Open mykaul opened 2 months ago
Hmmm, that support is not available in Gocql ? - @sylwiaszunejko - is that a Python + cqlsh only?
6.0 and later only
Hmmm, that support is not available in Gocql ? - @sylwiaszunejko - is that a Python + cqlsh only?
@mykaul AFAIK there is no support for unix socket in gocql
It would be beneficial for us to have it in gocql. This would allow us to avoid using CQL credentials for operations such as checking if something is a view (and not backing it up) and for performing restores. However, CQLPing would still require credentials unless we alter its behavior so that it's executed through an agent. In that case, we would need to accept the fact that we're testing it in a different manner than the typical CQL session created and used by end users.
I tried to experiment with a custom Dialer
(which connects to unix socket) set in ClusterConfig
for both regular Session
and SingleHostQueryExecutor
, but I couldn't make it work because the code always panics (interface conversion: net.Addr is *net.UnixAddr, not *net.TCPAddr
) when creating control connection (which cannot be disabled):
func (c *controlConn) setupConn(conn *Conn) error {
// we need up-to-date host info for the filterHost call below
iter := conn.querySystemLocal(context.TODO())
host, err := c.session.hostInfoFromIter(iter, conn.host.connectAddress, conn.conn.RemoteAddr().(*net.TCPAddr).Port)
So it looks like there is no way (or at least not a very hacky way) for SM to configure gocql so that it connects to unix socket without dedicated changes in the driver itself.
Note: when I exported hidden ClusterConfig
option disableControlConn bool
, I was able to setup Session
and query DESCRIBE SCHEMA WITH INTERNALS
.
cc: @mykaul @karol-kokoszka @piodul
Could we tunnel a unix socket via ssh? I don't think ssh supports crossing the boundary this way.
I tried to make it work by adding regular agent API endpoint which would simply create session (to a single unix socket), get DESCRIBE SCHEMA, close session and return the output.
Also, even if SM uses the maintenance_socket for obtaining schema, it won't work every time as the maintenance_socket can be disabled in Scylla config (AFAIR it is even disabled by default). So SM would still need either credentials or maintenance_socket in order to back up schema.
Another idea, for a similar workaround to Avi's - Go has lots of stuff that I think should make it easy to write a proxy between a TCP (TLS even) socket and a Unix socket. It could open only for the duration of the schema fetch.
I didn't touch the gocql driver for a while so it's hard for me to tell whether fixing it there is harder than implementing that workaround, but the gocql driver fix would should be the proper solution that we implement eventually.
grooming notest
We can implement the "work around" in Scylla Manager directly. The idea is: (in the context of Scylla Manager's agent)
At the first glance, it looks as a dirty work-around that is not needed if the functionality is implemented in gocql driver (python driver has it already. What are the chances of having it included into the gocql ? https://github.com/scylladb/gocql/issues/175 cc: @piodul @avelanarius
@Michal-Leszczynski I've merged the fix in the gocql with the unix socket support
@sylwiaszunejko that's great! When could we expect a gocql release with this change?
@sylwiaszunejko that's great! When could we expect a gocql release with this change?
@Michal-Leszczynski done, 1.14.1 has the fix
See https://github.com/scylladb/scylladb/pull/16172 , https://github.com/scylladb/scylla-cqlsh/pull/67