Scylla Manager communicates with a Scylla cluster using REST API. It’s required that the REST API is accessible by Scylla Manager on all the cluster nodes. By default, Scylla binds REST API to localhost, which prevents accessing if from other hosts. To overcome this limitation, Scylla Manager can work with Scylla nodes over SSH.
This is a preferred way of Scylla Manager interacting with Scylla nodes. We recommend adding a dedicated system user to every node in a cluster and enabling SSH connectivity using key-based authentication.
Scylla Manager comes with
scyllamgr_ssh_setup script that helps you with user creation, key generation, and distribution.
It requires that you have SSH access to all the nodes with a
sudo enabled user.
scyllamgr_ssh_setup to configure SSH access to the cluster.
scyllamgr_ssh_setup --user ec2-user --identity-file ec2-user.pem \ --manager-user scylla-manager --manager-identity-file scylla-manager.pem \ --discover ec2-198-100-51-11.compute-1.amazonaws.com 22.214.171.124 OK 126.96.36.199 OK 188.8.131.52 OK 184.108.40.206 OK 220.127.116.11 OK 18.104.22.168 OK
--user is SSH user name used to connect to the cluster nodes
--identity-file path is a path to identity file containing SSH private key
--manager-user is a user name that will be created and configured on cluster nodes, by default it’s scylla-manager
--manager-identity-file is a path to identity file containing SSH private key for manager user, if there is no such file it will be created
--discover enables cluster node discovery, the command would take a single host and setup every node in the cluster
Continue to Add a cluster.
If you encounter troubles setting up SSH connectivity to a node, use
scyllamgr_ssh_test command with
-v flag to show debug information.
scyllamgr_ssh_test --user scylla-manager --identity-file scylla-manager.pem\ -v 22.214.171.124 OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 126.96.36.199 [188.8.131.52] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file scylla-manager.pem type 1 debug1: key_load_public: No such file or directory
If you have set up SSH communication with the cluster as described in the previous section, please continue to Add a cluster. If you have not used the script to establish SSH, you will need to create a connection manually. Note that exposing Scylla REST API may have security consequences. If in doubt, go to the previous section.
Scylla Manager can interact with Scylla REST API on cluster nodes directly. For that configuration of all the cluster nodes must be adjusted, and the nodes must be restarted.
For every node in the cluster, repeat the procedure below.
SSH to a node.
Edit Scylla config file
api_address to the broadcast address.
Drain the node (stop accepting writes and flush all tables).
sudo systemctl restart scylla-server.service
Verify the Scylla server is running.
Before you begin, confirm you have established SSH connectivity as explained in Configure SSH connectivity using scyllamgr_ssh_setup or Direct communication.
From the Scylla Manager Server, run:
sctool cluster add
sctool cluster add --host=184.108.40.206 --name=prod-cluster \ --ssh-user=scylla-manager --ssh-identity-file=scylla-manager.pem db7faf98-7cc4-4a08-b707-2bc59d65551e __ / \ Cluster added, to set it as a default run: @ @ export SCYLLA_MANAGER_CLUSTER=db7faf98-7cc4-4a08-b707-2bc59d65551e | | || |/ Repair will run on 01 Sep 18 00:00 UTC and will be repeated every 7 days. || || To see the currently scheduled tasks: sctool task list -c db7faf98-7cc4-4a08-b707-2bc59d65551e |\_/| \___/
--host is hostname or IP of one of the cluster nodes
--name is an alias you can give to your cluster
--ssh-user is SSH user name used to connect to the cluster nodes
--ssh-identity-file path is a path to identity file containing SSH private key
If you exposed the REST API directly to establish SSH connectivity (Direct Communication), the
--ssh-identity-file parameters should be omitted.
Each cluster has a unique ID. You will use this ID in all commands where the cluster ID is required. Each cluster is automatically registered with a repair task that runs once a week.
Verify that the cluster you added has a registered repair task.
sctool task list -c db7faf98-7cc4-4a08-b707-2bc59d65551e ╭─────────────────────────────────────────────┬───────────────────────────────┬──────┬────────────┬────────╮ │ task │ next run │ ret. │ properties │ status │ ├─────────────────────────────────────────────┼───────────────────────────────┼──────┼────────────┼────────┤ │ repair/730a134a-4792-4139-bc6c-75d2ba7a1e62 │ 01 Sep 18 00:00 UTC (+7 days) │ 3 │ │ NEW │ ╰─────────────────────────────────────────────┴───────────────────────────────┴──────┴────────────┴────────╯