIN ON *.* TO 'maxscale'@'maxscalehost';
GRANT SELECT ON mysql.user TO 'maxscale'@'maxscalehost';

call command mariadbmon failover MyMonitor
call command mariadbmon rejoin MyMonitor OldMasterServ
call command mariadbmon reset-replication MyMonitor
call command mariadbmon reset-replication MyMonitor NewMasterServ
call command mariadbmon switchover MyMonitor
call command mariadbmon switchover MyMonitor NewMasterServ
call command mariadbmon switchover MyMonitor NewMasterServ OldMasterServ

maxctrl call command mariadbmon async-switchover Cluster1
OK
maxctrl call command mariadbmon fetch-cmd-result Cluster1
{
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/mariadbmon/fetch-cmd-result"
    },
    "meta": "switchover completed successfully."
}

johnny ALL= NOPASSWD: /bin/systemctl stop mariadb
johnny ALL= NOPASSWD: /bin/systemctl start mariadb
johnny ALL= NOPASSWD: /usr/sbin/lsof
johnny ALL= NOPASSWD: /bin/kill
johnny ALL= NOPASSWD: /usr/bin/mariadb-backup
johnny ALL= NOPASSWD: /bin/mbstream
johnny ALL= NOPASSWD: /bin/du
johnny ALL= NOPASSWD: /bin/rm -rf /var/lib/mysql/*
johnny ALL= NOPASSWD: /bin/chown -R mysql\:mysql /var/lib/mysql/*
johnny ALL= NOPASSWD: /bin/cat

maxctrl call command mariadbmon cs-get-status MyMonitor
{
    "mcs1": {
        "cluster_mode": "readwrite",
        "dbrm_mode": "master",
<snip>

maxctrl call command mariadbmon async-cs-get-status MyMonitor
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "mcs1": {
        "cluster_mode": "readwrite",
        "dbrm_mode": "master",
<snip>

maxctrl call command mariadbmon async-cs-add-node MyMonitor mcs3 1m
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "node_id": "mcs3",
    "timestamp": "2022-05-05 08:07:51.518268"
}
maxctrl call command mariadbmon async-cs-remove-node MyMonitor mcs3 1m
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "node_id": "mcs3",
    "timestamp": "2022-05-05 10:46:46.506947"
}

maxctrl call command mariadbmon async-cs-start-cluster MyMonitor 1m
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "timestamp": "2022-05-05 09:41:57.140732"
}
maxctrl call command mariadbmon async-cs-stop-cluster MyMonitor 1m
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "mcs1": {
        "timestamp": "2022-05-05 09:45:33.779837"
    },
<snip>

maxctrl call command mariadbmon async-cs-set-readonly MyMonitor 30s
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "cluster-mode": "readonly",
    "timestamp": "2022-05-05 09:49:18.365444"
}
maxctrl call command mariadbmon async-cs-set-readwrite MyMonitor 30s
OK
maxctrl call command mariadbmon fetch-cmd-result MyMonitor
{
    "cluster-mode": "readwrite",
    "timestamp": "2022-05-05 09:50:30.718972"
}

MaxScale 22.08 NoSQL Protocol Module

NoSQL Protocol Module

The nosqlprotocol module allows a MariaDB server or cluster to be used as the backend of an application using a MongoDB® client library. Internally, all documents are stored in a table containing two columns; an id column for the object id and a doc column for the document itself.

When the MongoDB® client application issues MongoDB protocol commands, either directly or indirectly via the client library, they are transparently converted into the equivalent SQL and executed against the MariaDB backend. The MariaDB responses are then in turn converted into the format expected by the MongoDB® client library and application.

Configuring

There are a number of with which the behavior of nosqlprotocol can be adjusted. A minimal configuration looks like:

nosqlprotocol.user and nosqlprotocol.password specify the credentials that will be used when accessing the backend database or cluster. Note that the same credentials will be used for all connecting MongoDB® clients.

Since nosqlprotocol is a listener, there must be a service to which the client requests will be sent. Nosqlprotocol places no limitations on what filters, routers or backends can be used.

To configure the same listener with MaxCtrl, the parameters must be passed in a JSON object in the following manner:

All the parameters that the nosqlprotocol module takes must be passed in the same JSON object.

A complete example can be found at the of this document.

Authentication

Nosqlprotocol supports SCRAM authentication as implemented by MongoDB®. The mechanisms SCRAM-SHA-1 and SCRAM-SHA-256 are both supported.

If nosqlprotocol has been setup so that no authentication is required, then when connecting only the host and port should be provided, but neither a username nor a password.

For instance, if the MongoDB Node.JS Driver is used, then the connection string should look like:

Similarly, if the Mongo Shell is used, only the host and port should be provided:

NoSQL and MariaDB Users

A MariaDB user consists of a name and a host part. A user 'user'@'%' and a user 'user'@'127.0.0.1' are completely different. The host part specifies where a user may connect from, with % being a wildcard that matches all hosts. What data a user is allowed to access and modify is specified by what privileges are granted to the user.

A NoSQL user is somewhat different. It is created in the context of a particular database, so there may be a user userx in the database dbA and different user with the same name userx in the database dbB. What hosts a user may connect from can be restricted, but that is a property of the user and not an implicit part of it. What data a user is allowed to access and modify is specified by the roles that have been assigned to the user.

From the above it should be clear that there is not a 1-to-1 correspondence between the concept of a user in NoSQL and the concept of a user in MariaDB, but that some additional conventions are needed.

To make it possible to have different NoSQL users with the same name, the database in whose context the user is created is prepended to the user name, separated with a dot, when the MariaDB user is created.

This is perhaps easiest to illustrate using an example:

Currently there are two user accounts defined. Even though there is a user bob, creating a NoSQL user bob succeeds.

If we now, from the MariaDB prompt, check the users we will see:

The MariaDB user corresponding to the NoSQL user bob, created in the context of the database test, has test as a prefix.

The `mariadb` database

The fact that NoSQL users have the database embedded in the MariaDB name may be inconvenient if the same data is accessed both as NoSQL via nosqlprotocol and as SQL directly from MariaDB. It also makes it impossible to use an existing MariaDB account from NoSQL.

To provide a solution for this problem, the database mariadb is treated in a specific fashion. A user created in the context of the mariadb database is created in the MariaDB server without the database prefix. If we now try to create a user bob in the mariadb database it will fail, because the user 'bob'@'%' exists already.

If we create a user with another name it will succeed.

And if we check the situation from MariaDB,

we will see that alice was created without a database prefix.

Roles and Privileges

When creating a user nosqlprotocol accepts all roles as predefined by MongoDB®, but not all of them are translated into GRANT privileges. The following table shows what privilege(s) a particular role is converted to.

Role

Privileges

The following roles are shorthands for several other roles.

Role

Shorthand for

dbOwner differs from root in that the privileges of the former apply only to a particular database, while the privileges of the latter apply to all databases. However, the role root can only be assigned to a user in the admin database.

In addition there are AnyDatabase versions of dbAdmin, read andreadWrite (e.g readAnyDatabase) that can be assigned to a user in the admin database. If so, then the privilege is granted on *.*, otherwise on <db>.*.

If the root role is assigned to a user in the admin database, then the privileges are granted on *.*, otherwise on <db>.*.

Other pre-defined roles are recognized and stored in the local nosqlprotocol account database, but they do not affect what privileges are granted to the MariaDB user. Currently user-defined roles are not supported.

Client Authentication

Authenticationwise nosqlprotocol can be used in three different ways:

Anonymously
Shared credentials
Unique credentials

Anonymously

If there is an anonymous user on the MariaDB server and if nosqlprotocol is configured without a user/password, then all nosqlprotocol clients will access the MariaDB server as anonymous users.

Note that the anonymous MariaDB user is only intended for testing and should in general not be used, but deleted.

Shared Credentials

If nosqlprotocol is configured with

then each MongoDB® client will use those credentials when accessing the MariaDB server. Note that from the perspective of the MariaDB server, it is not possibe to distinguish between different MongoDB® clients.

Unique Credentials

If nosqlprotocol authentication has been taken into use and a MongoDB® client authenticates, either when connecting or later, then the credentials of MongoDB® client will be used when accessing the MariaDB server.

Note that even if nosqlprotocol authentication has been enabled, authentication is not required, and if the MongoDB® client has not authenticated itself, the credentials specified with nosqlprotocol.[user|password] (or the anonymous user) will be used when accessing the MariaDB server.

Enforce Authentication

To enforce authentication, specify

in the configuration. If authentication is required, then any command that requires access to the MariaDB server will fail, unless the client has authenticated.

Authorization

By default nosqlprotocol does no authorization. However, a nosqlprotocol client is always subject to the authorization performed by the MariaDB server.

When nosqlprotocol authorization is enabled by adding

to the configuration file, some commands will be subject to authorization, by nosqlprotocol. The following table lists the commands and what role they require.

Command

Role

It is important to note that even if nosqlprotocol authorization is enabled, the MariaDB server has the final word. That is, even if the roles of a user would be sufficient for a particular operation, if the granted privileges are not, the operation will not succeed. There may be a mismatch between roles and grants, for instance, if the wrong roles were specified when the user was added, or if the grants have been altered directly and not via nosqlprotocol.

Bootstrapping the Authentication/Authorization

The authentication/authorization can be bootstrapped explicitly or implicitly. Bootstrapping explicitly provides more control, while bootstrapping implicitly is much more convenient.

Explicit bootstrapping

In order to enable authorization you need to have NoSQL users and those can be created with or added with .

If you want to create a user, then you first need to configure nosqlprotocol with credentials that are sufficient for creating a user:

At this point nosqlprotocol.authentication_required andnosqlprotocol.authorization_enabled should both be false. Note that as those are their default values, they do not have to be specified.

Start MaxScale and connect to it with the MongoDB® command line client

Then create the user.

Alternatively you can add an existing user. Note that it should be added to the mariadb database, unless it was created with the convention of having the database as a prefix, e.g. db.bob.

Now you should shutdown MaxScale and add the entries

and start MaxScale.

The nosqlprotocol.user and nosqlprotocol.password can be removed but as they will be ignored with nosqlprotocol.authentication_required=true being present, it is not mandatory.

If you now try to create a user when not having been authenticated or when authenticated as a user without the userAdmin role, the result will be:

NOTE When a client authenticates, the password will not be transferred in cleartext over the network, so, even without SSL, it is not possible to gain access to a password by monitoring the network traffic.

However, when a user is created or added (or the password is changed), the password will be transferred in cleartext. To prevent eavesdropping, create/add users when connecting over a domain socket, or use

Implicit bootstrapping

With implicit bootstrapping, you should first create the MariaDB user that should appear as the initial NoSQL user. As explained , the concept of a user is somewhat different in MariaDB and NoSQL, which means that certain factors must be taken into account when creating the MariaDB user. Then at first startup, nosqlprotocol will create the corresponding NoSQL user, which will enable the authenticated and authorized use of nosqlprotocol.

When MaxScale is started, if the following hold

nosqlprotocol.authentication_required andnosqlprotocol.authorization_enabled are true in the configuration section of the nosqlprotocol listener,
nosqlprotocol.user and nosqlprotocol.password are provided, and
there are no NoSQL users in the NoSQL account database.

then, MaxScale will

wait until the master of the service pointed to by the listener is available,
connect using the credentials specified in nosqlprotocol.user and nosqlprotocol.password,
execute SHOW GRANTS,

Immediately thereafter it is possible to connect to the nosqlprotocol port with a MongoDB® client using the specified credentials.

Note that after the bootstrapping, nosqlprotocol will not use the user and password settings and they can be removed.

Grants

When a NoSQL user is created using the MariaDB grants are obtained from the specified NoSQL roles as explained .

When implicitly creating a NoSQL user from an existing user in MariaDB, the inverse operation must be performed. There are many factors that affect what NoSQL roles the grants of a user are translated into:

whether the user is a regular or admin user,
whether the privileges are on *.* or some specific db.*, and
the privileges themselves, e.g. SELECT, DELETE, etc.

In NoSQL, every user resides in a specific database. Note that this does not mean that database would have to exist in MariaDB.

When it comes to users, the database effectively means a scope, which in the case of nosqlprotocol is handled by prefixing the corresponding MariaDB user name with the database/scope name.

When creating a user to be used from NoSQL, there are three options for the user's name:

The name can be of the format some_db.user_name wheresome_db can be anything (subject to the naming rules of MariaDB), except admin or mariadb. In this case, the user will be a regular user, who can access data in databases that she has been granted access to.
The name can be of the format admin.user_name where admin is exactly just that. In this case, the user will be an admin user, who can access any database.

What database the privileges can be specified ON depends on what kind of user is being created.

If it is a regular user, the privileges must be granted on a specific database, such as \dbA``.*`. Note that there is no dependency between this database and the (conceptual) database the user resides in.
If it is an admin user, the privileges must be granted on the *.* database.

In NoSQL, a role can be database specific or generic. However, a generic role can only be assigned to a user in the admin database. In practice this means that if the privileges are on *.*, then the user must reside in the admin database (e.g. admin.bob) or it is treated as an error.

The following table shows what privileges are required for a role to be assigned. Note that ALL PRIVILEGES can be used as well.

ALTER

CREATE

CREATE USER

DROP

DELETE

INDEX

INSERT

SHOW DATABASES(1)

SELECT

UPDATE

WITH GRANT OPTION

Role

Only required if the user is an admin user.

The AnyDatabase version will be assigned, if the user is an admin user.

If certain roles are assigned, then other roles will be assigned as well.

If the roles dbAdmin, readWrite and userAdmin are assigned, then dbOwner will be assigned as well.
If the roles dbAdminAnyDatabase, readWriteAnyDatabase and userAdminAnyDatabase are assigned, then root will be assigned as well.

Once the user has been created and the desired privileges have been granted, the NoSQL listener should be configured as follows:

At MaxScale startup, the NoSQL user will then be created.

Examples

Admin User

We want the initial NoSQL user to be an administrator, with full rights.

As we want an admin user, the name is prefixed with admin, which will have that effect. And since it is an admin user, the privileges are granted ON *.*.

Thereafter, we specify the following in the configuration file,

and start MaxScale.

As the creation of the initial user can be made only after the monitor for the listener's service has marked one server as master, whether the creation succeeded or not must be checked from MaxScale' log file:

Under normal conditions, the bootstrapping will be almost instantaneous.

It is now possible to connect using any MongoDB® client application.

Note that when connecting the user is passed as nosql_admin and not as admin.nosql_admin. The fact that we want to authenticate against the admin database is expressed by passing the database as the last argument.

As can be seen, the user has the any roles on the admin database, which means that all databases can be accessed and modified, and that new users can be created.

Test User

We want the initial NoSQL user to be a user with limited rights, intended to be used for testing.

As we want a user with limited rights, the name is not prefixed with admin. The privileges are granted specifically on databasetest.*. Indeed, if *.* had been used, the creation of the initial NoSQL user would have failed with an error. Here, the user is created in the same database that the user is given access to, but it could have been another one. Further, several GRANT statements could have been used, had we wanted to give access to several databases.

Thereafter, we specify the following in the configuration file,

and start MaxScale.

Under normal conditions, the bootstrapping will be almost instantaneous.

It is now possible to connect using any MongoDB® client application.

Note that when connecting the user is passed as test_user and not as test.test_user. The fact that we want to authenticate against the test database is expressed by passing the database as the last argument.

As can be seen, the user has the readWrite role on the test database, which means that only the test database can be accessed and modified.

TLS/SSL

Since nosqlprotocol is a regular protocol module used in a listener, the TLS/SSL support of listeners is available. Please see for details.

NoSQL Account Database

So as to be able to connect to the MariaDB server on behalf of clients, nosqlprotocol must know their password. As the password is not transferred to nosqlprotocol during the authentication in a way that could be used when logging into MariaDB, the password must be stored when the user is created with or added with .

Note that the password is not stored in cleartext but as three different hashes; hashed with sha1 for use with MariaDB, salted and hashed with sha1 for use with the SCRAM-SHA-1 authentication mechanism (if that is enabled for the user) and salted and hashed with sha256 for use with the SCRAM-SHA-256 authentication mechanism (if that is enabled for the user).

The account information can be stored privately, in which case it can be used only by a particular MaxScale instance, or in a_shared_ manner, in which case multiple MaxScale instances can share the information and a user created/added on one instance can be used on another.

Private

In the private case, the account information of nosqlprotocol is stored in an database whose name is <libdir>/nosqlprotocol/<listener-name>-v1.db, where <libdir> is the libdir of MaxScale, typically/var/lib/maxscale, <listener-name> is the name of the listener section in the MaxScale configuration file, and -v1 a suffix for making schema evolution easier, should there be a need for that.

For instance, given a configuration like

the account information will be stored in the file<libdir>/nosqlprotocol/NoSQL-Listener-v1.db.

Note that since the database name is derived from the listener name, changing the name of the listener in the configuration file will have the effect of making all accounts disappear. To retain the accounts, the database file should also be renamed.

At first startup, the nosqlprotocol directory and the file NoSQL-Listener-v1.db will be created. They will be created with file permissions that only allow MaxScale access. At subsequent startups the permissions will be checked and MaxScale will refuse to start if the permissions allow access to others.

We strongly recommend that no manual modifications are made to the database.

Note that we make no guarantees that the way in which the account information is stored by nosqlprotocol will remain the same even between maintenance releases. We do guarantee, however, that even if the way in which the account information is stored changes, existing account information will automatically be converted and no manual intervention, such as re-creation of accounts, will be needed.

Shared

In the shared case, the account information of nosqlprotocol is stored in the cluster of the service in front of which the NoSQL listener resides. The master of the cluster will be used both for reading and writing data.

A table whose name is the same as the listener's name in the MaxScale configuration will be created in the database specified with the parameter. If it is not specified explicitly, the default isnosqlprotocol. The name of the table will be the name of the listener section in the MaxScale configuration file.

For instance, given a configuration like

the account information will be stored in the tablenosqlprotocol.NoSQL-Listener.

Note that since the table name is derived from the listener name, changing the name of the listener in the configuration file will have the effect of making all accounts disappear. To retain the accounts, the table should also be renamed.

nosqlprotocol will create the table when needed, so the user specified with must have sufficient grants to be able to do that.

nosqlprotocol will store in the table, data that allow any MaxScale to authenticate a MongoDB® client, irrespective of which MaxScale instance was used when the user was created.

nosqlprotocol also stores in the table the SHA1 of a user's password, to be able to authenticate against the MariaDB server. Therefore it is strongly suggested to enable encryption key management in MaxScale and to provide an authentication key ID with so that the data will be encrypted.

If shared authentication has been enabled with then and must also be provided. With the database name can optionally be changed, and with an encryption key ID, using which the sensitive data is encrypted, can optionally be provided.

Note that we make no guarantees that the table in which the account information is stored by nosqlprotocol will remain the same even between maintenance releases. We do guarantee, however, that even if the way in which the account information is stored changes, existing account information will automatically be converted and no manual intervention, such as re-creation of accounts, will be needed.

Wire Protocol

Nosqlprotocol fully supports wire protocol version 6 and only provides rudimentary support for earlier wire protocol versions, but reports at startup that it would support versions 0 to 6. The reason is that some client libraries are buggy and use an old wire protocol version if the server claims to support only version 6. Consequently, one should use a client library version that at least supports wire protocol version 6.

Client Library

As the goal of nosqlprotocol is to implement, to the extent that it is feasible, the wire protocol and the database commands the way MongoDB® implements them, it should be possible to use any language specific driver.

However, during the development of nosqlprotocol, the only client library that has been verified to work is version 3.6 of MongoDB Node.JS Driver.

Parameters

Using the following parameters, the behavior of nosqlprotocol can be adjusted. As they are not generic listener parameters, but specific tonosqlprotocol they must be qualified with the nosqlprotocol-prefix.

For instance:

`user`

Type: string
Mandatory: No
Default: ""

Specifies the user to be used when connecting to the backend, if the MongoDB® client is not authenticated.

`password`

Type: string
Mandatory: No
Default: ""

Specifies the password to be used when connecting to the backend, is the MongoDB® client is not authenticated. Note that the same user/password combination will be used for all unauthenticated MongoDB® clients connecting to the same listener port.

`authentication_required`

Type:
Mandatory: No
Default: false

Specifies whether the client always must authenticate. If authentication is required, it does not matter whether user and password have been specified, the client must authenticate.

Authentication should not be required before users have been created with or added with , with authentication being optional and authorization being disabled.

NOTE: All client activity is always subject to authorization performed by the MariaDB server.

`authentication_shared`

Type:
Mandatory: No
Default: false

Specifies whether the NoSQL account information should be stored in a shared manner or privately.

`authentication_db`

Type: string
Mandatory: No
Default: "NoSQL"

Specifies the database of the table where the NoSQL account information is stored, if authentication_shared is true. If the database does not exist, nosqlprotocol will attempt to create it, so either is should be manually created or the used specified with authentication_user should have the grants required to do so.

`authentication_key_id`

Type: string
Mandatory: No
Default: ""

The encryption key ID, using which the NoSQL account information should be encrypted with when stored in the MariaDB server. If an encryption key ID is given, the encryption key manager in MaxScale must also be enabled.

The encryption key must be a 256-bit key. Keys of shorter length are rejected as invalid encryption keys.

`authentication_user`

Type: string
Mandatory: Yes, if authentication_shared is true.

Specifies the user to be used when modifying and accessing the NoSQL account information stored in the MariaDB server.

`authentication_password`

Type: string
Mandatory: No
Default: ""

Specifies the password of authentication_user.

`authorization_enabled`

Type:
Mandatory: No
Default: false

Specifies whether nosqlprotocol itself should perform authorization in the context of the commands , and . Authorization should not be enabled before users have been created with or added with with authorization being disabled.

NOTE: All client activity is always subject to authorization performed by the MariaDB server.

`host`

Type: string
Mandatory: No
Default: "%"

Specifies the host to be used when a MariaDB user is created via nosqlprotocol. By default all users are created as ...@'%', which means that it is possible to connect to the MariaDB server from any host using the credentials of the created user. For tighter security, the IP-address of the MaxScale host can be specified.

NOTE: This value does not specify from which host it is allowed to connect to MaxScale.

`on_unknown_command`

Type:
Mandatory: No
Values: return_error, return_empty
Default: return_error

Specifies what should happen in case a clients sends an unrecognized command.

Enumeration values:

return_error: An error document is returned.
return_empty: An empty document is returned.

`log_unknown_command`

Type:
Mandatory: No
Default: false

Specifies whether an unknown command should be logged. This is primarily for debugging purposes, to find out whether a client uses a command that currently is not supported.

`auto_create_databases`

Type:
Mandatory: No
Default: true

Specifies whether databases should automatically be created, as needed.

Note that setting this parameter to true, without also settingauto_create_tables to true, has no effect at all.

`auto_create_tables`

Type:
Mandatory: No
Default: true

Specifies whether tables should automatically be created, as needed.

Note that this applies only if the relevant database already exists. If a database should also be created if needed, then auto_create_databases must also be set to true.

`id_length`

Type: count
Mandatory: No
Range: [35, 2048]
*Default: 35

Specifies the length of the id column in tables that are automatically created.

`ordered_insert_behavior`

Type:
Mandatory: No
Values: atomic, default
Default: default

Enumeration values:

default: Each document is inserted using a separate INSERT, either in a multi-statement or in a compound statement. Whether an error causes the remaining insertions to be aborted, depends on the value of ordered specified in the insert command.
atomic: If the value of ordered in the insert command is true (the default) then all documents are inserted using a single INSERT statement, that is, either all insertions succeed or none will. If

What combination of ordered_insert_behavior and ordered (in the insert command document) is used, has an impact on the performance. Please see the discussion at .

`cursor_timeout`

Type:
Mandatory: No
Default: 60s

Specifies how long a cursor can be idle, that is, not accessed, before it is automatically closed.

`debug`

Type:
Mandatory: No
Values: none, in, out, back

Specifies what should be logged as notice messages.

Enumeration values:

none: Nothing is logged.
in: The incoming protocol command is logged.
out: The outgoing SQL sent to the backend is logged.

So, specify

to have the incoming command, the corresponding SQL sent to the backend and the resulting response sent to the client logged.

Databases and Tables

By default, nosqlprotocol automatically creates databases as needed. The default behavior can be changed by setting auto_create_databases to false. In that case, databases must manually be created.

Each MongoDB® collection corresponds to a MariaDB table with the same name. However, it is always possible to access a collection irrespective of whether the corresponding table exists or not; it will simply appear to be empty.

Inserting documents into a collection, whose corresponding table does not exist, succeeds, provided auto_create_tables is true, as the table will in that case be created.

When nosqlprotocol creates a table, it uses a statement like

where the length of the VARCHAR is specified by the value of id_length, whose default and minimum is 35.

NOTE If the tables are created manually, then the CREATE statement_must_ contain a similar AS-clause as the one above and should contain a similar constraint.

Note that nosqlprotocol does not in any way verify that the table corresponding to a collection being accessed or modified does indeed have the expected columns id and doc of the expected types, but it simply uses the table, which will fail if the layout is not the expected one.

To reduce the risk for confusion, the recommendation is to use a specific database for tables that contain documents.

Operators

The following operators are currently supported.

Query and Projection Operators

Comparison Query Operators

$eq
$gt
$gte
$in

Logical Query Operators

$and
$not
$nor
$or

Element Query Operators

$exists
$type

$type

When $type is used, it will be converted into a condition involving one or more comparisons. The following subset of types can be used in $type queries:

Type

Number

Alias

MariaDB Type

The "number" alias is supported and will match values whose MariaDB type isDOUBLE or INTEGER.

Evaluation Query Operators

$mod
$regex

Array Query Operators

$all
$elemMatch
$size

$elemMatch

As arguments, only the operators $eq and $ne are supported.

Update Operators

Field Update Operators

$bit
$currentDate
$inc
$max

Database Commands

The following commands are supported. At each command is specified what fields are relevant for the command.

All non-listed fields are ignored; their presence or absence have no impact, unless otherwise explicitly specified.

Aggregation Commands

count

The following fields are relevant.

Field

Type

Description

distinct

The following fields are relevant.

Field

Type

Description

Query and Write Operation Commands

delete

The following fields are relevant.

Field

Type

Description

Each element of the deletes array contains the following fields:

Field

Type

Description

find

The following fields are relevant.

Field

Type

Description

All other fields are ignored.

Projection

The projection parameter determines which fields are returned in the matching documents. The projection parameter takes a document of the following form:

If a projection document is not provided or if it is empty, the entire document will be returned.

Projection

Description

Embedded Field Specification

For fields in an embedded documents, the field can be specified using:

dot notation; e.g. "field.nestedfield": <value>

In particular, specifying fields in embedded documents using nested form is not supported.

_id Field Projection

The _id field is included in the returned documents by default unless you explicitly specify _id: 0 in the projection to suppress the field.

Inclusion or Exclusion

A projection cannot contain both include and exclude specifications, with the exception of the _id field:

In projections that explicitly include fields, the _id field is the only field that can be explicitly excluded.
In projections that explicitly excludes fields, the _id field is the only field that can be explicitly include; however, the _id field is included by default.

NOTE Currently _id is the only field that can be excluded, and only if other fields are explicitly included.NOTE Currently exclusion of other fields but _id is not supported.

Filtering by _id

Note that there is a significant difference between

and

In the former case the generated WHERE clause will be

and in the latter

That is, in the former case the indexed column id will be used, in the latter it will not.

findAndModify

The following fields are relevant.

Field

Type

Description

All other fields are ignored.

getLastError

The following fields are relevant.

Field

Type

Description

getMore

The following fields are relevant.

Field

Type

Description

insert

The insert command inserts one or more documents into the table whose name is the same as that of the collection. If the option auto_create_tables is true, then the table is created if it does not already exist. If the value is false, then the insert will fail unless the table already exists.

The following fields are relevant.

Field

Type

Description

ordered

The impact of ordered is dependent upon the value of ordered_insert_behavior.

default

In this case ordered has the same impact as in MongoDB®. That is, if the value is true, then when an insert of a document fails, return without inserting any remaining documents listed in the inserts array. If false, then when an insert of a document fails, continue to insert the remaining documents.

atomic

If ordered is true, then all documents will be inserted using a single INSERT command. That is, if the insertion of any document fails, for instance, due to a duplicate id, then no document will be inserted. If ordered is false, then the behavior is identical with that of default.

Performance

What combination of ordered_insert_behavior and ordered is used, has an impact on the performance.

ordered_insert_behavior

ordered = true

ordered = false

Of these, atomic + true is the fastest and atomic|default + false the slowest, being roughly twice as slow. The performance of 'default + true' is halfway between the two.

resetError

The following fields are relevant.

Field

Type

Description

update

The following fields are relevant.

Field

Type

Description

All other fields are ignored.

Update Statements

Each element of the updates array is an update statement document. Each document contains the following fields:

Field

Type

Description

Note that currently it is possible to set multi to true in conjunction with a replacement-style update, even though MongoDB® rejects that.

All other fields are ignored, with the exception of upsert that if present with the value of true will cause the command to fail.

Behavior

Currently only updating using update operator expressions or with a_replacement document_ is supported. In particular, updating using anaggregation pipeline is not supported.

Update with an Update Operator Expressions document

The update statement field u can accept a document that only contains expressions. For example:

In this case, the update command updates only the corresponding fields in the document.

Update with a Replacement Document

The update statement field u field can accept a replacement document, i.e. the document contains only field:value expressions. For example:

In this case, the update command replaces the matching document with the update document. The update command can only replace a single matching document; i.e. the multi field cannot be true.

Note If the replacement document contains an _id field, it will be ignored and the document id will remain non-changed while the document otherwise is replaced. This is different from MongoDB® where the presence of the _id field in the replacement document causes an error, if the value is not the same as it is in the document being replaced.

Authentication Commands

Logout

The following fields are relevant.

Field

Type

Description

If you are not logged in and using authentication, logout has no effect.

Note that in order to be logged out, the logging out must be done while using the same database that was used when you logged on.

Always returns

User Management Commands

createUser

Creates a new MariaDB user and adds an entry to the local nosqlprotocol account database.

The following fields are relevant.

Field

Type

Description

The MariaDB user will be created as '<db>.<user>'@'%' where <db> is the name of the NoSQL database in whose context the user is created, and<user> the value of the createUser field. For instance, with the following command

the MariaDB user 'myDatabase.user1'@'%' will be created.

The elements of the roles array are converted into privileges as explained in .

In practice the creation is performed as follows:First the MariaDB user is created. Then the privileges are granted.

Finally the local nosqlprotocol account database is updated.

If the granting of privileges fails, an attempt will be made to drop the user.

dropAllUsersFromDatabase

Drops all users from the local nosqlprotocol account database and the corresponding MariaDB users.

Argument

Result

Note that users may always view their own information. Otherwise the user must have the userAdmin or userAdminAnyDatabase role.

If showCredentials is true, the returned object(s) will contain amariadb: { password: "*..."} field, where password is theSHA1(SHA1()) value of the password used when logging to MariaDB. That is, the same string that is found in the password column in the mysql.user table.

Replication Commands

isMaster

The following fields are relevant.

Field

Type

Description

replSetGetStatus

The following fields are relevant.

Field

Type

Description

All other fields are ignored.

This command will always return the document

Sessions Commands

endSessions

The following fields are relevant.

Field

Type

Description

dropIndexes

The following fields are relevant.

The following fields are relevant.

Field

Type

Description

listCommands

The following fields are relevant.

Field

Type

Description

ping

The following fields are relevant.

Field

Type

Description

MaxScale Specific Commands

mxsAddUser

Definition

mxsAddUser

The mxsAddUser command adds an existing MariaDB user to the local nosqlprotocol account database. Use if the MariaDB user should be created as well.

Note that the mxsAddUser command does not check that the user exists or that the specified roles are compatible with the grants of the user.

Syntax

The 'mxsAddUser' command has the following syntax:

Command Fields

The command has the following fields:

Field

Type

Description

The value of mxsAddUser should be the name (without the host part) of an existing user in the MariaDB server and the value of pwd should be that user's password in cleartext.

The roles array should contain roles that a compatible with the grants of the user. Please check for a discussion on how to map roles map to grants.

Returns

If the addition of the user succeeds, the command returns a document with the single field ok whose value is 1.

If there is a failure of some kind, the command returns an error document

mxsCreateDatabase

Definition

mxsCreateDatabase

The 'mxsCreateDatabase' command creates a new database and must be run against the admin database.

Syntax

The 'mxsCreateDatabase' has the following syntax:

Command Fields

The command takes the following fields:

Field

Type

Description

Returns

If database creation succeeds, the command returns a document with the single field ok whose value is 1.

If the database creation fails, the command returns an error document.

mxsDiagnose

Definition

mxsDiagnose

The mxsDiagnose command provides diagnostics for any other command; that is, how MaxScale will handle that command.

Syntax

The mxsDiagnose command has the following syntax:

Command Fields

The command takes the following fields:

Field

Type

Description

Returns

The command returns a document that contains diagnostics of the command provided as argument. For example:

kind specifies of what kind the command is; an immediate command is one for which MaxScale autonomously can generate the response, a single command is one where the command will cause a single SQL statement to be sent to the backend, and a multi command is one where potentially multiple SQL statements will be sent to the backend.

If the command is immediate then there will be a field response containing the actual response of the command, if the command is single then there will be a field sql containing the actual statement that would have been sent to the backend, and if the command is multi then there will be a field sql containing an array of statements that would have been sent to the backend.

If an error occurs while the command is being diagnosed, then there will be noresponse field but an error field whose value is an error document. Note that the value of ok will always be 1.

mxsGetConfig

Definition

mxsGetConfig

The mxsGetConfig command returns the current configuration of the session and must be run against the 'admin' database.

Syntax

The mxsGetConfig has the following syntax:

Command Fields

The command takes the following fields:

Field

Type

Description

Returns

The command returns a document that contains the current configuration of the session. For example:

mxsRemoveUser

Definition

mxsRemoveUser

The mxsRemoveUser removes a user from the local nosqlprotocol account database. Use if the MariaDB user should be dropped as well.

Syntax

The 'mxsRemoveUser' command has the following syntax:

Command Fields

The command has the following fields:

Field

Type

Description

Returns

If the removal of the user succeeds, the command returns a document with the single field ok whose value is 1.

If there is a failure of some kind, the command returns an error document

mxsSetConfig

Definition

mxsSetConfig

The mxsSetConfig command changes the configuration of the session and must be run against the 'admin' database.

Note that the changes only affect the current session and are not persisted.

Syntax

The mxsSetConfig has the following syntax:

Command Fields

The command takes the following fields:

Field

Type

Description

The document takes the following fields:

Field

Type

Description

Returns

The command returns a document that contains the changed configuration of the session. For example:

mxsUpdateUser

Definition

mxsUpdateUser

The mxsUpdateUser command updates a user in the local nosqlprotocol account database. Use to update MariaDB user as well.

Note that the mxsUpdateUser command does not check that the changed data is compatible e.g. with the grants of the corresponding MariaDB user.

Syntax

The 'mxsUpdateUser' command has the following syntax:

Command Fields

The command has the following fields:

Field

Type

Description

The roles array should contain roles that a compatible with the grants of the user. Please check for a discussion on how to map roles map to grants.

Returns

If the updating of the user succeeds, the command returns a document with the single field ok whose value is 1.

If there is a failure of some kind, the command returns an error document

Object Id

When a document is created, an id of type ObjectId will be autogenerated by the MongoDB® client library. If the id is provided explicitly, by assigning a value to the _id field, the value must be an ObjectId, a string or an integer.

Compatibility

Currently 30% of the tests in the test-suite pass.

Example

The following is a minimal setup for getting nosqlprotocol up and running. It is assumed the reader knows how to configure MaxScale for normal use. If not, please start with the . Note that as nosqlprotocol is the first component in the MaxScale routing chain, it can be used with all routers and filters.

Configuring MaxScale

In the following it is assumed that MaxScale already has been configured for normal use and that there exists a service [TheService].

The values the_user and the_password must be replaced with the actual credentials to be used for every MongoDB® client that connects.

If MaxScale is now started, the following entry should appear in the log file.

MongoDB® Shell

The mongo Shell is a powerful tool with which to access and manipulate a MongoDB database. It is part of the MongoDB® package. Having the native MongoDB database installed is convenient, as it makes it easy to ascertain whether a problem is due to nosqlprotocol not fully implementing something or due to the API not being used in the correct fashion.

With the mongo shell, all that is needed is to invoke it with the port_nosqlprotocol_ is listening on:

If the shell prompt appears, then a connection was successfully established and the shell can be used.

The db variable is implicitly available, and refers by default to the test database.

The command inserted a document into the collection called collection. The table corresponding to that collection is created implicitly because the default value of auto_create_tables is true. Here, the object id is specified explicitly, but there is no need for that, as one will be created if needed.

To check whether the documents was inserted into the collection, thefind command can be issued:

As can be seen, the document was indeed inserted into the collection

With the mysql shell, the content of the actual table can be checked.

The collection collection is represented by a table collection with the two colums id and doc. id is a virtual column whose content is the value of the _id field of the document in the doc column.

All MongoDB® commands that mongdbprotocol support (but for the ones that do not require database access), basically access or manipulate the content in the doc column using the of MariaDB.

From within the mongo shell itself it is easy to find out just what SQL a particular MongoDB command is translated into.

For instance, the SQL that the insert command with which the document was added can be found out like:

Similarily, the SQL of the find command can be find out like:

The returned SQL can be directly pasted at the mysql prompt, which is quite convenient in case the MongoDB® command does not behave as expected.

MongoDB® Node.JS Driver

As all client libraries implement and depend on the MongoDB® wire protocol, all client libraries should work with nosqlprotocol. However, the only client library that has been used and that has been verified to work is version 3.6 of the MongoDB Node.JS Driver.

In principle, the only thing that needs to be altered in an existing program using the library is to change the uri string that typically is something like

with the assumption that the default nosqlprotocol port is used.

In practice, additional modifications may be needed since nosqlprotocol does not implement all commands and does not in all cases implement the full functionality of the commands that it supports.

Inserting a Document

Store the following into a file called insert.js.

Then, run the program like

As the id is not explicitly provided, it will not be the same.

Finding a Document

Store the following into a file called find.js.

Then, run the program like

CC BY-SA / Gnu FDL

ordered

default

back: The response sent back to the client is logged.

admin:mariadb

MariaDB [(none)]> select user, host from mysql.user;
+-------------+-----------+
| User        | Host      |
+-------------+-----------+
| bob         | %         |
| mysql       | localhost |
+-------------+-----------+
2 rows in set (0.001 sec)

MariaDB [(none)]> select user, host from mysql.user;
+-------------+-----------+
| User        | Host      |
+-------------+-----------+
| bob         | %         |
| test.bob    | %         |
| mysql       | localhost |
+-------------+-----------+
3 rows in set (0.001 sec)

> use mariadb
switched to db mariadb
> db.runCommand({createUser: "bob", pwd: "bobspwd", roles: []});
{
    "ok" : 0,
    "errmsg" : "User \"bob\" already exists",
    "code" : 51003,
    "codeName" : "Location51003"
}

MariaDB [(none)]> select user, host from mysql.user;
+-------------+-----------+
| User        | Host      |
+-------------+-----------+
| alice       | %         |
| bob         | %         |
| test.bob    | %         |
| mysql       | localhost |
+-------------+-----------+
4 rows in set (0.001 sec)

> use test;
switched to db test
> db.runCommand({createUser: "alice", pwd: "alices_pwd", roles: []});
{
    "ok" : 0,
    "errmsg" : "command createUser requires authentication",
    "code" : 13,
    "codeName" : "Unauthorized"
}

[NoSQL-Listener]
type=listener
service=...
protocol=nosqlprotocol
nosqlprotocol.user=admin.nosql_admin
nosqlprotocol.password=nosql_password
nosqlprotocol.authentication_required=true
nosqlprotocol.authorization_enabled=true

> db.runCommand({usersInfo: 1});
{
    "users" : [
        {
            "_id" : "admin.nosql_admin",
            "userId" : UUID("7d921459-3099-42a7-ad06-ed37ac002161"),
            "user" : "nosql_admin",
            "db" : "admin",
            "roles" : [
                {
                    "db" : "admin",
                    "role" : "dbAdminAnyDatabase"
                },
                {
                    "db" : "admin",
                    "role" : "readWriteAnyDatabase"
                },
                {
                    "db" : "admin",
                    "role" : "userAdminAnyDatabase"
                },
                {
                    "db" : "admin",
                    "role" : "root"
                }
            ],
            "mechanisms" : [
                "SCRAM-SHA-256"
            ]
        }
    ],
    "ok" : 1
}

[NoSQL-Listener]
type=listener
service=...
protocol=nosqlprotocol
nosqlprotocol.user=test.test_user
nosqlprotocol.password=test_password
nosqlprotocol.authentication_required=true
nosqlprotocol.authorization_enabled=true

> db.runCommand({usersInfo: 1});
{
    "users" : [
        {
            "_id" : "test.test_user",
            "userId" : UUID("714f35e7-4276-45af-863c-0be4d1f5dd74"),
            "user" : "test_user",
            "db" : "test",
            "roles" : [
                {
                    "db" : "test",
                    "role" : "readWrite"
                }
            ],
            "mechanisms" : [
                "SCRAM-SHA-256"
            ]
        }
    ],
    "ok" : 1
}

db.runCommand(
    {
        mxsAddUser: "<name>",
        pwd: passwordPrompt(),  // Or "<cleartext password>"
        customData: { <any information> },
        roles: [
            { role: "<role>", db: "<database>" } | "<role>",
            ...
        ],
        mechanisms: [ "<scram-mechanism>", ...],
        digestPassword: <boolean>
    }
)

> db.runCommand({mxsDiagnose: {ping:1}});
{ "kind" : "immediate", "response" : { "ok" : 1 }, "ok" : 1 }

> db.runCommand({mxsDiagnose: {find:"person", filter: { name: "Bob"}}});
{
  "kind" : "single",
  "sql" : "SELECT doc FROM `test`.`person` WHERE ( JSON_EXTRACT(doc, '$.name') = 'Bob') ",
  "ok" : 1
}

> db.runCommand({mxsDiagnose: {delete:"person", deletes: [{q: { name: "Bob"}, limit:0}, {q: {name: "Alice"}, limit:0}]}});
{
  "kind" : "single",
  "sql" : [
    "DELETE FROM `test`.`person` WHERE ( JSON_EXTRACT(doc, '$.name') = 'Bob') ",
    "DELETE FROM `test`.`person` WHERE ( JSON_EXTRACT(doc, '$.name') = 'Alice') "
  ],
  "ok" : 1
}

> db.runCommand({mxsGetConfig: 1});
{
    "config" : {
        "on_unknown_command" : "return_error",
        "auto_create_tables" : true,
        "id_length" : 35
                ...
    },
    "ok" : 1
}

> db.runCommand({mxsGetConfig: 1});
{
    "config" : {
        "on_unknown_command" : "return_error",
        "auto_create_tables" : true,
        "id_length" : 35
                ...
    },
    "ok" : 1
}
> db.runCommand({mxsSetConfig: { auto_create_tables: false}});
{
    "config" : {
        "on_unknown_command" : "return_error",
        "auto_create_tables" : false,
        "id_length" : 35
                ...
    },
    "ok" : 1
}

db.runCommand(
    {
        mxsUpdateUser: "<name>",
        pwd: passwordPrompt(),  // Or "<cleartext password>"
        customData: { <any information> },
        roles: [
            { role: "<role>", db: "<database>" } | "<role>",
            ...
        ],
        mechanisms: [ "<scram-mechanism>", ...],
        digestPassword: <boolean>
    }
)

$ mongo --port 17017
MongoDB shell version v4.4.1
connecting to: mongodb://127.0.0.1:17017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("694f3eed-329f-487a-8d73-9a2d4cf82d62") }
MongoDB server version: 4.4.1
---
        ...
---
>

> db.runCommand({find: "collection"});
{
    "cursor" : {
        "firstBatch" : [
            {
                "_id" : 1,
                "hello" : "world"
            }
        ],
        "id" : NumberLong(0),
        "ns" : "test.collection"
    },
    "ok" : 1
}

MariaDB [(none)]> select * from test.collection;
+------+------------------------------------+
| id   | doc                                |
+------+------------------------------------+
| 1.0  | { "_id" : 1.0, "hello" : "world" } |
+------+------------------------------------+

> db.runCommand({mxsDiagnose: {insert: "collection", documents: [{_id: 1, "hello": "world"}]}});
{
    "kind" : "multi",
    "sql" : [
        "INSERT INTO `test`.`collection` (doc) VALUES ('{ \"_id\" : 1.0, \"hello\" : \"world\" }')"
    ],
    "ok" : 1
}

const { MongoClient } = require("mongodb");

const uri = "mongodb://127.0.0.1:17017";

const client = new MongoClient(uri, { useUnifiedTopology: true });
async function run() {
  try {
    await client.connect();
    const database = client.db("mydb");
    const movies = database.collection("movies");
    // create a document to be inserted
    const movie = { title: "Apocalypse Now", director: "Francis Ford Coppola" };
    const result = await movies.insertOne(movie);
    console.log(
      `${result.insertedCount} documents were inserted with the _id: ${result.insertedId}`,
    );
  } finally {
    await client.close();
  }
}
run().catch(console.dir);

const { MongoClient } = require("mongodb");

const uri = "mongodb://127.0.0.1:17017";

const client = new MongoClient(uri, { useUnifiedTopology: true });
async function run() {
  try {
    await client.connect();
    const database = client.db("mydb");
    const movies = database.collection("movies");
    // Query for a movie that has the title 'Apocalypse Now'
    const query = { title: "Apocalypse Now" };
    const options = {
      // Include only the 'director' field in the returned document
      projection: { _id: 0, director: 1 },
    };
    const movie = await movies.findOne(query, options);
    // Returns a document and not a cursor, so print directly.
    console.log(movie);
  } finally {
    await client.close();
  }
}
run().catch(console.dir);

Usage: list servers

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all servers in MaxScale.


  Field       | Description
  -----       | -----------
  Server      | Server name
  Address     | Address where the server listens
  Port        | The port on which the server listens
  Connections | Current connection count
  State       | Server state
  GTID        | Current value of @@gtid_current_pos

Usage: list services

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all services and the servers they use.


  Field             | Description
  -----             | -----------
  Service           | Service name
  Router            | Router used by the service
  Connections       | Current connection count
  Total Connections | Total connection count
  Targets           | Targets that the service uses

Usage: list listeners [service]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List listeners of all services. If a service is given, only listeners for that service are listed.


  Field   | Description
  -----   | -----------
  Name    | Listener name
  Port    | The port where the listener listens
  Host    | The address or socket where the listener listens
  State   | Listener state
  Service | Service that this listener points to

Usage: list monitors

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all monitors in MaxScale.


  Field   | Description
  -----   | -----------
  Monitor | Monitor name
  State   | Monitor state
  Servers | The servers that this monitor monitors

Usage: list sessions

Options:
      --rdns     Perform a reverse DNS lookup on client IPs  [boolean] [default: false]
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

List all client sessions.


  Field     | Description
  -----     | -----------
  Id        | Session ID
  User      | Username
  Host      | Client host address
  Connected | Time when the session started
  Idle      | How long the session has been idle, in seconds
  Service   | The service where the session connected
  Memory    | Memory usage (not exhaustive)

Usage: list filters

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all filters in MaxScale.


  Field   | Description
  -----   | -----------
  Filter  | Filter name
  Service | Services that use the filter
  Module  | The module that the filter uses

Usage: list modules

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all currently loaded modules.


  Field   | Description
  -----   | -----------
  Module  | Module name
  Type    | Module type
  Version | Module version

Usage: list threads

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all worker threads.


  Field       | Description
  -----       | -----------
  Id          | Thread ID
  Current FDs | Current number of managed file descriptors
  Total FDs   | Total number of managed file descriptors
  Load (1s)   | Load percentage over the last second
  Load (1m)   | Load percentage over the last minute
  Load (1h)   | Load percentage over the last hour

Usage: list users

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List network the users that can be used to connect to the MaxScale REST API.


  Field        | Description
  -----        | -----------
  Name         | User name
  Type         | User type
  Privileges   | User privileges
  Created      | When the user was created
  Last Updated | The last time the account password was updated
  Last Login   | The last time the user logged in

Usage: list commands

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all available module commands.


  Field    | Description
  -----    | -----------
  Module   | Module name
  Commands | Available commands

Usage: list queries

List queries options:
  -l, --max-length  Maximum SQL length to display. Use --max-length=0 for no limit.  [number] [default: 120]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

List all active queries being executed through MaxScale. In order for this command to work, MaxScale must be configured with 'retain_last_statements' set to a value greater than 0.

Usage: show server <server>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about a server. The `Parameters` field contains the currently configured parameters for this server. See `--help alter server` for more details about altering server parameters.


  Field               | Description
  -----               | -----------
  Server              | Server name
  Source              | File where the object is stored in
  Address             | Address where the server listens
  Port                | The port on which the server listens
  State               | Server state
  Version             | Server version
  Uptime              | Server uptime in seconds
  Last Event          | The type of the latest event
  Triggered At        | Time when the latest event was triggered at
  Services            | Services that use this server
  Monitors            | Monitors that monitor this server
  Master ID           | The server ID of the master
  Node ID             | The node ID of this server
  Slave Server IDs    | List of slave server IDs
  Current Connections | Current connection count
  Total Connections   | Total cumulative connection count
  Max Connections     | Maximum number of concurrent connections ever seen
  Statistics          | Server statistics
  Parameters          | Server parameters

Usage: show servers

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about all servers.


  Field               | Description
  -----               | -----------
  Server              | Server name
  Source              | File where the object is stored in
  Address             | Address where the server listens
  Port                | The port on which the server listens
  State               | Server state
  Version             | Server version
  Uptime              | Server uptime in seconds
  Last Event          | The type of the latest event
  Triggered At        | Time when the latest event was triggered at
  Services            | Services that use this server
  Monitors            | Monitors that monitor this server
  Master ID           | The server ID of the master
  Node ID             | The node ID of this server
  Slave Server IDs    | List of slave server IDs
  Current Connections | Current connection count
  Total Connections   | Total cumulative connection count
  Max Connections     | Maximum number of concurrent connections ever seen
  Statistics          | Server statistics
  Parameters          | Server parameters

Usage: show service <service>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about a service. The `Parameters` field contains the currently configured parameters for this service. See `--help alter service` for more details about altering service parameters.


  Field               | Description
  -----               | -----------
  Service             | Service name
  Source              | File where the object is stored in
  Router              | Router that the service uses
  State               | Service state
  Started At          | When the service was started
  Current Connections | Current connection count
  Total Connections   | Total connection count
  Max Connections     | Historical maximum connection count
  Cluster             | The cluster that the service uses
  Servers             | Servers that the service uses
  Services            | Services that the service uses
  Filters             | Filters that the service uses
  Parameters          | Service parameter
  Router Diagnostics  | Diagnostics provided by the router module

Usage: show services

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about all services.


  Field               | Description
  -----               | -----------
  Service             | Service name
  Source              | File where the object is stored in
  Router              | Router that the service uses
  State               | Service state
  Started At          | When the service was started
  Current Connections | Current connection count
  Total Connections   | Total connection count
  Max Connections     | Historical maximum connection count
  Cluster             | The cluster that the service uses
  Servers             | Servers that the service uses
  Services            | Services that the service uses
  Filters             | Filters that the service uses
  Parameters          | Service parameter
  Router Diagnostics  | Diagnostics provided by the router module

Usage: show monitor <monitor>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about a monitor. The `Parameters` field contains the currently configured parameters for this monitor. See `--help alter monitor` for more details about altering monitor parameters.


  Field               | Description
  -----               | -----------
  Monitor             | Monitor name
  Source              | File where the object is stored in
  Module              | Monitor module
  State               | Monitor state
  Servers             | The servers that this monitor monitors
  Parameters          | Monitor parameters
  Monitor Diagnostics | Diagnostics provided by the monitor module

Usage: show monitors

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about all monitors.


  Field               | Description
  -----               | -----------
  Monitor             | Monitor name
  Source              | File where the object is stored in
  Module              | Monitor module
  State               | Monitor state
  Servers             | The servers that this monitor monitors
  Parameters          | Monitor parameters
  Monitor Diagnostics | Diagnostics provided by the monitor module

Usage: show session <session>

Options:
      --rdns     Perform a reverse DNS lookup on client IPs  [boolean] [default: false]
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Show detailed information about a single session. The list of sessions can be retrieved with the `list sessions` command. The <session> is the session ID of a particular session.

The `Connections` field lists the servers to which the session is connected and the `Connection IDs` field lists the IDs for those connections.


  Field             | Description
  -----             | -----------
  Id                | Session ID
  Service           | The service where the session connected
  State             | Session state
  User              | Username
  Host              | Client host address
  Port              | Client network port
  Database          | Current default database of the connection
  Connected         | Time when the session started
  Idle              | How long the session has been idle, in seconds
  Parameters        | Session parameters
  Client TLS Cipher | Client TLS cipher
  Connections       | Ordered list of backend connections
  Connection IDs    | Thread IDs for the backend connections
  Queries           | Query history
  Log               | Per-session log messages
  Memory            | Memory usage (not exhaustive)

Usage: show sessions

Options:
      --rdns     Perform a reverse DNS lookup on client IPs  [boolean] [default: false]
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Show detailed information about all sessions. See `--help show session` for more details.


  Field             | Description
  -----             | -----------
  Id                | Session ID
  Service           | The service where the session connected
  State             | Session state
  User              | Username
  Host              | Client host address
  Port              | Client network port
  Database          | Current default database of the connection
  Connected         | Time when the session started
  Idle              | How long the session has been idle, in seconds
  Parameters        | Session parameters
  Client TLS Cipher | Client TLS cipher
  Connections       | Ordered list of backend connections
  Connection IDs    | Thread IDs for the backend connections
  Queries           | Query history
  Log               | Per-session log messages
  Memory            | Memory usage (not exhaustive)

Usage: show filter <filter>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The list of services that use this filter is show in the `Services` field.


  Field       | Description
  -----       | -----------
  Filter      | Filter name
  Source      | File where the object is stored in
  Module      | The module that the filter uses
  Services    | Services that use the filter
  Parameters  | Filter parameters
  Diagnostics | Filter diagnostics

Usage: show filters

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information of all filters.


  Field       | Description
  -----       | -----------
  Filter      | Filter name
  Source      | File where the object is stored in
  Module      | The module that the filter uses
  Services    | Services that use the filter
  Parameters  | Filter parameters
  Diagnostics | Filter diagnostics

Usage: show listener <listener>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]




                                                           Field      | Description
                                                           -----      | -----------
                                                           Name       | Listener name
                                                           Source     | File where the object is stored in
                                                           Service    | Services that the listener points to
                                                           Parameters | Listener parameters

Usage: show filters

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information of all filters.


  Field       | Description
  -----       | -----------
  Filter      | Filter name
  Source      | File where the object is stored in
  Module      | The module that the filter uses
  Services    | Services that use the filter
  Parameters  | Filter parameters
  Diagnostics | Filter diagnostics

Usage: show module <module>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command shows all available parameters as well as detailed version information of a loaded module.


  Field       | Description
  -----       | -----------
  Module      | Module name
  Type        | Module type
  Version     | Module version
  Maturity    | Module maturity
  Description | Short description about the module
  Parameters  | All the parameters that the module accepts
  Commands    | Commands that the module provides

Usage: show modules

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Displays detailed information about all modules.


  Field       | Description
  -----       | -----------
  Module      | Module name
  Type        | Module type
  Version     | Module version
  Maturity    | Module maturity
  Description | Short description about the module
  Parameters  | All the parameters that the module accepts
  Commands    | Commands that the module provides

Usage: show maxscale

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

See `--help alter maxscale` for more details about altering MaxScale parameters.


  Field        | Description
  -----        | -----------
  Version      | MaxScale version
  Commit       | MaxScale commit ID
  Started At   | Time when MaxScale was started
  Activated At | Time when MaxScale left passive mode
  Uptime       | Time MaxScale has been running
  Config Sync  | MaxScale configuration synchronization
  Parameters   | Global MaxScale parameters

Usage: show thread <thread>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about a worker thread.


  Field                  | Description
  -----                  | -----------
  Id                     | Thread ID
  Accepts                | Number of TCP accepts done by this thread
  Reads                  | Number of EPOLLIN events
  Writes                 | Number of EPOLLOUT events
  Hangups                | Number of EPOLLHUP and EPOLLRDUP events
  Errors                 | Number of EPOLLERR events
  Avg event queue length | Average number of events returned by one epoll_wait call
  Max event queue length | Maximum number of events returned by one epoll_wait call
  Max exec time          | The longest time spent processing events returned by a epoll_wait call
  Max queue time         | The longest time an event had to wait before it was processed
  Current FDs            | Current number of managed file descriptors
  Total FDs              | Total number of managed file descriptors
  Load (1s)              | Load percentage over the last second
  Load (1m)              | Load percentage over the last minute
  Load (1h)              | Load percentage over the last hour
  QC cache size          | Query classifier size
  QC cache inserts       | Number of times a new query was added into the query classification cache
  QC cache hits          | How many times a query classification was found in the query classification cache
  QC cache misses        | How many times a query classification was not found in the query classification cache
  QC cache evictions     | How many times a query classification result was evicted from the query classification cache

Usage: show threads

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show detailed information about all worker threads.


  Field                  | Description
  -----                  | -----------
  Id                     | Thread ID
  Accepts                | Number of TCP accepts done by this thread
  Reads                  | Number of EPOLLIN events
  Writes                 | Number of EPOLLOUT events
  Hangups                | Number of EPOLLHUP and EPOLLRDUP events
  Errors                 | Number of EPOLLERR events
  Avg event queue length | Average number of events returned by one epoll_wait call
  Max event queue length | Maximum number of events returned by one epoll_wait call
  Max exec time          | The longest time spent processing events returned by a epoll_wait call
  Max queue time         | The longest time an event had to wait before it was processed
  Current FDs            | Current number of managed file descriptors
  Total FDs              | Total number of managed file descriptors
  Load (1s)              | Load percentage over the last second
  Load (1m)              | Load percentage over the last minute
  Load (1h)              | Load percentage over the last hour
  QC cache size          | Query classifier size
  QC cache inserts       | Number of times a new query was added into the query classification cache
  QC cache hits          | How many times a query classification was found in the query classification cache
  QC cache misses        | How many times a query classification was not found in the query classification cache
  QC cache evictions     | How many times a query classification result was evicted from the query classification cache

Usage: show logging

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

See `--help alter logging` for more details about altering logging parameters.


  Field              | Description
  -----              | -----------
  Current Log File   | The current log file MaxScale is logging into
  Enabled Log Levels | List of log levels enabled in MaxScale
  Parameters         | Logging parameters

Usage: show commands <module>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command shows the parameters the command expects with the parameter descriptions.


  Field        | Description
  -----        | -----------
  Command      | Command name
  Parameters   | Parameters the command supports
  Descriptions | Parameter descriptions

Usage: show qc_cache

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show contents (statement and hits) of query classifier cache.

Usage: show dbusers <service>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Show information about the database users of the service.


  Field  | Description
  -----  | -----------
  User   | The user name of the account
  Host   | The host of the account
  Plugin | Authentication plugin
  TLS    | Whether TLS is required from this user
  Super  | Does the user have a SUPER grant
  Global | Does the user have global database access
  Proxy  | Whether this is a proxy user
  Role   | The default role for this user

Usage: set server <server> <state>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Set options:
      --force  If combined with the `maintenance` state, this forcefully closes all connections to the target server  [boolean] [default: false]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

If <server> is monitored by a monitor, this command should only be used to set the server into the `maintenance` or the `drain` state. Any other states will be overridden by the monitor on the next monitoring interval. To manually control server states, use the `stop monitor <name>` command to stop the monitor before setting the server states manually.

When a server is set into the `drain` state, no new connections to it are allowed but existing connections are allowed to gracefully close. Servers with the `Master` status cannot be drained or set into maintenance mode. To clear a state set by this command, use the `clear server` command.

To forcefully close all connections to a server, use `set server <name> maintenance --force`

Usage: clear server <server> <state>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command clears a server state set by the `set server <server> <state>` command

Usage: drain server <server>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Drain options:
      --drain-timeout  Timeout for the drain operation in seconds. If exceeded, the server is added back to all services without putting it into maintenance mode.  [number] [default: 90]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command drains the server of connections by first removing it from all services after which it waits until all connections are closed. When all connections are closed, the server is put into the `maintenance` state and added back to all the services where it was removed from. To take the server back into use, execute `clear server <server> maintenance`.

Warning: This command is not safe to interrupt. If interrupted, the servers might not be added back to the service. For a better alternative, use `set server <server> drain`. This command has been deprecated in MaxScale 6.0.

Usage: enable log-priority <log>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The `debug` log priority is only available for debug builds of MaxScale.

Usage: disable log-priority <log>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The `debug` log priority is only available for debug builds of MaxScale.

Usage: create server <name> <host|socket> [port] [params...]

Create server options:
      --services                     Link the created server to these services  [array]
      --monitors                     Link the created server to these monitors  [array]
      --protocol                     Protocol module name  [string] [default: "mariadbbackend"]
      --authenticator                Authenticator module name (deprecated)  [string]
      --authenticator-options        Option string for the authenticator (deprecated)  [string]
      --tls                          Enable TLS  [boolean]
      --tls-key                      Path to TLS key  [string]
      --tls-cert                     Path to TLS certificate  [string]
      --tls-ca-cert                  Path to TLS CA certificate  [string]
      --tls-version                  TLS version to use  [string]
      --tls-cert-verify-depth        TLS certificate verification depth  [number]
      --tls-verify-peer-certificate  Enable TLS peer certificate verification  [boolean]
      --tls-verify-peer-host         Enable TLS peer host verification  [boolean]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The created server will not be used by any services or monitors unless the --services or --monitors options are given. The list of servers a service or a monitor uses can be altered with the `link` and `unlink` commands. If the <host|socket> argument is an absolute path, the server will use a local UNIX domain socket connection. In this case the [port] argument is ignored.

The recommended way of declaring parameters is with the new `key=value` syntax added in MaxScale 6.2.0. Note that for some parameters (e.g. `extra_port` and `proxy_protocol`) this is the only way to pass them.

Usage: create monitor <name> <module> [params...]

Create monitor options:
      --servers           Link the created monitor to these servers. All non-option arguments after --servers are interpreted as server names e.g. `--servers srv1 srv2 srv3`.  [array]
      --monitor-user      Username for the monitor user  [string]
      --monitor-password  Password for the monitor user  [string]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The list of servers given with the --servers option should not contain any servers that are already monitored by another monitor. The last argument to this command is a list of key=value parameters given as the monitor parameters.

Usage: service <name> <router> <params...>

Create service options:
      --servers   Link the created service to these servers. All non-option arguments after --servers are interpreted as server names e.g. `--servers srv1 srv2 srv3`.  [array]
      --filters   Link the created service to these filters. All non-option arguments after --filters are interpreted as filter names e.g. `--filters f1 f2 f3`.  [array]
      --services  Link the created service to these services. All non-option arguments after --services are interpreted as service names e.g. `--services svc1 svc2 svc3`.  [array]
      --cluster   Link the created service to this cluster (i.e. a monitor)  [string]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The last argument to this command is a list of key=value parameters given as the service parameters. If the --servers, --services or --filters options are used, they must be defined after the service parameters. The --cluster option is mutually exclusive with the --servers and --services options.

Note that the `user` and `password` parameters must be defined.

Usage: filter <name> <module> [params...]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The last argument to this command is a list of key=value parameters given as the filter parameters.

Usage: create listener <service> <name> <port> [params...]

Create listener options:
      --interface                    Interface to listen on  [string] [default: "::"]
      --protocol                     Protocol module name  [string] [default: "mariadbclient"]
      --authenticator                Authenticator module name  [string]
      --authenticator-options        Option string for the authenticator  [string]
      --tls-key                      Path to TLS key  [string]
      --tls-cert                     Path to TLS certificate  [string]
      --tls-ca-cert                  Path to TLS CA certificate  [string]
      --tls-version                  TLS version to use  [string]
      --tls-crl                      TLS CRL to use  [string]
      --tls-cert-verify-depth        TLS certificate verification depth  [number]
      --tls-verify-peer-certificate  Enable TLS peer certificate verification  [boolean]
      --tls-verify-peer-host         Enable TLS peer host verification  [boolean]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The new listener will be taken into use immediately. The last argument to this command is a list of key=value parameters given as the listener parameters. These parameters override any parameters set via command line options: e.g. using `protocol=mariadb` will override the `--protocol=cdc` option.

Usage: create user <name> <password>

Create user options:
      --type  Type of user to create  [string] [choices: "admin", "basic"] [default: "basic"]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

By default the created user will have read-only privileges. To make the user an administrative user, use the `--type=admin` option. Basic users can only perform `list` and `show` commands.

Usage: create report <file>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The generated report contains the state of all the objects in MaxScale as well as all other required information needed to diagnose problems.

Usage: destroy server <name>

Destroy options:
      --force  Remove the server from monitors and services before destroying it  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The server must be unlinked from all services and monitor before it can be destroyed.

Usage: destroy monitor <name>

Destroy options:
      --force  Remove monitored servers from the monitor before destroying it  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The monitor must be unlinked from all servers before it can be destroyed.

Usage: destroy listener { <listener> | <service> <listener> }

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Destroying a listener closes the listening socket, opening it up for immediate reuse. If only one argument is given and it is the name of a listener, it is unconditionally destroyed. If two arguments are given and they are a service and a listener, the listener is only destroyed if it is for the given service.

Usage: destroy service <name>

Destroy options:
      --force  Remove filters, listeners and servers from service before destroying it  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The service must be unlinked from all servers and filters. All listeners for the service must be destroyed before the service itself can be destroyed.

Usage: destroy filter <name>

Destroy options:
      --force  Automatically remove the filter from all services before destroying it  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The filter must not be used by any service when it is destroyed.

Usage: destroy user <name>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The last remaining administrative user cannot be removed. Create a replacement administrative user before attempting to remove the last administrative user.

Usage: destroy session <id>

Destroy options:
      --ttl  Give session this many seconds to gracefully close  [number] [default: 0]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This causes the client session with the given ID to be closed. If the --ttl option is used, the session is given that many seconds to gracefully stop. If no TTL value is given, the session is closed immediately.

Usage: link service <name> <target...>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command links targets to a service, making them available for any connections that use the service. A target can be a server, another service or a cluster (i.e. a monitor). Before a server is linked to a service, it should be linked to a monitor so that the server state is up to date. Newly linked targets are only available to new connections, existing connections will use the old list of targets. If a monitor (a cluster of servers) is linked to a service, the service must not have any other targets linked to it.

Usage: link monitor <name> <server...>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Linking a server to a monitor will add it to the list of servers that are monitored by that monitor. A server can be monitored by only one monitor at a time.

Usage: unlink service <name> <target...>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command unlinks targets from a service, removing them from the list of available targets for that service. New connections to the service will not use the unlinked targets but existing connections can still use the targets. A target can be a server, another service or a cluster (a monitor).

Usage: unlink monitor <name> <server...>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command unlinks servers from a monitor, removing them from the list of monitored servers. The servers will be left in their current state when they are unlinked from a monitor.

Usage: start service <name>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This starts a service stopped by `stop service <name>`

Usage: start listener <name>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This starts a listener stopped by `stop listener <name>`

Usage: start monitor <name>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This starts a monitor stopped by `stop monitor <name>`

Usage: start [services|maxscale]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command will execute the `start service` command for all services in MaxScale.

Usage: stop service <name>

Stop options:
      --force  Close existing connections after stopping the service  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Stopping a service will prevent all the listeners for that service from accepting new connections. Existing connections will still be handled normally until they are closed.

Usage: stop listener <name>

Stop options:
      --force  Close existing connections after stopping the listener  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Stopping a listener will prevent it from accepting new connections. Existing connections will still be handled normally until they are closed.

Usage: stop monitor <name>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Stopping a monitor will pause the monitoring of the servers. This can be used to manually control server states with the `set server` command.

Usage: stop [services|maxscale]

Stop options:
      --force  Close existing connections after stopping all services  [boolean] [default: false]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command will execute the `stop service` command for all services in MaxScale.

Usage: alter server <server> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the server parameters, execute `show server <server>`.
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter monitor <monitor> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the monitor parameters, execute `show monitor <monitor>`
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter service <service> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the service parameters, execute `show service <service>`. Some routers support runtime configuration changes to all parameters. Currently all readconnroute, readwritesplit and schemarouter parameters can be changed at runtime. In addition to module specific parameters, the following list of common service parameters can be altered at runtime:

[
    "user",
    "passwd",
    "enable_root_user",
    "max_connections",
    "connection_timeout",
    "auth_all_servers",
    "optimize_wildcard",
    "strip_db_esc",
    "max_slave_connections",
    "max_slave_replication_lag",
    "retain_last_statements"
]
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter service-filters <service> [filters...]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The order of the filters given as the second parameter will also be the order in which queries pass through the filter chain. If no filters are given, all existing filters are removed from the service.

For example, the command `maxctrl alter service filters my-service A B C` will set the filter chain for the service `my-service` so that A gets the query first after which it is passed to B and finally to C. This behavior is the same as if the `filters=A|B|C` parameter was defined for the service.

The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter filter <filter> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the filter parameters, execute `show filter <filter>`. Some filters support runtime configuration changes to all parameters. Refer to the filter documentation for details on whether it supports runtime configuration changes and which parameters can be altered.

The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.
Note: To pass options with dashes in them, surround them in both single and double quotes:

      maxctrl alter filter my-namedserverfilter target01 '"->master"'

Usage: alter listener <listener> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the listener parameters, execute `show listener <listener>`
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter logging <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the logging parameters, execute `show logging`
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter maxscale <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To display the MaxScale parameters, execute `show maxscale`. The following list of parameters can be altered at runtime:

[
    "auth_connect_timeout",
    "auth_read_timeout",
    "auth_write_timeout",
    "admin_auth",
    "admin_log_auth_failures",
    "passive",
    "ms_timestamp",
    "skip_permission_checks",
    "query_retries",
    "query_retry_timeout",
    "retain_last_statements",
    "dump_last_statements"
]
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter user <name> <password>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Changes the password for a user. To change the user type, destroy the user and then create it again.

Usage: alter session <session> <key=value> ...

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Alter parameters of a session. To get the list of modifiable parameters, use `show session <session>`
The parameters should be given in the `key=value` format. This command also supports the legacy method
of passing parameters as `key value` pairs but the use of this is not recommended.

Usage: alter session-filters <session> [filters...]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The order of the filters given as the second parameter will also be the order in which queries pass through the filter chain. If no filters are given, all existing filters are removed from the session. The syntax is similar to `alter service-filters`.

Usage: rotate logs

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command is intended to be used with the `logrotate` command.

Usage: reload service <service>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Usage: reload service <service>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command reloads the TLS certificates for all listeners and servers as well as the REST API in MaxScale. The REST API JWT signature keys are also rotated by this command.

Usage: reload session <id>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command reloads the configuration of a session. When a session is reloaded, it internally restarts the MaxScale session. This means that new connections are created and taken into use before the old connections are discarded. The session will use the latest configuration of the service the listener it used pointed to. This means that the behavior of the session can change as a result of a reload if the configuration has changed. If the reloading fails, the old configuration will remain in use. The external session ID of the connection will remain the same as well as any statistics or session level alterations that were done before the reload.

Usage: reload sessions

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command reloads the configuration of all sessions. When a session is reloaded, it internally restarts the MaxScale session. This means that new connections are created and taken into use before the old connections are discarded. The session will use the latest configuration of the service the listener it used pointed to. This means that the behavior of the session can change as a result of a reload if the configuration has changed. If the reloading fails, the old configuration will remain in use. The external session ID of the connection will remain the same as well as any statistics or session level alterations that were done before the reload.

Usage: call command <module> <command> [params...]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

To inspect the list of module commands, execute `list commands`

Usage: cluster diff <target>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

The list of host servers is controlled with the --hosts option. The target server should not be in the host list. Value of <target> must be in HOST:PORT format

Usage: cluster sync <target>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

This command will alter all MaxScale instances given in the --hosts option to represent the <target> MaxScale. Value of <target> must be in HOST:PORT format. Synchronization can be attempted again if a previous attempt failed due to a network failure or some other ephemeral error. Any other errors require manual synchronization of the MaxScale configuration files and a restart of the failed Maxscale.

Note: New objects created by `cluster sync` will have a placeholder value and must be manually updated. Passwords for existing objects will not be updated by `cluster sync` and must also be manually updated.

Usage: get <resource> [path]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

API options:
      --sum     Calculate sum of API result. Only works for arrays of numbers e.g. `api get --sum servers data[].attributes.statistics.connections`.  [boolean] [default: false]
      --pretty  Pretty-print output.  [boolean] [default: false]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Perform a raw REST API call. The path definition uses JavaScript syntax to extract values. For example, the following command extracts all server states as an array of JSON values: maxctrl api get servers data[].attributes.state

Usage: post <resource> <value>

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

API options:
      --sum     Calculate sum of API result. Only works for arrays of numbers e.g. `api get --sum servers data[].attributes.statistics.connections`.  [boolean] [default: false]
      --pretty  Pretty-print output.  [boolean] [default: false]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Perform a raw REST API call. The provided value is passed as-is to the REST API after building it with JSON.parse

Usage: patch <resource> [path]

Global Options:
  -c, --config     MaxCtrl configuration file  [string] [default: "~/.maxctrl.cnf"]
  -u, --user       Username to use  [string] [default: "admin"]
  -p, --password   Password for the user. To input the password manually, use -p '' or --password=''  [string] [default: "mariadb"]
  -h, --hosts      List of MaxScale hosts. The hosts must be in HOST:PORT format and each value must be separated by a comma.  [string] [default: "127.0.0.1:8989"]
  -t, --timeout    Request timeout in plain milliseconds, e.g '-t 1000', or as duration with suffix [h|m|s|ms], e.g. '-t 10s'  [string] [default: "10000"]
  -q, --quiet      Silence all output. Ignored while in interactive mode.  [boolean] [default: false]
      --tsv        Print tab separated output  [boolean] [default: false]
      --skip-sync  Disable configuration synchronization for this command  [boolean] [default: false]

HTTPS/TLS Options:
  -s, --secure                  Enable HTTPS requests  [boolean] [default: false]
      --tls-key                 Path to TLS private key  [string]
      --tls-passphrase          Password for the TLS private key  [string]
      --tls-cert                Path to TLS public certificate  [string]
      --tls-ca-cert             Path to TLS CA certificate  [string]
  -n, --tls-verify-server-cert  Whether to verify server TLS certificates  [boolean] [default: true]

API options:
      --sum     Calculate sum of API result. Only works for arrays of numbers e.g. `api get --sum servers data[].attributes.statistics.connections`.  [boolean] [default: false]
      --pretty  Pretty-print output.  [boolean] [default: false]

Options:
      --version  Show version number  [boolean]
      --help     Show help  [boolean]

Perform a raw REST API call. The provided value is passed as-is to the REST API after building it with JSON.parse

MaxScale 22.08 MaxScale Resource

MaxScale Resource

The MaxScale resource represents a MaxScale instance and it is the core on top of which the modules build upon.

Resource Operations

Get global information

Retrieve global information about a MaxScale instance. This includes various file locations, configuration options and version information.

Response

Status: 200 OK

Update MaxScale parameters

Update MaxScale parameters. The request body must define updated values for the data.attributes.parameters object. The parameters that can be modified are listed in the /v1/maxscale/modules/maxscale endpoint and have the modifiable value set to true.

Response

Parameters modified:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Get thread information

Get the information and statistics of a particular thread. The :id in the URI must map to a valid thread number between 0 and the configured value of threads.

Response

Status: 200 OK

Get information for all threads

Get the information for all threads. Returns a collection of threads resources.

Response

Status: 200 OK

Get logging information

Get information about the current state of logging, enabled log files and the location where the log files are stored.

Note: The parameters in this endpoint are a subset of the parameters in the /v1/maxscale endpoint. Because of this, the parameters in this endpoint are deprecated as of MaxScale 6.0.

Note: In MaxScale 2.5 the log_throttling and ms_timestamp parameters were incorrectly named as throttling and highprecision. In MaxScale 6, the parameter names are now correct which means the parameters declared here aren't fully backwards compatible.

Response

Status: 200 OK

Get log data

Get the contents of the MaxScale logs. This endpoint was added in MaxScale 6.

To navigate the log, use the prev link to move backwards to older log entries. The latest log entries can be read with the last link.

The entries are sorted in ascending order by the time they were logged. This means that with the default parameters, the latest logged event is the last element in the returned array.

Parameters

This endpoint supports the following parameters:

page[size]
Set number of rows of data to read. By default, 50 rows of data are read from the log.
page[cursor]
Set position from where the log data is retrieved. The default position to retrieve the log data is the end of the log. This value should not be modified by the user and the values returned in the

Response

Status: 200 OK

Stream log data

Stream the contents of the MaxScale logs. This endpoint was added in MaxScale 6.

This endpoint opens a connection and streams the contents of the log to it. Each WebSocket message will contain the JSON representation of the log message. The JSON is formatted in the same way as the values in the log array of the /v1/maxscale/logs/data endpoint:

Limitations

If the client writes any data to the open socket, it will be treated as an error and the stream is closed.
The WebSocket ping and close commands are not yet supported and will be treated as errors.
When maxlog is used as source of log data, any log messages logged after log rotation will not be sent if the file was moved or truncated. To fetch new events after log rotation, reopen the WebSocket connection.

Parameters

This endpoint supports the following parameters:

page[cursor]
Set position from where the log data is retrieved. The default position to retrieve the log data is the end of the log. To stream data from a known point, first read the data via the /v1/maxscale/logs/data endpoint and then use the id value of the newest log message (i.e. the first value in the log array) to start the stream.
priority

Response

Upgrade started:

Status: 101 Switching Protocols

Client didn't request a WebSocket upgrade:

Status: 426 Upgrade Required

Update logging parameters

Note: The modification of logging parameters via this endpoint has deprecated in MaxScale 6.0. The parameters should be modified with the /v1/maxscale endpoint instead.

Any PATCH requests done to this endpoint will be redirected to the /v1/maxscale endpoint. Due to the mispelling of the ms_timestamp and log_throttling parameters, this is not fully backwards compatible.

Update logging parameters. The request body must define updated values for the data.attributes.parameters object. All logging parameters can be altered at runtime.

Response

Parameters modified:

Status: 204 No Content

Invalid JSON body:

Status: 400 Bad Request

Flush and rotate log files

CC BY-SA / Gnu FDL

links

id

{
    "data": {
        "attributes": {
            "activated_at": "Thu, 20 Jul 2023 15:29:02 GMT",
            "commit": "d6acc9ed4310d328677803c4dc96e82b2a7afe14",
            "config_sync": null,
            "parameters": {
                "admin_auth": true,
                "admin_enabled": true,
                "admin_gui": true,
                "admin_host": "127.0.0.1",
                "admin_jwt_algorithm": "auto",
                "admin_jwt_key": null,
                "admin_log_auth_failures": true,
                "admin_oidc_url": null,
                "admin_pam_readonly_service": null,
                "admin_pam_readwrite_service": null,
                "admin_port": 8989,
                "admin_secure_gui": true,
                "admin_ssl_ca": null,
                "admin_ssl_cert": null,
                "admin_ssl_key": null,
                "admin_ssl_version": "MAX",
                "admin_verify_url": null,
                "auth_connect_timeout": "10000ms",
                "auth_read_timeout": "10000ms",
                "auth_write_timeout": "10000ms",
                "auto_tune": [],
                "cachedir": "/var/cache/maxscale",
                "config_sync_cluster": null,
                "config_sync_db": "mysql",
                "config_sync_interval": "5000ms",
                "config_sync_password": null,
                "config_sync_timeout": "10000ms",
                "config_sync_user": null,
                "connector_plugindir": "/usr/lib64/maxscale/plugin",
                "datadir": "/var/lib/maxscale",
                "debug": null,
                "dump_last_statements": "never",
                "execdir": "/usr/bin",
                "key_manager": "none",
                "language": "/var/lib/maxscale",
                "libdir": "/usr/lib64/maxscale",
                "load_persisted_configs": true,
                "local_address": null,
                "log_debug": false,
                "log_info": false,
                "log_notice": true,
                "log_throttling": {
                    "count": 10,
                    "suppress": 10000,
                    "window": 1000
                },
                "log_warn_super_user": false,
                "log_warning": true,
                "logdir": "/var/log/maxscale",
                "max_auth_errors_until_block": 10,
                "max_read_amount": 0,
                "maxlog": true,
                "module_configdir": "/etc/maxscale.modules.d",
                "ms_timestamp": false,
                "passive": false,
                "persist_runtime_changes": true,
                "persistdir": "/var/lib/maxscale/maxscale.cnf.d",
                "piddir": "/var/run/maxscale",
                "query_classifier": "qc_sqlite",
                "query_classifier_args": null,
                "query_classifier_cache_size": 5001955123,
                "query_retries": 1,
                "query_retry_timeout": "5000ms",
                "rebalance_period": "0ms",
                "rebalance_threshold": 20,
                "rebalance_window": 10,
                "retain_last_statements": 0,
                "session_trace": 0,
                "skip_name_resolve": false,
                "skip_permission_checks": false,
                "sql_mode": "default",
                "syslog": false,
                "threads": 3,
                "users_refresh_interval": "0ms",
                "users_refresh_time": "0ms",
                "writeq_high_water": 65536,
                "writeq_low_water": 1024
            },
            "process_datadir": "/var/lib/maxscale/data19",
            "started_at": "Thu, 20 Jul 2023 15:29:02 GMT",
            "system": {
                "machine": {
                    "cores_available": 8,
                    "cores_physical": 8,
                    "cores_virtual": 8.0,
                    "memory_available": 33346367488,
                    "memory_physical": 33346367488
                },
                "maxscale": {
                    "query_classifier_cache_size": 5001955123,
                    "threads": 3
                },
                "os": {
                    "machine": "x86_64",
                    "nodename": "monolith",
                    "release": "6.3.12-100.fc37.x86_64",
                    "sysname": "Linux",
                    "version": "#1 SMP PREEMPT_DYNAMIC Wed Jul  5 20:09:58 UTC 2023"
                }
            },
            "uptime": 10,
            "version": "22.08.6"
        },
        "id": "maxscale",
        "type": "maxscale"
    },
    "links": {
        "self": "http://localhost:8989/v1/maxscale/"
    }
}

{
    "data": {
        "attributes": {
            "stats": {
                "accepts": 0,
                "avg_event_queue_length": 1,
                "current_descriptors": 5,
                "errors": 0,
                "hangups": 0,
                "load": {
                    "last_hour": 0,
                    "last_minute": 0,
                    "last_second": 0
                },
                "max_event_queue_length": 1,
                "max_exec_time": 0,
                "max_queue_time": 0,
                "memory": {
                    "query_classifier": 0,
                    "sessions": 0,
                    "total": 0,
                    "zombies": 0
                },
                "query_classifier_cache": {
                    "evictions": 0,
                    "hits": 0,
                    "inserts": 0,
                    "misses": 0,
                    "size": 0
                },
                "reads": 34,
                "sessions": 0,
                "total_descriptors": 5,
                "writes": 0,
                "zombies": 0
            }
        },
        "id": "0",
        "links": {
            "self": "http://localhost:8989/v1/threads/0/"
        },
        "type": "threads"
    },
    "links": {
        "self": "http://localhost:8989/v1/maxscale/threads/0/"
    }
}

{
    "data": [
        {
            "attributes": {
                "stats": {
                    "accepts": 0,
                    "avg_event_queue_length": 1,
                    "current_descriptors": 5,
                    "errors": 0,
                    "hangups": 0,
                    "load": {
                        "last_hour": 0,
                        "last_minute": 0,
                        "last_second": 0
                    },
                    "max_event_queue_length": 1,
                    "max_exec_time": 0,
                    "max_queue_time": 0,
                    "memory": {
                        "query_classifier": 0,
                        "sessions": 0,
                        "total": 0,
                        "zombies": 0
                    },
                    "query_classifier_cache": {
                        "evictions": 0,
                        "hits": 0,
                        "inserts": 0,
                        "misses": 0,
                        "size": 0
                    },
                    "reads": 35,
                    "sessions": 0,
                    "total_descriptors": 5,
                    "writes": 0,
                    "zombies": 0
                }
            },
            "id": "0",
            "links": {
                "self": "http://localhost:8989/v1/threads/0/"
            },
            "type": "threads"
        },
        {
            "attributes": {
                "stats": {
                    "accepts": 1,
                    "avg_event_queue_length": 1,
                    "current_descriptors": 8,
                    "errors": 0,
                    "hangups": 0,
                    "load": {
                        "last_hour": 0,
                        "last_minute": 0,
                        "last_second": 0
                    },
                    "max_event_queue_length": 3,
                    "max_exec_time": 0,
                    "max_queue_time": 0,
                    "memory": {
                        "query_classifier": 448,
                        "sessions": 69671,
                        "total": 70119,
                        "zombies": 0
                    },
                    "query_classifier_cache": {
                        "evictions": 0,
                        "hits": 0,
                        "inserts": 1,
                        "misses": 2,
                        "size": 448
                    },
                    "reads": 47,
                    "sessions": 1,
                    "total_descriptors": 8,
                    "writes": 10,
                    "zombies": 0
                }
            },
            "id": "1",
            "links": {
                "self": "http://localhost:8989/v1/threads/1/"
            },
            "type": "threads"
        },
        {
            "attributes": {
                "stats": {
                    "accepts": 0,
                    "avg_event_queue_length": 1,
                    "current_descriptors": 5,
                    "errors": 0,
                    "hangups": 0,
                    "load": {
                        "last_hour": 0,
                        "last_minute": 0,
                        "last_second": 0
                    },
                    "max_event_queue_length": 1,
                    "max_exec_time": 0,
                    "max_queue_time": 0,
                    "memory": {
                        "query_classifier": 0,
                        "sessions": 0,
                        "total": 0,
                        "zombies": 0
                    },
                    "query_classifier_cache": {
                        "evictions": 0,
                        "hits": 0,
                        "inserts": 0,
                        "misses": 0,
                        "size": 0
                    },
                    "reads": 34,
                    "sessions": 0,
                    "total_descriptors": 5,
                    "writes": 0,
                    "zombies": 0
                }
            },
            "id": "2",
            "links": {
                "self": "http://localhost:8989/v1/threads/2/"
            },
            "type": "threads"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/maxscale/threads/"
    }
}

{
    "data": {
        "attributes": {
            "log_file": "/var/log/maxscale/maxscale.log",
            "log_priorities": [
                "alert",
                "error",
                "warning",
                "notice"
            ],
            "parameters": {
                "log_debug": false,
                "log_info": false,
                "log_notice": true,
                "log_throttling": {
                    "count": 10,
                    "suppress": 10000,
                    "window": 1000
                },
                "log_warning": true,
                "maxlog": true,
                "ms_timestamp": false,
                "syslog": false
            }
        },
        "id": "logs",
        "type": "logs"
    },
    "links": {
        "self": "http://localhost:8989/v1/maxscale/logs/"
    }
}

{
    "data": {
        "attributes": {
            "log": [
                {
                    "id": "37",
                    "message": "Service 'Read-Connection-Router' started (2/2)",
                    "priority": "notice",
                    "timestamp": "2023-07-20 15:29:02"
                },
                {
                    "id": "38",
                    "message": "Read 5 user@host entries from 'server1' for service 'Read-Connection-Router'.",
                    "priority": "notice",
                    "timestamp": "2023-07-20 15:29:03"
                },
                {
                    "id": "39",
                    "message": "Read 5 user@host entries from 'server1' for service 'RW-Split-Router'.",
                    "priority": "notice",
                    "timestamp": "2023-07-20 15:29:03"
                }
            ],
            "log_source": "maxlog"
        },
        "id": "log_data",
        "type": "log_data"
    },
    "links": {
        "last": "http://localhost:8989/v1/maxscale/logs/data/?page%5Bsize%5D=3",
        "prev": "http://localhost:8989/v1/maxscale/logs/data/?page%5Bcursor%5D=34&page%5Bsize%5D=3",
        "self": "http://localhost:8989/v1/maxscale/logs/data/?page%5Bcursor%5D=40&page%5Bsize%5D=3"
    }
}

{
    "data": {
        "attributes": {
            "api": "router",
            "commands": [],
            "description": "A Read/Write splitting router for enhancement read scalability",
            "maturity": "GA",
            "module_type": "Router",
            "parameters": [
                {
                    "default_value": "false",
                    "description": "Causal reads mode",
                    "enum_values": [
                        "false",
                        "off",
                        "0",
                        "true",
                        "on",
                        "1",
                        "none",
                        "local",
                        "global",
                        "fast_global",
                        "fast",
                        "universal"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "causal_reads",
                    "type": "enum"
                },
                {
                    "default_value": "10000ms",
                    "description": "Timeout for the slave synchronization",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "causal_reads_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": false,
                    "description": "Retry failed writes outside of transactions",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "delayed_retry",
                    "type": "bool"
                },
                {
                    "default_value": "10000ms",
                    "description": "Timeout for delayed_retry",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "delayed_retry_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": false,
                    "description": "Create connections only when needed",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "lazy_connect",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Use master for reads",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "master_accept_reads",
                    "type": "bool"
                },
                {
                    "default_value": "fail_instantly",
                    "description": "Master failure mode behavior",
                    "enum_values": [
                        "fail_instantly",
                        "fail_on_write",
                        "error_on_write"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "master_failure_mode",
                    "type": "enum"
                },
                {
                    "default_value": false,
                    "description": "Reconnect to master",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "master_reconnection",
                    "type": "bool"
                },
                {
                    "default_value": 255,
                    "description": "Maximum number of slave connections",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "max_slave_connections",
                    "type": "count"
                },
                {
                    "default_value": "0ms",
                    "description": "Maximum allowed slave replication lag",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "max_slave_replication_lag",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": false,
                    "description": "Optimistically offload transactions to slaves",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "optimistic_trx",
                    "type": "bool"
                },
                {
                    "default_value": true,
                    "description": "Automatically retry failed reads outside of transactions",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "retry_failed_reads",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Reuse identical prepared statements inside the same connection",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "reuse_prepared_statements",
                    "type": "bool"
                },
                {
                    "default_value": 255,
                    "description": "Starting number of slave connections",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "slave_connections",
                    "type": "count"
                },
                {
                    "default_value": "LEAST_CURRENT_OPERATIONS",
                    "description": "Slave selection criteria",
                    "enum_values": [
                        "LEAST_GLOBAL_CONNECTIONS",
                        "LEAST_ROUTER_CONNECTIONS",
                        "LEAST_BEHIND_MASTER",
                        "LEAST_CURRENT_OPERATIONS",
                        "ADAPTIVE_ROUTING"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "slave_selection_criteria",
                    "type": "enum"
                },
                {
                    "default_value": false,
                    "description": "Lock connection to master after multi-statement query",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "strict_multi_stmt",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Lock connection to master after a stored procedure is executed",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "strict_sp_calls",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Retry failed transactions",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay",
                    "type": "bool"
                },
                {
                    "default_value": 5,
                    "description": "Maximum number of times to retry a transaction",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_attempts",
                    "type": "count"
                },
                {
                    "default_value": "full",
                    "description": "Type of checksum to calculate for results",
                    "enum_values": [
                        "full",
                        "result_only",
                        "no_insert_id"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_checksum",
                    "type": "enum"
                },
                {
                    "default_value": 1048576,
                    "description": "Maximum size of transaction to retry",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_max_size",
                    "type": "size"
                },
                {
                    "default_value": false,
                    "description": "Retry transaction on deadlock",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_retry_on_deadlock",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Retry transaction on checksum mismatch",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_retry_on_mismatch",
                    "type": "bool"
                },
                {
                    "default_value": "0ms",
                    "description": "Timeout for transaction replay",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "transaction_replay_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": "all",
                    "description": "Whether to route SQL variable modifications to all servers or only to the master",
                    "enum_values": [
                        "all",
                        "master"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "use_sql_variables_in",
                    "type": "enum"
                },
                {
                    "default_value": false,
                    "deprecated": true,
                    "description": "Retrieve users from all backend servers instead of only one",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "auth_all_servers",
                    "type": "bool"
                },
                {
                    "default_value": "300000ms",
                    "description": "How ofted idle connections are pinged",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "connection_keepalive",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": "0ms",
                    "description": "Connection idle timeout",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "connection_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": false,
                    "description": "Disable session command history",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "disable_sescmd_history",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Allow the root user to connect to this service",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "enable_root_user",
                    "type": "bool"
                },
                {
                    "default_value": "-1ms",
                    "description": "Put connections into pool after session has been idle for this long",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "idle_session_pool_time",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": true,
                    "description": "Match localhost to wildcard host",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "localhost_match_wildcard_host",
                    "type": "bool"
                },
                {
                    "default_value": true,
                    "description": "Log a warning when client authentication fails",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "log_auth_warnings",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Log debug messages for this service (debug builds only)",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "log_debug",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Log info messages for this service",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "log_info",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Log notice messages for this service",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "log_notice",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Log warning messages for this service",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "log_warning",
                    "type": "bool"
                },
                {
                    "default_value": 0,
                    "description": "Maximum number of connections",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "max_connections",
                    "type": "count"
                },
                {
                    "default_value": 50,
                    "description": "Session command history size",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "max_sescmd_history",
                    "type": "count"
                },
                {
                    "default_value": "60000ms",
                    "description": "How long a session can wait for a connection to become available",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "multiplex_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "default_value": "0ms",
                    "description": "Network write timeout",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "net_write_timeout",
                    "type": "duration",
                    "unit": "ms"
                },
                {
                    "description": "Password for the user used to retrieve database users",
                    "mandatory": true,
                    "modifiable": true,
                    "name": "password",
                    "type": "password"
                },
                {
                    "default_value": true,
                    "description": "Prune old session command history if the limit is exceeded",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "prune_sescmd_history",
                    "type": "bool"
                },
                {
                    "default_value": "primary",
                    "description": "Service rank",
                    "enum_values": [
                        "primary",
                        "secondary"
                    ],
                    "mandatory": false,
                    "modifiable": true,
                    "name": "rank",
                    "type": "enum"
                },
                {
                    "default_value": -1,
                    "description": "Number of statements kept in memory",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "retain_last_statements",
                    "type": "int"
                },
                {
                    "default_value": false,
                    "description": "Enable session tracing for this service",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "session_trace",
                    "type": "bool"
                },
                {
                    "default_value": false,
                    "description": "Track session state using server responses",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "session_track_trx_state",
                    "type": "bool"
                },
                {
                    "default_value": true,
                    "description": "Strip escape characters from database names",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "strip_db_esc",
                    "type": "bool"
                },
                {
                    "description": "Username used to retrieve database users",
                    "mandatory": true,
                    "modifiable": true,
                    "name": "user",
                    "type": "string"
                },
                {
                    "description": "Load additional users from a file",
                    "mandatory": false,
                    "modifiable": false,
                    "name": "user_accounts_file",
                    "type": "path"
                },
                {
                    "default_value": "add_when_load_ok",
                    "description": "When and how the user accounts file is used",
                    "enum_values": [
                        "add_when_load_ok",
                        "file_only_always"
                    ],
                    "mandatory": false,
                    "modifiable": false,
                    "name": "user_accounts_file_usage",
                    "type": "enum"
                },
                {
                    "description": "Custom version string to use",
                    "mandatory": false,
                    "modifiable": true,
                    "name": "version_string",
                    "type": "string"
                }
            ],
            "version": "V1.1.0"
        },
        "id": "readwritesplit",
        "links": {
            "self": "http://localhost:8989/v1/modules/readwritesplit/"
        },
        "type": "modules"
    },
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/"
    }
}

{
    "data": [
        {
            "attributes": {
                "commands": [],
                "description": "maxscale",
                "maturity": "GA",
                "module_type": "maxscale",
                "parameters": [
                    {
                        "default_value": true,
                        "description": "Admin interface authentication.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_auth",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Admin interface is enabled.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_enabled",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Enable admin GUI.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_gui",
                        "type": "bool"
                    },
                    {
                        "default_value": "127.0.0.1",
                        "description": "Admin interface host.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_host",
                        "type": "string"
                    },
                    {
                        "default_value": "auto",
                        "description": "JWT signature algorithm",
                        "enum_values": [
                            "auto",
                            "HS256",
                            "HS384",
                            "HS512",
                            "RS256",
                            "RS384",
                            "RS512",
                            "ES256",
                            "ES384",
                            "ES512",
                            "PS256",
                            "PS384",
                            "PS512",
                            "ED25519",
                            "ED448"
                        ],
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_jwt_algorithm",
                        "type": "enum"
                    },
                    {
                        "description": "Encryption key ID for symmetric signature algorithms. If left empty, MaxScale will generate a random key that is used to sign the JWT.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_jwt_key",
                        "type": "string"
                    },
                    {
                        "default_value": true,
                        "description": "Log admin interface authentication failures.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "admin_log_auth_failures",
                        "type": "bool"
                    },
                    {
                        "description": "Extra public certificates used to validate externally signed JWTs",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "admin_oidc_url",
                        "type": "string"
                    },
                    {
                        "description": "PAM service for read-only users.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_pam_readonly_service",
                        "type": "string"
                    },
                    {
                        "description": "PAM service for read-write users.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_pam_readwrite_service",
                        "type": "string"
                    },
                    {
                        "default_value": 8989,
                        "description": "Admin interface port.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_port",
                        "type": "int"
                    },
                    {
                        "default_value": "*",
                        "description": "Allowed hosts for read-only rest-api users.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_readonly_hosts",
                        "type": "host pattern list"
                    },
                    {
                        "default_value": "*",
                        "description": "Allowed hosts for read-only rest-api users.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_readwrite_hosts",
                        "type": "host pattern list"
                    },
                    {
                        "default_value": true,
                        "description": "Only serve GUI over HTTPS.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_secure_gui",
                        "type": "bool"
                    },
                    {
                        "description": "Admin SSL CA cert",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_ssl_ca",
                        "type": "path"
                    },
                    {
                        "deprecated": true,
                        "description": "Alias for 'admin_ssl_ca'",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_ssl_ca_cert",
                        "type": "path"
                    },
                    {
                        "description": "Admin SSL cert",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "admin_ssl_cert",
                        "type": "path"
                    },
                    {
                        "description": "Admin SSL key",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "admin_ssl_key",
                        "type": "path"
                    },
                    {
                        "default_value": "MAX",
                        "description": "Minimum required TLS protocol version for the REST API",
                        "enum_values": [
                            "MAX",
                            "TLSv10",
                            "TLSv11",
                            "TLSv12",
                            "TLSv13"
                        ],
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_ssl_version",
                        "type": "enum"
                    },
                    {
                        "description": "URL for third-party verification of client tokens",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "admin_verify_url",
                        "type": "string"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Connection timeout for fetching user accounts.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auth_connect_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Read timeout for fetching user accounts (deprecated).",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auth_read_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Write timeout for fetching user accounts (deprecated).",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auth_write_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": [],
                        "description": "Specifies whether a MaxScale parameter whose value depends on a specific global server variable, should automatically be updated to match the variable's current value.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "auto_tune",
                        "type": "stringlist"
                    },
                    {
                        "description": "Cluster used for configuration synchronization. If left empty (i.e. value is \"\"), synchronization is not done.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "config_sync_cluster",
                        "type": "string"
                    },
                    {
                        "default_value": "mysql",
                        "description": "Database where the 'maxscale_config' table is created.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "config_sync_db",
                        "type": "string"
                    },
                    {
                        "default_value": "5000ms",
                        "description": "How often to synchronize the configuration.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "config_sync_interval",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Password for the user used for configuration synchronization.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "config_sync_password",
                        "type": "password"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Timeout for the configuration synchronization operations.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "config_sync_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "User account used for configuration synchronization.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "config_sync_user",
                        "type": "string"
                    },
                    {
                        "description": "Debug options",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "debug",
                        "type": "string"
                    },
                    {
                        "default_value": "never",
                        "description": "In what circumstances should the last statements that a client sent be dumped.",
                        "enum_values": [
                            "on_close",
                            "on_error",
                            "never"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "dump_last_statements",
                        "type": "enum"
                    },
                    {
                        "default_value": "none",
                        "description": "Key manager type",
                        "enum_values": [
                            "none",
                            "file",
                            "kmip",
                            "vault"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "key_manager",
                        "type": "enum"
                    },
                    {
                        "default_value": true,
                        "description": "Specifies whether persisted configuration files should be loaded on startup.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "load_persisted_configs",
                        "type": "bool"
                    },
                    {
                        "description": "Local address to use when connecting.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "local_address",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Specifies whether debug messages should be logged (meaningful only with debug builds).",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_debug",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Specifies whether info messages should be logged.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_info",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Specifies whether notice messages should be logged.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_notice",
                        "type": "bool"
                    },
                    {
                        "default_value": {
                            "count": 10,
                            "suppress": 10000,
                            "window": 1000
                        },
                        "description": "Limit the amount of identical log messages than can be logged during a certain time period.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_throttling",
                        "type": "throttling"
                    },
                    {
                        "default_value": false,
                        "description": "Log a warning when a user with super privilege logs in.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "log_warn_super_user",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Specifies whether warning messages should be logged.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_warning",
                        "type": "bool"
                    },
                    {
                        "default_value": 10,
                        "description": "The maximum number of authentication failures that are tolerated before a host is temporarily blocked.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_auth_errors_until_block",
                        "type": "int"
                    },
                    {
                        "default_value": 0,
                        "description": "Maximum amount of data read before return to epoll_wait.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "max_read_amount",
                        "type": "size"
                    },
                    {
                        "default_value": true,
                        "description": "Log to MaxScale's own log.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "maxlog",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Enable or disable high precision timestamps.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ms_timestamp",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "True if MaxScale is in passive mode.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "passive",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Persist configurations changes done at runtime.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "persist_runtime_changes",
                        "type": "bool"
                    },
                    {
                        "default_value": "qc_sqlite",
                        "description": "The name of the query classifier to load.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "query_classifier",
                        "type": "string"
                    },
                    {
                        "description": "Arguments for the query classifier.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "query_classifier_args",
                        "type": "string"
                    },
                    {
                        "default_value": 5001955123,
                        "description": "Maximum amount of memory used by query classifier cache.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "query_classifier_cache_size",
                        "type": "size"
                    },
                    {
                        "default_value": 1,
                        "description": "Number of times an interrupted query is retried.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "query_retries",
                        "type": "int"
                    },
                    {
                        "default_value": "5000ms",
                        "description": "The total timeout in seconds for any retried queries.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "query_retry_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "How often should the load of the worker threads be checked and rebalancing be made.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rebalance_period",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": 20,
                        "description": "If the difference in load between the thread with the maximum load and the thread with the minimum load is larger than the value of this parameter, then work will be moved from the former to the latter.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rebalance_threshold",
                        "type": "int"
                    },
                    {
                        "default_value": 10,
                        "description": "The load of how many seconds should be taken into account when rebalancing.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rebalance_window",
                        "type": "count"
                    },
                    {
                        "default_value": 0,
                        "description": "How many statements should be retained for each session for debugging purposes.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "retain_last_statements",
                        "type": "count"
                    },
                    {
                        "default_value": 0,
                        "description": "How many log entries are stored in the session specific trace log.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "session_trace",
                        "type": "count"
                    },
                    {
                        "default_value": false,
                        "description": "Do not resolve client IP addresses to hostnames during authentication",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "skip_name_resolve",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Skip service and monitor permission checks.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "skip_permission_checks",
                        "type": "bool"
                    },
                    {
                        "default_value": "default",
                        "description": "The query classifier sql mode.",
                        "enum_values": [
                            "default",
                            "oracle"
                        ],
                        "mandatory": false,
                        "modifiable": false,
                        "name": "sql_mode",
                        "type": "enum"
                    },
                    {
                        "default_value": false,
                        "description": "Log to syslog.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "syslog",
                        "type": "bool"
                    },
                    {
                        "default_value": 8,
                        "description": "This parameter specifies how many threads will be used for handling the routing.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "threads",
                        "type": "count"
                    },
                    {
                        "default_value": "0ms",
                        "description": "How often the users will be refreshed.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "users_refresh_interval",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "30000ms",
                        "description": "How often the users can be refreshed.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "users_refresh_time",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": 65536,
                        "description": "High water mark of dcb write queue.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "writeq_high_water",
                        "type": "size"
                    },
                    {
                        "default_value": 1024,
                        "description": "Low water mark of dcb write queue.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "writeq_low_water",
                        "type": "size"
                    }
                ],
                "version": "22.08.6"
            },
            "id": "maxscale",
            "links": {
                "self": "http://localhost:8989/v1/modules/maxscale/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "commands": [],
                "description": "servers",
                "maturity": "GA",
                "module_type": "servers",
                "parameters": [
                    {
                        "description": "Server address",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "address",
                        "type": "string"
                    },
                    {
                        "description": "Server authenticator (deprecated)",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "authenticator",
                        "type": "string"
                    },
                    {
                        "description": "Server disk space threshold",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "disk_space_threshold",
                        "type": "disk_space_limits"
                    },
                    {
                        "default_value": 0,
                        "description": "Server extra port",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "extra_port",
                        "type": "count"
                    },
                    {
                        "default_value": 0,
                        "description": "Maximum routing connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_routing_connections",
                        "type": "count"
                    },
                    {
                        "description": "Monitor password",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "monitorpw",
                        "type": "password"
                    },
                    {
                        "description": "Monitor user",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "monitoruser",
                        "type": "string"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Maximum time that a connection can be in the pool",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "persistmaxtime",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": 0,
                        "description": "Maximum size of the persistent connection pool",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "persistpoolmax",
                        "type": "count"
                    },
                    {
                        "default_value": 3306,
                        "description": "Server port",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "port",
                        "type": "count"
                    },
                    {
                        "default_value": 0,
                        "description": "Server priority",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "priority",
                        "type": "int"
                    },
                    {
                        "description": "Server protocol (deprecated)",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "protocol",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Enable proxy protocol",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "proxy_protocol",
                        "type": "bool"
                    },
                    {
                        "default_value": "primary",
                        "description": "Server rank",
                        "enum_values": [
                            "primary",
                            "secondary"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rank",
                        "type": "enum"
                    },
                    {
                        "description": "Server UNIX socket",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "socket",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Enable TLS for server",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl",
                        "type": "bool"
                    },
                    {
                        "description": "TLS certificate authority",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_ca",
                        "type": "path"
                    },
                    {
                        "deprecated": true,
                        "description": "Alias for 'ssl_ca'",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_ca_cert",
                        "type": "path"
                    },
                    {
                        "description": "TLS public certificate",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cert",
                        "type": "path"
                    },
                    {
                        "default_value": 9,
                        "description": "TLS certificate verification depth",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cert_verify_depth",
                        "type": "count"
                    },
                    {
                        "description": "TLS cipher list",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cipher",
                        "type": "string"
                    },
                    {
                        "description": "TLS private key",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_key",
                        "type": "path"
                    },
                    {
                        "default_value": false,
                        "description": "Verify TLS peer certificate",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_verify_peer_certificate",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Verify TLS peer host",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_verify_peer_host",
                        "type": "bool"
                    },
                    {
                        "default_value": "MAX",
                        "description": "Minimum TLS protocol version",
                        "enum_values": [
                            "MAX",
                            "TLSv10",
                            "TLSv11",
                            "TLSv12",
                            "TLSv13"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_version",
                        "type": "enum"
                    },
                    {
                        "default_value": "server",
                        "description": "Object type",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "type",
                        "type": "string"
                    }
                ],
                "version": "22.08.6"
            },
            "id": "servers",
            "links": {
                "self": "http://localhost:8989/v1/modules/servers/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "filter",
                "commands": [],
                "description": "A hint parsing filter",
                "maturity": "Alpha",
                "module_type": "Filter",
                "parameters": [],
                "version": "V1.0.0"
            },
            "id": "hintfilter",
            "links": {
                "self": "http://localhost:8989/v1/modules/hintfilter/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "authenticator",
                "commands": [],
                "description": "Standard MySQL/MariaDB authentication (mysql_native_password)",
                "maturity": "GA",
                "module_type": "Authenticator",
                "parameters": null,
                "version": "V2.1.0"
            },
            "id": "MariaDBAuth",
            "links": {
                "self": "http://localhost:8989/v1/modules/MariaDBAuth/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "monitor",
                "commands": [
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 2,
                            "description": "Rebuild a server with mariadb-backup. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Target server",
                                    "required": true,
                                    "type": "SERVER"
                                },
                                {
                                    "description": "Source server (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                }
                            ]
                        },
                        "id": "async-rebuild-server",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-rebuild-server/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Set ColumnStore cluster readwrite. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-set-readwrite",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-set-readwrite/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Set ColumnStore cluster read-only. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-set-readonly",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-set-readonly/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Stop ColumnStore cluster. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-stop-cluster",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-stop-cluster/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Start ColumnStore cluster. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-start-cluster",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-start-cluster/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Get ColumnStore cluster status. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "async-cs-get-status",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-get-status/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Get ColumnStore cluster status.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "cs-get-status",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/cs-get-status/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 3,
                            "description": "Remove a node from a ColumnStore cluster. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Hostname/IP of node to remove from ColumnStore cluster",
                                    "required": true,
                                    "type": "STRING"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-remove-node",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-remove-node/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 3,
                            "description": "Add a node to a ColumnStore cluster. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Hostname/IP of node to add to ColumnStore cluster",
                                    "required": true,
                                    "type": "STRING"
                                },
                                {
                                    "description": "Timeout",
                                    "required": true,
                                    "type": "STRING"
                                }
                            ]
                        },
                        "id": "async-cs-add-node",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-cs-add-node/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Cancel the last scheduled command.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "cancel-cmd",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/cancel-cmd/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Fetch result of the last scheduled command.",
                            "method": "GET",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "fetch-cmd-result",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/fetch-cmd-result/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Release any held server locks for 1 minute. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "async-release-locks",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-release-locks/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Release any held server locks for 1 minute.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "release-locks",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/release-locks/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 1,
                            "description": "Delete slave connections, delete binary logs and set up replication (dangerous). Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Master server (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                },
                                {
                                    "description": "Target data directory (optional)",
                                    "required": false,
                                    "type": "[STRING]"
                                }
                            ]
                        },
                        "id": "async-reset-replication",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-reset-replication/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 1,
                            "description": "Delete slave connections, delete binary logs and set up replication (dangerous)",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Master server (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                }
                            ]
                        },
                        "id": "reset-replication",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/reset-replication/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Rejoin server to a cluster. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Joining server",
                                    "required": true,
                                    "type": "SERVER"
                                }
                            ]
                        },
                        "id": "async-rejoin",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-rejoin/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 2,
                            "arg_min": 2,
                            "description": "Rejoin server to a cluster",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "Joining server",
                                    "required": true,
                                    "type": "SERVER"
                                }
                            ]
                        },
                        "id": "rejoin",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/rejoin/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Schedule master failover. Does not wait for completion.",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "async-failover",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-failover/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 1,
                            "arg_min": 1,
                            "description": "Perform master failover",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                }
                            ]
                        },
                        "id": "failover",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/failover/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 1,
                            "description": "Schedule master switchover. Does not wait for completion",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "New master (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                },
                                {
                                    "description": "Current master (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                }
                            ]
                        },
                        "id": "async-switchover",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/async-switchover/"
                        },
                        "type": "module_command"
                    },
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 1,
                            "description": "Perform master switchover",
                            "method": "POST",
                            "parameters": [
                                {
                                    "description": "Monitor name",
                                    "required": true,
                                    "type": "MONITOR"
                                },
                                {
                                    "description": "New master (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                },
                                {
                                    "description": "Current master (optional)",
                                    "required": false,
                                    "type": "[SERVER]"
                                }
                            ]
                        },
                        "id": "switchover",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/mariadbmon/switchover/"
                        },
                        "type": "module_command"
                    }
                ],
                "description": "A MariaDB Master/Slave replication monitor",
                "maturity": "GA",
                "module_type": "Monitor",
                "parameters": [
                    {
                        "default_value": true,
                        "description": "Assume that hostnames are unique",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "assume_unique_hostnames",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Enable automatic server failover",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auto_failover",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Enable automatic server rejoin",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auto_rejoin",
                        "type": "bool"
                    },
                    {
                        "default_value": "none",
                        "description": "Cooperative monitoring type",
                        "enum_values": [
                            "none",
                            "majority_of_running",
                            "majority_of_all"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "cooperative_monitoring_locks",
                        "type": "enum"
                    },
                    {
                        "description": "The API key used in communication with the ColumnStore admin daemon.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "cs_admin_api_key",
                        "type": "string"
                    },
                    {
                        "default_value": "/cmapi/0.4.0",
                        "description": "The base path to be used when accessing the ColumnStore administrative daemon. If, for instance, a daemon URL is https://localhost:8640/cmapi/0.4.0/node/start then the admin_base_path is \"/cmapi/0.4.0\".",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "cs_admin_base_path",
                        "type": "string"
                    },
                    {
                        "default_value": 8640,
                        "description": "Port of the ColumnStore administrative daemon.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "cs_admin_port",
                        "type": "count"
                    },
                    {
                        "description": "Path to SQL file that is executed during node demotion",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "demotion_sql_file",
                        "type": "path"
                    },
                    {
                        "default_value": false,
                        "description": "Enable read_only on all slave servers",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "enforce_read_only_slaves",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Enforce a simple topology",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "enforce_simple_topology",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Disable read_only on the current master server",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "enforce_writable_master",
                        "type": "bool"
                    },
                    {
                        "default_value": 5,
                        "description": "Number of failures to tolerate before failover occurs",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "failcount",
                        "type": "count"
                    },
                    {
                        "default_value": "90000ms",
                        "description": "Timeout for failover",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "failover_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": true,
                        "description": "Manage server-side events",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "handle_events",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Put the server into maintenance mode when it runs out of disk space",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "maintenance_on_low_disk_space",
                        "type": "bool"
                    },
                    {
                        "default_value": 1,
                        "description": "mariadb-backup thread count.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "mariadb-backup_parallel",
                        "type": "int"
                    },
                    {
                        "default_value": "1G",
                        "description": "mariadb-backup buffer pool size.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "mariadb-backup_use_memory",
                        "type": "string"
                    },
                    {
                        "default_value": "primary_monitor_master",
                        "description": "Conditions that the master servers must meet",
                        "enum_values": [
                            "none",
                            "connecting_slave",
                            "connected_slave",
                            "running_slave",
                            "primary_monitor_master"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_conditions",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Master failure timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_failure_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Path to SQL file that is executed during node promotion",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "promotion_sql_file",
                        "type": "path"
                    },
                    {
                        "default_value": 4444,
                        "description": "Listen port used for transferring server backup.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rebuild_port",
                        "type": "count"
                    },
                    {
                        "default_value": false,
                        "description": "Enable SSL when configuring replication",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "replication_master_ssl",
                        "type": "bool"
                    },
                    {
                        "description": "Password for the user that is used for replication",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "replication_password",
                        "type": "password"
                    },
                    {
                        "description": "User used for replication",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "replication_user",
                        "type": "string"
                    },
                    {
                        "default_value": -1,
                        "description": "Replication lag limit at which the script is run",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "script_max_replication_lag",
                        "type": "int"
                    },
                    {
                        "description": "List of servers that are never promoted",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "servers_no_promotion",
                        "type": "serverlist"
                    },
                    {
                        "default_value": "",
                        "description": "Conditions that the slave servers must meet",
                        "enum_values": [
                            "linked_master",
                            "running_master",
                            "writable_master",
                            "primary_monitor_master",
                            "none"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "slave_conditions",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": true,
                        "description": "Is SSH host key check enabled.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssh_check_host_key",
                        "type": "bool"
                    },
                    {
                        "description": "SSH keyfile. Used for running remote commands on servers.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "ssh_keyfile",
                        "type": "path"
                    },
                    {
                        "default_value": 22,
                        "description": "SSH port. Used for running remote commands on servers.",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssh_port",
                        "type": "count"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "SSH connection and command timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssh_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "SSH username. Used for running remote commands on servers.",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "ssh_user",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Perform a switchover when a server runs out of disk space",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "switchover_on_low_disk_space",
                        "type": "bool"
                    },
                    {
                        "default_value": "90000ms",
                        "description": "Timeout for switchover",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "switchover_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": true,
                        "description": "Verify master failure",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "verify_master_failure",
                        "type": "bool"
                    },
                    {
                        "default_value": 1,
                        "description": "Number of connection attempts to make to a server",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "backend_connect_attempts",
                        "type": "count"
                    },
                    {
                        "default_value": "3000ms",
                        "description": "Connection timeout for monitor connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "backend_connect_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "3000ms",
                        "description": "Read timeout for monitor connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "backend_read_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "3000ms",
                        "description": "Write timeout for monitor connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "backend_write_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "How often the disk space is checked",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "disk_space_check_interval",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Disk space threshold",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "disk_space_threshold",
                        "type": "string"
                    },
                    {
                        "default_value": "all,master_down,master_up,slave_down,slave_up,server_down,server_up,synced_down,synced_up,donor_down,donor_up,lost_master,lost_slave,lost_synced,lost_donor,new_master,new_slave,new_synced,new_donor",
                        "description": "Events that cause the script to be called",
                        "enum_values": [
                            "all",
                            "master_down",
                            "master_up",
                            "slave_down",
                            "slave_up",
                            "server_down",
                            "server_up",
                            "synced_down",
                            "synced_up",
                            "donor_down",
                            "donor_up",
                            "lost_master",
                            "lost_slave",
                            "lost_synced",
                            "lost_donor",
                            "new_master",
                            "new_slave",
                            "new_synced",
                            "new_donor"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "events",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": "28800000ms",
                        "description": "The time the on-disk cached server states are valid for",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "journal_max_age",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "2000ms",
                        "description": "How often the servers are monitored",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "monitor_interval",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Password for the user used to monitor the servers",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "password",
                        "type": "password"
                    },
                    {
                        "description": "Script to run whenever an event occurs",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "script",
                        "type": "string"
                    },
                    {
                        "default_value": "90000ms",
                        "description": "Timeout for the script",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "script_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "List of servers to use",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "servers",
                        "type": "serverlist"
                    },
                    {
                        "description": "Username used to monitor the servers",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "user",
                        "type": "string"
                    }
                ],
                "version": "V1.5.0"
            },
            "id": "mariadbmon",
            "links": {
                "self": "http://localhost:8989/v1/modules/mariadbmon/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "protocol",
                "commands": [],
                "description": "The client to MaxScale MySQL protocol implementation",
                "maturity": "GA",
                "module_type": "Protocol",
                "parameters": [
                    {
                        "default_value": "::",
                        "description": "Listener address",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "address",
                        "type": "string"
                    },
                    {
                        "description": "Listener authenticator",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "authenticator",
                        "type": "string"
                    },
                    {
                        "description": "Authenticator options",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "authenticator_options",
                        "type": "string"
                    },
                    {
                        "description": "Path to connection initialization SQL",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "connection_init_sql_file",
                        "type": "path"
                    },
                    {
                        "default_value": 0,
                        "description": "Listener port",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "port",
                        "type": "count"
                    },
                    {
                        "default_value": "MariaDBProtocol",
                        "description": "Listener protocol to use",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "protocol",
                        "type": "module"
                    },
                    {
                        "description": "Service to which the listener connects to",
                        "mandatory": true,
                        "modifiable": false,
                        "name": "service",
                        "type": "service"
                    },
                    {
                        "description": "Listener UNIX socket",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "socket",
                        "type": "string"
                    },
                    {
                        "default_value": "default",
                        "description": "SQL parsing mode",
                        "enum_values": [
                            "default",
                            "oracle"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "sql_mode",
                        "type": "enum"
                    },
                    {
                        "default_value": false,
                        "description": "Enable TLS for server",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl",
                        "type": "bool"
                    },
                    {
                        "description": "TLS certificate authority",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_ca",
                        "type": "path"
                    },
                    {
                        "deprecated": true,
                        "description": "Alias for 'ssl_ca'",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_ca_cert",
                        "type": "path"
                    },
                    {
                        "description": "TLS public certificate",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cert",
                        "type": "path"
                    },
                    {
                        "default_value": 9,
                        "description": "TLS certificate verification depth",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cert_verify_depth",
                        "type": "count"
                    },
                    {
                        "description": "TLS cipher list",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_cipher",
                        "type": "string"
                    },
                    {
                        "description": "TLS certificate revocation list",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_crl",
                        "type": "string"
                    },
                    {
                        "description": "TLS private key",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_key",
                        "type": "path"
                    },
                    {
                        "default_value": false,
                        "description": "Verify TLS peer certificate",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_verify_peer_certificate",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Verify TLS peer host",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_verify_peer_host",
                        "type": "bool"
                    },
                    {
                        "default_value": "MAX",
                        "description": "Minimum TLS protocol version",
                        "enum_values": [
                            "MAX",
                            "TLSv10",
                            "TLSv11",
                            "TLSv12",
                            "TLSv13"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "ssl_version",
                        "type": "enum"
                    },
                    {
                        "description": "Path to user and group mapping file",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "user_mapping_file",
                        "type": "path"
                    }
                ],
                "version": "V1.1.0"
            },
            "id": "MariaDBProtocol",
            "links": {
                "self": "http://localhost:8989/v1/modules/MariaDBProtocol/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "query_classifier",
                "commands": [],
                "description": "Query classifier using sqlite.",
                "maturity": "GA",
                "module_type": "QueryClassifier",
                "parameters": null,
                "version": "V1.0.0"
            },
            "id": "qc_sqlite",
            "links": {
                "self": "http://localhost:8989/v1/modules/qc_sqlite/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "filter",
                "commands": [
                    {
                        "attributes": {
                            "arg_max": 3,
                            "arg_min": 1,
                            "description": "Show unified log file as a JSON array",
                            "method": "GET",
                            "parameters": [
                                {
                                    "description": "Filter to read logs from",
                                    "required": true,
                                    "type": "FILTER"
                                },
                                {
                                    "description": "Start reading from this line",
                                    "required": false,
                                    "type": "[STRING]"
                                },
                                {
                                    "description": "Stop reading at this line (exclusive)",
                                    "required": false,
                                    "type": "[STRING]"
                                }
                            ]
                        },
                        "id": "log",
                        "links": {
                            "self": "http://localhost:8989/v1/modules/qlafilter/log/"
                        },
                        "type": "module_command"
                    }
                ],
                "description": "A simple query logging filter",
                "maturity": "GA",
                "module_type": "Filter",
                "parameters": [
                    {
                        "default_value": true,
                        "description": "Append new entries to log files instead of overwriting them",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "append",
                        "type": "bool"
                    },
                    {
                        "default_value": "ms",
                        "description": "Duration in milliseconds (ms) or microseconds (us)",
                        "enum_values": [
                            "ms",
                            "milliseconds",
                            "us",
                            "microseconds"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "duration_unit",
                        "type": "enum"
                    },
                    {
                        "description": "Exclude queries matching this pattern from the log",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "exclude",
                        "type": "regex"
                    },
                    {
                        "description": "The basename of the output file",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "filebase",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Flush log files after every write",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "flush",
                        "type": "bool"
                    },
                    {
                        "default_value": "date,user,query",
                        "description": "Type of data to log in the log files",
                        "enum_values": [
                            "service",
                            "session",
                            "date",
                            "user",
                            "query",
                            "reply_time",
                            "total_reply_time",
                            "default_db",
                            "num_rows",
                            "reply_size",
                            "transaction",
                            "transaction_time",
                            "num_warnings",
                            "error_msg",
                            "server",
                            "command"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_data",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": "session",
                        "description": "The type of log file to use",
                        "enum_values": [
                            "session",
                            "unified",
                            "stdout"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_type",
                        "type": "enum_mask"
                    },
                    {
                        "description": "Only log queries matching this pattern",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "match",
                        "type": "regex"
                    },
                    {
                        "default_value": " ",
                        "description": "Value used to replace newlines",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "newline_replacement",
                        "type": "string"
                    },
                    {
                        "default_value": "",
                        "description": "Regular expression options",
                        "enum_values": [
                            "case",
                            "ignorecase",
                            "extended"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "options",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": ",",
                        "description": "Defines the separator between elements of a log entry",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "separator",
                        "type": "string"
                    },
                    {
                        "description": "Log queries only from this network address",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "source",
                        "type": "string"
                    },
                    {
                        "default_value": false,
                        "description": "Write queries in canonical form",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "use_canonical_form",
                        "type": "bool"
                    },
                    {
                        "description": "Log queries only from this user",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "user",
                        "type": "string"
                    }
                ],
                "version": "V1.1.1"
            },
            "id": "qlafilter",
            "links": {
                "self": "http://localhost:8989/v1/modules/qlafilter/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "router",
                "commands": [],
                "description": "A connection based router to load balance based on connections",
                "maturity": "GA",
                "module_type": "Router",
                "parameters": [
                    {
                        "default_value": true,
                        "description": "Use master for reads",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_accept_reads",
                        "type": "bool"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Maximum acceptable replication lag",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_replication_lag",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "running",
                        "description": "A comma separated list of server roles",
                        "enum_values": [
                            "master",
                            "slave",
                            "running",
                            "synced"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "router_options",
                        "type": "enum_mask"
                    },
                    {
                        "default_value": false,
                        "deprecated": true,
                        "description": "Retrieve users from all backend servers instead of only one",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auth_all_servers",
                        "type": "bool"
                    },
                    {
                        "default_value": "300000ms",
                        "description": "How ofted idle connections are pinged",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "connection_keepalive",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Connection idle timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "connection_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": false,
                        "description": "Disable session command history",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "disable_sescmd_history",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Allow the root user to connect to this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "enable_root_user",
                        "type": "bool"
                    },
                    {
                        "default_value": "-1ms",
                        "description": "Put connections into pool after session has been idle for this long",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "idle_session_pool_time",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": true,
                        "description": "Match localhost to wildcard host",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "localhost_match_wildcard_host",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Log a warning when client authentication fails",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_auth_warnings",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log debug messages for this service (debug builds only)",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_debug",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log info messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_info",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log notice messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_notice",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log warning messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_warning",
                        "type": "bool"
                    },
                    {
                        "default_value": 0,
                        "description": "Maximum number of connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_connections",
                        "type": "count"
                    },
                    {
                        "default_value": 50,
                        "description": "Session command history size",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_sescmd_history",
                        "type": "count"
                    },
                    {
                        "default_value": "60000ms",
                        "description": "How long a session can wait for a connection to become available",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "multiplex_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Network write timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "net_write_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Password for the user used to retrieve database users",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "password",
                        "type": "password"
                    },
                    {
                        "default_value": true,
                        "description": "Prune old session command history if the limit is exceeded",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "prune_sescmd_history",
                        "type": "bool"
                    },
                    {
                        "default_value": "primary",
                        "description": "Service rank",
                        "enum_values": [
                            "primary",
                            "secondary"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rank",
                        "type": "enum"
                    },
                    {
                        "default_value": -1,
                        "description": "Number of statements kept in memory",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "retain_last_statements",
                        "type": "int"
                    },
                    {
                        "default_value": false,
                        "description": "Enable session tracing for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "session_trace",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Track session state using server responses",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "session_track_trx_state",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Strip escape characters from database names",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "strip_db_esc",
                        "type": "bool"
                    },
                    {
                        "description": "Username used to retrieve database users",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "user",
                        "type": "string"
                    },
                    {
                        "description": "Load additional users from a file",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "user_accounts_file",
                        "type": "path"
                    },
                    {
                        "default_value": "add_when_load_ok",
                        "description": "When and how the user accounts file is used",
                        "enum_values": [
                            "add_when_load_ok",
                            "file_only_always"
                        ],
                        "mandatory": false,
                        "modifiable": false,
                        "name": "user_accounts_file_usage",
                        "type": "enum"
                    },
                    {
                        "description": "Custom version string to use",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "version_string",
                        "type": "string"
                    }
                ],
                "version": "V2.0.0"
            },
            "id": "readconnroute",
            "links": {
                "self": "http://localhost:8989/v1/modules/readconnroute/"
            },
            "type": "modules"
        },
        {
            "attributes": {
                "api": "router",
                "commands": [],
                "description": "A Read/Write splitting router for enhancement read scalability",
                "maturity": "GA",
                "module_type": "Router",
                "parameters": [
                    {
                        "default_value": "false",
                        "description": "Causal reads mode",
                        "enum_values": [
                            "false",
                            "off",
                            "0",
                            "true",
                            "on",
                            "1",
                            "none",
                            "local",
                            "global",
                            "fast_global",
                            "fast",
                            "universal"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "causal_reads",
                        "type": "enum"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Timeout for the slave synchronization",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "causal_reads_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": false,
                        "description": "Retry failed writes outside of transactions",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "delayed_retry",
                        "type": "bool"
                    },
                    {
                        "default_value": "10000ms",
                        "description": "Timeout for delayed_retry",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "delayed_retry_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": false,
                        "description": "Create connections only when needed",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "lazy_connect",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Use master for reads",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_accept_reads",
                        "type": "bool"
                    },
                    {
                        "default_value": "fail_instantly",
                        "description": "Master failure mode behavior",
                        "enum_values": [
                            "fail_instantly",
                            "fail_on_write",
                            "error_on_write"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_failure_mode",
                        "type": "enum"
                    },
                    {
                        "default_value": false,
                        "description": "Reconnect to master",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "master_reconnection",
                        "type": "bool"
                    },
                    {
                        "default_value": 255,
                        "description": "Maximum number of slave connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_slave_connections",
                        "type": "count"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Maximum allowed slave replication lag",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_slave_replication_lag",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": false,
                        "description": "Optimistically offload transactions to slaves",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "optimistic_trx",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Automatically retry failed reads outside of transactions",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "retry_failed_reads",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Reuse identical prepared statements inside the same connection",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "reuse_prepared_statements",
                        "type": "bool"
                    },
                    {
                        "default_value": 255,
                        "description": "Starting number of slave connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "slave_connections",
                        "type": "count"
                    },
                    {
                        "default_value": "LEAST_CURRENT_OPERATIONS",
                        "description": "Slave selection criteria",
                        "enum_values": [
                            "LEAST_GLOBAL_CONNECTIONS",
                            "LEAST_ROUTER_CONNECTIONS",
                            "LEAST_BEHIND_MASTER",
                            "LEAST_CURRENT_OPERATIONS",
                            "ADAPTIVE_ROUTING"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "slave_selection_criteria",
                        "type": "enum"
                    },
                    {
                        "default_value": false,
                        "description": "Lock connection to master after multi-statement query",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "strict_multi_stmt",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Lock connection to master after a stored procedure is executed",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "strict_sp_calls",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Retry failed transactions",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay",
                        "type": "bool"
                    },
                    {
                        "default_value": 5,
                        "description": "Maximum number of times to retry a transaction",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_attempts",
                        "type": "count"
                    },
                    {
                        "default_value": "full",
                        "description": "Type of checksum to calculate for results",
                        "enum_values": [
                            "full",
                            "result_only",
                            "no_insert_id"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_checksum",
                        "type": "enum"
                    },
                    {
                        "default_value": 1048576,
                        "description": "Maximum size of transaction to retry",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_max_size",
                        "type": "size"
                    },
                    {
                        "default_value": false,
                        "description": "Retry transaction on deadlock",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_retry_on_deadlock",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Retry transaction on checksum mismatch",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_retry_on_mismatch",
                        "type": "bool"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Timeout for transaction replay",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "transaction_replay_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "all",
                        "description": "Whether to route SQL variable modifications to all servers or only to the master",
                        "enum_values": [
                            "all",
                            "master"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "use_sql_variables_in",
                        "type": "enum"
                    },
                    {
                        "default_value": false,
                        "deprecated": true,
                        "description": "Retrieve users from all backend servers instead of only one",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "auth_all_servers",
                        "type": "bool"
                    },
                    {
                        "default_value": "300000ms",
                        "description": "How ofted idle connections are pinged",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "connection_keepalive",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Connection idle timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "connection_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": false,
                        "description": "Disable session command history",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "disable_sescmd_history",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Allow the root user to connect to this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "enable_root_user",
                        "type": "bool"
                    },
                    {
                        "default_value": "-1ms",
                        "description": "Put connections into pool after session has been idle for this long",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "idle_session_pool_time",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": true,
                        "description": "Match localhost to wildcard host",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "localhost_match_wildcard_host",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Log a warning when client authentication fails",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_auth_warnings",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log debug messages for this service (debug builds only)",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_debug",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log info messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_info",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log notice messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_notice",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Log warning messages for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "log_warning",
                        "type": "bool"
                    },
                    {
                        "default_value": 0,
                        "description": "Maximum number of connections",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_connections",
                        "type": "count"
                    },
                    {
                        "default_value": 50,
                        "description": "Session command history size",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "max_sescmd_history",
                        "type": "count"
                    },
                    {
                        "default_value": "60000ms",
                        "description": "How long a session can wait for a connection to become available",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "multiplex_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "default_value": "0ms",
                        "description": "Network write timeout",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "net_write_timeout",
                        "type": "duration",
                        "unit": "ms"
                    },
                    {
                        "description": "Password for the user used to retrieve database users",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "password",
                        "type": "password"
                    },
                    {
                        "default_value": true,
                        "description": "Prune old session command history if the limit is exceeded",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "prune_sescmd_history",
                        "type": "bool"
                    },
                    {
                        "default_value": "primary",
                        "description": "Service rank",
                        "enum_values": [
                            "primary",
                            "secondary"
                        ],
                        "mandatory": false,
                        "modifiable": true,
                        "name": "rank",
                        "type": "enum"
                    },
                    {
                        "default_value": -1,
                        "description": "Number of statements kept in memory",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "retain_last_statements",
                        "type": "int"
                    },
                    {
                        "default_value": false,
                        "description": "Enable session tracing for this service",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "session_trace",
                        "type": "bool"
                    },
                    {
                        "default_value": false,
                        "description": "Track session state using server responses",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "session_track_trx_state",
                        "type": "bool"
                    },
                    {
                        "default_value": true,
                        "description": "Strip escape characters from database names",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "strip_db_esc",
                        "type": "bool"
                    },
                    {
                        "description": "Username used to retrieve database users",
                        "mandatory": true,
                        "modifiable": true,
                        "name": "user",
                        "type": "string"
                    },
                    {
                        "description": "Load additional users from a file",
                        "mandatory": false,
                        "modifiable": false,
                        "name": "user_accounts_file",
                        "type": "path"
                    },
                    {
                        "default_value": "add_when_load_ok",
                        "description": "When and how the user accounts file is used",
                        "enum_values": [
                            "add_when_load_ok",
                            "file_only_always"
                        ],
                        "mandatory": false,
                        "modifiable": false,
                        "name": "user_accounts_file_usage",
                        "type": "enum"
                    },
                    {
                        "description": "Custom version string to use",
                        "mandatory": false,
                        "modifiable": true,
                        "name": "version_string",
                        "type": "string"
                    }
                ],
                "version": "V1.1.0"
            },
            "id": "readwritesplit",
            "links": {
                "self": "http://localhost:8989/v1/modules/readwritesplit/"
            },
            "type": "modules"
        }
    ],
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/"
    }
}

{
    "links": {
        "self": "http://localhost:8989/v1/maxscale/modules/mariadbmon/reset-replication"
    },
    "meta": [ // Output of module command (module dependent)
        {
            "name": "value"
        }
    ]
}

{
    "data": {
        "attributes": {
            "canonical": "SELECT ?",
            "fields": [],
            "functions": [],
            "has_where_clause": false,
            "operation": "QUERY_OP_SELECT",
            "parse_result": "QC_QUERY_PARSED",
            "type_mask": "QUERY_TYPE_READ"
        },
        "id": "classify",
        "type": "classify"
    },
    "links": {
        "self": "http://localhost:8989/v1/maxscale/query_classifier/classify/"
    }
}

MariaDB MaxScale Configuration Guide

Introduction

This document describes how to configure MariaDB MaxScale and presents some possible usage scenarios. MariaDB MaxScale is designed with flexibility in mind, and consists of an event processing core with various support functions and plugin modules that tailor the behavior of the program.

Concepts

Glossary

Word

Description

Objects

Server

A server represents an individual database server to which a client can be connected via MariaDB MaxScale. The status of a server varies during the lifetime of the server and typically the status is updated by some monitor. However, it is also possible to update the status of a server manually.

Status

Description

For more information on how to manually set these states via MaxCtrl, read the .

Monitor

A monitor module is capable of monitoring the state of a particular kind of cluster and making that state available to the routers of MaxScale.

Examples of monitor modules are mariadbmon that is capable of monitoring a regular master-slave cluster and in addition of performing both switchover and failover, galeramon that is capable of monitoring a Galera cluster, and csmon that is capable of monitoring a Columnstore cluster.

Monitor modules have sections of their own in the MaxScale configuration file.

Filter

A filter module resides in front of routers in the request processing chain of MaxScale. That is, a filter will see a request before it reaches the router and before a response is sent back to the client. This allows filters to reject, handle, alter or log information about a request.

Examples of filters cache that provides query caching according to rules,regexfilter that can rewrite requests according to regular expressions, andqlafilter that logs information about requests.

Filters have sections of their own in the MaxScale configuration file that are referred to from services.

Router

A router module is capable of routing requests to backend servers according to the characteristics of a request and/or the algorithm the router implements. Examples of routers are readconnroute that provides connection &#xNAN;routing, that is, the server is chosen according to specified rules when the session is created and all requests are subsequently routed to that server, and readwritesplit that provides statement routing, that is, each individual request is routed to the most appropriate server.

Routers do not have sections of their own in the MaxScale configuration file, but are referred to from services.

Service

A service abstracts a set of databases and makes them appear as a single one to the client. Depending on what router (e.g. readconnroute orreadwritesplit) the service uses, the servers are used in some particular way. If the service uses filters, then all requests will be pre-processed in some way before they reach the router.

Services have sections of their own in the MaxScale configuration file.

Listener

A listener defines a port MaxScale listens on. Connection requests arriving on that port will be forwarded to the service the listener is associated with. A listener may be associated with a single service, but several listeners may be associated with the same service.

Listeners have sections of their own in the MaxScale configuration file.

Administration

The administation of MaxScale can be divided in two parts:

Writing the MaxScale configuration file, which is described in the following .
Performing runtime modifications using

For detailed information about MaxCtrl please refer to the specific documentation referred to above. In the following it will only be explained how MaxCtrl relate to each other, as far as user credentials go.

Note: By default all runtime configuration changes are saved on disk and loaded on startup. Refer to the section for more details on how it works and how to disable it.

MaxCtrl can connect using TCP/IP sockets. When connecting with MaxCtrl using TCP/IP sockets, the user and password must be provided and are checked against a separate user credentials database. By default, that database contains the useradmin whose password is mariadb.

Note that if MaxCtrl is invoked without explicitly providing a user and password then it will by default use admin and mariadb. That means that when the default user is removed, the credentials must always be provded.

Static Configuration Parameters

The following list of global configuration parameters can NOT be changed at runtime and can only be defined in a configuration file:

admin_auth
admin_enabled
admin_gui
admin_host

All other parameters that relate to objects can be altered at runtime or can be changed by destroying and recreating the object in question.

Configuration

MaxScale by default reads configuration from the file /etc/maxscale.cnf. If the command line argument --configdir=<path> is given, maxscale.cnf is searched for in <path> instead. If the argument --config=<file> is given, configuration is read from the file <file>.

MaxScale also looks for a directory with the same name as the configuration file, followed by ".d" (for example /etc/maxscale.cnf.d). If found, MaxScale recursively reads all files with the ".cnf" suffix in the directory hierarchy. Other files are ignored.

After loading normal configuration files, MaxScale reads runtime-generated configuration files, if any, from the .

Different configuration sections can be arranged with little restrictions. Global path settings such as logdir, piddir and datadir are only read from the main configuration file. Other global settings are also best left in the main file to ensure they are read before other configuration sections are parsed.

The configuration file format used is , similar to the MariaDB Server. The files contain sections and each section can contain multiple key-value pairs.

Comments are defined by prefixing a row with a hash (#). Trailing comments are not supported.

A parameter can be defined on multiple lines as shown below. A value spread over multiple lines is simply concatenated. The additional lines of the value definition need to have at least one whitespace character in the beginning.

Names

Section names may not contain whitespace and must not start with the characters@@.

As the object names are used to form URLs in the MaxScale REST API, they must be safe for use in URLs. This means that only alphanumeric characters (i.e. a-zA-Z and 0-9) and the special characters _.~- can be used.

Dynamic Configuration

By default all changes done at runtime via the MaxScale GUI, MaxCtrl or the REST API will be saved on disk, inside the directory. The changes done at runtime will override the configuration found in the static configuration files for that particular object.

This means that if an object that is found in /etc/maxscale.cnf is modified at runtime, all future changes to it must also be done at runtime. Any modifications done to /etc/maxscale.cnf after a runtime change has been made are ignored for that object.

To prevent the saving of runtime changes and to make all runtime changes volatile, add and under the [maxscale] section. This will make MaxScale behave like the MariaDB server does: any changes done with SET GLOBAL statements are lost if the process is restarted.

Special Parameter Types

Booleans

Boolean type parameters interpret the values true, yes, on and 1 as_true_ values and false, no, off and 0 as false values. The REST API only accepts JSON boolean values for boolean type parameters.

Sizes

Where specifically noted, a number denoting a size can be suffixed by a subset of the IEC binary prefixes or the SI prefixes. In the former case the number will be interpreted as a certain multiple of 1024 and in the latter case as a certain multiple of 1000. The supported IEC binary suffixes are Ki, Mi, Gi and Ti and the supported SI suffixes are k, M, G and T. In both cases, the matching is case insensitive.

For instance, the following entries

are equivalent, as are the following

Durations

A number denoting a duration can be suffixed by one of the case-insensitive suffixes h, m or min, s and ms, for specifying durations in hours, minutes, seconds and milliseconds, respectively.

For instance, the following entries

are equivalent.

Note that if an explicit unit is not specified, then it is specific to the configuration parameter whether the duration is interpreted as seconds or milliseconds.

Not providing an explicit unit has been deprecated in MaxScale 2.4.

Regular Expressions

Many modules have settings which accept a regular expression. In most cases, these settings are named either match or exclude, and are used to filter users or queries. MaxScale uses the for matching regular expressions.

When writing a regular expression (regex) type parameter to a MaxScale configuration file, the pattern string should be enclosed in slashes e.g. ^select -> match=/^select/. This clarifies where the pattern begins and ends, even if it includes whitespace. Without slashes the configuration loader trims the pattern from the ends. The slashes are removed before compiling the pattern. For backwards compatibility, the slashes are not yet mandatory. Omitting them is, however, deprecated and will be rejected in a future release of MaxScale. Currently, binlogfilter, ccrfilter, qlafilter, tee and avrorouter accept parameters in this type of regular expression form. Some other modules may not handle the slashes yet correctly.

PCRE2 supports a complicated regular expression . MaxScale typically uses regular expressions simply, only checking whether the pattern and subject match at some point. For example, using the QLAFilter and setting match=/SELECT/ causes the filter to accept any query with the text "SELECT" somewhere within. To force the pattern to only match at the beginning of the query, set match=/^SELECT/. To only match the end, setmatch=/SELECT$/.

Modules which accept regular expression parameters also often accept options which affect how the patterns are compiled. Typically, this setting is called options and accepts values such as ignorecase, case and extended.

ignorecase: Causes the regular expression matcher to ignore letter case, and is often on by default. When enabled, /SELECT/ would match both SELECT andselect.
extended: Ignores whitespace and # comments in the pattern. Note that this is not the same as the extended regular expression syntax that for examplegrep -E uses.

These settings can also be defined in the pattern itself, so they can be used even in modules without pattern compilation settings. The pattern settings are (?i) for ignorecase and (?x) for extended. See the for more information.

Standard regular expression settings for filters

Many filters use the settings match, exclude and options. Since these settings are used in a similar way across these filters, the settings are explained here. The documentation of the filters link here and describe any exceptions to this generalized explanation.

These settings typically limit the queries the filter module acts on. match and_exclude_ define PCRE2 regular expression patterns while options affects how both of the patterns are compiled. options works as explained above, accepting the valuesignorecase, case and extended, with ignorecase being the default.

The queries are matched as they arrive to the filter on their way to a routing module. If_match_ is defined, the filter only acts on queries matching that pattern. If match is not defined, all queries are considered to match.

If exclude is defined, the filter only acts on queries not matching that pattern. If_exclude_ is not defined, nothing is excluded.

If both are defined, the query needs to match match but not match exclude.

Even if a filter does not act on a query, the query is not lost. The query is simply passed on to the next module in the processing chain as if the filter was not there.

Enumerations

Enumeration type parameters have a pre-defined set of accepted values. For types declared as enum, only one value is accepted. For enum_mask types, multiple values can be defined by separating them with commas. All enumeration values in MaxScale are case-sensitive.

For example the router_options parameter in the readconnroute router is a mask type enumeration:

Path Lists

A pathlist type parameter expects one or more filesystem paths separated by colons. The value must not include space between the separators.

Here is an example path list parameter that points to /tmp/something.log and/var/log/maxscale/maxscale.log:

Global Settings

The global settings, in a section named [MaxScale], allow various parameters that affect MariaDB MaxScale as a whole to be tuned. This section must be defined in the root configuration file which by default is /etc/maxscale.cnf.

`auto_tune`

Type: string list
Values: all or list of auto tunable parameters, separated by ,
Default: No
Mandatory: No

An auto tunable parameter is a parameter whose value can be derived from a particular server variable. With this parameter it can be specified whetherall or a specific set of parameters should automatically be set.

The current auto tunable parameters are:

MaxScale Parameter

Server Variable Dependency

The values of the server variables are collected by monitors, which means that if the servers of a service are not monitored by a monitor, then the parameters of that service will not be auto tuned.

Note that even if auto_tune is set to all, the auto tunable parameters can still be set in the configuration file and modified with maxctrl. However, the specified value will be overwritten at the next auto tuning round, but only if the servers of the service are monitored by a monitor.

`threads`

Type: number or auto
Mandatory: No
Dynamic: No
Default: auto

This parameter controls the number of worker threads that are handling the events coming from the kernel. The default is auto which uses as many threads as there are CPU cores. MaxScale versions older than 6 used one thread by default.

You can explicitly enable automatic configuration of this value by setting the value to auto. This way MariaDB MaxScale will detect the number of available processors and set the amount of threads to be equal to that number.

Note that if MaxScale is running in a container where the CPU resources have been limited, the use of auto may cause MaxScale to use more resources than what is available. In such a situation auto should not be used, but instead an explicit number that corresponds to the amount of CPU resources available in the container. As a rule of thumb, an approiate value for threads is the_vCPU_ of the container rounded up to the nearest integer. For instance, if the vCPU of the container is 0.5 then 1 is an appropriate value forthreads, if the vCPU is 2.3 then 3 is.

The maximum value for threads is 256.

Additional threads will be created to execute other internal services within MariaDB MaxScale. This setting is used to configure the number of threads that will be used to manage the user connections.

`rebalance_period`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

This duration parameter controls how often the load of the worker threads should be checked. The default value is 0, which means that no checks and no rebalancing will be performed.

Note that the value of rebalance_period should not be smaller than the value of rebalance_window whose default value is 10.

If the value of rebalance_period is significantly shorter than that of rebalance_window, it may lead to oscillation where work is constantly moved from one thread to another.

`rebalance_threshold`

Type: number
Mandatory: No
Dynamic: Yes
Default: 20

This integer parameter controls at which point MaxScale should start moving work from one worker thread to another.

If the difference in load between the thread with the maximum load and the thread with the minimum load is larger than the value of this parameter, then work will be moved from the former to the latter.

Although the load of a thread can vary between 0 and 100, the value of this parameter must be between 5 and 100.

Note that rebalancing will not be performed unless rebalance_period has been specified.

`rebalance_window`

Type: number
Mandatory: No
Dynamic: Yes
Default: 10

This integer parameter controls how many seconds of load should be taken into account when deciding whether work should be moved from one thread to another.

The default value is 10, which means that the load during the last 10 seconds is considered when deciding whether work should be moved.

The minimum value is 1 and the maximum 60.

`skip_name_resolve`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This parameter controls whether reverse domain name lookups are made to convert client IP addresses to hostnames. If enabled, client IP addresses will not be resolved to hostnames during authentication or for the REST API even if requested.

If you have database users that use a hostname in the host part of the user (i.e. 'user'@'my-hostname.org'), a reverse lookup on the client IP address is done to see if it matches the host. Reverse DNS lookups can be very slow which is why it is recommended that they are disabled and that users are defined using an IP address.

`auth_connect_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

Duration, default 10s. This setting defines the connection timeout when attempting to fetch MariaDB/MySQL/Clustrix users from a backend server. The same value is also used for read and write timeouts. Increasing this value causes MaxScale to wait longer for a response from a server before user fetching fails. Other servers may then be attempted.

The value is given as . If no explicit unit is provided, the value is interpreted as seconds. In subsequent versions a value without a unit may be rejected. Since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected even if the given value is longer than a second.

`auth_read_timeout`

Deprecated and ignored as of MaxScale 2.5.0. See auth_connect_timeout above.

`auth_write_timeout`

Deprecated and ignored as of MaxScale 2.5.0. See auth_connect_timeout above.

`query_retries`

Type: number
Mandatory: No
Dynamic: No
Default: 1

The number of times an interrupted internal query will be retried. The default is to retry the query once. This feature was added in MaxScale 2.1.10 and was disabled by default until MaxScale 2.3.0.

An interrupted query is any query that is interrupted by a network error. Connection timeouts are included in network errors and thus is it advisable to make sure that the value of query_retry_timeout is set to an adequate value. Internal queries are only used to retrieve authentication data and monitor the servers.

`query_retry_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

The total timeout in seconds for any retried queries. The default value is 5 seconds.

An interrupted query is retried for either the configured amount of attempts or until the configured timeout is reached.

The value is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the timeout is seconds, a timeout specified in milliseconds will be rejected, even if the duration is longer than a second.

`passive`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Controls whether MaxScale is a passive node in a cluster of multiple MaxScale instances.

This parameter is intended to be used with multiple MaxScale instances that use failover functionality to manipulate the cluster in some form. Passive nodes only observe the clusters being monitored and take no direct actions.

The following functionality is disabled when passive mode is enabled:

Automatic failover in the mariadbmon module
Automatic rejoin in the mariadbmon module
Launching of monitor scripts

NOTE: Even if MaxScale is in passive mode, it will still accept clients and route any traffic sent to it. The only operations affected by the passive mode are the ones listed above.

`ms_timestamp`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Enable or disable the high precision timestamps in logfiles. Enabling this adds millisecond precision to all logfile timestamps.

`skip_permission_checks`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Skip service and monitor user permission checks. This is useful when you know the permissions are OK and you want to speed up the startup process.

It is recommended to not disable the permission checks so that any missing privileges are detected when maxscale is starting up. If you are experiencing a slow startup of MaxScale due to large amounts of connection timeouts when permissions are checked, disabling the permission checks could speed up the startup process.

`syslog`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Log messages to the system journal. This logs messages using the native SystemD journal interface. The logs can be viewed with journalctl.

MaxScale 22.08 changed the default value of syslog from true tofalse. This was done to remove the redundant logging that it caused as bothsyslog and maxlog were enabled by default. This caused each message to be logged twice: once into the system journal and once into MaxScale's own logfile.

`maxlog`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Log messages to MariaDB MaxScale's log file. The name of the log file ismaxscale.log and it is located in the directory pointed by .

`log_warning`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Log messages whose syslog priority is warning.

MaxScale logs warning level messages whenever a condition is encountered that the user should be notified of but does not require immediate action or it indicates a minor problem.

`log_notice`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Log messages whose syslog priority is notice.

These messages contain information that is helpful for the user and they usually do not indicate a problem. These are logged whenever something worth nothing happens in either MaxScale or in the servers it monitors.

`log_info`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Log messages whose syslog priority is info.

These messages provide detailed information about the internal workings of MariaDB MaxScale. These messages should only be enabled when there is a need to inspect the internal logic of MaxScale. A common use-case is to see why a particular query was handled in a certain way. Almost all modules log some messages on the info level and this can be very helpful when trying to solve routing related problems.

`log_debug`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Log messages whose syslog priority is debug.

These messages are intended for development purposes and are disabled by default. These are rarely useful outside of debugging core MaxScale issues.

Note: If MariaDB MaxScale has been built in release mode, then debug messages are excluded from the build and this setting will not have any effect. If an attempt to enable these is made, a warning is logged.

`log_warn_super_user`

Type:
Mandatory: No
Dynamic: No
Default: false

When enabled, a warning is logged whenever a client with SUPER-privilege successfully authenticates. This also applies to COM_CHANGE_USER-commands. The setting is intended for diagnosing situations where a client interferes with a master server switchover. Super-users bypass the read_only-flag which switchover uses to block writes to the master.

`log_augmentation`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

Enable or disable the augmentation of messages. If this is enabled, then each logged message is appended with the name of the function where the message was logged. This is primarily for development purposes and hence is disabled by default.

To disable the augmentation use the value 0 and to enable it use the value 1.

`log_throttling`

Type: number, ,
Mandatory: No
Dynamic: Yes
Default: 10, 1000ms, 10000ms

It is possible that a particular error (or warning) is logged over and over again, if the cause for the error persistently remains. To prevent the log from flooding, it is possible to specify how many times a particular error may be logged within a time period, before the logging of that error is suppressed for a while.

In the example above, the logging of a particular error will be suppressed for 15 seconds if the error has been logged 8 times in 2 seconds.

The default is 10, 1000ms, 10000ms, which means that if the same error is logged 10 times in one second, the logging of that error is suppressed for the following 10 seconds.

Whenever an error message that is being throttled is logged within the triggering window (the second argument), the suppression window is extended. This continues until there is a pause in the messages that is longer than the triggering window.

For example, with the default configuration the messages must pause for at least one second in order for the throttling to eventually stop. This mechanism prevents long-lasting error conditions from slowly filling up the log with short bursts of messages.

To disable log throttling, add an entry with an empty value

or one where any of the integers is 0.

The durations can be specified as documented . If no explicit unit is provided, the value is interpreted as milliseconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected.

Note that notice, info and debug messages are never throttled.

`logdir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/log/maxscale

Set the directory where the logfiles are stored. The folder needs to be both readable and writable by the user running MariaDB MaxScale.

`datadir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/lib/maxscale

Set the directory where the data files used by MariaDB MaxScale are stored. Modules can write to this directory and for example the binlogrouter uses this folder as the default location for storing binary logs.

This is also the directory where the password encryption key is read from that is generated by maxkeys.

`secretsdir`

Type: path
Mandatory: No
Dynamic: No
Default: ""

The location where the .secrets file is read from. If secretsdir is not defined, the file is read from .

This parameter was added in MaxScale 6.4.16, 22.08.13, 23.02.10, 23.08.6 and 24.02.2.

`libdir`

Type: path
Mandatory: No
Dynamic: No
Default: OS Dependent

Set the directory where MariaDB MaxScale looks for modules. The library directory is the only directory that MariaDB MaxScale uses when it searches for modules. If you have custom modules for MariaDB MaxScale, make sure you have them in this folder.

The default value depends on the operating system. For RHEL versions the value is /usr/lib64/maxscale/. For Debian and Ubuntu it is/usr/lib/x86_64-linux-gnu/maxscale/

`sharedir`

Type: path
Mandatory: No
Dynamic: No
Default: /usr/share/maxscale

Sets the directory where static data assets are loaded.

The MaxScale GUI static files are located in the gui/ subdirectory. If the GUI files have been manually moved somewhere else, this path must be configured to point to the parent directory of the gui/ subdirectory.

The MaxScale REST API only serves files for the GUI that are located in thegui/ subdirectory of the configured sharedir. Any files whose real path resolves to outside of this directory are not served by the MaxScale GUI: this is done to prevent other files from being accessible via the MaxScale REST API. This means that path to the GUI source directory can contain symbolic links but all parts after the /gui/ directory must reside inside it.

`cachedir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/cache/maxscale

Configure the directory MariaDB MaxScale uses to store cached data.

`piddir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/run/maxscale

Configure the directory for the PID file for MariaDB MaxScale. This file contains the Process ID for the running MariaDB MaxScale process.

`execdir`

Type: path
Mandatory: No
Dynamic: No
Default: /usr/bin

Configure the directory where the executable files reside. All internal processes which are launched will use this directory to look for executable files.

`connector_plugindir`

Type: path
Mandatory: No
Dynamic: No
Default: OS Dependent

Location of the MariaDB Connector-C plugin directory. The MariaDB Connector-C used in MaxScale can use this directory to load authentication plugins. The versions of the plugins must be binary compatible with the connector version that MaxScale was built with.

Starting with version 6.2.0, the plugins are bundled with MaxScale and the default value now points to the bundled plugins. The location where the plugins are stored depends on the operating system. For RHEL versions the value is/usr/lib64/maxscale/plugin/. For Debian and Ubuntu it is/usr/lib/x86_64-linux-gnu/maxscale/plugin/.

Older versions of MaxScale used /usr/lib/mysql/plugin/ as the default value.

`persistdir`

Type: path
Mandatory: No
Dynamic: No
Default: /var/lib/maxscale/maxscale.cnf.d/

Configure the directory where persisted configurations are stored. When a new object is created via MaxCtrl, it will be stored in this directory. Do not use this directory for normal configuration files, use /etc/maxscale.cnf.d/ instead. The user MaxScale is running as must be able to write into this directory.

`module_configdir`

Type: path
Mandatory: No
Dynamic: No
Default: /etc/maxscale.modules.d/

Configure the directory where module configurations are stored. Path arguments are resolved relative to this directory. This directory should be used to store module specific configurations.

Any configuration parameter that is not an absolute path will be interpreted as a relative path. The relative paths use the module configuration directory as the working directory.

For example, the configuration parameter file=my_file.txt would be interpreted as /etc/maxscale.modules.d/my_file.txt whereas file=/home/user/my_file.txt would be interpreted as /home/user/my_file.txt.

`language`

Type: path
Mandatory: No
Dynamic: No
Default: /var/lib/maxscale/

Set the folder where the errmsg.sys file is located in. MariaDB MaxScale will look for the errmsg.sys file installed with MariaDB MaxScale from this folder.

`query_classifier`

Type: string
Mandatory: No
Dynamic: No
Default: qc_sqlite

The module used by MariaDB MaxScale for query classification. The information provided by this module is used by MariaDB MaxScale when deciding where a particular statement should be sent. The default query classifier is_qc_sqlite_.

`query_classifier_cache_size`

Type:
Mandatory: No
Dynamic: Yes
Default: System Dependent

Specifies the maximum size of the query classifier cache. The default limit is 15% of total system memory starting with MaxScale 2.3.7. In older versions the default limit was 40% of total system memory. This feature was added in MaxScale 2.3.0.

When the query classifier cache has been enabled, MaxScale will, after a statement has been parsed, store the classification result using the canonicalized version of the statement as the key.

If the classification result for a statement is needed, MaxScale will first canonicalize the statement and check whether the result can be found in the cache. If it can, the statement will not be parsed at all but the cached result is used.

The configuration parameter takes one integer that specifies the maximum size of the cache. The size of the cache can be specifed as explained .

Note that MaxScale uses a separate cache for each worker thread. To obtain the amount of memory available for each thread, divide the cache size with the value of threads. If statements are evicted from the cache (visible in the diagnostic output), consider increasing the cache size.

Note also that limit is not a hard limit, but an approximate one. Namely, although the memory needed for storing the canonicalized statement and the classification result is correctly accounted for, there is additional overhead whose size is not exactly known and over which we do not have direct control.

Using maxctrl show threads it is possible to check what the actual size of the cache is and to see performance statistics.

Key

Meaning

`query_classifier_args`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Arguments for the query classifier. What arguments are accepted depends on the particular query classifier being used. The default query classifier -qc_sqlite - supports the following arguments:

log_unrecognized_statements

An integer argument taking the following values:

0: Nothing is logged. This is the default.
1: Statements that cannot be parsed completely are logged. They may have been partially parsed, or classified based on keyword matching.
2: Statements that cannot even be partially parsed are logged. They may have been classified based on keyword matching.
3: Statements that cannot even be classified by keyword matching are logged.

This will log all statements that cannot be parsed completely. This may be useful if you suspect that MariaDB MaxScale routes statements to the wrong server (e.g. to a slave instead of to a master).

`substitute_variables`

Type:
Mandatory: No
Dynamic: No
Default: false

Enable or disable the substitution of environment variables in the MaxScale configuration file. If the substitution of variables is enabled and a configuration line like

is encountered, then $SOME_VALUE will be replaced with the actual value of the environment variable SOME_VALUE. Note:Variable substitution will be made only if '$' is the first character &#xNAN;of the value. Everything following '$' is interpreted as the name of the environment variable.

Referring to a non-existing environment variable is a fatal error.

The setting of substitute_variables will have an effect on all parameters in the all other sections, irrespective of where the [maxscale] section is placed in the configuration file. However, in the [maxscale] section, to ensure that substitution will take place, place thesubstitute_variables=true line first.

`sql_mode`

Type:
Mandatory: No
Dynamic: No
Values: default, oracle

Specifies whether the query classifier parser should initially expect MariaDB or PL/SQL kind of SQL.

The allowed values are:default: The parser expects regular MariaDB SQL.oracle : The parser expects PL/SQL.

NOTE If sql_mode is set to oracle, then MaxScale will also assume that autocommit initially is off.

At runtime, MariaDB MaxScale will recognize statements like

and

and change mode accordingly.

NOTE If set sql_mode=oracle; is encountered, then MaxScale will also behave as if autocommit had been turned off and conversely, ifset sql_mode=default; is encountered, then MaxScale will also behave as if autocommit had been turned on.

Note that MariaDB MaxScale is not explicitly aware of the sql mode of the server, so the value of sql_mode should reflect the sql mode used when the server is started.

`local_address`

Type: string
Mandatory: No
Dynamic: No
Default: ""

What specific local address/interface to use when connecting to servers.

This can be used for ensuring that MaxScale uses a particular interface when connecting to servers, in case the computer MaxScale is running on has multiple interfaces.

`users_refresh_time`

Type:
Mandatory: No
Dynamic: Yes
Default: 30s

How often, in seconds, MaxScale at most may refresh the users from the backend server.

MaxScale will at startup load the users from the backend server, but if the authentication of a user fails, MaxScale assumes it is because a new user has been created and will thus refresh the users. By default, MaxScale will do that at most once per 30 seconds and with this configuration option that can be changed. A value of 0 allows infinite refreshes and a negative value disables the refreshing entirely.

In MaxScale 2.3.9 and older versions, the minimum allowed value was 10 seconds but, due to a bug, the default value was 0 which allowed infinite refreshes.

`users_refresh_interval`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

How often, in seconds, MaxScale will automatically refresh the users from the backend server.

This configuration is used to periodically refresh the backend users, making sure they are up to date. The default value for this setting is 0, meaning the users are not periodically refreshed. However, they can still be refreshed in case of failed authentication depending on users_refresh_time.

`retain_last_statements`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

How many statements MaxScale should store for each session. This is for debugging purposes, as in case of problems it is often of value to be able to find out exactly what statements were sent before a particular problem turned up.

Note: See also dump_last_statements using which the actual dumping of the statements is enabled. Unless both of the parameters are defined, the statement dumping mechanism doesn't work.

`dump_last_statements`

Type:
Mandatory: No
Dynamic: Yes
Values: on_close, on_error, never

With this configuration item it is specified in what circumstances MaxScale should dump the last statements that a client sent. The allowed values arenever, on_error and on_close. With never the statements are never logged, with on_error they are logged if the client closes the connection improperly, and with on_close they are always logged when a client session is closed.

Note that you need to specify with retain_last_statements how many statements MaxScale should retain for each session. Unless it has been set to another value than 0, this configuration setting will not have an effect.

`session_trace`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

How many log entries are stored in the session specific trace log. This log is written to disk when a session ends abnormally and can be used for debugging purposes. Currently the session trace log is written to the log in the following situations:

When MaxScale receives a fatal signal and is about to crash.
Whenever an unexpected response is read from a server
If the session is not closed gracefully (i.e. client doesn't send a COM_QUIT packet)
Whenever readwritesplit receives a responce that is was not expecting.

It would be good to enable this if a session is disconnected and the log is not detailed enough. In this case the info log might reveal the true cause of why the connection was closed.

Default is 0.

The session trace log is also exposed by REST API and is shown withmaxctrl show sessions.

The order in which the session trace messages are logged into the log changed in MaxScale 6.4.9 (MXS-4716). Newer versions will log the messages in the "normal log order" of older events coming first and newer events appearing later in the file. Older versions of MaxScale logged the trace dump in the reverse order with the newest messages first and oldest ones last.

`session_trace_match`

Type:
Mandatory: No
Dynamic: Yes
Default: None

If both session_trace and session_trace_match are defined, and a trace log entry of a session matches the regular expression, the trace log is written to disk. The check for the match is done when the session is stopping.

The most effective way to debug MaxScale related issues is to turn on log_info and observe the events written into the MaxScale log. The only problem with this approach is that it can cause a severe performance bottleneck and can easily fill up the disk as the amount of data written to it is significant. Withsession_trace and session_trace_match, the content that actually gets logged can be filtered to only what is needed.

For example, the following configuration would only log the trace log messages from sessions that execute SQL queries with syntax errors:

This could be used to easily identify which applications execute the queries without having to gather the info level log output from all the sessions that connect to MaxScale. For every session that ends up logging a syntax error message, the last 1000 lines of log output done by that session is written into the MaxScale log.

`writeq_high_water`

Type:
Mandatory: No
Dynamic: Yes
Default: 65536

High water mark for network write buffer. When the size of the outbound network buffer in MaxScale for a single connection exceeds this value, network traffic throtting for that connection is started. The parameter accepts . The default value was 16777216 bytes before 22.08.4.

More specifically, if the client side write queue is above this value, it will block traffic coming from backend servers. If the backend side write queue is above this value, it will block traffic from client.

The buffer that this parameter controls is the buffer internal to MaxScale and is not the kernel TCP send buffer. This means that the total amount of buffered data is determined by both the kernel TCP buffers and the value ofwriteq_high_water.

Network throttling is only enabled when both writeq_high_water andwriteq_low_water have a non-zero value. To disable throttling, set the value to 0.

`writeq_low_water`

Type:
Mandatory: No
Dynamic: Yes
Default: 1024

Low water mark for network write buffer. Once the traffic throttling is enabled, it will only be disabled when the network write buffer is belowwriteq_low_water bytes. The parameter accepts . The default value was 8192 bytes before 22.08.4.

The value of writeq_high_water must always be greater than the value ofwriteq_low_water.

Network throttling is only enabled when both writeq_high_water andwriteq_low_water have a non-zero value. To disable throttling, set the value to 0.

`persist_runtime_changes`

Type:
Default: true
Dynamic: No

Persist changes done at runtime. This parameter was added in MaxScale 22.08.0.

When persist_runtime_changes is enabled, runtime configuration changes done with the GUI, MaxCtrl or via the REST API cause a new configuration file to be saved in /var/lib/maxscale/maxscale.cnf.d/. If load_persisted_configs is enabled, these files will be applied on top of any existing values found in static configuration files whenever MaxScale is starting up.

`load_persisted_configs`

Type:
Mandatory: No
Dynamic: No
Default: true

Load persisted runtime changes on startup. This parameter was added in MaxScale 2.3.6.

All runtime configuration changes are persisted in generated configuration files located by default in /var/lib/maxscale/maxscale.cnf.d/ and are loaded on startup after main configuration files have been read. To make runtime configurations volatile (i.e. they are lost when maxscale is restarted), useload_persisted_configs=false. All changes are still persisted since it stores the current runtime state of MaxScale. This makes problem analysis easier if an unexpected outage happens.

`max_auth_errors_until_block`

Type: number
Mandatory: No
Dynamic: Yes
Default: 10

The maximum number of authentication failures that are tolerated before a host is temporarily blocked. The default value is 10 failures. After a host is blocked, connections from it are rejected for 60 seconds. To disable this feature, set the value to 0.

Note that the configured value is not a hard limit. The number of tolerated failures is between max_auth_errors_until_block and threads * max_auth_errors_until_block where max_auth_errors_until_block is the configured value of this parameter and threads is the number of configured threads.

`debug`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Define debug options from the --debug command line option. Either the command line option or the parameter should be used, not both. The debug options are only for testing purposes and are not to be used in production.

REST API Configuration

The MaxScale REST API is an HTTP interface that provides JSON format data intended to be consumed by monitoring appllications and visualization tools.

The following options must be defined under the [maxscale] section in the configuration file.

`admin_host`

Type: string
Mandatory: No
Dynamic: No
Default: "127.0.0.1"

The network interface where the REST API listens on. The default value is the IPv4 address 127.0.0.1 which only listens for local connections.

`admin_port`

Type: number
Mandatory: No
Dynamic: No
Default: 8989

The port where the REST API listens on. The default value is port 8989.

`admin_auth`

Type:
Mandatory: No
Dynamic: No
Default: true

Enable REST API authentication using HTTP Basic Access authentication. This is not a secure method of authentication without HTTPS but it does add a small layer of security.

For more information, read the .

`admin_ssl_key`

Type: path
Mandatory: No
Dynamic: No
Default: ""

The path to the TLS private key in PEM format for the admin interface.

If the admin_ssl_key and admin_ssl_cert options are all defined, the admin interface will use encrypted HTTPS instead of plain HTTP.

The REST-API only supports PKCS#8 PEM private keys and using a PKCS#1 PEM private key will result in an error. If your private key is in PKCS#1 PEM format, convert it to PKCS#8 PEM format first before starting up MaxScale.

`admin_ssl_cert`

Type: path
Mandatory: No
Dynamic: No
Default: ""

The path to the TLS public certificate in PEM format. See admin_ssl_key documentation for more details.

`admin_ssl_ca_cert`

Deprecated since MariaDB MaxScale 22.08. See admin_ssl_ca.

`admin_ssl_ca`

Type: path
Mandatory: No
Dynamic: No
Default: ""

The path to the TLS CA certificate in PEM format. If defined, the client certificate, if provided, will be validated against it. This parameter is optional starting with MaxScale 2.3.19.

NOTE Up until MariaDB MaxScale 6, the parameter was called admin_ssl_ca_cert, which is still accepted as an alias for admin_ssl_ca.

`admin_ssl_version`

Type:
Mandatory: No
Dynamic: No
Values: MAX, TLSv1.0, TLSv1.1

This parameter controls the enabled TLS versions in the REST API. Accepted values are:

TLSv10
TLSv11
TLSv12
TLSv13

MaxScale versions 6.4.16, 22.08.13, 23.02.10, 23.08.6, 24.02.2 and all newer releases accept also the following alias values:

TLSv1.0
TLSv1.1
TLSv1.2
TLSv1.3

The default value is MAX which negotiates the highest level of encryption that both the client and server support. The list of supported TLS versions depends on the operating system and what TLS versions the GnuTLS library supports.

For example, to enable only TLSv1.1 and TLSv1.3, useadmin_ssl_version=TLSv1.1,TLSv1.3.

This parameter was added in MaxScale 2.5.7.

Older versions of MaxScale interpreted admin_ssl_version as the minimum allowed TLS version. In those versions, admin_ssl_version=TLSv1.2 allowed both TLSv1.2 and TLSv1.3. In MaxScale 6.4.16, 22.08.13, 23.02.10, 23.08.6, 24.02.2 and all newer versions, the value is a enumeration of accepted TLS protocol versions. In these versions, admin_ssl_version=TLSv1.2 only allows TLSv1.2. To retain the old behavior, specify all the accepted values withadmin_ssl_version=TLSv1.2,TLSv1.3

`admin_enabled`

Type:
Mandatory: No
Dynamic: No
Default: true

Enable or disable the admin interface. This allows the admin interface to be completely disabled to prevent access to it.

`admin_gui`

Type:
Mandatory: No
Dynamic: No
Default: true

Enable or disable the admin graphical user interface.

MaxScale provides a GUI for administrative operations via the REST API. When the GUI is enabled, the root REST API resource (i.e. http://localhost:8989/) will serve the GUI. When disabled, the REST API will respond with a 200 OK to the request. By disabling the GUI, the root resource can be used as a low overhead health check.

`admin_secure_gui`

Type:
Mandatory: No
Dynamic: No
Default: true

Whether to serve the GUI only over secure HTTPS connections.

To be secure by default, the GUI is only served over HTTPS connections as it uses a token authentication scheme. This also controls whether the/auth endpoint requires an encrypted connection.

To allow use of the GUI without having to configure TLS certificates for the MaxScale REST API, set this parameter to false.

`admin_log_auth_failures`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Log authentication failures for the admin interface.

`admin_pam_readwrite_service/admin_pam_readonly_service`

Type: string
Mandatory: No
Dynamic: No
Default: ""

Use Pluggable Authentication Modules (PAM) for REST API authentication. The settings accept a PAM service name which is used during authentication if normal authentication fails. admin_pam_readwrite_service should accept users who can do any MaxCtrl/REST-API-operation. admin_pam_readonly_service should accept users who can only do read operations. Because REST-API does not support back and forth communication between the client and MaxScale, the PAM services must be simple. They should only ask for the password and nothing else.

If only admin_pam_readwrite_service is configured, both read and write operations can be authenticated by PAM. If only admin_pam_readonly_service is configured, only read operations can be authenticated by PAM. If both are set, the service used is determined by the requested operation. Leave or set both empty to disable PAM for REST-API.

`admin_jwt_algorithm`

Type:
Mandatory: No
Dynamic: No
Values: auto, HS256, HS384

The signature algorithm used by the MaxScale REST API when generating JSON Web Tokens.

For more information about the tokens and how they work, refer to .

If a symmetric algorithm is used (i.e. HS256, HS384 or HS512), MaxScale will generate a random encryption key on startup and use that to sign the messages. The symmetric key can also be retrieved from an if the admin_jwt_key parameter is defined.

If an asymmetric algorithm (i.e. public key authentication) is used, both theadmin_ssl_cert and admin_ssl_key parameters must be defined and they must contain a private key and a public certificate of the correct type. If the wrong key type, key length or elliptic curve is used, MaxScale will refuse to start.

Asymmetric key algorithms make it possible for the clients of the REST API to validate that the token was indeed generated by the correct entity.

Symmetric algorithms make it easy to share the same tokens between multiple MaxScale instaces as the shared secret can be stored in a key management system.

The possible values for this parameter are:

auto
MaxScale will attempt to detect the best algorithm to use for signatures. The algorithm used depends on the private key type: RSA keys usePS256, EC keys use the ES256, ES384 or ES512 depending on the curve, Ed25519 keys use ED25519 and Ed448 keys uses ED448. If MaxScale cannot auto-detect the key type, it falls back to HS256

`admin_jwt_key`

Type: string
Mandatory: No
Dynamic: No
Default: ""

The ID for the encryption key used to sign the JSON Web Tokens. If configured, an must also be configured and it must contain the key with the given ID. If no key is defined, MaxScale will use a random encryption key whenever a symmetric signature algorithm is used.

Currently, the encryption key is only read on startup. This means that the tokens will be signed by the latest key version that is available on startup: rotating the encryption key in the key management system will not cause the JWTs to be signed with newer versions of the key.

`admin_oidc_url`

Type: string
Mandatory: No
Dynamic: Yes
Default: ""

The URL to a OpenID Connect server that is used for JWT validation.

If defined, any tokens signed by this server are accepted as valid bearer tokens for the MaxScale REST API. The "sub" field of the token is assumed to be the username of an administrative user in MaxScale and the "account" claim is assumed to be the type of the user: "admin" for administrative users with full access to the REST-API and "basic" for users with read-only access to the REST-API. This means that all users must be first created with maxctrl create user before the tokens are accepted if the OIDC provider is not able to add the"account" claim.

Modifying admin_oidc_url will cause the certificates to be fetched again. They are also fetched when the maxctrl reload tls command is executed or when the admin_ssl_cert and admin_ssl_key settings are modified.

MaxScale versions 22.08.16 and earlier only fetched the new certificates when the maxctrl reload tls command was executed.

`admin_verify_url`

Type: string
Mandatory: No
Dynamic: No
Default: ""

URL to a server to which the REST API token verification is delegated.

If the URL is defined, any tokens passed to the REST API will be validated by doing a GET request to the URL with the client's token as a bearer token. TheReferer header of the request is set to the URL being requested by the client and the custom X-Referrer-Method header is set to the HTTP method being used (PUT, GET etc.).

Note: When admin_verify_url is used and the remote server cannot be accessed, all REST API access that uses tokens will be disabled. The only way to use the REST API with tokens is to remove admin_verify_url from the configuration which requires restarting MaxScale. The REST API still accepts HTTP Basic Access authentication even if the remote server cannot be reached.

By delegating the authentication and authorization of the REST API to an external server, users can implement custom access control systems for the MaxScale REST API.

`config_sync_cluster`

Type: monitor
Mandatory: No
Dynamic: Yes
Default: None

This parameter controls which cluster (i.e. monitor) is used to synchronize configuration changes between MaxScale instances. The first server labeledMaster will be used for the synchronization.

By default configuration synchronization is not enabled and it must be explicitly enabled by defining a monitor name for config_sync_cluster.

When config_sync_cluster is defined, config_sync_user andconfig_sync_password must also be defined.

For a detailed description of this feature, refer to the section.

`config_sync_user`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

The username for the account that is used to synchronize configuration changes across MaxScale instances. Both this parameter and config_sync_password are required if config_sync_cluster is configured.

This account must have the following grants:

The mysql.maxscale_config table can be pre-created in which case the CREATE grant is not needed by the user configured in config_sync_user. The following SQL is used to create the table.

If the database where the table is created is changed with config_sync_db, the grants must be adjusted to target that database instead.

`config_sync_password`

Type: password
Mandatory: No
Dynamic: Yes
Default: None

The password for config_sync_user. Both this parameter and config_sync_user are required if config_sync_cluster is configured. This password can optionally be encrypted using maxpasswd.

`config_sync_db`

Type: string
Mandatory: No
Dynamic: No
Default: mysql

The database where the maxscale_config table is created. By default the table is created in the mysql database. This parameter was added in MaxScale versions 6.4.6 and 22.08.5.

As tables in the mysql database cannot have triggers on them, the database must be changed to a user-created one in order to create triggers on the table. An example use-case for triggers on this table is to track all configuration changes done to MaxScale by inserting them into a separate table.

`config_sync_interval`

Type:
Mandatory: No
Dynamic: Yes
Default: 5s

How often to synchronize the configuration with the cluster.

As the synchronization involves selecting the configuration version from the database, this value should not be set to an unreasonably low value. The default value of 5 second should provide a good compromise between responsiveness and how much load it places on the database.

`config_sync_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 10s

Timeout for all SQL operations done during the configuration synchronization. If an operation exceeds this timeout, the configuration change is treated as failed and an error is reported to the client that did the change.

`key_manager`

Type:
Dynamic: Yes
Values: none, file, kmip, vault

The encryption key manager to use. The available encryption key managers are:

none - No key manager, encryption keys are not available.
file -
kmip -

Refer to the section for more information on how to configure the key managers. The key managers each have their configuration in their own namespace and must have their name as a prefix.

For example to configure the file key manager, the following must be used:

Events

MaxScale logs warnings and errors for various reasons and often it is self- evident and generally applicable whether some occurence should warrant a warning or an error, or perhaps just an info-level message.

However, there are events whose seriousness is not self-evident. For instance, in some environments an authentication failure may simply indicate that someone has made a typo, while in some other environment that can only happen in case there has been a security breech.

To handle events like these, MaxScale defines events whose logging facility and level can be controlled by the administrator. Given an eventX, its facility and level are controlled in the following manner:

The above means that if event X occurs, then that is logged using the facility LOG_LOCAL0 and the level LOG_ERR.

The valid values of facilityare the facility values reported byman syslog, e.g.LOG_AUTH,LOG_LOCAL0andLOG_USER. Likewise, the valid values forlevelare the ones also reported byman syslog, e.g.LOG_WARNING,LOG_ERRandLOG_CRIT`.

Note that MaxScale does not act upon the level, that is, even if the level of a particular event is defined to be LOG_EMERG, MaxScale will not shut down if that event occurs.

The default facility is LOG_USER and the default level is LOG_WARNING.

Note that you may also have to configure rsyslog to ensure that the event can be logged to the intended log file. For instance, if the facility is chosen to be LOG_AUTH, then /etc/rsyslog.conf should contain a line like

for the logged events to end up in /var/log/auth.log, where the initialauth is the relevant entry.

The available events are:

'authentication_failure'

This event occurs when there is an authentication failure.

Service

A service represents the database service that MariaDB MaxScale offers to the clients. In general a service consists of a set of backend database servers and a routing algorithm that determines how MariaDB MaxScale decides to send statements or route connections to those backend servers.

A service may be considered as a virtual database server that MariaDB MaxScale makes available to its clients.

Several different services may be defined using the same set of backend servers. For example a connection based routing service might be used by clients that already performed internal read/write splitting, whilst a different statement based router may be used by clients that are not written with this functionality in place. Both sets of applications could access the same data in the same databases.

A service is identified by a service name, which is the name of the configuration file section and a type parameter of service.

In order for MariaDB MaxScale to forward any requests it must have at least one service defined within the configuration file. The definition of a service alone is not enough to allow MariaDB MaxScale to forward requests however, the service is merely present to link together the other configuration elements.

`router`

Type: router
Mandatory: Yes
Dynamic: No

The router parameter of a service defines the name of the router module that will be used to implement the routing algorithm between the client of MariaDB MaxScale and the backend databases. Additionally routers may also be passed a comma separated list of options that are used to control the behavior of the routing algorithm. The two parameters that control the routing choice are router and router_options. The router options are specific to a particular router and are used to modify the behavior of the router. The read connection router can be passed options of master, slave or synced, an example of configuring a service to use this router and limiting the choice of servers to those in slave state would be as follows.

To change the router to connect on to servers in the master state as well as slave servers, the router options can be modified to include the master state.

A more complete description of router options and what is available for a given router is included with the documentation of the router itself.

`filters`

Type: filter list
Mandatory: No
Dynamic: Yes
Default: None

The filters option allow a set of filters to be defined for a service; requests from the client are passed through these filters before being sent to the router for dispatch to the backend server. The filters parameter takes one or more filter names, as defined within the filter definition section of the configuration file. Multiple filters are separated using the | character.

The requests pass through the filters from left to right in the order defined in the configuration parameter.

`targets`

Type: target list
Mandatory: No
Dynamic: Yes
Default: None

The targets parameter is a comma separated list of server and/or service names that comprise the routing targets of the service. This parameter was added in MaxScale 2.5.0.

This parameter allows nested service configurations to be defined without having to configure listeners for all services. For example, one use-case is to use multiple readwritesplit services behind a schemarouter service to have both the sharding of schemarouter with the high-availability of readwritesplit.

NOTE: The targets parameter is mutually exclusive with the cluster andservers parameters.

`servers`

Type: server list
Mandatory: No
Dynamic: Yes
Default: None

The servers parameter in a service definition provides a comma separated list of the backend servers that comprise the service. The server names are those used in the name section of a block with a type parameter of server (see below).

NOTE: The servers parameter is mutually exclusive with the cluster andtargets parameters.

`cluster`

Type: monitor
Mandatory: No
Dynamic: Yes
Default: None

The servers the service uses are defined by the monitor specified as value of this configuration parameter.

NOTE: The cluster parameter is mutually exclusive with the servers andtargets parameters.

`user`

Type: string
Mandatory: Yes
Dynamic: Yes

This setting defines the user the service uses to fetch user account information from backends. A password is specified using .

See for more information (such as required grants) and troubleshooting tips regarding user account management and client authentication.

`password`

Type: string
Mandatory: Yes
Dynamic: Yes

This settings defines the password the service uses to fetch user account information from backends. The password may be either a plain text password or an . The user is specified using .

See for more information (such as required grants) and troubleshooting tips regarding user account management and client authentication.

`enable_root_user`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This parameter controls the ability of the root user to connect to MariaDB MaxScale and hence onwards to the backend servers via MariaDB MaxScale.

`localhost_match_wildcard_host`

Deprecated and ignored.

`version_string`

Type: string
Mandatory: No
Dynamic: No
Default: None

This parameter sets a custom version string that is sent in the MySQL Handshake from MariaDB MaxScale to clients.

Example:

If not set, MaxScale will attempt to use a version string from the backend databases by selecting the version string of the database with the lowest version number. If the selected version is from the MariaDB 10 series, a 5.5.5- prefix will be added to it similarly to how the MariaDB 10 series versions added it.

If MaxScale has not been able to connect to a single database and the versions are unknown, the default value of 5.5.5-10.4.32 <MaxScale version>-maxscale is used where <MaxScale version> is the version of MaxScale.

`auth_all_servers`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This parameter controls whether only a single server or all of the servers are used when loading the users from the backend servers.

By default MaxScale uses the first server labeled as Master as the source of the authentication data. When this option is enabled, the authentication data is loaded from all the servers and combined into one big data set.

`strip_db_esc`

Type:
Mandatory: No
Dynamic: Yes
Default: true

This setting controls whether escape characters (\) are removed from database names when loading user grants from a backend server. When enabled, a grant such as grant select on test_.* to 'user'@'%'; is read as grant select on test_.* to 'user'@'%';

This setting has no effect on database-level grants fetched from a MariaDB Server. The database names of a MariaDB Server are compared using the LIKE operator to properly handle wildcards and escaped wildcards. This setting may affect database names in table and column level grants, although these typically do not contain backlashes.

Some visual database management tools automatically escape some characters and this might cause conflicts when MaxScale tries to authenticate users.

`log_auth_warnings`

Type:
Mandatory: No
Dynamic: Yes
Default: true

Enable or disable the logging of authentication failures and warnings. If enabled, messages about failed authentication attempts will be logged with details about who tried to connect to MariaDB MaxScale and from where.

`log_warning`

Type:
Mandatory: No
Dynamic: Yes
Default: false

When enabled, this allows a service to log warning messages even if the global log level configuration disables them.

Note that disabling the service level logging does not override the global logging configuration: with log_warning=false in the service andlog_warning=true globally, warnings will still be logged for all services.

`log_notice`

Type:
Mandatory: No
Dynamic: Yes
Default: false

When enabled, this allows a service to log notice messages even if the global log level configuration disables them.

`log_info`

Type:
Mandatory: No
Dynamic: Yes
Default: false

When enabled, this allows a service to log info messages even if the global log level configuration disables them.

`log_debug`

Type:
Mandatory: No
Dynamic: Yes
Default: false

When enabled, this allows a service to log debug messages even if the global log level configuration disables them.

Debug messages are only enabled for debug builds. Enabling log_debug in a release build does nothing.

`connection_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

The connection_timeout parameter is used to disconnect sessions to MariaDB MaxScale that have been idle for too long. The session timeouts are disabled by default. To enable them, define the timeout in seconds in the service's configuration section. A value of zero is interpreted as no timeout, the same as if the parameter is not defined.

This parameter only takes effect in top-level services. A top-level service is the service where the listener that the client connected to points (i.e. the value of service in the listener). If a service defines other services in itstargets parameter, the connection_timeout for those is not used.

The value of connection_timeout should be lower than the lowest wait_timeout value on the backend servers. This way idle clients are disconnected by MaxScale before the backend servers have to close them. Any client-side idle timeouts (e.g. maximum lifetime for connection pools) should be lower than bothconnection_timeout and wait_timeout. This way the client application will end up closing the connection itself which most of the time results in better and more helpful error messages.

Warning: If a connection is idle for longer than the configured connection timeout, it will be forcefully disconnected and a warning will be logged in the MaxScale log file.

In MaxScale versions 6.2.0 and older, if long-running operations (e.g. ALTER TABLE) were performed, MaxScale would close the connections if they look longer than connection_timeout seconds to execute (). In MaxScale 6.2.1 this has been fixed and the active operations are now correctly tracked.

Example:

`max_connections`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

The maximum number of simultaneous connections MaxScale should permit to this service. If the parameter is zero or is omitted, there is no limit. Any attempt to make more connections after the limit is reached will result in a "Too many connections" error being returned.

Warning: In MaxScale 2.5, it is possible that the number of concurrent connections temporarily exceeds the value of max_connections. This has been fixed in MaxScale 6.

Example:

`session_track_trx_state`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Enable transaction state tracking by offloading it to the backend servers. Getting the transaction state from the server will be more accurate for stored procedures or multi-statement SQL that modifies the transaction state non-atomically.

In general, it is better to avoid using this type of SQL as tracking the transaction state via the server responses is not compatible with features such as transaction_replay in readwritesplit. session_track_trx_state should only be enabled if the default transaction tracking done by MaxScale does not produce the desired outcome.

This is only supported by MariaDB versions 10.3 or newer. The following must be configured in the MariaDB server in order for this feature to work. Not configuring the MariaDB server with it can result in the transaction state being wrong in MaxScale which can result in data inconsistency.

`retain_last_statements`

Type: number
Mandatory: No
Dynamic: Yes
Default: -1

How many statements MaxScale should store for each session of this service. This overrides the value of the global setting with the same name. Ifretain_last_statements has been specified in the global section of the MaxScale configuration file, then if it has not been explicitly specified for the service, the global value holds, otherwise the service specific value rules. That is, it is possible to enable the setting globally and turn it off for a specific service, or just enable it for specific services.

The value of this parameter can be changed at runtime using maxctrl and the new value will take effect for sessions created thereafter.

`connection_keepalive`

Type:
Mandatory: No
Dynamic: Yes
Default: 300s

Keep idle connections alive by sending pings to backend servers. This feature was introduced in MaxScale 2.5.0 where it was changed from a readwritesplit-specific feature to a generic service feature. The default value for this parameter is 300 seconds. To disable this feature, set the value to 0.

The keepalive interval is specified as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.5. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the keepalive is seconds, a keepalive specified in milliseconds will be rejected, even if the duration is longer than a second.

The parameter value is the interval in seconds between each keepalive ping. A keepalive ping will be sent to a backend server if the connection has been idle for longer than the configured keepalive interval.

Starting with MaxScale 2.5.21 and 6.4.0, the keepalive pings are not sent if the client has been idle for longer than the configured value ofconnection_keepalive. Older versions of MaxScale sent the keepalive pings regardless of the client state.

If the value of connection_keepalive is changed at runtime, the change in the value takes effect immediately.

As the connection keepalive pings must be done only when there's no ongoing query, all requests and responses must be tracked by MaxScale. In the case ofreadconnroute, this will incur a small drop in performance. For routers that rely on result tracking (e.g. readwritesplit and schemarouter), the performance will be the same with or without connection_keepalive.

If you want to avoid the performance cost and you don't need the connection keepalive feature, you can disable it with connection_keepalive=0s.

`force_connection_keepalive`

Type: boolean
Mandatory No
Dynamic: Yes
Default: false

By default, connection keepalive pings are only sent if the client is either executing a query or has been idle for less than the duration configured inconnection_keepalive. When this parameter is enabled, keepalive pings are unconditionally sent to any backends that have been idle for longer thanconnection_keepalive seconds. This option was added in MaxScale 6.4.9 and can be used to emulate the pre-2.5.21 behavior if long-lived application connections rely on the old unconditional keepalive pings.

Note: if force_connection_keepalive is enabled and connection_keepalive in MaxScale is set to a lower value than the wait_timeout on the database, the client idle timeouts that wait_timeout control are no longer effective. This happens because MaxScale unconditionally sends the pings which make the client behave like it is not idle and thus the connections will never be killed due towait_timeout.

`net_write_timeout`

Type:
Mandatory No
Dynamic: Yes
Default: 0s

This parameter controls how long a network write to the client can stay buffered. This feature is disabled by default.

When net_write_timeout is configured and data is buffered on the client network connection, if the time since the last successful network write exceeds the configured limit, the client connection will be disconnected.

`max_sescmd_history`

Type: number
Mandatory: No
Dynamic: Yes
Default: 50

max_sescmd_history sets a limit on how many distinct session commands are stored in the session command history. When the history limit is exceeded, the history is either pruned to the last max_sescmd_history command (whenprune_sescmd_history is enabled) or the history is disabled and server reconnections are no longer possible.

The required history size can be estimated by counting the total number of session state modifying commands (e.g SET NAMES) that are used by a client. Note that connectors usually add some commands that aren't visible to the application developer which means a safety margin should be added. A good rule of thumb is to count the expected number of statements and double that number. The default value of 50 is a value that'll work for most applications that do not rely heavily on user variables.

Starting with MaxScale versions 21.06.18, 22.08.15, 23.02.12, 23.08.8, 24.02.4 and 24.08.1, binary protocol prepared statements do not count towards themax_sescmd_history limit. In practice this means that all binary protocol prepared statements opened by the client are also kept open by MaxScale and are restored whenever a reconnection to a server happens. The limits imposed bymax_sescmd_history apply to other text protocol commands e.g. SET NAMES. Note that text protocol prepared statements count as text protocol commands and are thus potentially pruned when history pruning happens. If an application uses a lot of PREPARE stmt FROM <sql> commands, it is recommended that the value ofmax_sescmd_history is increased accordingly.

In older versions of MaxScale, binary protocol prepared statements were limited by max_sescmd_history and were also pruned by prune_sescmd_history but this caused problems when the binary protocol prepared statment were pruned while they were still open from the client's point of view. In older versions, the recommended value of max_sescmd_history is the number of state modifying commands plus the maximum number of open prepared statments that any application may use.

This parameter was moved into the MaxScale core in MaxScale 6.0. The parameter can be configured for all routers that support the session command history. Currently only readwritesplit and schemarouter support it.

In addition to limiting the number of commands to store, it also acts as a hard limit on the number of packets that may be queued up on a backend before it is closed. Packets are queued while the TCP socket is being opened and when prepared statements are being prepared. In certain rare cases, a slow server may fall behind and not catch up to the rest of the cluster and a backlog of packets forms. In these cases, if more than max_sescmd_history packets are queued, the connection to the server is closed.

`prune_sescmd_history`

Type:
Mandatory: No
Dynamic: Yes
Default: true

This option enables pruning of the session command history when it exceeds the value configured in max_sescmd_history. When this option is enabled, only a set number of statements are stored in the history. This limits the per-session memory use while still allowing safe reconnections.

This parameter is intended to be used with pooled connections that remain in use for a very long time. Most connection pool implementations do not reset the session state and instead re-initialize it with new values. This causes the session command history to grow at roughly a constant rate for the lifetime of the pooled connection.

Each client-side session that uses a pooled connection only executes a finite amount of session commands. By retaining a shorter history that encompasses all session commands the individual clients execute, the session state of a pooled connection can be accurately recreated on another server.

When the session command history pruning is enabled, there is a theoretical possibility that upon server reconnection the session states of the connections are inconsistent. This can only happen if the length of the stored history is shorter than the list of relevant statements that affect the session state. In practice the default value of 50 session commands is a fairly reasonable value and the risk of inconsistent session state is relatively low.

In case the default history length is too short for safe pruning, set the value of max_sescmd_history to the total number of commands that affect the session state plus a safety margin of 10. The safety margin reserves some extra space for new commands that might be executed due to changes in the client side application.

`disable_sescmd_history`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This option disables the session command history. This way no history is stored and if a slave server fails, the router will not try to replace the failed slave. Disabling session command history will allow long-lived connections without causing a constant growth in the memory consumption.

This parameter should only be used when either the memory footprint must be as small as possible or when the pruning of the session command history is not acceptable.

`user_accounts_file`

Type: path
Mandatory: No
Dynamic: No
Default: ""

Defines path to a file with additional user accounts for incoming clients. Default value is empty, which disables the feature.

In addition to querying the backends, MaxScale can read users from a file. This feature is useful when backends have limitations on the type of users that can be created, or if MaxScale needs to allow users to log in even when backends are down (e.g. binlog router). The users read from the file are only present on MaxScale, so logging into backends can still fail. The format of the file is protocol-specific. The following only applies to MariaDB-protocol, which is also the only protocol supporting this feature.

The file contains json text. Three objects are read from it: user, db and_roles_mapping_, none of which are mandatory. These objects must be arrays which contain user information similar to the mysql.user, mysql.db and_mysql.roles_mapping_ tables on the server. Each array element must define at least the string fields user and host, which define the user account to add or modify.

The elements in the user-array may contain the following additional fields. If a field is not defined, it is assumed either empty (string) or false (boolean).

password: String. Password hash, similar to the equivalent column on server.
plugin: String. Authentication plugin used by client, similar to server.
authentication_string: String. Additional authentication info, similar to server.
default_role: String. Default role of user, similar to server.

The elements in the db-array must contain the following additional field:

db: String. Database which the user can access. Can contain % and _ wildcards.

The elements in the roles_mapping-array must contain the following additional field:

role: String. Role the user can access.

When users are read from both servers and the file, the server takes priority. That is, if user 'joe'@'%' is defined on both, the file-version is discarded. The file can still affect the database grants and roles of 'joe'@'%', as the_db_ and roles_mapping-arrays are read separately and added to existing grant and role lists.

An example users file is below.

`user_accounts_file_usage`

Type:
Mandatory: No
Dynamic: No
Values: add_when_load_ok, file_only_always

Defines when user_accounts_file is read. The value is an enum, either "add_when_load_ok" (default) or "file_only_always".

"add_when_load_ok" means that the file is only read when users are successfully read from a server. The file contents are then added to the server-based data. If reading from server fails (e.g. servers are down), the file is ignored.

"file_only_always" means that users are not read from the servers at all and the file contents is all that matters. The state of the servers is ignored. This mode can be useful with the binlog router, as it allows clients to log in and fetch binary logs from MaxScale even when backend servers are down.

`idle_session_pool_time`

Type:
Mandatory: No
Dynamic: Yes
Default: -1s

Normally, MaxScale only pools backend connections when a session is closed (controlled by server settings persistpoolmax and_persistmaxtime_). Other sessions can use the pooled connections instead of creating new connections to backends. If connection sharing is enabled, MaxScale can pool backend connections also from running sessions, and re-attach a pooled connection when a session is doing a query. This effectively allows multiple sessions to share backend connections.

idle_session_pool_time defines the amount of time a session must be idle before its backend connections may be pooled. To enable connection sharing, set_idle_session_pool_time_ to zero or greater. The value can be given in seconds or milliseconds.

This feature has a significant drawback: when a backend connection is reused, it needs to be restored to the correct state. This means reauthenticating and replaying session commands. This can add a significant delay before the connection is actually ready for a query. If the session command history size exceeds the value of max_sescmd_history, connection sharing is disabled for the session.

This feature should only be used when limiting the backend connection count is a priority, even at the cost of query delay and throughput. This feature only works when the following server settings are also set in MaxScale configuration:

Since reusing a backend connection is an expensive operation, MaxScale only pools connections when another session requires them. idle_session_pool_time thus effectively limits the frequency at which a connection can be moved from one session to another. Setting idle_session_pool_time=0ms causes MaxScale to move connections as soon as possible.

See below for more information on configuring connection sharing.

Details, limitations and suggestions for connection sharing

As noted above, when a connection is pooled and reused its state is lost. Although session variables and prepared statements are restored by replaying session commands, some state information cannot be transferred.

The most common such state is a transaction. When a transaction is on, connection sharing is disabled for that session until the transaction completes. Other similar situations may not be properly detected, and it's the responsibility of the user to avoid introducing such state to the session when using connection sharing. This means that the following should not be used:

Statements such as LOCK TABLES and GET LOCK or any other statement that introduces state into the connection.
Temporary tables and some problematic user or session variables such asLAST_INSERT_ID(). For LAST_INSERT_ID(), the value returned by the connector must be used instead of the variable.
Stored procedures that cause session level side-effects.

Several settings affect connection sharing and its effectiveness. Reusing a connection is an expensive operation so its frequency should be minimized. The important configuration settings in addition to idle_session_pool_time are MaxScale server settings , and . The service settings , and also have an effect. These settings should be tuned according to the use case.

persistpoolmax limits how many connections can be kept in a pool for a given server. If the pool is full, no more connections are detached from sessions even if they are idle and required. The pool size should be large enough to contain any connections being transferred between sessions, but not be greater thanmax_routing_connections. Using the value of max_routing_connections is a reasonable starting point.

persistmaxtime limits the time a connection may stay in the pool. This should be high enough so that pooled connections are not unnecessarily closed. Cleaning up clearly unneeded connections from the pool may be useful whenmax_routing_connections is restrictively tuned. Because each MaxScale routing thread has its own connection pool, one thread can monopolize access to a server. For example, if the pool of thread 1 has 100 connections to ServerA with max_routing_connections=100, other threads can no longer connect to the server. In such a situation, reducing persistmaxtime of ServerA may help as it would cause unneeded connections in the pool to be closed faster. Such connection slots then become available to other routing threads. Reducing the number of may also help, as it reduces pool fragmentation. This may reduce overall throughput, though. When using connection sharing, backend connections are only in the pool momentarily. Consequently,persistmaxtime can be set quite low, e.g. 10s.

If a client session exceeds max_sescmd_history (default 50), pooling is disabled for that session. If many sessions do this and_max_routing_connections_ is set, other sessions will stall as they cannot find a backend connection. This can be avoided with prune_sescmd_history. However, pruning means that old session commands will not be replayed when a pooled connection is reused. If the pruned commands are important (e.g. statement preparations), the session may fail later on.

If the number of clients actively running queries is greater thanmax_routing_connections, query throughput will suffer as clients will need to take turns. In this situation, it's imperative to minimize the number of backend connections a single session uses. The settings to achieve this depend on the router. For ReadWriteSplit the following should be used:

The above settings mean that MaxScale can process roughly (number of slave servers X max_routing_connections) read queries simultaneously. Write queries will still need to take turns as there is only one master server.

The following configuration snippet shows example server and service configurations for connection sharing with ReadWriteSplit.

`multiplex_timeout`

Type:
Mandatory: No
Dynamic: Yes
Default: 60s

When connection sharing (as described above) is on, clients may have to wait for their turn to use a backend connection. If too much time passes without a connection becoming available, MaxScale returns an error to the client, usually also ending the session. multiplex_timeout sets this timeout. Increase it if queries are failing with "Timed out when waiting for a connection". Decrease it if failing early is preferable to stalling.

Server

Server sections define the backend database servers MaxScale uses. A server is identified by its section name in the configuration file. The only mandatory parameter of a server is type, but address and port are also usually defined. A server may be a member of one or more services. A server may only be monitored by at most one monitor.

`address`

Type: string
Mandatory: Yes, if socket is not provided.
Dynamic: Yes
Default: ""

The IP-address or hostname of the machine running the database server. MaxScale uses this address to connect to the server.

Either address or socket must be defined, but not both.

`port`

Type: number
Mandatory: No
Dynamic: Yes
Default: 3306

The port the backend server listens on for incoming connections. MaxScale uses this port to connect to the server.

`socket`

Type: string
Mandatory: Yes, if address is not provided.
Dynamic: Yes
Default: ""

The absolute path to a UNIX domain socket the MariaDB server is listening on.

Either address or socket must be defined, but not both.

`monitoruser`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

This setting together with define server-specific credentials for monitoring the server. Monitors typically use the credentials in their own configuration sections to connect to all servers. If server-specific settings are given, the monitor uses those instead.

`monitorpw`

Type: string
Mandatory: No
Dynamic: Yes
Default: None

monitorpw may be either a plain text password or an encrypted password. See the section for more information.

`extra_port`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

An alternative port used for administrative connections to the server. If this setting is defined, MaxScale uses it for monitoring the server and to fetch user accounts. Client sessions will still use the normal port.

Defining extra_port allows MaxScale to connect even when max_connections on the backend server has been reached. Extra-port connections have their own connection limit, which is one by default. This needs to be increased to allow both monitor and user account manager to connect.

If the connection to the extra-port fails due to connection number limit or if the port is not open on the server, normal port is used.

For more information, see and .

`persistpoolmax`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

Sets the size of the server connection pool. Disabled by default. When enabled, MaxScale places unused connections to the server to a pool and reuses them later. Connections typically become unused when a session closes. If the size of the pool reaches persistpoolmax, unused connections are closed instead.

Every routing thread has its own pool. As of version 6.3.0, MaxScale will round up persistpoolmax so that every thread has an equal size pool.

When a MariaDB-protocol connection is taken from the pool to be used in a new session, the state of the connection is dependent on the router. ReadWriteSplit restores the connection to match the session state. Other routers do not.

`persistmaxtime`

Type:
Mandatory: No
Dynamic: Yes
Default: 0s

The persistmaxtime parameter defaults to zero but can be set to a duration as documented . If no explicit unit is provided, the value is interpreted as seconds in MaxScale 2.4. In subsequent versions a value without a unit may be rejected. Note that since the granularity of the parameter is seconds, a value specified in milliseconds will be rejected, even if the duration is longer than a second.

A DCB placed in the persistent pool for a server will only be reused if the elapsed time since it joined the pool is less than the given value. Otherwise, the DCB will be discarded and the connection closed.

`max_routing_connections`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

Maximum number of routing connections to this server. Connections held in a pool also count towards this maximum. Does not limit monitor connections or user account fetching. A value of 0 (default) means no limit.

Since every client session can generate a connection to a server, the server may run out of memory when the number of clients is high enough. This setting limits server memory use caused by MaxScale. The effect depends on if the service setting , i.e. connection sharing, is enabled or not.

If connection sharing is not on, max_routing_connections simply sets a limit. Any sessions attempting to exceed this limit will fail to connect to the backend. The client can still connect to MaxScale, but queries will fail.

If connection sharing is on, sessions exceeding the limit will be put on hold until a connection is available. Such sessions will appear unresponsive, as queries will hang, possibly for a long time. The timeout is controlled by .

`proxy_protocol`

Type:
Mandatory: No
Dynamic: Yes
Default: false

If proxy_protocol is enabled, MaxScale will send a header when connecting client sessions to the server. The header contains the original client IP address and port, as seen by MaxScale. The server will then read the header and perform authentication as if the connection originated from this address instead of MaxScale's IP address. With this feature, the user accounts on the backend server can be simplified to only contain the actual client hosts and not the MaxScale host.

PROXY protocol will be supported by MariaDB 10.3, which this feature has been tested with. To use it, enable the PROXY protocol in MaxScale for every compatible server and configure the MariaDB servers themselves to accept the protocol headers from MaxScale's IP address. On the server side, the protocol should be enabled only for trusted IPs, as it allows the sender to spoof the connection origin. If a proxy header is sent to a server not expecting it, the connection will fail. Usually PROXY protocol should be enabled for every server in a cluster, as they typically have similar grants.

Other SQL-servers may support PROXY protocol as well, but the implementation may be highly restricting. Strict adherence to the protocol requires that the backend server does not allow mixing of un-proxied and proxied connections from a given IP. MaxScale requires normal connections to backends for monitoring and authentication data queries, which would be blocked. To bypass this restriction, the server monitor needs to be disabled and the service listener needs to be configured to disregard authentication errors (skip_authentication=true). Server states also need to be set manually in MaxCtrl. These steps are not required for MariaDB 10.3, since its implementation is more flexible and allows both PROXY-headered and headerless connections from a proxy-enabled IP.

`disk_space_threshold`

Type: Custom
Mandatory: No
Dynamic: No
Default: None

This parameter specifies how full a disk may be, before MaxScale should start logging warnings or take other actions (e.g. perform a switchover). This functionality will only work with MariaDB server versions 10.1.32, 10.2.14 and 10.3.6 onwards, if the DISKS information schema plugin has been installed.

NOTE: Since MariaDB 10.4.7, MariaDB 10.3.17 and MariaDB 10.2.26, the information will be available only if the monitor user has the FILE privilege.

A limit is specified as a path followed by a colon and a percentage specifying how full the corresponding disk may be, before action is taken. E.g. an entry like

specifies that the disk that has been mounted on /data may be used until 80% of the total space has been consumed. Multiple entries can be specified by separating them by a comma. If the path is specified using *, then the limit applies to all disks. However, the value of * is only applied if there is not an exact match.

Note that if a particular disk has been mounted on several paths, only one path need to be specified. If several are specified, then the one with the smallest percentage will be applied.

Examples:

The last line means that the disk mounted at /data1 may be used up to 80%, the disk mounted at /data2 may be used up to 60% and all other disks mounted at any paths may be used up until 90% of maximum capacity, before MaxScale starts to warn to take action.

Note that the path to be used, is one of the paths returned by:

There is no default value, but this parameter must be explicitly specified if the disk space situation should be monitored.

`rank`

Type:
Mandatory: No
Dynamic: Yes
Values: primary, secondary

This parameter controls the order in which servers are used. Valid values for this parameter are primary and secondary. The default value isprimary.

This behavior depends on the router implementation but the general rule of thumb is that primary servers will be used before secondary servers.

Readconnroute will always use primary servers before secondary servers as long as they match the configured server type.

Readwritesplit will pick servers that have the same rank as the current master. Read the for a detailed description of the behavior.

The following example server configuration demonstrates how rank can be used to exclude DR-site servers from routing.

The main-site-master and main-site-slave servers will be used as long as they are available. When they are no longer available, the DR-site-master andDR-site-slave will be used.

`priority`

Type: number
Mandatory: No
Dynamic: Yes
Default: 0

Server priority. Currently only used by galeramon to choose the order in which nodes are selected as the current master server. Refer to the section of the galeramon documentation for more information on how to use it.

Starting with MaxScale 2.5.21, this parameter also accepts negative values. In older versions, the parameter only accepted non-negative values.

Monitor

Monitor sections are used to define the monitoring module that watches a set of servers. Each server can only be monitored by one monitor.

Common monitor parameters .

Listener

A listener defines a port MaxScale listens on for incoming connections. Accepted connections are linked with a MaxScale service. Multiple listeners can feed the same service. Mandatory parameters are type, service and protocol.address is optional, it limits connections to a certain network interface only. socket is also optional and is used for Unix socket connections.

The network socket where the listener listens may have a backlog of connections. The size of this backlog is controlled by the_net.ipv4.tcp_max_syn_backlog_ and net.core.somaxconn kernel parameters.

Increasing the size of the backlog by modifying the kernel parameters helps with sudden connection spikes and rejected connections. For more information see .

`service`

Type: service
Mandatory: Yes
Dynamic: No

The service to which the listener is associated. This is the name of a service that is defined elsewhere in the configuration file.

`protocol`

Type: protocol
Mandatory: No
Dynamic: No
Default: mariadb

The name of the protocol module used for communication between the client and MaxScale. The same protocol is also used for backend communication.

Usually this does not need to be defined as the default protocol is the MariaDB network protocol that is used by SQL connections.

For NoSQL client connections, the protocol must be set toprotocol=nosqlprotocol. For more details on how to configure the NoSQL protocol, refer to the module documentation.

`address`

Type: string
Mandatory: No
Dynamic: No
Default: "::"

This sets the address the listening socket is bound to. The address may be specified as an IP address in 'dot notation' or as a hostname. If left undefined the listener will bind to all network interfaces.

`port`

Type: number
Mandatory: Yes, if socket is not provided.
Dynamic: No
Default: 0

The port the listener listens on. If left undefined a default port for the protocol is used.

`socket`

Type: string
Mandatory: Yes, if port is not provided.
Dynamic: No
Default: ""

If defined, the listener uses Unix domain sockets to listen for incoming connections. The parameter value is the name of the socket to use.

If you want to use both network ports and UNIX domain sockets with a service, define two separate listeners that connect to the same service.

`authenticator`

Type: string
Mandatory: No
Dynamic: No
Default: ""

The authenticator module to use. Each protocol module defines a default authentication module, which is used if the setting is left undefined.MariaDBClient-protocol supports multiple authenticators and they can be used simultaneously by giving a comma-separated list e.g.authenticator=PAMAuth,mariadbauth,gssapiauth

`authenticator_options`

Type: string
Mandatory: No
Dynamic: No
Default: ""

This defines additional options for authentication. As of MaxScale 2.5.0, only_MariaDBClient_ and its authenticators support additional options. The value of this parameter should be a comma-separated list of key-value pairs. See authenticator specific documentation for more details.

`sql_mode`

Type:
Mandatory: No
Dynamic: Yes
Values: default, oracle

Specify the sql mode for the listener similarly to global sql_mode setting. If both are used this setting will override the global setting for this listener.

`connection_init_sql_file`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

Path to a text file with sql queries. Any sessions created from the listener will send the contents of the file to backends after authentication. Each non-empty line in the file is interpreted as a query. Each query must succeed for the backend connection to be usable for client queries. The queries should not return any data.

Example query file:

`user_mapping_file`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

Path to a json-text file with user and group mapping, as well as server credentials. Only affects MariaDB-protocol based listeners. Default value is empty, which disables the feature.

Should not be used together with settings pam_backend_mapping or pam_mapped_pw_file, as these may overwrite the mapped credentials. Is most powerful when combined with service settinguser_accounts_file, as then MaxScale can accept users that do not exist on backends and map them to backend users.

This file functions very similar to . Both user-to-user and group-to-user mappings can be defined. Also, the password and authentication plugin for the mapped users can be added. The file is only read during listener creation (typically MaxScale start) or when a listener is modified during runtime. When a client logs into MaxScale, their username is searched from the mapping data. If the name matches either a name mapping or a Linux group mapping, the username is replaced by the mapped name. The mapped name is then used when logging into backends. If the file also contains credentials for the mapped user, then those are used. Otherwise, MaxScale tries to log in with an empty password and default MariaDB authentication.

Three arrays are read from the file: user_map, group_map and_server_credentials_, none of which are mandatory.

Each array element in the user_map-array must define the following fields:

original_user: String. Incoming client username.
mapped_user: String. Username the client is mapped to.

Each array element in the group_map-array must define the following fields:

original_group: String. Incoming client Linux group.
mapped_user: String. Username the client is mapped to.

Each array element in the server_credentials-array can define the following fields:

mapped_user: String. The mapped username this password is for.
password: String. Backend server password. Can be encrypted with maxpasswd.
plugin: String, optional. Authentication plugin to use. Must be enabled on the listener. Defaults to empty, which results in standard MariaDB authentication.

When a client successfully logs into MaxScale, MaxScale first searches for name-based mapping. The incoming client does not need to be a Linux user for name-based mapping to take place. If the name is not found, MaxScale checks if the client is a Linux user with a group membership matching an element in the group mapping array. If the client is a member of more than 100 groups, this check may fail.

If a mapping is found, MaxScale searches the credentials array for a matching username, and uses the password and plugin listed. The plugin need not be the same as the one the original user used. Currently, "mysql_native_password" and "pam" are supported as mapped plugins.

An example mapping file is below.

Available Protocols

The protocols supported by MariaDB MaxScale are implemented as external modules that are loaded dynamically into the MariaDB MaxScale core. They allow MariaDB MaxScale to communicate in various protocols both on the client side and the backend side. Each of the protocols can be either a client protocol or a backend protocol. Client protocols are used for client-MariaDB MaxScale communication and backend protocols are for MariaDB MaxScale-database communication.

`MariaDBClient`

This is the implementation of the MySQL-protocol. When defined for a listener, the listener will accept MySQL-connections from clients, assign them to a MaxScale service and route the queries from the client to backend servers. Any backends used by the service should be MariaDB/MySQL-servers or compatible.

`CDC`

See for more information.

TLS/SSL encryption

This section describes configuration parameters for both servers and listeners that control the TLS/SSL encryption method and the various certificate files involved in it.

To enable TLS/SSL for a listener, you must set the ssl parameter totrue and provide at least the ssl_cert and ssl_key parameters.

To enable TLS/SSL for a server, you must set the ssl parameter totrue. If the backend database server has certificate verification enabled, the ssl_cert and ssl_key parameters must also be defined.

Custom CA certificates can be defined with the ssl_ca parameter.

After this, MaxScale connections between the server and/or the client will be encrypted. Note that the database must also be configured to use TLS/SSL connections if backend connection encryption is used.

Note: MaxScale does not allow mixed use of TLS/SSL and normal connections on the same port.

If TLS encryption is enabled for a listener, any unencrypted connections to it will be rejected. MaxScale does this to improve security by preventing accidental creation of unencrypted connections.

The separation of secure and insecure connections differs from the MariaDB server which allows both secure and insecure connections on the same port. As MaxScale is the gateway through which all connections go, in order to guarantee a more secure system MaxScale enforces a stricter security policy than what the server does.

TLS encryption must be enabled for listeners when they are created. For servers, the TLS can be enabled after creation but it cannot be disabled or altered.

Starting with MaxScale 2.5.20, if the TLS certificate given to MaxScale has the X509v3 extended key usage information, MaxScale will check it and refuse to use a certificate with the wrong usage. This means that a certificate with only clientAuth can only be used with servers and a certificate with only serverAuth can only be used with listeners. In order to use the same certificate for both listeners and servers, it must have both the clientAuth and serverAuth usages.

`ssl`

Type:
Mandatory: No
Dynamic: Yes
Default: false

This enables SSL connections when set to true. The legacy values required anddisabled were removed in MaxScale 6.0.

If enabled, the certificate files mentioned above must also be supplied. MaxScale connections to will then be encrypted with TLS/SSL.

Starting with MaxScale 21.06.18, 22.08.15, 23.02.12, 23.08.8, 24.02.4 and 24.08.1, if ssl is disabled for a listener, MariaDB user accounts that require ssl cannot log in through that listener. Any user account with a non-empty_ssl_type_-field in mysql.user-table is blocked. This includes users created with REQUIRE SSL or REQUIRE X509.

`ssl_key`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

A string giving a file path that identifies an existing readable file. The file must be the SSL client private key MaxScale should use. This is a required parameter for listeners but an optional parameter for servers.

`ssl_cert`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

A string giving a file path that identifies an existing readable file. The file must be the SSL client certificate MaxScale should use with the server. The certificate must match the key defined in ssl_key. This is a required parameter for listeners but an optional parameter for servers.

`ssl_ca_cert`

Deprecated since MariaDB MaxScale 22.08. See ssl_ca.

`ssl_ca`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

A string giving a file path that identifies an existing readable file. The file must be the Certificate Authority (CA) certificate for the CA that signed the certificate referred to in the previous parameter. It will be used to verify that the certificate is valid. This is a required parameter for both listeners and servers. The CA certificate can consist of a certificate chain.

NOTE Up until MariaDB MaxScale 6, the parameter was called ssl_ca_cert, which is still accepted as an alias for ssl_ca.

`ssl_version`

Type:
Mandatory: No
Dynamic: No
Values: MAX, TLSv1.0, TLSv1.1

This parameter controls the allowed TLS version. Accepted values are:

TLSv10
TLSv11
TLSv12
TLSv13

MaxScale versions 6.4.16, 22.08.13, 23.02.10, 23.08.6, 24.02.2 and all newer releases accept also the following alias values:

TLSv1.0
TLSv1.1
TLSv1.2
TLSv1.3

The default setting (MAX) allows all supported versions. MaxScale supports TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3 depending on the OpenSSL library version. TLSv1.0 and TLSv1.1 are considered deprecated and should not be used, so settingssl_version=TLSv1.2,TLSv1.3 or ssl_version=TLSv1.3 is recommended.

In MaxScale versions 6.4.13, 22.08.11, 23.02.7, 23.08.3 and earlier, this setting defined the only allowed TLS version, e.g. ssl_version=TLSv12 would only enable TLSv12. The interpretation changed in MaxScale versions 6.4.14, 22.08.12, 23.02.8, 23.08.4 to enable the user to disable old versions while allowing multiple recent TLS versions. In these versions, ssl_version=TLSv1.2 enabled both TLSv1.2 and TLSv1.3.

The interpretation changed again in MaxScale versions 6.4.16, 22.08.13, 23.02.10, 23.08.6, 24.02.2. In these versions the value of ssl_version is an enumeration of accepted TLS protocol versions. This means thatadmin_ssl_version=TLSv1.2 again only allows TLSv1.2. To retain the behavior from the previous releases where the newer versions were automatically enabled, the protocol versions must be explicitly listed, for exampleadmin_ssl_version=TLSv1.2,TLSv1.3. The change was done to make thessl_version behave identically to how the MariaDB parameter works.

`ssl_cipher`

Type: string
Mandatory: No
Dynamic: Yes
Default: ""

Set the list of TLS ciphers. By default, no explicit ciphers are defined and the system defaults are used. Note that this parameter does not modify TLSv1.3 ciphers.

`ssl_cert_verify_depth`

Type: number
Mandatory: No
Dynamic: Yes
Default: 9

The maximum length of the certificate authority chain that will be accepted. The default value is 9, same as the OpenSSL default. The configured value must be larger than 0.

`ssl_verify_peer_certificate`

Type:
Mandatory: No
Dynamic: Yes
Default: false

Peer certificate verification. This functionality is disabled by default. In versions prior to 2.3.17 the feature was enabled by default.

When this feature is enabled, the peer must send a certificate. The certificate sent by the peer is verified against the configured Certificate Authority to make sure the peer is who they claim to be. For listeners, this behaves as ifREQUIRE X509 was defined for all users. For servers, this behaves like the--ssl-verify-server-cert command line option for the mysql client.

`ssl_verify_peer_host`

Type:
Mandatory No
Dynamic: Yes
Default: false

Peer host verification.

When this feature is enabled, the peer hostname or IP is verified against the certificate that is sent by the peer. If the IP address or the hostname does not match the one in the certificate returned by the peer, the connection will be closed. If the peer does not provide a certificate, the host verification is not done. To require peer certificates, use ssl_verify_peer_certificate.

`ssl_crl`

Type: path
Mandatory: No
Dynamic: Yes
Default: ""

A string giving a file path that identifies an existing readable file. The file must be a Certificate Revocation List in the PEM format that defines the revoked certificates. This parameter is only accepted by listeners.

Example SSL enabled server configuration

This example configuration requires all connections to this server to be encrypted with SSL. The paths to the certificate files and the Certificate Authority file are also provided.

Example SSL enabled listener configuration

This example configuration requires all connections to be encrypted with SSL. The paths to the certificate files and the Certificate Authority file are also provided.

Module Types

Routing Modules

The main task of MariaDB MaxScale is to accept database connections from client applications and route the connections or the statements sent over those connections to the various services supported by MariaDB MaxScale.

Currently a number of routing modules are available, these are designed for a range of different needs.

Connection based load balancing:

Read/Write aware statement based router:

Simple sharding on database level:

Binary log server:

Monitor Modules

Monitor modules are used by MariaDB MaxScale to internally monitor the state of the backend databases in order to set the server flags for each of those servers. The router modules then use these flags to determine if the particular server is a suitable destination for routing connections for particular query classifications. The monitors are run within separate threads of MariaDB MaxScale and do not affect MariaDB MaxScale's routing performance.

The use of monitors in MaxScale is not absolutely mandatory: it is possible to run MariaDB MaxScale without a monitor module. In this case an external monitoring system must the status of each server via MaxCtrl or the REST API. Only do this if you know what you are doing.

Filter Modules

Filters provide a means to manipulate or process requests as they pass through MariaDB MaxScale between the client side protocol and the query router. A full explanation of each filter's functionality can be found in its documentation.

The document shows how you can add a filter to a service and combine multiple filters in one service.

Encrypting Passwords

Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MariaDB MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MariaDB MaxScale stores the keys is /var/lib/maxscale. The passwords are encrypted using 256-bit AES CBC encryption.

Changing the encryption key for MariaDB MaxScale will invalidate any currently encrypted keys stored in the maxscale.cnf file.

Note: The password encryption format changed in MaxScale 2.5. All encrypted passwords created with MaxScale 2.4 or older need to be re-encrypted.

Creating Encrypted Passwords

Encrypted passwords are created by executing the maxpasswd command with the location of the .secrets file and the password you require to encrypt as an argument.

The output of the maxpasswd command is a hexadecimal string, this should be inserted into the maxscale.cnf file in place of the ordinary, plain text, password. MariaDB MaxScale will determine this as an encrypted password and automatically decrypt it before sending it the database server.

Runtime Configuration Changes

Read the following documents for different methods of altering the MaxScale configuration at runtime.

MaxCtrl

All changes to the configuration done via MaxCtrl are persisted as individual configuration files in /var/lib/maxscale/maxscale.cnf.d/. The content of these files will override any configurations found in the main configuration file or any auxiliary configuration files.

Refer to the section for more details on how this mechanism works and how to disable it.

Configuration Synchronization

The configuration synchronization mechanism is intended for synchronizing configuration changes done on one MaxScale to all other MaxScales. This is done by propagating the changes via the database cluster used by Maxscale.

When configuring configuration synchronization for the first time, the same static configuration files should be used on all MaxScale instances that use the same cluster: the value of config_sync_cluster must be the same on all MaxScale instances and the cluster (i.e. the monitor) pointed by it and its servers must be the same in every configuration.

Whenever the MaxScale configuration is modified at runtime, the latest configuration is stored in the database cluster in the mysql.maxscale_config table. The table is created when the first modification to the configuration is done. A local copy of the configuration is stored in the data directory to allow MaxScale to function even if a connection to the cluster cannot be made. By default this file is stored at /var/lib/maxscale/maxscale-config.json.

Whenever MaxScale starts up, it checks if a local version of this configuration exists. If it does and it is a valid cached configuration, the static configuration file as well as any other generated configuration files are ignored. The exception is the [maxscale] section of the main static configuration file which is always read.

Each configuration has a version number with the initial configuration being version 0. Each time the configuration is modified, the version number is incremented. This version number is used to detect when MaxScale needs to update its configuration.

Error Handling in Configuration Synchronization

When doing a configuration change on the local MaxScale, if the configuration change completes on MaxScale but fails to be committed to the database, MaxScale will attempt to revert the local configuration change. If this attempt fails, MaxScale will discard the cached configuration and abort the process.

When synchronizing with the cluster, if MaxScale fails to apply a configuration retrieved from the cluster, it attempts to revert the configuration to the previous version. If successful, the failed configuration update is ignored. If the configuration update that fails cannot be reverted, the MaxScale configuration will be in an indeterminate state. When this happens, MaxScale will discard the cached configuration and abort the process.

When loading a locally cached configuration during startup, if any errors are found in the cached configuration, it is discarded and the MaxScale process will attempt to restart by exiting with code 75 from the main process. If MaxScale is being used as a SystemD service, this will automatically trigger a restart of MaxScale and no further actions are needed.

The most common reason for a failed configuration update is missing files. For example, if a configuration update adds encrypted connections to a server and the TLS certificates it uses were not copied over to all MaxScale nodes before the change was done, the operation will fail on all nodes that do not have these files.

If the synchronization of the configuration change fails at the step when the database transaction is being committed, the new configuration can be momentarily visible to the local MaxScale. This means the changes are not guaranteed to be atomic on the local MaxScale but are atomic from the cluster's point of view.

Synchronization of Encrypted Passwords

Starting with MaxScale 6.4.9, any passwords that are transmitted by the configuration synchronization are encrypted if password encryption has been enabled in MaxScale. This means that all MaxScale nodes in the same configuration cluster must be configured to use password encryption and they need to all use the same encryption keys that were created with maxkeys.

Managing Configuration Synchronization

The output of maxctrl show maxscale contains the Config Sync field with information about the current configuration state of the local Maxscale as well as the state of any other nodes using this cluster.

The version field is the logical configuration version and the origin is the node that originates the latest configuration change. The checksum field is the checksum of the logical configuration and can be used to compare whether two Maxscale instances are in the same configuration state. The nodes field contains the status of each MaxScale instance mapped to the hostname of the server. This field is updated whenever MaxScale reads the configuration from the cluster and can thus be used to detect which MaxScales have updated their configuration.

The mysql.maxscale_config table where the configuration changes are stored must not be modified manually. The only case when the table should be modified is when resetting the configuration synchronization.

To reset the configuration synchronization:

Stop all MaxScale instances
Remove the cached configuration file stored at/var/lib/maxscale/maxscale-config.json on all MaxScale instances
Drop the mysql.maxscale_config table
Start all MaxScale instances

To disable configuration synchronization, remove config_sync_cluster from the configuration file or set it to an empty string: config_sync_cluster="". This can be done at runtime with MaxCtrl by passing an empty string toconfig_sync_cluster:

If MaxScale cannot create a connection to the database cluster, configuration changes are not possible until communication with the database is possible. To override this behavior and force the changes to be done, use the --skip-sync option for maxctrl or the sync=false HTTP parameter for the REST API. Any updates done with --skip-sync will overwritten by changes coming from the cluster.

Limitations in Configuration Synchronization

Only the MaxScale configuration is synchronized. Any external files (TLS certificates, configuration files for modules or data generated by MaxScale) are not synchronized. For example, the rule files for the cache filter must be synchronized separately if the filter itself is modified.

Starting with MaxScale 22.08, the Maintenance and Draining states of servers and modifications to the administrative users will be synchronized. In older versions servers had to be put into maintenance mode and users had to be modified separately on each MaxScale.

() External files are not synchronized.
() The --export-config option will not export the cluster configuration and instead exports only the static configuration files. To start a new MaxScale based off of a clustered configuration, copy the static configuration files as well as the JSON configuration in /var/lib/maxscale/maxscale-config.json to the new MaxScale instance.

Backing Up Configuration Changes

The combination of configuration files can be done either manually (e.g. rsync) or with the maxscale --export-config=FILE command line option. See maxscale --help for more information about how to use the--export-config flag.

For example, to export the current runtime configuration, run the following command.

This will create the /tmp/maxscale.cnf.combined file and write the current configuration into the it. This allows new MaxScale instances to be easily set up without requiring copying of all runtime configuration files. The user executing the command must be able to read all MaxScale configuration files as well as create and write the provided filename.

Encryption Key Managers

The encryption key managers are how MaxScale retrieves symmetric encryption keys from a key management system. Some parts of MaxScale require the key_manager to be configured in order to work. The key manager that is used is selected with the parameter and the key manager itself is configured by placing the parameters in the [maxscale] section.

The encryption key managers can be enabled at runtime using maxctrl alter maxscale but cannot be disabled once enabled. To disable the encryption key management, stop Maxscale, remove any persisted configuration files and removekey_manager as well as any key manager options from the static configuration files.

File-based Key Manager

The encryption keys are stored in a text file stored on a local filesystem.

The file uses the same format as the MariaDB server : a file consisting of an encryption key ID number and the hex-encoded encryption key separated by a semicolon. Read for more details on how to create the file.

For example, to configure encryption for the nosqlprotocol shared credentials using the file-based encryption key:

Create the key file with (echo -n '1;' ; openssl rand -hex 32) | cat > /var/lib/maxscale/encryption.key
Give MaxScale read permissions on it with chown maxscale:maxscale /var/lib/maxscale/encryption.key
Configure MaxScale with the following:

Start MaxScale

Limitations

Key versioning is not supported

Parameters

file.keyfile

Type: path
Mandatory: Yes
Dynamic: Yes

Path to the file that contains the encryption keys. The user MaxScale runs as (almost always maxscale) must be able to read this file. Encryption keys are read from disk only during startup or when any global MaxScale parameter is modified at runtime.

KMIP Key Manager

Encryption keys are read from a KMIP server.

The KMIP key manager has been verified to work with the PyKMIP server.

Limitations

Key versioning is not supported
Encryption keys are not cached locally: whenever MaxScale needs an encryption key, it retrieves it from the KMIP server.

Parameters

kmip.host

Type: string
Mandatory: Yes
Dynamic: Yes

The host where the KMIP server is.

kmip.port

Type: integer
Mandatory: Yes
Dynamic: Yes

The port on which the KMIP server listens on.

kmip.cert

Type: path
Mandatory: Yes
Dynamic: Yes

The client public certificate used when connecting to the KMIP server.

kmip.key

Type: path
Mandatory: Yes
Dynamic: Yes

The client private key used when connecting to the KMIP server.

kmip.ca

Type: path
Default: ""
Dynamic: Yes

The CA certificate to use. By default the system default certificates are used.

HashiCorp Vault Key Manager

Encryption keys are read from a local or remote Vault server using the secret engine included in the Vault. This key manager supports versioned keys. Only version 2 key-value stores are supported.

The encryption keys use the same format as the MariaDB : The key-value secret for each encryption key ID must contain the field data which must contain a hex-encoded string that is either 32, 48 or 64 characters long.

An easy way to generate a correct encryption key is to use the vault andopenssl command line clients. The following command creates a 256-bit encryption key using openssl and stores it using the key ID 1:

Limitations

Encryption keys are not cached locally: whenever MaxScale needs an encryption key, it retrieves it from the Vault server.

Parameters

vault.token

Type: password
Mandatory: Yes
Dynamic: Yes

The authentication token used to connect to the Vault server. This can be encrypted using maxpasswd, similar to how other passwords are encrypted.

vault.host

Type: string
Default: localhost
Dynamic: Yes

The host where the Vault server is.

vault.port

Type: integer
Default: 8200
Dynamic: Yes

The port on which the Vault server listens on.

vault.ca

Type: path
Default: ""
Dynamic: Yes

The CA certificate to use. By default the system default certificates are used.

vault.tls

Type:
Default: true
Dynamic: Yes

Whether to use encrypted connections (i.e. HTTPS or HTTP) when communicating with the Vault server.

vault.mount

Type: string
Default: secret
Dynamic: Yes

The Key-Value mount where the secret is stored. By default the secret mount is used which is present by default in most Vault installations.

vault.timeout

Type:
Default: 30s
Dynamic: Yes

The connection and request timeout used with the Vault server.

Error Reporting

MariaDB MaxScale is designed to be executed as a service, therefore all error reports, including configuration errors, are written to the MariaDB MaxScale error log file. By default, MariaDB MaxScale will log to a file in/var/log/maxscale and the system log.

Limitations

The current limitations of MaxScale are listed in the document.

Performance Optimization

Tune query_classifier_cache_size to allow maximal use of the query classifier cache. Increase the value and/or system memory until the set of unique SQL patterns fits into memory. By default at most 15% of the system memory is used for this cache. To detect if the SQL statements fit into memory, monitor the QC cache evictions value in maxctrl show threads to see how many evictions take place. If it keeps increasing, increase the size of the query classifier cache. Using the query classifier cache with a CPU bound workload gives a roughly 20% improvement in performance compared to when it is turned off.
A faster CPU with more CPU cores is better. This is true for most applications but especially for MaxScale as it is mostly limited by the speed of the CPU. Using threads=auto is recommended (the default starting with MaxScale 6).

MaxScale Diagnostics using MaxCtrl

From 22.08.2 onwards, maxctrl show maxscale shows a System object with information about the system MaxScale is running on. The fields are:

Field

Meaning

In addition there is an os object that contains what the Linux command uname displays.

Configuration

threads

If threads has not been specified at all in the MaxScale configuration file, or if its value is auto, then MaxScale will use as many routing threads as there are physical cores on the machine. This is the right choice, if MaxScale is running on a dedicated machine or in a container that has not been restriced in any way.

However, if the number of cores available to MaxScale have been restricted or if MaxScale is running in a container whose CPU quota and period have been limited, then it will lead to MaxScale using more routing threads than what is appropriate in the environment where it is running.

If machine.cores_virtual is less than machine.cores_physical, then threads should be specified explicitly in the MaxScale configuration file and its value should be that of machine.cores_virtual rounded up to the nearest integer. If that value is 1 it may be beneficial to check whether 2 gives better performance.

query_classifier_cache_size

If query_classifier_cache_size has not been specified in the MaxScale configuration file, then MaxScale will use at most 15% of the amount of physical memory in the machine for the cache. This is a good starting point, if MaxScale is running on a dedicated machine or in a container that has not been restriced in any way. Note that the amount specifies how much memory the cache at maximum is allowed to use, not what would immediately be allocated for the cache.

However, if the amount of memory available to MaxScale has been restricted, which may be the case if MaxScale is running in a container, this may cause the cache to grow beyond what is available, which will lead to a crash or MaxScale being killed.

If the value of machine.memory_available is less than that ofmachine.memory_physical, then query_classifier_cache_size should be explicitly set to 15% of maxscale.memory_available. The value can be larger, but must not be a bigger share of machine.memory_available than what is reasonable.

Example

As can be seen, maxscale.threads is larger than machine.cores_virtual and thus,threads=4 should explicitly be specified in the MaxScale configuration file.

maxscale.query_classifier_cache_size is the default 15% of machine.memory_physical but as machine.memory_available is just half of that, something likequery_classifier_cache_size=3100000000 (~15% of machine.memory_available) should be added to the configuration file.

Troubleshooting

For a list of common problems and their solutions, read the article on the MariaDB documentation.

Systemd Watchdog

If MaxScale is running as a systemd service, the systemd Watchdog will be enabled by default. To configure it, change the WatchdogSec option in the Service section of the maxscale systemd configuration file located in/lib/systemd/system/maxscale.service:

It is not recommended to use a watchdog timeout less than 30 seconds. When enabled MaxScale will check that all threads are running and notify systemd with a "keep-alive ping".

Systemd reference:

CC BY-SA / Gnu FDL

TLSv1.2

TLSv1.3

TLSv10

TLSv11

TLSv12

TLSv13

HS512

RS256

RS384

RS512

PS256

PS384

PS512

ES256

ES384

ES512

ED25519

ED448

vault - HashiCorp Vault key manager. This key manager is only included on systems with GCC 9 or newer which means it cannot be used on Ubuntu 18.04.

TLSv1.2

TLSv1.3

TLSv10

TLSv11

TLSv12

TLSv13

# A valid value looks like
#       log_throttling = X, Y, Z
#
# where the first value X is a positive integer and means the number of times
# a specific error may be logged within a duration of Y, before the logging
# of that error is suppressed for a duration of Z.
log_throttling=8, 2s, 15000ms

CREATE TABLE IF NOT EXISTS mysql.maxscale_config(
  cluster VARCHAR(256) PRIMARY KEY,
  version BIGINT NOT NULL,
  config JSON NOT NULL,
  origin VARCHAR(254) NOT NULL,
  nodes JSON NOT NULL
) ENGINE=InnoDB;

{
    "user": [
        {
            "user": "test1",
            "host": "%",
            "global_db_priv": true
        },
        {
            "user": "test2",
            "host": "127.0.0.1",
            "password": "*032169CDF0B90AF8C00992D43D354E29A2EACB42",
            "plugin": "mysql_native_password",
            "default_role": "role2"
        },
        {
            "user": "",
            "host": "%",
            "plugin": "pam",
            "proxy_priv": true
        }
    ],
    "db": [
        {
            "user": "test2",
            "host": "127.0.0.1",
            "db": "test"
        }
    ],
    "roles_mapping": [
        {
            "user": "test2",
            "host": "127.0.0.1",
            "role": "role2"
        }
    ]
}

[server1]
type=server
max_routing_connections=1000 #this should be based on MariaDB Server capacity
persistpoolmax=1000 #same as above
persistmaxtime=10
#other server settings...

[myservice]
type=service
max_slave_connections=1
transaction_replay=true
idle_session_pool_time=500ms
lazy_connect=1
#other service settings...

> use information_schema;
> select * from disks;
+-----------+----------------------+-----------+----------+-----------+
| Disk      | Path                 | Total     | Used     | Available |
+-----------+----------------------+-----------+----------+-----------+
| /dev/sda3 | /                    |  47929956 | 34332348 |  11139820 |
| /dev/sdb1 | /data                | 961301832 |    83764 | 912363644 |
...

[main-site-master]
type=server
address=192.168.0.11
rank=primary

[main-site-slave]
type=server
address=192.168.0.12
rank=primary

[DR-site-master]
type=server
address=192.168.0.21
rank=secondary

[DR-site-slave]
type=server
address=192.168.0.22
rank=secondary

{
    "user_map": [
        {
            "original_user": "bob",
            "mapped_user": "janet"
        },
        {
            "original_user": "karen",
            "mapped_user": "janet"
        }
    ],
    "group_map": [
        {
            "original_group": "visitors",
            "mapped_user": "db_user"
        }
    ],
    "server_credentials": [
        {
            "mapped_user": "janet",
            "password": "secret_pw",
            "plugin": "mysql_native_password"
        },
        {
            "mapped_user": "db_user",
            "password": "secret_pw2",
            "plugin": "pam"
        }
    ]
}

[server1]
type=server
address=10.131.24.62
port=3306
ssl=true
ssl_cert=/usr/local/mariadb/maxscale/ssl/crt.max-client.pem
ssl_key=/usr/local/mariadb/maxscale/ssl/key.max-client.pem
ssl_ca_cert=/usr/local/mariadb/maxscale/ssl/crt.ca.maxscale.pem

[RW-Split-Listener]
type=listener
service=RW-Split-Router
port=3306
ssl=true
ssl_cert=/usr/local/mariadb/maxscale/ssl/crt.maxscale.pem
ssl_key=/usr/local/mariadb/maxscale/ssl/key.csr.maxscale.pem
ssl_ca_cert=/usr/local/mariadb/maxscale/ssl/crt.ca.maxscale.pem

├──────────────┼─────────────────────────────────────────────────────────────┤
│ Config Sync  │ {                                                           │
│              │     "checksum": "3dd6b467760d1d2023f2bc3871a60dd903a3341e", │
│              │     "nodes": {                                              │
│              │         "maxscale": "OK",                                   │
│              │         "maxscale2": "OK"                                   │
│              │     },                                                      │
│              │     "origin": "maxscale",                                   │
│              │     "status": "OK",                                         │
│              │     "version": 2                                            │
│              │ }                                                           │
├──────────────┼─────────────────────────────────────────────────────────────┤

[maxscale]
key_manager=file
file.keyfile=/var/lib/maxscale/encryption.key

[NoSQL-Listener]
type=listener
service=My-Service
protocol=nosqlprotocol
nosqlprotocol.authentication_key_id=1
nosqlprotocol.authentication_user=my_user
nosqlprotocol.authentication_password=my_password

# Add services, servers, monitors etc.

$ openssl rand -hex 32|vault kv put secret/1 data=-
== Secret Path ==
secret/data/1

======= Metadata =======
Key                Value
---                -----
created_time       2022-06-23T06:50:55.29063873Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            1

$ maxctrl show maxscale
...
├──────────────┼────────────────────────────────────────────────────────────────────────────┤
│ System       │ {                                                                          │
│              │     "machine": {                                                           │
│              │         "cores_available": 8,                                              │
│              │         "cores_physical": 8,                                               │
│              │         "cores_virtual": 4,                                                │
│              │         "memory_available": 20858544128,                                   │
│              │         "memory_physical": 41717088256                                     │
│              │     },                                                                     │
│              │     "maxscale": {                                                          │
│              │         "query_classifier_cache_size": 6257563238,                         │
│              │         "threads": 8                                                       │
│              │     },                                                                     │
│              │     "os": {                                                                │
│              │         "machine": "x86_64",                                               │
│              │         "nodename": "johan-P53s",                                          │
│              │         "release": "5.4.0-125-generic",                                    │
│              │         "sysname": "Linux",                                                │
│              │         "version": "#141~18.04.1-Ubuntu SMP Thu Aug 11 20:15:56 UTC 2022"  │
│              │     }                                                                      │
│              │ }                                                                          │
└──────────────┴────────────────────────────────────────────────────────────────────────────┘