Skip to content

Commit

Permalink
cli/demo: simplify the SQL connection parameters
Browse files Browse the repository at this point in the history 
Prior to this patch, the `cockroach demo` shell was advertising SQL
client URLs that were dependent on TLS client certs. This makes it
overly reliant on the client app having access to the cert files,
which in a multi-user system may not be easy to achieve.

This patch improves the situation as follows:

- the generated SQL connection URL now requires
  TLS (`sslmode=require`) but uses a password to authenticate the
  client instead of a client cert.

- when running on unix, a unix socket is also configured.
  The socket URL, if available, is also displayed because
  alongside the TCP URL.

Example:

```
   $ ./cockroach demo  --nodes 2
   #
   # Welcome to the CockroachDB demo database!
   #
   ...
   # Connection parameters:
   # node 1:
   #   (console) http://127.0.0.1:36732
   #   (sql)     postgres://root:admin@?host=%2Ftmp%2Fdemo806076655&port=26257
   #   (sql/tcp) postgres://root:[email protected]:43251?sslmode=require
   #
   # node 2:
   #   (console) http://127.0.0.1:31261
   #   (sql)     postgres://root:admin@?host=%2Ftmp%2Fdemo806076655&port=26258
   #   (sql/tcp) postgres://root:[email protected]:13130?sslmode=require
   #
   # Enter \? for a brief introduction.
   #
   [email protected]:43251/movr>
```

Additionally, the new client-side command `\demo ls` enables the user
to re-display the connection URLs during an interactive demo.

For example:

```
[email protected]:43251/movr> \demo ls
node 1:
  (console) http://127.0.0.1:36732
  (sql)     postgres://root:admin@?host=%2Ftmp%2Fdemo806076655&port=26257
  (sql/tcp) postgres://root:[email protected]:43251?sslmode=require

node 2:
  (console) http://127.0.0.1:31261
  (sql)     postgres://root:admin@?host=%2Ftmp%2Fdemo806076655&port=26258
  (sql/tcp) postgres://root:[email protected]:13130?sslmode=require
```

Release note (cli change): The `cockroach demo` now displays a
connection URL using a unix datagram socket before the TCP-based URL,
as this may deliver better performance in clients running on the same
system.

Release note (cli change): the SQL URL generated by `cockroach demo`,
when running in the secure mode, now embed the password. This way,
a command ran by copy-pasting the URL is able to run without asking
for a password first.

Release note (cli change): the SQL URL generated by `cockroach demo`
is simplified to not require TLS client certificates in particular
directory locations.

Release note (cli change): the new client-side command `\demo
ls` (experimental) can now (re-)display the connection parameters for
every node in the simulated cluster.
  • Loading branch information
@knz
knz committed Apr 3, 2020
1 parent b2ba3f6 commit c19b385
Show file tree
Hide file tree
Showing 6 changed files with 283 additions and 142 deletions.
Loading

0 comments on commit c19b385

Please sign in to comment.