Skip to content

Connect to whitelist

MatrixOne supports the following variables to restrict clients with only a specific IP address to connect to the database:

1.validnode_checking: Controls whether the IP whitelist function is enabled. The value range of this variable is ON or OFF, and the default value is OFF.

2.invited_nodes: Defines a list of IP addresses that are allowed to connect to the MO database. Supports the following formats: -Single IP address: For example (192.168.1.100, 192.168.1.101) -Wildcard: (*) means that all IP addresses are allowed to connect -CIDR format: For example (192.168.1.100, 192.168.1.0/8, 192.168.0.0/32)

  The default value of this variable is `*`, indicating that all clients can connect by default.

The above configuration provides a flexible access control mechanism for the database, which can meet a variety of network security needs.

Check

select @@global.validnode_checking;
select @@global.invited_nodes;

set up

set global validnode_checking=xx;---default is 0
set global invited_nodes=xx; --Default is *

Example

mysql> select @@global.validnode_checking;
+--------------------------+
| @@validnode_checking |
+--------------------------+
| 0 |
+--------------------------+
1 row in set (0.00 sec)

mysql> select @@global.invited_nodes;
+-----------------------+
| @@invited_nodes |
+-----------------------+
| * |
+-----------------------+
1 row in set (0.00 sec)

mysql> set global validnode_checking=1;
Query OK, 0 rows affected (0.02 sec)
set global invited_nodes='10.222.2.36';

--View ip
root@host-10-222-4-5:~# hostname -I
10.222.4.5

--The machine connection with ip is 10.222.4.5 10.222.2.36
root@host-10-222-4-5:~# mysql -uroot -P 6001 -h10.222.2.36 -p111
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 62
Server version: 8.0.30-MatrixOne-v MatrixOne

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>


--View ip
root@host-10-222-4-8:~# hostname -I
10.222.4.8

--Connecting 10.222.2.36 with ip 10.222.4.8, because it is not on the whitelist, the connection fails
root@host-10-222-4-8:~# mysql -uroot -P 6001 -h10.222.2.36 -p111
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 20301 (HY000): invalid input: IP 10.222.4.8 is not in the invited nodes