MySQL 8.0 Reference Manual Including MySQL NDB Cluster 8.0
This section provides information on supported operating platforms and software, required software, and other prerequisites for running the NDB Cluster Auto-Installer.
Supported platforms. The NDB Cluster Auto-Installer is available with NDB 8.0 distributions for recent versions of Linux, Windows, Solaris, and macOS. For more detailed information about platform support for NDB Cluster and the NDB Cluster Auto-Installer, see https://www.mysql.com/support/supportedplatforms/cluster.html.
Supported web browsers. The web-based installer is supported with recent versions of Firefox and Microsoft Internet Explorer. It should also work with recent versions of Opera, Safari, and Chrome, although we have not thoroughly tested for compability with these browsers.
Required software—setup host. The following software must be installed on the host where the Auto-Installer is run:
Python 2.6 or higher. The Auto-Installer requires the Python interpreter and standard libraries. If these are not already installed on the system, you may be able to add them using the system's package manager. Otherwise, you can download them from http://python.org/download/.
Paramiko 2 or higher. You can download this from http://www.lag.net/paramiko/ if it is not available from your system's package manager.
Pycrypto version 1.9 or higher.
This cryptography module is required by Paramiko, and can
be iunstalled using pip install
cryptography
. If pip
is not
installed, and the module is not available using your
system's package manage, you can download it from
https://www.dlitz.net/software/pycrypto/.
All of the software in the preceding list is included in the Windows version of the configuration tool, and does not need to be installed separately.
Required software—remote hosts. The only software required for remote hosts where you wish to deploy NDB Cluster nodes is the SSH server, which is usually installed by default on Linux and Solaris systems. Several alternatives are available for Windows; for an overview of these, see http://en.wikipedia.org/wiki/Comparison_of_SSH_servers.
An additional requirement when using multiple hosts is that it is possible to authenticate to any of the remote hosts using SSH and the proper keys or user credentials, as discussed in the next few paragraphs:
Authentication and security. Three basic security or authentication mechanisms for remote access are available to the Auto-Installer, which we list and describe here:
SSH. A secure shell connection is used to enable the back end to perform actions on remote hosts. For this reason, an SSH server must be running on the remote host. In addition, the operating system user running the installer must have access to the remote server, either with a user name and password, or by using public and private keys.
You should never use the system root
account for remote access, as this is extremely insecure.
In addition, mysqld cannot normally be
started by system root
. For these and
other reasons, you should provide SSH credentials for a
regular user account on the target system, and not for
system root
. For more information about
this issue, see Section 6.1.5, “How to Run MySQL as a Normal User”.
HTTPS.
Remote communication between the Web browser front end and
the back end is not encrypted by default, which means that
information such as the user's SSH password is
transmitted as cleartext that is readable to anyone. For
communication from a remote client to be encrypted, the
back end must have a certificate, and the front end must
communicate with the back end using HTTPS rather than
HTTP. Enabling HTTPS is accomplished most easily through
issuing a self-signed certificate. Once the certificate is
issued, you must make sure that it is used. You can do
this by starting ndb_setup.py from the
command line with the
--use-https
(-S
) and
--cert-file
(-c
) options.
A sample certificate file cfg.pem
is
included and is used by default. This file is located in the
mcc
directory under the installation
share directory; on Linux, the full path to the file is
normally /usr/share/mysql/mcc/cfg.pem
.
On Windows systems, this is usually C:\Program
Files\MySQL\MySQL Server
8.0\share\mcc\cfg.pem
. Letting the
default be used means that, for testing purposes, you can
simply start the installer with the -S
option to use an HTTPS connection between the browser and
the back end.
The Auto-Installer saves the configuration file for a given
cluster mycluster01
as
mycluster01.mcc
in the home directory
of the user invoking the ndb_setup.py
executable. This file is encrypted with a passphrase
supplied by the user (using
Fernet);
because HTTP transmits the passphrase in the clear,
it is strongly recommended that you always use an
HTTPS connection to access the Auto-Installer on a remote
host.
Certificate-based authentication.
The back end ndb_setup.py process can
execute commands on the local host as well as remote
hosts. This means that anyone connecting to the back end
can take charge of how commands are executed. To reject
unwanted connections to the back end, a certificate may be
required for authentication of the client. In this case, a
certificate must be issued by the user, installed in the
browser, and made available to the back end for
authentication purposes. You can enact this requirement
(together with or in place of password or key
authentication) by starting
ndb_setup.py with the
--ca-certs-file
(-a
) option.
There is no need or requirement for secure authentication when the client browser is running on the same host as the Auto-Installer back end.
See also Section 23.5.17, “NDB Cluster Security Issues”, which discusses security considerations to take into account when deploying NDB Cluster, as well as Chapter 6, Security, for more general MySQL security information.