database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

MDEV-27181: Galera SST scripts should use ssl_capath for CA directory

Browse Source 
1. Galera SST scripts should use ssl_capath (not ssl_ca) for CA
   directory. The current implementation tries to automatically
   detect the path using the trailing slash in the ssl_ca variable
   value, but this approach is not compatible with the server
   configuration. Now, by analogy with the server, SST scripts
   also use a separate ssl_capath variable. In addition, a similar
   tcapath variable has been added for the old-style configuration
   (in the "sst" section).
2. Openssl utility detection made more reliable.
3. Removed extra spaces in automatically generated command lines -
   to simplify debugging of the SST scripts.
4. In general, the code for detecting the presence or absence of
   auxiliary utilities has been improved - it is made more reliable
   in some configurations (and for shells other than bash).
This commit is contained in:
Julius Goryavsky
2021-12-14 03:47:59 +01:00
parent 660cfe4782
commit 30bf0bca8f
19 changed files with 1172 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
mysql-test/std_data/capath/3106f582.0 Symbolic link
View File

@ -0,0 +1 @@
cacert.pem

79
mysql-test/std_data/capath/cacert.pem Normal file
View File

@ -0,0 +1,79 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d0:4d:23:85:ee:59:b3:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
Validity
Not Before: Jan 27 10:11:10 2019 GMT
Not After : Jan 22 10:11:10 2039 GMT
Subject: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e8:0e:a7:84:d3:75:30:06:30:b2:10:b9:d1:88:
36:2b:5e:f8:c8:44:57:cb:67:72:ab:96:95:33:d5:
88:d1:8f:23:50:98:ba:6d:20:00:80:bd:35:d5:c1:
bf:98:49:c4:0a:15:4a:34:a6:21:9b:2e:8c:15:09:
f0:63:81:02:c2:7c:e2:53:e0:f7:a1:1a:40:5e:8f:
41:4a:4c:56:d4:20:f1:d5:a7:c1:53:2e:ff:7e:37:
17:cc:7e:74:bd:e2:22:33:ce:8c:77:62:a4:c5:3f:
44:35:7b:7e:b9:f5:7d:8c:7a:27:58:fd:2c:42:86:
2e:e7:6b:01:99:7b:fe:7d:a7:a1:4f:3e:39:39:54:
1f:61:de:74:66:d1:77:4f:43:1b:66:70:29:85:de:
fc:8f:8e:1b:7b:a2:66:48:26:7f:9b:a6:fd:4a:e4:
dc:eb:ed:bd:f8:e3:f1:57:98:13:6f:f1:a3:2a:e3:
73:bd:8d:7c:6f:4b:59:35:bc:b5:42:3e:99:a7:13:
8d:be:2e:5c:9a:c6:5b:ab:ae:bf:00:e9:c8:ee:05:
22:8e:d5:67:1a:47:9a:6d:9c:f9:42:3e:15:34:f8:
31:ec:b4:7e:d3:92:95:b0:b8:f9:66:f3:bd:1d:31:
2c:b1:90:62:a1:f8:4e:a6:5d:26:22:f0:e1:fe:16:
2b:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93
X509v3 Authority Key Identifier:
keyid:CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
df:fd:74:29:5b:5e:9a:8b:09:02:40:59:73:cb:71:47:3f:97:
3d:a9:fd:c4:8c:01:29:c9:86:b8:71:55:ff:72:0e:50:dc:c8:
b5:e6:91:41:52:47:21:30:cc:4d:e7:3b:4b:db:55:ea:7d:46:
eb:53:e0:b7:1b:80:7c:b1:0c:d3:d1:bc:a0:73:ae:96:1f:fd:
05:52:7e:54:d5:03:52:69:7b:34:5f:27:d7:98:da:98:76:73:
e6:bb:50:59:2a:94:90:67:03:1c:a4:76:2f:ee:ef:59:60:09:
48:33:03:2b:52:ed:83:42:f8:71:19:7f:d8:be:40:ed:20:01:
90:3c:7e:1c:8b:d2:9f:f3:2f:09:1f:50:c8:10:e1:8a:d9:a5:
49:9c:0b:74:17:b9:2b:68:f6:1e:73:c2:73:10:38:b3:35:e2:
87:91:1b:a1:d1:9b:81:9d:1b:32:cc:03:6e:4c:82:95:81:11:
42:56:e2:16:2b:22:65:db:40:2c:ca:dc:03:f4:d5:07:cf:f5:
13:b2:cf:51:5b:24:cd:c7:d1:9b:42:8e:f9:df:5d:1e:5a:09:
a3:4f:a9:0b:f4:21:c5:bb:ff:02:93:67:e8:2d:ee:ab:d9:59:
76:03:2c:a1:bd:fb:dc:af:b6:82:94:71:85:53:a8:18:0d:3a:
9e:42:eb:59
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIJANBNI4XuWbP6MA0GCSqGSIb3DQEBCwUAMFYxDzANBgNV
BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD
VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xOTAxMjcxMDExMTBa
Fw0zOTAxMjIxMDExMTBaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx
ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH
TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgOp4TTdTAG
MLIQudGINite+MhEV8tncquWlTPViNGPI1CYum0gAIC9NdXBv5hJxAoVSjSmIZsu
jBUJ8GOBAsJ84lPg96EaQF6PQUpMVtQg8dWnwVMu/343F8x+dL3iIjPOjHdipMU/
RDV7frn1fYx6J1j9LEKGLudrAZl7/n2noU8+OTlUH2HedGbRd09DG2ZwKYXe/I+O
G3uiZkgmf5um/Urk3Ovtvfjj8VeYE2/xoyrjc72NfG9LWTW8tUI+macTjb4uXJrG
W6uuvwDpyO4FIo7VZxpHmm2c+UI+FTT4Mey0ftOSlbC4+WbzvR0xLLGQYqH4TqZd
JiLw4f4WK2kCAwEAAaNQME4wHQYDVR0OBBYEFMpxmYnwcqt1ZrtlagMEcqV7laaT
MB8GA1UdIwQYMBaAFMpxmYnwcqt1ZrtlagMEcqV7laaTMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAN/9dClbXpqLCQJAWXPLcUc/lz2p/cSMASnJhrhx
Vf9yDlDcyLXmkUFSRyEwzE3nO0vbVep9RutT4LcbgHyxDNPRvKBzrpYf/QVSflTV
A1JpezRfJ9eY2ph2c+a7UFkqlJBnAxykdi/u71lgCUgzAytS7YNC+HEZf9i+QO0g
AZA8fhyL0p/zLwkfUMgQ4YrZpUmcC3QXuSto9h5zwnMQOLM14oeRG6HRm4GdGzLM
A25MgpWBEUJW4hYrImXbQCzK3AP01QfP9ROyz1FbJM3H0ZtCjvnfXR5aCaNPqQv0
IcW7/wKTZ+gt7qvZWXYDLKG9+9yvtoKUcYVTqBgNOp5C61k=
-----END CERTIFICATE-----

1
mysql-test/std_data/capath/ed1f42db.0 Symbolic link
View File

@ -0,0 +1 @@
cacert.pem

191
mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath,debug.rdiff Normal file
View File

@ -0,0 +1,191 @@
--- r/galera_sst_rsync_encrypt_with_server.result
+++ r/galera_sst_rsync_encrypt_with_server,debug.reject
@@ -519,4 +519,188 @@
1
DROP TABLE t1;
COMMIT;
+Performing State Transfer on a server that has been killed and restarted
+while a DDL was in progress on it
+connection node_1;
+CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB;
+SET AUTOCOMMIT=OFF;
+START TRANSACTION;
+INSERT INTO t1 VALUES (1,'node1_committed_before');
+INSERT INTO t1 VALUES (2,'node1_committed_before');
+INSERT INTO t1 VALUES (3,'node1_committed_before');
+INSERT INTO t1 VALUES (4,'node1_committed_before');
+INSERT INTO t1 VALUES (5,'node1_committed_before');
+connection node_2;
+START TRANSACTION;
+INSERT INTO t1 VALUES (6,'node2_committed_before');
+INSERT INTO t1 VALUES (7,'node2_committed_before');
+INSERT INTO t1 VALUES (8,'node2_committed_before');
+INSERT INTO t1 VALUES (9,'node2_committed_before');
+INSERT INTO t1 VALUES (10,'node2_committed_before');
+COMMIT;
+SET GLOBAL debug_dbug = 'd,sync.alter_opened_table';
+connection node_1;
+ALTER TABLE t1 ADD COLUMN f2 INTEGER;
+connection node_2;
+SET wsrep_sync_wait = 0;
+Killing server ...
+connection node_1;
+SET AUTOCOMMIT=OFF;
+START TRANSACTION;
+INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during');
+INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during');
+INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during');
+INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during');
+INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during');
+COMMIT;
+START TRANSACTION;
+INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after');
+connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1;
+SET AUTOCOMMIT=OFF;
+START TRANSACTION;
+INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after');
+connection node_2;
+Performing --wsrep-recover ...
+connection node_2;
+Starting server ...
+Using --wsrep-start-position when starting mysqld ...
+SET AUTOCOMMIT=OFF;
+START TRANSACTION;
+INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after');
+INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after');
+INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after');
+INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after');
+INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after');
+COMMIT;
+connection node_1;
+INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after');
+INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after');
+COMMIT;
+SET AUTOCOMMIT=OFF;
+START TRANSACTION;
+INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after');
+INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after');
+INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after');
+INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after');
+INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after');
+COMMIT;
+connection node_1a_galera_st_kill_slave_ddl;
+INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after');
+INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after');
+ROLLBACK;
+SET AUTOCOMMIT=ON;
+SET SESSION wsrep_sync_wait=15;
+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1';
+EXPECT_3
+3
+SELECT COUNT(*) AS EXPECT_35 FROM t1;
+EXPECT_35
+35
+SELECT * FROM t1;
+id f1 f2
+1 node1_committed_before NULL
+2 node1_committed_before NULL
+3 node1_committed_before NULL
+4 node1_committed_before NULL
+5 node1_committed_before NULL
+6 node2_committed_before NULL
+7 node2_committed_before NULL
+8 node2_committed_before NULL
+9 node2_committed_before NULL
+10 node2_committed_before NULL
+11 node1_committed_during NULL
+12 node1_committed_during NULL
+13 node1_committed_during NULL
+14 node1_committed_during NULL
+15 node1_committed_during NULL
+16 node1_to_be_committed_after NULL
+17 node1_to_be_committed_after NULL
+18 node1_to_be_committed_after NULL
+19 node1_to_be_committed_after NULL
+20 node1_to_be_committed_after NULL
+26 node2_committed_after NULL
+27 node2_committed_after NULL
+28 node2_committed_after NULL
+29 node2_committed_after NULL
+30 node2_committed_after NULL
+31 node1_to_be_committed_after NULL
+32 node1_to_be_committed_after NULL
+33 node1_to_be_committed_after NULL
+34 node1_to_be_committed_after NULL
+35 node1_to_be_committed_after NULL
+36 node1_committed_after NULL
+37 node1_committed_after NULL
+38 node1_committed_after NULL
+39 node1_committed_after NULL
+40 node1_committed_after NULL
+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
+COUNT(*) = 0
+1
+COMMIT;
+connection node_1;
+SET AUTOCOMMIT=ON;
+SET SESSION wsrep_sync_wait=15;
+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1';
+EXPECT_3
+3
+SELECT COUNT(*) AS EXPECT_35 FROM t1;
+EXPECT_35
+35
+SELECT * FROM t1;
+id f1 f2
+1 node1_committed_before NULL
+2 node1_committed_before NULL
+3 node1_committed_before NULL
+4 node1_committed_before NULL
+5 node1_committed_before NULL
+6 node2_committed_before NULL
+7 node2_committed_before NULL
+8 node2_committed_before NULL
+9 node2_committed_before NULL
+10 node2_committed_before NULL
+11 node1_committed_during NULL
+12 node1_committed_during NULL
+13 node1_committed_during NULL
+14 node1_committed_during NULL
+15 node1_committed_during NULL
+16 node1_to_be_committed_after NULL
+17 node1_to_be_committed_after NULL
+18 node1_to_be_committed_after NULL
+19 node1_to_be_committed_after NULL
+20 node1_to_be_committed_after NULL
+26 node2_committed_after NULL
+27 node2_committed_after NULL
+28 node2_committed_after NULL
+29 node2_committed_after NULL
+30 node2_committed_after NULL
+31 node1_to_be_committed_after NULL
+32 node1_to_be_committed_after NULL
+33 node1_to_be_committed_after NULL
+34 node1_to_be_committed_after NULL
+35 node1_to_be_committed_after NULL
+36 node1_committed_after NULL
+37 node1_committed_after NULL
+38 node1_committed_after NULL
+39 node1_committed_after NULL
+40 node1_committed_after NULL
+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
+COUNT(*) = 0
+1
+DROP TABLE t1;
+COMMIT;
+SET GLOBAL debug_dbug = $debug_orig;
include/assert_grep.inc [Using stunnel for SSL encryption]

520
mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath.result Normal file
View File

@ -0,0 +1,520 @@
connection node_2;
connection node_1;
connection node_1;
connection node_2;
connection node_1;
Performing State Transfer on a server that has been shut down cleanly and restarted
connection node_1;
CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (1,'node1_committed_before');
INSERT INTO t1 VALUES (2,'node1_committed_before');
INSERT INTO t1 VALUES (3,'node1_committed_before');
INSERT INTO t1 VALUES (4,'node1_committed_before');
INSERT INTO t1 VALUES (5,'node1_committed_before');
COMMIT;
connection node_2;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (6,'node2_committed_before');
INSERT INTO t1 VALUES (7,'node2_committed_before');
INSERT INTO t1 VALUES (8,'node2_committed_before');
INSERT INTO t1 VALUES (9,'node2_committed_before');
INSERT INTO t1 VALUES (10,'node2_committed_before');
COMMIT;
Shutting down server ...
connection node_1;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (11,'node1_committed_during');
INSERT INTO t1 VALUES (12,'node1_committed_during');
INSERT INTO t1 VALUES (13,'node1_committed_during');
INSERT INTO t1 VALUES (14,'node1_committed_during');
INSERT INTO t1 VALUES (15,'node1_committed_during');
COMMIT;
START TRANSACTION;
INSERT INTO t1 VALUES (16,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (17,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (18,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (19,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (20,'node1_to_be_committed_after');
connect node_1a_galera_st_shutdown_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (21,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (22,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (23,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (24,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (25,'node1_to_be_rollbacked_after');
connection node_2;
Starting server ...
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (26,'node2_committed_after');
INSERT INTO t1 VALUES (27,'node2_committed_after');
INSERT INTO t1 VALUES (28,'node2_committed_after');
INSERT INTO t1 VALUES (29,'node2_committed_after');
INSERT INTO t1 VALUES (30,'node2_committed_after');
COMMIT;
connection node_1;
INSERT INTO t1 VALUES (31,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (32,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (33,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (34,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (35,'node1_to_be_committed_after');
COMMIT;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (36,'node1_committed_after');
INSERT INTO t1 VALUES (37,'node1_committed_after');
INSERT INTO t1 VALUES (38,'node1_committed_after');
INSERT INTO t1 VALUES (39,'node1_committed_after');
INSERT INTO t1 VALUES (40,'node1_committed_after');
COMMIT;
connection node_1a_galera_st_shutdown_slave;
INSERT INTO t1 VALUES (41,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (42,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (43,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (44,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (45,'node1_to_be_rollbacked_after');
ROLLBACK;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_15 FROM t1;
EXPECT_15
35
SELECT * from t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
COMMIT;
connection node_1;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_15 FROM t1;
EXPECT_15
35
SELECT * from t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
DROP TABLE t1;
COMMIT;
Performing State Transfer on a server that starts from a clean var directory
This is accomplished by shutting down node #2 and removing its var directory before restarting it
connection node_1;
CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (1,'node1_committed_before');
INSERT INTO t1 VALUES (2,'node1_committed_before');
INSERT INTO t1 VALUES (3,'node1_committed_before');
INSERT INTO t1 VALUES (4,'node1_committed_before');
INSERT INTO t1 VALUES (5,'node1_committed_before');
COMMIT;
connection node_2;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (6,'node2_committed_before');
INSERT INTO t1 VALUES (7,'node2_committed_before');
INSERT INTO t1 VALUES (8,'node2_committed_before');
INSERT INTO t1 VALUES (9,'node2_committed_before');
INSERT INTO t1 VALUES (10,'node2_committed_before');
COMMIT;
Shutting down server ...
connection node_1;
Cleaning var directory ...
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (11,'node1_committed_during');
INSERT INTO t1 VALUES (12,'node1_committed_during');
INSERT INTO t1 VALUES (13,'node1_committed_during');
INSERT INTO t1 VALUES (14,'node1_committed_during');
INSERT INTO t1 VALUES (15,'node1_committed_during');
COMMIT;
START TRANSACTION;
INSERT INTO t1 VALUES (16,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (17,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (18,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (19,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (20,'node1_to_be_committed_after');
connect node_1a_galera_st_clean_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (21,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (22,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (23,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (24,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (25,'node1_to_be_rollbacked_after');
connection node_2;
Starting server ...
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (26,'node2_committed_after');
INSERT INTO t1 VALUES (27,'node2_committed_after');
INSERT INTO t1 VALUES (28,'node2_committed_after');
INSERT INTO t1 VALUES (29,'node2_committed_after');
INSERT INTO t1 VALUES (30,'node2_committed_after');
COMMIT;
connection node_1;
INSERT INTO t1 VALUES (31,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (32,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (33,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (34,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (35,'node1_to_be_committed_after');
COMMIT;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (36,'node1_committed_after');
INSERT INTO t1 VALUES (37,'node1_committed_after');
INSERT INTO t1 VALUES (38,'node1_committed_after');
INSERT INTO t1 VALUES (39,'node1_committed_after');
INSERT INTO t1 VALUES (40,'node1_committed_after');
COMMIT;
connection node_1a_galera_st_clean_slave;
INSERT INTO t1 VALUES (41,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (42,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (43,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (44,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (45,'node1_to_be_rollbacked_after');
ROLLBACK;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_35 FROM t1;
EXPECT_35
35
SELECT * from t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
COMMIT;
connection node_1;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_35 FROM t1;
EXPECT_35
35
SELECT * from t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
DROP TABLE t1;
COMMIT;
Performing State Transfer on a server that has been killed and restarted
connection node_1;
CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (1,'node1_committed_before');
INSERT INTO t1 VALUES (2,'node1_committed_before');
INSERT INTO t1 VALUES (3,'node1_committed_before');
INSERT INTO t1 VALUES (4,'node1_committed_before');
INSERT INTO t1 VALUES (5,'node1_committed_before');
COMMIT;
connection node_2;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (6,'node2_committed_before');
INSERT INTO t1 VALUES (7,'node2_committed_before');
INSERT INTO t1 VALUES (8,'node2_committed_before');
INSERT INTO t1 VALUES (9,'node2_committed_before');
INSERT INTO t1 VALUES (10,'node2_committed_before');
COMMIT;
Killing server ...
connection node_1;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (11,'node1_committed_during');
INSERT INTO t1 VALUES (12,'node1_committed_during');
INSERT INTO t1 VALUES (13,'node1_committed_during');
INSERT INTO t1 VALUES (14,'node1_committed_during');
INSERT INTO t1 VALUES (15,'node1_committed_during');
COMMIT;
START TRANSACTION;
INSERT INTO t1 VALUES (16,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (17,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (18,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (19,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (20,'node1_to_be_committed_after');
connect node_1a_galera_st_kill_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (21,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (22,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (23,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (24,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (25,'node1_to_be_rollbacked_after');
connection node_2;
Performing --wsrep-recover ...
Starting server ...
Using --wsrep-start-position when starting mysqld ...
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (26,'node2_committed_after');
INSERT INTO t1 VALUES (27,'node2_committed_after');
INSERT INTO t1 VALUES (28,'node2_committed_after');
INSERT INTO t1 VALUES (29,'node2_committed_after');
INSERT INTO t1 VALUES (30,'node2_committed_after');
COMMIT;
connection node_1;
INSERT INTO t1 VALUES (31,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (32,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (33,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (34,'node1_to_be_committed_after');
INSERT INTO t1 VALUES (35,'node1_to_be_committed_after');
COMMIT;
SET AUTOCOMMIT=OFF;
START TRANSACTION;
INSERT INTO t1 VALUES (36,'node1_committed_after');
INSERT INTO t1 VALUES (37,'node1_committed_after');
INSERT INTO t1 VALUES (38,'node1_committed_after');
INSERT INTO t1 VALUES (39,'node1_committed_after');
INSERT INTO t1 VALUES (40,'node1_committed_after');
COMMIT;
connection node_1a_galera_st_kill_slave;
INSERT INTO t1 VALUES (41,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (42,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (43,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (45,'node1_to_be_rollbacked_after');
INSERT INTO t1 VALUES (46,'node1_to_be_rollbacked_after');
ROLLBACK;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_35 FROM t1;
EXPECT_35
35
SELECT * FROM t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
COMMIT;
connection node_1;
SET AUTOCOMMIT=ON;
SET SESSION wsrep_sync_wait=15;
SELECT COUNT(*) AS EXPECT_35 FROM t1;
EXPECT_35
35
SELECT * FROM t1;
id f1
1 node1_committed_before
2 node1_committed_before
3 node1_committed_before
4 node1_committed_before
5 node1_committed_before
6 node2_committed_before
7 node2_committed_before
8 node2_committed_before
9 node2_committed_before
10 node2_committed_before
11 node1_committed_during
12 node1_committed_during
13 node1_committed_during
14 node1_committed_during
15 node1_committed_during
16 node1_to_be_committed_after
17 node1_to_be_committed_after
18 node1_to_be_committed_after
19 node1_to_be_committed_after
20 node1_to_be_committed_after
26 node2_committed_after
27 node2_committed_after
28 node2_committed_after
29 node2_committed_after
30 node2_committed_after
31 node1_to_be_committed_after
32 node1_to_be_committed_after
33 node1_to_be_committed_after
34 node1_to_be_committed_after
35 node1_to_be_committed_after
36 node1_committed_after
37 node1_committed_after
38 node1_committed_after
39 node1_committed_after
40 node1_committed_after
SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1;
COUNT(*) = 0
1
DROP TABLE t1;
COMMIT;
include/assert_grep.inc [Using stunnel for SSL encryption]

2
mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key.result
View File

@ -2,8 +2,6 @@ connection node_2;
connection node_1; connection node_1;
connection node_1; connection node_1;
connection node_2; connection node_2;
connection node_2;
CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
connection node_1; connection node_1;
Performing State Transfer on a server that has been shut down cleanly and restarted Performing State Transfer on a server that has been shut down cleanly and restarted
connection node_1; connection node_1;

2
mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_server.result
View File

@ -2,8 +2,6 @@ connection node_2;
connection node_1; connection node_1;
connection node_1; connection node_1;
connection node_2; connection node_2;
connection node_2;
CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
connection node_1; connection node_1;
Performing State Transfer on a server that has been shut down cleanly and restarted Performing State Transfer on a server that has been shut down cleanly and restarted
connection node_1; connection node_1;

1
mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test
View File

@ -66,6 +66,7 @@ COMMIT;
--source include/wait_condition.inc --source include/wait_condition.inc
--echo Cleaning var directory ... --echo Cleaning var directory ...
--remove_file $MYSQLTEST_VARDIR/mysqld.2/data/grastate.dat
--remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/mtr --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/mtr
--remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/performance_schema --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/performance_schema
--remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/test --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/test

20
mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.cnf Normal file
View File

@ -0,0 +1,20 @@
!include ../galera_2nodes.cnf
[mysqld]
wsrep_sst_method=rsync
ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
ssl-capath=@ENV.MYSQL_TEST_DIR/std_data/capath
# We need to turn off the default setting for the duration
# of the test (to test working with a directory instead of
# a file):
ssl-ca=
[sst]
ssl-mode=VERIFY_CA
[mysqld.1]
wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true'
[mysqld.2]
wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true'

26
mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.test Normal file
View File

@ -0,0 +1,26 @@
--source include/big_test.inc
--source include/galera_cluster.inc
--source include/have_debug.inc
--source include/have_stunnel.inc
# Save original auto_increment_offset values.
--let $node_1=node_1
--let $node_2=node_2
--source include/auto_increment_offset_save.inc
--connection node_1
--source suite/galera/include/galera_st_shutdown_slave.inc
--source suite/galera/include/galera_st_clean_slave.inc
--source suite/galera/include/galera_st_kill_slave.inc
--source suite/galera/include/galera_st_kill_slave_ddl.inc
# Confirm that transfer was SSL-encrypted
--let $assert_text = Using stunnel for SSL encryption
--let $assert_select = Using stunnel for SSL encryption
--let $assert_count = 5
--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err
--let $assert_only_after = CURRENT_TEST
--source include/assert_grep.inc
--source include/auto_increment_offset_restore.inc

3
mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test
View File

@ -8,9 +8,6 @@
--let $node_2=node_2 --let $node_2=node_2
--source include/auto_increment_offset_save.inc --source include/auto_increment_offset_save.inc
--connection node_2
CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
--connection node_1 --connection node_1
--source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_shutdown_slave.inc
--source suite/galera/include/galera_st_clean_slave.inc --source suite/galera/include/galera_st_clean_slave.inc

3
mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test
View File

@ -8,9 +8,6 @@
--let $node_2=node_2 --let $node_2=node_2
--source include/auto_increment_offset_save.inc --source include/auto_increment_offset_save.inc
--connection node_2
CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
--connection node_1 --connection node_1
--source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_shutdown_slave.inc
--source suite/galera/include/galera_st_clean_slave.inc --source suite/galera/include/galera_st_clean_slave.inc

1
mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup.test
View File

@ -1,4 +1,5 @@
--let galera_connection_address=::1 --let galera_connection_address=::1
--source include/big_test.inc
--source include/galera_cluster.inc --source include/galera_cluster.inc
--source include/check_ipv6.inc --source include/check_ipv6.inc
--source include/have_innodb.inc --source include/have_innodb.inc

1
mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup_section.test
View File

@ -1,4 +1,5 @@
--let galera_connection_address=::1 --let galera_connection_address=::1
--source include/big_test.inc
--source include/galera_cluster.inc --source include/galera_cluster.inc
--source include/check_ipv6.inc --source include/check_ipv6.inc
--source include/have_innodb.inc --source include/have_innodb.inc

132
scripts/wsrep_sst_common.sh
View File

@ -19,6 +19,9 @@
set -u set -u
# Setting the path for some utilities on CentOS
export PATH="$PATH:/usr/sbin:/usr/bin:/sbin:/bin"
WSREP_SST_OPT_BYPASS=0 WSREP_SST_OPT_BYPASS=0
WSREP_SST_OPT_BINLOG="" WSREP_SST_OPT_BINLOG=""
WSREP_SST_OPT_BINLOG_INDEX="" WSREP_SST_OPT_BINLOG_INDEX=""
@ -384,11 +387,9 @@ case "$1" in
skip_mysqld_arg=1 skip_mysqld_arg=1
;; ;;
'--innodb-force-recovery') '--innodb-force-recovery')
if [ -n "$value" ]; then if [ -n "$value" -a "$value" != "0" ]; then
if [ "$value" -ne 0 ]; then
INNODB_FORCE_RECOVERY="$value" INNODB_FORCE_RECOVERY="$value"
fi fi
fi
skip_mysqld_arg=1 skip_mysqld_arg=1
;; ;;
'--log-bin') '--log-bin')
@ -584,7 +585,8 @@ get_binlog()
if [ -n "$WSREP_SST_OPT_ADDR_PORT" ]; then if [ -n "$WSREP_SST_OPT_ADDR_PORT" ]; then
if [ -n "$WSREP_SST_OPT_PORT" ]; then if [ -n "$WSREP_SST_OPT_PORT" ]; then
if [ "$WSREP_SST_OPT_PORT" != "$WSREP_SST_OPT_ADDR_PORT" ]; then if [ "$WSREP_SST_OPT_PORT" != "$WSREP_SST_OPT_ADDR_PORT" ]; then
echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT differs from port in --address=$WSREP_SST_OPT_ADDR" >&2 echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT" \
"differs from port in --address=$WSREP_SST_OPT_ADDR" >&2
exit 2 exit 2
fi fi
else else
@ -616,8 +618,19 @@ fi
readonly WSREP_SST_OPT_ADDR readonly WSREP_SST_OPT_ADDR
readonly WSREP_SST_OPT_ADDR_PORT readonly WSREP_SST_OPT_ADDR_PORT
# try to use my_print_defaults, mysql and mysqldump that come with the sources commandex()
# (for MTR suite) {
if [ -n "$BASH_VERSION" ]; then
command -v "$1" || :
elif [ -x "$1" ]; then
echo "$1"
else
which "$1" || :
fi
}
# try to use my_print_defaults, mysql and mysqldump that come
# with the sources (for MTR suite):
script_binary=$(dirname "$0") script_binary=$(dirname "$0")
SCRIPTS_DIR=$(cd "$script_binary"; pwd -P) SCRIPTS_DIR=$(cd "$script_binary"; pwd -P)
EXTRA_DIR="$SCRIPTS_DIR/../extra" EXTRA_DIR="$SCRIPTS_DIR/../extra"
@ -626,13 +639,13 @@ CLIENT_DIR="$SCRIPTS_DIR/../client"
if [ -x "$CLIENT_DIR/mariadb" ]; then if [ -x "$CLIENT_DIR/mariadb" ]; then
MYSQL_CLIENT="$CLIENT_DIR/mariadb" MYSQL_CLIENT="$CLIENT_DIR/mariadb"
else else
MYSQL_CLIENT="$(command -v mariadb)" MYSQL_CLIENT=$(commandex 'mariadb')
fi fi
if [ -x "$CLIENT_DIR/mariadb-dump" ]; then if [ -x "$CLIENT_DIR/mariadb-dump" ]; then
MYSQLDUMP="$CLIENT_DIR/mariadb-dump" MYSQLDUMP="$CLIENT_DIR/mariadb-dump"
else else
MYSQLDUMP="$(command -v mariadb-dump)" MYSQLDUMP=$(commandex 'mariadb-dump')
fi fi
wsrep_log() wsrep_log()
@ -663,7 +676,7 @@ if [ -x "$SCRIPTS_DIR/my_print_defaults" ]; then
elif [ -x "$EXTRA_DIR/my_print_defaults" ]; then elif [ -x "$EXTRA_DIR/my_print_defaults" ]; then
MY_PRINT_DEFAULTS="$EXTRA_DIR/my_print_defaults" MY_PRINT_DEFAULTS="$EXTRA_DIR/my_print_defaults"
else else
MY_PRINT_DEFAULTS="$(command -v my_print_defaults)" MY_PRINT_DEFAULTS=$(commandex 'my_print_defaults')
if [ -z "$MY_PRINT_DEFAULTS" ]; then if [ -z "$MY_PRINT_DEFAULTS" ]; then
wsrep_log_error "my_print_defaults not found in path" wsrep_log_error "my_print_defaults not found in path"
exit 2 exit 2
@ -673,16 +686,16 @@ fi
readonly MY_PRINT_DEFAULTS readonly MY_PRINT_DEFAULTS
wsrep_defaults="$WSREP_SST_OPT_DEFAULTS" wsrep_defaults="$WSREP_SST_OPT_DEFAULTS"
wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS" wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULTS:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS"
wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT"
readonly WSREP_SST_OPT_CONF="$wsrep_defaults" readonly WSREP_SST_OPT_CONF="${wsrep_defaults:+ }$wsrep_defaults"
wsrep_defaults="$WSREP_SST_OPT_DEFAULT" wsrep_defaults="$WSREP_SST_OPT_DEFAULT"
wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULT" wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULT:+ }$WSREP_SST_OPT_EXTRA_DEFAULT"
wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT"
readonly WSREP_SST_OPT_CONF_UNQUOTED="$wsrep_defaults" readonly WSREP_SST_OPT_CONF_UNQUOTED="${wsrep_defaults:+ }$wsrep_defaults"
# #
# User can specify mariabackup specific settings that will be used during sst # User can specify mariabackup specific settings that will be used during sst
@ -819,8 +832,7 @@ if wsrep_auth_not_set; then
fi fi
# Splitting WSREP_SST_OPT_AUTH as "user:password" pair: # Splitting WSREP_SST_OPT_AUTH as "user:password" pair:
if ! wsrep_auth_not_set if ! wsrep_auth_not_set; then
then
# Extract username as shortest prefix up to first ':' character: # Extract username as shortest prefix up to first ':' character:
WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}" WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}"
if [ -z "$WSREP_SST_OPT_USER" ]; then if [ -z "$WSREP_SST_OPT_USER" ]; then
@ -848,8 +860,7 @@ readonly WSREP_SST_OPT_USER
readonly WSREP_SST_OPT_PSWD readonly WSREP_SST_OPT_PSWD
readonly WSREP_SST_OPT_AUTH readonly WSREP_SST_OPT_AUTH
if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ] if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ]; then
then
# Split auth string at the last ':' # Split auth string at the last ':'
readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}" readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}"
readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}" readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}"
@ -860,8 +871,7 @@ fi
readonly WSREP_SST_OPT_REMOTE_AUTH readonly WSREP_SST_OPT_REMOTE_AUTH
if [ -n "$WSREP_SST_OPT_DATA" ] if [ -n "$WSREP_SST_OPT_DATA" ]; then
then
SST_PROGRESS_FILE="$WSREP_SST_OPT_DATA/sst_in_progress" SST_PROGRESS_FILE="$WSREP_SST_OPT_DATA/sst_in_progress"
else else
SST_PROGRESS_FILE="" SST_PROGRESS_FILE=""
@ -870,13 +880,14 @@ fi
wsrep_cleanup_progress_file() wsrep_cleanup_progress_file()
{ {
[ -n "$SST_PROGRESS_FILE" -a \ [ -n "$SST_PROGRESS_FILE" -a \
-f "$SST_PROGRESS_FILE" ] && rm -f "$SST_PROGRESS_FILE" 2>/dev/null || true -f "$SST_PROGRESS_FILE" ] && \
rm -f "$SST_PROGRESS_FILE" 2>/dev/null || :
} }
wsrep_check_program() wsrep_check_program()
{ {
local prog="$1" local prog="$1"
local cmd=$(command -v "$prog") local cmd=$(commandex "$prog")
if [ -z "$cmd" ]; then if [ -z "$cmd" ]; then
echo "'$prog' not found in PATH" echo "'$prog' not found in PATH"
return 2 # no such file or directory return 2 # no such file or directory
@ -898,9 +909,9 @@ wsrep_check_programs()
wsrep_check_datadir() wsrep_check_datadir()
{ {
if [ -z "$WSREP_SST_OPT_DATA" ] if [ -z "$WSREP_SST_OPT_DATA" ]; then
then wsrep_log_error \
wsrep_log_error "The '--datadir' parameter must be passed to the SST script" "The '--datadir' parameter must be passed to the SST script"
exit 2 exit 2
fi fi
} }
@ -912,10 +923,10 @@ get_openssl()
return return
fi fi
# Let's look for openssl: # Let's look for openssl:
OPENSSL_BINARY="$(command -v openssl)" OPENSSL_BINARY=$(commandex 'openssl')
if [ -z "$OPENSSL_BINARY" ]; then if [ -z "$OPENSSL_BINARY" ]; then
OPENSSL_BINARY='/usr/bin/openssl' OPENSSL_BINARY='/usr/bin/openssl'
if [ -z "$OPENSSL_BINARY" ]; then if [ ! -x "$OPENSSL_BINARY" ]; then
OPENSSL_BINARY="" OPENSSL_BINARY=""
fi fi
fi fi
@ -928,8 +939,7 @@ get_openssl()
wsrep_gen_secret() wsrep_gen_secret()
{ {
get_openssl get_openssl
if [ -n "$OPENSSL_BINARY" ] if [ -n "$OPENSSL_BINARY" ]; then
then
echo $("$OPENSSL_BINARY" rand -hex 16) echo $("$OPENSSL_BINARY" rand -hex 16)
else else
printf "%04x%04x%04x%04x%04x%04x%04x%04x" \ printf "%04x%04x%04x%04x%04x%04x%04x%04x" \
@ -968,14 +978,14 @@ is_local_ip()
fi fi
# Now let's check if the given address is assigned to # Now let's check if the given address is assigned to
# one of the network cards: # one of the network cards:
local ip_util="$(command -v ip)" local ip_util=$(commandex 'ip')
if [ -n "$ip_util" ]; then if [ -n "$ip_util" ]; then
# ip address show ouput format is " inet[6] <address>/<mask>": # ip address show ouput format is " inet[6] <address>/<mask>":
"$ip_util" address show \ "$ip_util" address show \
| grep -E "^[[:space:]]*inet.? [^[:space:]]+/" -o \ | grep -E "^[[:space:]]*inet.? [^[:space:]]+/" -o \
| grep -F " $1/" >/dev/null && return 0 | grep -F " $1/" >/dev/null && return 0
else else
local ifconfig_util="$(command -v ifconfig)" local ifconfig_util=$(commandex 'ifconfig')
if [ -n "$ifconfig_util" ]; then if [ -n "$ifconfig_util" ]; then
# ifconfig output format is " inet[6] <address> ...": # ifconfig output format is " inet[6] <address> ...":
"$ifconfig_util" \ "$ifconfig_util" \
@ -992,9 +1002,9 @@ check_sockets_utils()
sockstat_available=0 sockstat_available=0
ss_available=0 ss_available=0
[ -n "$(command -v lsof)" ] && lsof_available=1 [ -n "$(commandex lsof)" ] && lsof_available=1
[ -n "$(command -v sockstat)" ] && sockstat_available=1 [ -n "$(commandex sockstat)" ] && sockstat_available=1
[ -n "$(command -v ss)" ] && ss_available=1 [ -n "$(commandex ss)" ] && ss_available=1
if [ $lsof_available -eq 0 -a \ if [ $lsof_available -eq 0 -a \
$sockstat_available -eq 0 -a \ $sockstat_available -eq 0 -a \
@ -1085,26 +1095,38 @@ check_for_dhparams()
# #
verify_ca_matches_cert() verify_ca_matches_cert()
{ {
local ca="$1" local cert="$1"
local cert="$2" local ca="$2"
local path=${3:-0} local cap="$3"
# If the openssl utility is not installed, then # If the openssl utility is not installed, then
# we will not do this certificate check: # we will not do this certificate check:
get_openssl get_openssl
if [ -z "$OPENSSL_BINARY" ]; then if [ -z "$OPENSSL_BINARY" ]; then
wsrep_log_info "openssl utility not found"
return return
fi fi
local not_match=0 local readable=1; [ ! -r "$cert" ] && readable=0
[ -n "$ca" ] && [ ! -r "$ca" ] && readable=0
[ -n "$cap" ] && [ ! -r "$cap" ] && readable=0
if [ $path -eq 0 ]; then if [ readable -eq 0 ]; then
"$OPENSSL_BINARY" verify -verbose -CAfile "$ca" "$cert" >/dev/null 2>&1 || not_match=1 wsrep_log_error \
else "Both PEM file and CA file (or path) must be readable"
"$OPENSSL_BINARY" verify -verbose -CApath "$ca" "$cert" >/dev/null 2>&1 || not_match=1 exit 22
fi fi
local not_match=0
local errmsg
errmsg=$("$OPENSSL_BINARY" verify -verbose \
${ca:+ -CAfile} ${ca:+ "$ca"} \
${cap:+ -CApath} ${cap:+ "$cap"} \
"$cert" 2>&1) || not_match=1
if [ $not_match -eq 1 ]; then if [ $not_match -eq 1 ]; then
wsrep_log_info "run: \"$OPENSSL_BINARY\" verify -verbose${ca:+ -CAfile \"$ca\"}${cap:+ -CApath \"$cap\"} \"$cert\""
wsrep_log_info "output: $errmsg"
wsrep_log_error "******** FATAL ERROR ********************************************" wsrep_log_error "******** FATAL ERROR ********************************************"
wsrep_log_error "* The certifcate and CA (certificate authority) do not match. *" wsrep_log_error "* The certifcate and CA (certificate authority) do not match. *"
wsrep_log_error "* It does not appear that the certificate was issued by the CA. *" wsrep_log_error "* It does not appear that the certificate was issued by the CA. *"
@ -1124,12 +1146,18 @@ verify_ca_matches_cert()
# #
verify_cert_matches_key() verify_cert_matches_key()
{ {
local cert_path="$1" local cert="$1"
local key_path="$2" local key="$2"
if [ ! -r "$key" -o ! -r "$cert" ]; then
wsrep_log_error "Both the certificate file and the key file" \
"must be readable"
exit 22
fi
# If the diff utility is not installed, then # If the diff utility is not installed, then
# we will not do this certificate check: # we will not do this certificate check:
if [ -z "$(command -v diff)" ]; then if [ -z "$(commandex diff)" ]; then
return return
fi fi
@ -1142,13 +1170,13 @@ verify_cert_matches_key()
# Generate the public key from the cert and the key. # Generate the public key from the cert and the key.
# They should match (otherwise we can't create an SSL connection). # They should match (otherwise we can't create an SSL connection).
if ! diff <("$OPENSSL_BINARY" x509 -in "$cert_path" -pubkey -noout 2>/dev/null) \ if ! diff <("$OPENSSL_BINARY" x509 -in "$cert" -pubkey -noout 2>/dev/null) \
<("$OPENSSL_BINARY" pkey -in "$key_path" -pubout 2>/dev/null) >/dev/null 2>&1 <("$OPENSSL_BINARY" pkey -in "$key" -pubout 2>/dev/null) >/dev/null 2>&1
then then
wsrep_log_error "******************* FATAL ERROR ****************" wsrep_log_error "******************* FATAL ERROR *****************"
wsrep_log_error "* The certifcate and private key do not match. *" wsrep_log_error "* The certificate and private key do not match. *"
wsrep_log_error "* Please check your certificate and key files. *" wsrep_log_error "* Please check your certificate and key files. *"
wsrep_log_error "************************************************" wsrep_log_error "*************************************************"
exit 22 exit 22
fi fi
} }
@ -1305,9 +1333,9 @@ get_proc()
elif [ "$OS" = 'Darwin' -o "$OS" = 'FreeBSD' ]; then elif [ "$OS" = 'Darwin' -o "$OS" = 'FreeBSD' ]; then
nproc=$(sysctl -n hw.ncpu) nproc=$(sysctl -n hw.ncpu)
fi fi
set -e
if [ -z "$nproc" ] || [ $nproc -eq 0 ]; then if [ -z "$nproc" ] || [ $nproc -eq 0 ]; then
nproc=1 nproc=1
fi fi
set -e
fi fi
} }

252
scripts/wsrep_sst_mariabackup.sh
View File

@ -20,10 +20,11 @@
# https://mariadb.com/kb/en/mariabackup-overview/ # https://mariadb.com/kb/en/mariabackup-overview/
# Make sure to read that before proceeding! # Make sure to read that before proceeding!
OS="$(uname)"
. $(dirname "$0")/wsrep_sst_common . $(dirname "$0")/wsrep_sst_common
wsrep_check_datadir wsrep_check_datadir
OS="$(uname)"
ealgo="" ealgo=""
eformat="" eformat=""
ekey="" ekey=""
@ -34,7 +35,7 @@ ssyslog=""
ssystag="" ssystag=""
BACKUP_PID="" BACKUP_PID=""
tcert="" tcert=""
tpath=0 tcap=""
tpem="" tpem=""
tkey="" tkey=""
tmode="DISABLED" tmode="DISABLED"
@ -88,14 +89,14 @@ readonly SECRET_TAG="secret"
# For backup locks it is 1 sent by joiner # For backup locks it is 1 sent by joiner
sst_ver=1 sst_ver=1
if [ -n "$(command -v pv)" ] && pv --help | grep -qw -- '-F'; then if [ -n "$(commandex pv)" ] && pv --help | grep -qw -- '-F'; then
pvopts="$pvopts $pvformat" pvopts="$pvopts $pvformat"
fi fi
pcmd="pv $pvopts" pcmd="pv $pvopts"
declare -a RC declare -a RC
BACKUP_BIN="$(command -v mariabackup)" BACKUP_BIN=$(commandex 'mariabackup')
if [ ! -x "$BACKUP_BIN" ]; then if [ -z "$BACKUP_BIN" ]; then
wsrep_log_error 'mariabackup binary not found in path' wsrep_log_error 'mariabackup binary not found in path'
exit 42 exit 42
fi fi
@ -165,11 +166,13 @@ get_keys()
exit 3 exit 3
fi fi
if [ -z "$ekey" -a ! -r "$ekeyfile" ]; then if [ -z "$ekey" ]; then
if [ ! -r "$ekeyfile" ]; then
wsrep_log_error "FATAL: Either key must be specified" \ wsrep_log_error "FATAL: Either key must be specified" \
"or keyfile must be readable" "or keyfile must be readable"
exit 3 exit 3
fi fi
fi
if [ "$eformat" = 'openssl' ]; then if [ "$eformat" = 'openssl' ]; then
get_openssl get_openssl
@ -192,7 +195,7 @@ get_keys()
ecmd="$ecmd -k '$ekey'" ecmd="$ecmd -k '$ekey'"
fi fi
elif [ "$eformat" = 'xbcrypt' ]; then elif [ "$eformat" = 'xbcrypt' ]; then
if [ -z "$(command -v xbcrypt)" ]; then if [ -z "$(commandex xbcrypt)" ]; then
wsrep_log_error "If encryption using the xbcrypt is enabled," \ wsrep_log_error "If encryption using the xbcrypt is enabled," \
"then you need to install xbcrypt" "then you need to install xbcrypt"
exit 2 exit 2
@ -342,40 +345,34 @@ get_transfer()
CN_option=",commonname=''" CN_option=",commonname=''"
if [ $encrypt -eq 2 ]; then if [ $encrypt -eq 2 ]; then
wsrep_log_info "Using openssl based encryption with socat: with crt and pem" wsrep_log_info \
if [ -z "$tpem" -o -z "$tcert" ]; then "Using openssl based encryption with socat: with crt and pem"
if [ -z "$tpem" -o -z "$tcert$tcap" ]; then
wsrep_log_error \ wsrep_log_error \
"Both PEM file and CRT file (or path) are required" "Both PEM file and CRT file (or path) are required"
exit 22 exit 22
fi fi
if [ ! -r "$tpem" -o ! -r "$tcert" ]; then verify_ca_matches_cert "$tpem" "$tcert" "$tcap"
wsrep_log_error \ tcmd="$tcmd,cert='$tpem'"
"Both PEM file and CRT file (or path) must be readable" if [ -n "$tcert" ]; then
exit 22 tcmd="$tcmd,cafile='$tcert'"
fi fi
verify_ca_matches_cert "$tcert" "$tpem" $tpath if [ -n "$tcap" ]; then
if [ $tpath -eq 0 ]; then tcmd="$tcmd,capath='$tcap'"
tcmd="$tcmd,cert='$tpem',cafile='$tcert'"
else
tcmd="$tcmd,cert='$tpem',capath='$tcert'"
fi fi
stagemsg="$stagemsg-OpenSSL-Encrypted-2" stagemsg="$stagemsg-OpenSSL-Encrypted-2"
wsrep_log_info "$action with cert=$tpem, ca=$tcert" wsrep_log_info "$action with cert='$tpem', ca='$tcert', capath='$tcap'"
elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then
wsrep_log_info "Using openssl based encryption with socat: with key and crt" wsrep_log_info \
"Using openssl based encryption with socat: with key and crt"
if [ -z "$tpem" -o -z "$tkey" ]; then if [ -z "$tpem" -o -z "$tkey" ]; then
wsrep_log_error "Both certificate file (or path) " \ wsrep_log_error "Both the certificate file (or path) and" \
"and key file are required" "the key file are required"
exit 22
fi
if [ ! -r "$tpem" -o ! -r "$tkey" ]; then
wsrep_log_error "Both certificate file (or path) " \
"and key file must be readable"
exit 22 exit 22
fi fi
verify_cert_matches_key "$tpem" "$tkey" verify_cert_matches_key "$tpem" "$tkey"
stagemsg="$stagemsg-OpenSSL-Encrypted-3" stagemsg="$stagemsg-OpenSSL-Encrypted-3"
if [ -z "$tcert" ]; then if [ -z "$tcert$tcap" ]; then
if [ $encrypt -eq 4 ]; then if [ $encrypt -eq 4 ]; then
wsrep_log_error \ wsrep_log_error \
"Peer certificate file (or path) required if encrypt=4" "Peer certificate file (or path) required if encrypt=4"
@ -384,14 +381,11 @@ get_transfer()
# no verification # no verification
CN_option="" CN_option=""
tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0" tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0"
wsrep_log_info "$action with cert=$tpem, key=$tkey, verify=0" wsrep_log_info \
"$action with cert='$tpem', key='$tkey', verify=0"
else else
# CA verification # CA verification
if [ ! -r "$tcert" ]; then verify_ca_matches_cert "$tpem" "$tcert" "$tcap"
wsrep_log_error "Certificate file or path must be readable"
exit 22
fi
verify_ca_matches_cert "$tcert" "$tpem" $tpath
if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'" CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'"
elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ] elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ]
@ -402,12 +396,15 @@ get_transfer()
else else
CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'" CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'"
fi fi
if [ $tpath -eq 0 ]; then tcmd="$tcmd,cert='$tpem',key='$tkey'"
tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'" if [ -n "$tcert" ]; then
else tcmd="$tcmd,cafile='$tcert'"
tcmd="$tcmd,cert='$tpem',key='$tkey',capath='$tcert'"
fi fi
wsrep_log_info "$action with cert=$tpem, key=$tkey, ca=$tcert" if [ -n "$tcap" ]; then
tcmd="$tcmd,capath='$tcap'"
fi
wsrep_log_info "$action with cert='$tpem', key='$tkey'," \
"ca='$tcert', capath='$tcap'"
fi fi
else else
wsrep_log_info "Unknown encryption mode: encrypt=$encrypt" wsrep_log_info "Unknown encryption mode: encrypt=$encrypt"
@ -425,7 +422,9 @@ get_transfer()
get_footprint() get_footprint()
{ {
pushd "$WSREP_SST_OPT_DATA" 1>/dev/null pushd "$WSREP_SST_OPT_DATA" 1>/dev/null
payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' -type f -print0 | du --files0-from=- --block-size=1 -c -s | awk 'END { print $1 }') payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' \
-type f -print0 | du --files0-from=- --block-size=1 -c -s | \
awk 'END { print $1 }')
if [ "$compress" != 'none' ]; then if [ "$compress" != 'none' ]; then
# QuickLZ has around 50% compression ratio # QuickLZ has around 50% compression ratio
# When compression/compaction used, the progress is only an approximate. # When compression/compaction used, the progress is only an approximate.
@ -438,7 +437,7 @@ get_footprint()
adjust_progress() adjust_progress()
{ {
if [ -z "$(command -v pv)" ]; then if [ -z "$(commandex pv)" ]; then
wsrep_log_error "pv not found in path: $PATH" wsrep_log_error "pv not found in path: $PATH"
wsrep_log_error "Disabling all progress/rate-limiting" wsrep_log_error "Disabling all progress/rate-limiting"
pcmd="" pcmd=""
@ -470,34 +469,43 @@ check_server_ssl_config()
{ {
# backward-compatible behavior: # backward-compatible behavior:
tcert=$(parse_cnf 'sst' 'tca') tcert=$(parse_cnf 'sst' 'tca')
tcap=$(parse_cnf 'sst' 'tcapath')
tpem=$(parse_cnf 'sst' 'tcert') tpem=$(parse_cnf 'sst' 'tcert')
tkey=$(parse_cnf 'sst' 'tkey') tkey=$(parse_cnf 'sst' 'tkey')
# reading new ssl configuration options: # reading new ssl configuration options:
local tcert2=$(parse_cnf "$encgroups" 'ssl-ca') local tcert2=$(parse_cnf "$encgroups" 'ssl-ca')
local tcap2=$(parse_cnf "$encgroups" 'ssl-capath')
local tpem2=$(parse_cnf "$encgroups" 'ssl-cert') local tpem2=$(parse_cnf "$encgroups" 'ssl-cert')
local tkey2=$(parse_cnf "$encgroups" 'ssl-key') local tkey2=$(parse_cnf "$encgroups" 'ssl-key')
# if there are no old options, then we take new ones: # if there are no old options, then we take new ones:
if [ -z "$tcert" -a -z "$tpem" -a -z "$tkey" ]; then if [ -z "$tcert" -a -z "$tcap" -a -z "$tpem" -a -z "$tkey" ]; then
tcert="$tcert2" tcert="$tcert2"
tcap="$tcap2"
tpem="$tpem2" tpem="$tpem2"
tkey="$tkey2" tkey="$tkey2"
# checking for presence of the new-style SSL configuration: # checking for presence of the new-style SSL configuration:
elif [ -n "$tcert2" -o -n "$tpem2" -o -n "$tkey2" ]; then elif [ -n "$tcert2" -o -n "$tcap2" -o -n "$tpem2" -o -n "$tkey2" ]; then
if [ "$tcert" != "$tcert2" -o \ if [ "$tcert" != "$tcert2" -o \
"$tcap" != "$tcap2" -o \
"$tpem" != "$tpem2" -o \ "$tpem" != "$tpem2" -o \
"$tkey" != "$tkey2" ] "$tkey" != "$tkey2" ]
then then
wsrep_log_info "new ssl configuration options (ssl-ca, ssl-cert " \ wsrep_log_info \
"new ssl configuration options (ssl-ca[path], ssl-cert" \
"and ssl-key) are ignored by SST due to presence" \ "and ssl-key) are ignored by SST due to presence" \
"of the tca, tcert and/or tkey in the [sst] section" "of the tca[path], tcert and/or tkey in the [sst] section"
fi fi
fi fi
if [ -n "$tcert" ]; then if [ -n "$tcert" ]; then
tcert=$(trim_string "$tcert") tcert=$(trim_string "$tcert")
if [ "${tcert%/}" != "$tcert" ]; then if [ "${tcert%/}" != "$tcert" ] || [ -d "$tcert" ]; then
tpath=1 tcap="$tcert"
tcert=""
fi fi
fi fi
if [ -n "$tcap" ]; then
tcap=$(trim_string "$tcap")
fi
} }
read_cnf() read_cnf()
@ -506,10 +514,10 @@ read_cnf()
tfmt=$(parse_cnf sst transferfmt 'socat') tfmt=$(parse_cnf sst transferfmt 'socat')
encrypt=$(parse_cnf "$encgroups" 'encrypt' 0) encrypt=$(parse_cnf "$encgroups" 'encrypt' 0)
tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | tr [:lower:] [:upper:]) tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | \
tr [:lower:] [:upper:])
if [ $encrypt -eq 0 -o $encrypt -ge 2 ] if [ $encrypt -eq 0 -o $encrypt -ge 2 ]; then
then
if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]; then if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]; then
check_server_ssl_config check_server_ssl_config
fi fi
@ -517,11 +525,13 @@ read_cnf()
if [ 0 -eq $encrypt -a -n "$tpem" -a -n "$tkey" ] if [ 0 -eq $encrypt -a -n "$tpem" -a -n "$tkey" ]
then then
encrypt=3 # enable cert/key SSL encyption encrypt=3 # enable cert/key SSL encyption
# avoid CA verification if not set explicitly: # avoid CA verification if not set explicitly:
# nodes may happen to have different CA if self-generated # nodes may happen to have different CA if self-generated,
# zeroing up tcert does the trick # zeroing up tcert and tcap does the trick:
[ "${tmode#VERIFY}" != "$tmode" ] || tcert="" if [ "${tmode#VERIFY}" = "$tmode" ]; then
tcert=""
tcap=""
fi
fi fi
fi fi
elif [ $encrypt -eq 1 ]; then elif [ $encrypt -eq 1 ]; then
@ -535,8 +545,9 @@ read_cnf()
fi fi
fi fi
wsrep_log_info "SSL configuration: CA='$tcert', CERT='$tpem'," \ wsrep_log_info "SSL configuration: CA='$tcert', CAPATH='$tcap'," \
"KEY='$tkey', MODE='$tmode', encrypt='$encrypt'" "CERT='$tpem', KEY='$tkey', MODE='$tmode'," \
"encrypt='$encrypt'"
sockopt=$(parse_cnf sst sockopt "") sockopt=$(parse_cnf sst sockopt "")
progress=$(parse_cnf sst progress "") progress=$(parse_cnf sst progress "")
@ -561,7 +572,8 @@ read_cnf()
sstlogarchivedir=$(parse_cnf sst sst-log-archive-dir '/tmp/sst_log_archive') sstlogarchivedir=$(parse_cnf sst sst-log-archive-dir '/tmp/sst_log_archive')
if [ $speciald -eq 0 ]; then if [ $speciald -eq 0 ]; then
wsrep_log_error "sst-special-dirs equal to 0 is not supported, falling back to 1" wsrep_log_error \
"sst-special-dirs equal to 0 is not supported, falling back to 1"
speciald=1 speciald=1
fi fi
@ -589,7 +601,7 @@ get_stream()
{ {
if [ "$sfmt" = 'mbstream' -o "$sfmt" = 'xbstream' ]; then if [ "$sfmt" = 'mbstream' -o "$sfmt" = 'xbstream' ]; then
sfmt='mbstream' sfmt='mbstream'
STREAM_BIN="$(command -v mbstream)" local STREAM_BIN=$(commandex "$sfmt")
if [ -z "$STREAM_BIN" ]; then if [ -z "$STREAM_BIN" ]; then
wsrep_log_error "Streaming with $sfmt, but $sfmt not found in path" wsrep_log_error "Streaming with $sfmt, but $sfmt not found in path"
exit 42 exit 42
@ -630,7 +642,8 @@ cleanup_at_exit()
else else
if [ -n "$BACKUP_PID" ]; then if [ -n "$BACKUP_PID" ]; then
if check_pid "$BACKUP_PID" 1; then if check_pid "$BACKUP_PID" 1; then
wsrep_log_error "mariabackup process is still running. Killing..." wsrep_log_error \
"mariabackup process is still running. Killing..."
cleanup_pid $CHECK_PID "$BACKUP_PID" cleanup_pid $CHECK_PID "$BACKUP_PID"
fi fi
fi fi
@ -638,8 +651,8 @@ cleanup_at_exit()
fi fi
if [ -n "$progress" -a -p "$progress" ]; then if [ -n "$progress" -a -p "$progress" ]; then
wsrep_log_info "Cleaning up fifo file $progress" wsrep_log_info "Cleaning up fifo file: $progress"
rm -f "$progress" || true rm -f "$progress" || :
fi fi
wsrep_log_info "Cleaning up temporary directories" wsrep_log_info "Cleaning up temporary directories"
@ -649,8 +662,8 @@ cleanup_at_exit()
[ -d "$STATDIR" ] && rm -rf "$STATDIR" [ -d "$STATDIR" ] && rm -rf "$STATDIR"
fi fi
else else
[ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || true [ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || :
[ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || true [ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || :
fi fi
# Final cleanup # Final cleanup
@ -662,7 +675,7 @@ cleanup_at_exit()
# This means a signal was delivered to the process. # This means a signal was delivered to the process.
# So, more cleanup. # So, more cleanup.
if [ $estatus -ge 128 ]; then if [ $estatus -ge 128 ]; then
kill -KILL -- -$$ || true kill -KILL -- -$$ || :
fi fi
fi fi
@ -738,7 +751,7 @@ recv_joiner()
local ltcmd="$tcmd" local ltcmd="$tcmd"
if [ $tmt -gt 0 ]; then if [ $tmt -gt 0 ]; then
if [ -n "$(command -v timeout)" ]; then if [ -n "$(commandex timeout)" ]; then
if timeout --help | grep -qw -- '-k'; then if timeout --help | grep -qw -- '-k'; then
ltcmd="timeout -k $(( tmt+10 )) $tmt $tcmd" ltcmd="timeout -k $(( tmt+10 )) $tmt $tcmd"
else else
@ -784,7 +797,8 @@ recv_joiner()
fi fi
# check donor supplied secret # check donor supplied secret
SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \
cut -d ' ' -f 2)
if [ "$SECRET" != "$MY_SECRET" ]; then if [ "$SECRET" != "$MY_SECRET" ]; then
wsrep_log_error "Donor does not know my secret!" wsrep_log_error "Donor does not know my secret!"
wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'"
@ -823,7 +837,9 @@ monitor_process()
while true ; do while true ; do
if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1; then if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1; then
wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." wsrep_log_error \
"Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \
"terminated unexpectedly."
kill -- -"$WSREP_SST_OPT_PARENT" kill -- -"$WSREP_SST_OPT_PARENT"
exit 32 exit 32
fi fi
@ -867,7 +883,7 @@ INNODB_DATA_HOME_DIR=$(pwd -P)
cd "$OLD_PWD" cd "$OLD_PWD"
if [ $ssyslog -eq 1 ]; then if [ $ssyslog -eq 1 ]; then
if [ -n "$(command -v logger)" ]; then if [ -n "$(commandex logger)" ]; then
wsrep_log_info "Logging all stderr of SST/mariabackup to syslog" wsrep_log_info "Logging all stderr of SST/mariabackup to syslog"
exec 2> >(logger -p daemon.err -t ${ssystag}wsrep-sst-$WSREP_SST_OPT_ROLE) exec 2> >(logger -p daemon.err -t ${ssystag}wsrep-sst-$WSREP_SST_OPT_ROLE)
@ -898,10 +914,8 @@ else
fi fi
fi fi
if [ -e "$INNOAPPLYLOG" ] if [ -e "$INNOAPPLYLOG" ]; then
then if [ -n "$sstlogarchivedir" ]; then
if [ -n "$sstlogarchivedir" ]
then
newfile=$(basename "$INNOAPPLYLOG") newfile=$(basename "$INNOAPPLYLOG")
newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP"
else else
@ -912,10 +926,8 @@ else
gzip "$newfile" gzip "$newfile"
fi fi
if [ -e "$INNOMOVELOG" ] if [ -e "$INNOMOVELOG" ]; then
then if [ -n "$sstlogarchivedir" ]; then
if [ -n "$sstlogarchivedir" ]
then
newfile=$(basename "$INNOMOVELOG") newfile=$(basename "$INNOMOVELOG")
newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP"
else else
@ -926,10 +938,8 @@ else
gzip "$newfile" gzip "$newfile"
fi fi
if [ -e "$INNOBACKUPLOG" ] if [ -e "$INNOBACKUPLOG" ]; then
then if [ -n "$sstlogarchivedir" ]; then
if [ -n "$sstlogarchivedir" ]
then
newfile=$(basename "$INNOBACKUPLOG") newfile=$(basename "$INNOBACKUPLOG")
newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP"
else else
@ -951,13 +961,13 @@ setup_commands()
if [ -n "$WSREP_SST_OPT_MYSQLD" ]; then if [ -n "$WSREP_SST_OPT_MYSQLD" ]; then
mysqld_args=" --mysqld-args $WSREP_SST_OPT_MYSQLD" mysqld_args=" --mysqld-args $WSREP_SST_OPT_MYSQLD"
fi fi
if [ -z "$INNODB_FORCE_RECOVERY" ]; then local recovery=""
INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY" if [ -n "$INNODB_FORCE_RECOVERY" ]; then
else recovery=" --innodb-force-recovery=$INNODB_FORCE_RECOVERY"
INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --innodb-force-recovery=$INNODB_FORCE_RECOVERY --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY"
fi fi
INNOMOVE="$BACKUP_BIN $WSREP_SST_OPT_CONF --move-back $disver $impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE" INNOAPPLY="$BACKUP_BIN --prepare$disver$recovery${iapts:+ }$iapts$INNOEXTRA --target-dir='$DATA' --datadir='$DATA'$mysqld_args $INNOAPPLY"
INNOBACKUP="$BACKUP_BIN $WSREP_SST_OPT_CONF --backup $disver $iopts $tmpopts $INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA' $mysqld_args $INNOBACKUP" INNOMOVE="$BACKUP_BIN$WSREP_SST_OPT_CONF --move-back$disver${impts:+ }$impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE"
INNOBACKUP="$BACKUP_BIN$WSREP_SST_OPT_CONF --backup$disver${iopts:+ }$iopts $tmpopts$INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA'$mysqld_args $INNOBACKUP"
} }
get_stream get_stream
@ -1055,27 +1065,28 @@ then
tcmd="$ecmd | $tcmd" tcmd="$ecmd | $tcmd"
fi fi
iopts="--databases-exclude='lost+found' $iopts" iopts="--databases-exclude='lost+found'${iopts:+ }$iopts"
if [ ${FORCE_FTWRL:-0} -eq 1 ]; then if [ ${FORCE_FTWRL:-0} -eq 1 ]; then
wsrep_log_info "Forcing FTWRL due to environment variable FORCE_FTWRL equal to $FORCE_FTWRL" wsrep_log_info "Forcing FTWRL due to environment variable" \
iopts="--no-backup-locks $iopts" "FORCE_FTWRL equal to $FORCE_FTWRL"
iopts="--no-backup-locks${iopts:+ }$iopts"
fi fi
# if compression is enabled for backup files, then add the # if compression is enabled for backup files, then add the
# appropriate options to the mariabackup command line: # appropriate options to the mariabackup command line:
if [ "$compress" != 'none' ]; then if [ "$compress" != 'none' ]; then
iopts="--compress${compress:+=$compress} $iopts" iopts="--compress${compress:+=$compress}${iopts:+ }$iopts"
if [ -n "$compress_threads" ]; then if [ -n "$compress_threads" ]; then
iopts="--compress-threads=$compress_threads $iopts" iopts="--compress-threads=$compress_threads${iopts:+ }$iopts"
fi fi
if [ -n "$compress_chunk" ]; then if [ -n "$compress_chunk" ]; then
iopts="--compress-chunk-size=$compress_chunk $iopts" iopts="--compress-chunk-size=$compress_chunk${iopts:+ }$iopts"
fi fi
fi fi
if [ -n "$backup_threads" ]; then if [ -n "$backup_threads" ]; then
iopts="--parallel=$backup_threads $iopts" iopts="--parallel=$backup_threads${iopts:+ }$iopts"
fi fi
setup_commands setup_commands
@ -1125,7 +1136,8 @@ then
elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ] elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]
then then
[ -e "$SST_PROGRESS_FILE" ] && wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE" [ -e "$SST_PROGRESS_FILE" ] && \
wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE"
[ -n "$SST_PROGRESS_FILE" ] && touch "$SST_PROGRESS_FILE" [ -n "$SST_PROGRESS_FILE" ] && touch "$SST_PROGRESS_FILE"
ib_home_dir="$INNODB_DATA_HOME_DIR" ib_home_dir="$INNODB_DATA_HOME_DIR"
@ -1146,7 +1158,7 @@ then
ib_undo_dir="$INNODB_UNDO_DIR" ib_undo_dir="$INNODB_UNDO_DIR"
if [ -n "$backup_threads" ]; then if [ -n "$backup_threads" ]; then
impts="--parallel=$backup_threads $impts" impts="--parallel=$backup_threads${impts:+ }$impts"
fi fi
stagemsg='Joiner-Recv' stagemsg='Joiner-Recv'
@ -1165,15 +1177,15 @@ then
ADDR="$WSREP_SST_OPT_ADDR" ADDR="$WSREP_SST_OPT_ADDR"
if [ "${tmode#VERIFY}" != "$tmode" ] if [ "${tmode#VERIFY}" != "$tmode" ]; then
then # backward-incompatible behavior # backward-incompatible behavior:
CN="" CN=""
if [ -n "$tpem" ] if [ -n "$tpem" ]; then
then
# find out my Common Name # find out my Common Name
get_openssl get_openssl
if [ -z "$OPENSSL_BINARY" ]; then if [ -z "$OPENSSL_BINARY" ]; then
wsrep_log_error 'openssl not found but it is required for authentication' wsrep_log_error \
'openssl not found but it is required for authentication'
exit 42 exit 42
fi fi
CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$tpem" | \ CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$tpem" | \
@ -1213,15 +1225,17 @@ then
if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1 if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1
then then
wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \
"terminated unexpectedly."
exit 32 exit 32
fi fi
if [ ! -r "$STATDIR/$IST_FILE" ] if [ ! -r "$STATDIR/$IST_FILE" ]; then
then
if [ -d "$DATA/.sst" ]; then if [ -d "$DATA/.sst" ]; then
wsrep_log_info "WARNING: Stale temporary SST directory: '$DATA/.sst' from previous state transfer. Removing" wsrep_log_info \
"WARNING: Stale temporary SST directory:" \
"'$DATA/.sst' from previous state transfer, removing..."
rm -rf "$DATA/.sst" rm -rf "$DATA/.sst"
fi fi
mkdir -p "$DATA/.sst" mkdir -p "$DATA/.sst"
@ -1229,17 +1243,20 @@ then
jpid=$! jpid=$!
wsrep_log_info "Proceeding with SST" wsrep_log_info "Proceeding with SST"
wsrep_log_info "Cleaning the existing datadir and innodb-data/log directories" wsrep_log_info \
"Cleaning the existing datadir and innodb-data/log directories"
if [ "$OS" = 'FreeBSD' ]; then if [ "$OS" = 'FreeBSD' ]; then
find -E ${ib_home_dir:+"$ib_home_dir"} \ find -E ${ib_home_dir:+"$ib_home_dir"} \
${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \
${ib_log_dir:+"$ib_log_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \
"$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ "$DATA" -mindepth 1 -prune -regex "$cpat" \
-o -exec rm -rfv {} 1>&2 \+
else else
find ${ib_home_dir:+"$ib_home_dir"} \ find ${ib_home_dir:+"$ib_home_dir"} \
${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \
${ib_log_dir:+"$ib_log_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \
"$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ "$DATA" -mindepth 1 -prune -regex "$cpat" \
-o -exec rm -rfv {} 1>&2 \+
fi fi
get_binlog get_binlog
@ -1248,9 +1265,9 @@ then
binlog_dir=$(dirname "$WSREP_SST_OPT_BINLOG") binlog_dir=$(dirname "$WSREP_SST_OPT_BINLOG")
cd "$binlog_dir" cd "$binlog_dir"
wsrep_log_info "Cleaning the binlog directory $binlog_dir as well" wsrep_log_info "Cleaning the binlog directory $binlog_dir as well"
rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || true rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || :
[ -f "$WSREP_SST_OPT_BINLOG_INDEX" ] && \ [ -f "$WSREP_SST_OPT_BINLOG_INDEX" ] && \
rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ || true rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ || :
cd "$OLD_PWD" cd "$OLD_PWD"
fi fi
@ -1262,7 +1279,8 @@ then
monitor_process $jpid monitor_process $jpid
if [ ! -s "$DATA/xtrabackup_checkpoints" ]; then if [ ! -s "$DATA/xtrabackup_checkpoints" ]; then
wsrep_log_error "xtrabackup_checkpoints missing, failed mariabackup/SST on donor" wsrep_log_error "xtrabackup_checkpoints missing," \
"failed mariabackup/SST on donor"
exit 2 exit 2
fi fi
@ -1277,7 +1295,7 @@ then
if [ -n "$qpfiles" ]; then if [ -n "$qpfiles" ]; then
wsrep_log_info "Compressed qpress files found" wsrep_log_info "Compressed qpress files found"
if [ -z "$(command -v qpress)" ]; then if [ -z "$(commandex qpress)" ]; then
wsrep_log_error "qpress utility not found in the path" wsrep_log_error "qpress utility not found in the path"
exit 22 exit 22
fi fi
@ -1300,14 +1318,17 @@ then
# Decompress the qpress files # Decompress the qpress files
wsrep_log_info "Decompression with $nproc threads" wsrep_log_info "Decompression with $nproc threads"
timeit "Joiner-Decompression" "find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd" timeit "Joiner-Decompression" \
"find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd"
extcode=$? extcode=$?
if [ $extcode -eq 0 ]; then if [ $extcode -eq 0 ]; then
wsrep_log_info "Removing qpress files after decompression" wsrep_log_info "Removing qpress files after decompression"
find "$DATA" -type f -name '*.qp' -delete find "$DATA" -type f -name '*.qp' -delete
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
wsrep_log_error "Something went wrong with deletion of qpress files. Investigate" wsrep_log_error \
"Something went wrong with deletion of qpress files." \
"Investigate"
fi fi
else else
wsrep_log_error "Decompression failed. Exit code: $extcode" wsrep_log_error "Decompression failed. Exit code: $extcode"
@ -1321,7 +1342,7 @@ then
BINLOG_FILENAME=$(basename "$WSREP_SST_OPT_BINLOG") BINLOG_FILENAME=$(basename "$WSREP_SST_OPT_BINLOG")
# To avoid comparing data directory and BINLOG_DIRNAME # To avoid comparing data directory and BINLOG_DIRNAME
mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || true mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || :
cd "$BINLOG_DIRNAME" cd "$BINLOG_DIRNAME"
for bfile in $(ls -1 "$BINLOG_FILENAME".[0-9]*); do for bfile in $(ls -1 "$BINLOG_FILENAME".[0-9]*); do
@ -1336,7 +1357,8 @@ then
timeit "mariabackup prepare stage" "$INNOAPPLY" timeit "mariabackup prepare stage" "$INNOAPPLY"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
wsrep_log_error "mariabackup apply finished with errors. Check syslog or '$INNOAPPLYLOG' for details" wsrep_log_error "mariabackup apply finished with errors." \
"Check syslog or '$INNOAPPLYLOG' for details."
exit 22 exit 22
fi fi

7
scripts/wsrep_sst_mysqldump.sh
View File

@ -19,7 +19,6 @@
# This is a reference script for mysqldump-based state snapshot tansfer # This is a reference script for mysqldump-based state snapshot tansfer
. $(dirname "$0")/wsrep_sst_common . $(dirname "$0")/wsrep_sst_common
PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
EINVAL=22 EINVAL=22
@ -93,8 +92,7 @@ DROP PREPARE stmt;"
SET_START_POSITION="SET GLOBAL wsrep_start_position='$WSREP_SST_OPT_GTID';" SET_START_POSITION="SET GLOBAL wsrep_start_position='$WSREP_SST_OPT_GTID';"
SET_WSREP_GTID_DOMAIN_ID="" SET_WSREP_GTID_DOMAIN_ID=""
if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ] if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ]; then
then
SET_WSREP_GTID_DOMAIN_ID=" SET_WSREP_GTID_DOMAIN_ID="
SET @val = (SELECT GLOBAL_VALUE FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES WHERE VARIABLE_NAME = 'WSREP_GTID_STRICT_MODE' AND GLOBAL_VALUE > 0); SET @val = (SELECT GLOBAL_VALUE FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES WHERE VARIABLE_NAME = 'WSREP_GTID_STRICT_MODE' AND GLOBAL_VALUE > 0);
SET @stmt = IF (@val IS NOT NULL, 'SET GLOBAL WSREP_GTID_DOMAIN_ID=$WSREP_SST_OPT_GTID_DOMAIN_ID', 'SET @dummy = 0'); SET @stmt = IF (@val IS NOT NULL, 'SET GLOBAL WSREP_GTID_DOMAIN_ID=$WSREP_SST_OPT_GTID_DOMAIN_ID', 'SET @dummy = 0');
@ -125,8 +123,7 @@ SET_GTID_BINLOG_STATE=""
SQL_LOG_BIN_OFF="" SQL_LOG_BIN_OFF=""
# Safety check # Safety check
if [ ${SERVER_VERSION%%.*} -gt 5 ] if [ ${SERVER_VERSION%%.*} -gt 5 ]; then
then
# If binary logging is enabled on the joiner node, we need to copy donor's # If binary logging is enabled on the joiner node, we need to copy donor's
# gtid_binlog_state to joiner. In order to do that, a RESET MASTER must be # gtid_binlog_state to joiner. In order to do that, a RESET MASTER must be
# executed to erase binary logs (if any). Binary logging should also be # executed to erase binary logs (if any). Binary logging should also be

103
scripts/wsrep_sst_rsync.sh
View File

@ -25,9 +25,6 @@ STUNNEL_REAL_PID=0 # stunnel process id
OS="$(uname)" OS="$(uname)"
[ "$OS" = 'Darwin' ] && export -n LD_LIBRARY_PATH [ "$OS" = 'Darwin' ] && export -n LD_LIBRARY_PATH
# Setting the path for lsof on CentOS
export PATH="/usr/sbin:/sbin:$PATH"
. $(dirname "$0")/wsrep_sst_common . $(dirname "$0")/wsrep_sst_common
wsrep_check_datadir wsrep_check_datadir
@ -37,7 +34,8 @@ cleanup_joiner()
{ {
local failure=0 local failure=0
wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID, stunnel PID=$STUNNEL_REAL_PID" wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID," \
"stunnel PID=$STUNNEL_REAL_PID"
if [ -n "$STUNNEL" ]; then if [ -n "$STUNNEL" ]; then
if cleanup_pid $STUNNEL_REAL_PID "$STUNNEL_PID" "$STUNNEL_CONF"; then if cleanup_pid $STUNNEL_REAL_PID "$STUNNEL_PID" "$STUNNEL_CONF"; then
@ -223,6 +221,7 @@ FILTER="-f '- /lost+found'
SSTKEY=$(parse_cnf 'sst' 'tkey') SSTKEY=$(parse_cnf 'sst' 'tkey')
SSTCERT=$(parse_cnf 'sst' 'tcert') SSTCERT=$(parse_cnf 'sst' 'tcert')
SSTCA=$(parse_cnf 'sst' 'tca') SSTCA=$(parse_cnf 'sst' 'tca')
SSTCAP=$(parse_cnf 'sst' 'tcapath')
SST_SECTIONS="--mysqld|sst" SST_SECTIONS="--mysqld|sst"
@ -231,28 +230,34 @@ check_server_ssl_config()
SSTKEY=$(parse_cnf "$SST_SECTIONS" 'ssl-key') SSTKEY=$(parse_cnf "$SST_SECTIONS" 'ssl-key')
SSTCERT=$(parse_cnf "$SST_SECTIONS" 'ssl-cert') SSTCERT=$(parse_cnf "$SST_SECTIONS" 'ssl-cert')
SSTCA=$(parse_cnf "$SST_SECTIONS" 'ssl-ca') SSTCA=$(parse_cnf "$SST_SECTIONS" 'ssl-ca')
SSTCAP=$(parse_cnf "$SST_SECTIONS" 'ssl-capath')
} }
SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:]) SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:])
# no old-style SSL config in [sst], check for new one: # no old-style SSL config in [sst], check for new one:
if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" -a -z "$SSTCAP" ]; then
check_server_ssl_config check_server_ssl_config
fi fi
SSTPATH=0
if [ -n "$SSTCA" ]; then if [ -n "$SSTCA" ]; then
SSTCA=$(trim_string "$SSTCA") SSTCA=$(trim_string "$SSTCA")
if [ "${SSTCA%/}" != "$SSTCA" ]; then if [ "${SSTCA%/}" != "$SSTCA" ] || [ -d "$SSTCA" ]; then
SSTPATH=1 SSTCAP="$SSTCA"
SSTCA=""
fi fi
fi fi
if [ -n "$SSTCAP" ]; then
SSTCAP=$(trim_string "$SSTCAP")
fi
if [ -z "$SSLMODE" ]; then if [ -z "$SSLMODE" ]; then
# Implicit verification if CA is set and the SSL mode # Implicit verification if CA is set and the SSL mode
# is not specified by user: # is not specified by user:
if [ -n "$SSTCA" ]; then if [ -n "$SSTCA$SSTCAP" ]; then
if [ -n "$(command -v stunnel)" ]; then STUNNEL_BIN=$(commandex 'stunnel')
if [ -n "$STUNNEL_BIN" ]; then
SSLMODE='VERIFY_CA' SSLMODE='VERIFY_CA'
fi fi
# Require SSL by default if SSL key and cert are present: # Require SSL by default if SSL key and cert are present:
@ -265,17 +270,18 @@ if [ -n "$SSTCERT" -a -n "$SSTKEY" ]; then
verify_cert_matches_key "$SSTCERT" "$SSTKEY" verify_cert_matches_key "$SSTCERT" "$SSTKEY"
fi fi
CAFILE_OPT=""
CAPATH_OPT=""
if [ -n "$SSTCA$SSTCAP" ]; then
if [ -n "$SSTCA" ]; then if [ -n "$SSTCA" ]; then
if [ $SSTPATH -eq 0 ]; then
CAFILE_OPT="CAfile = $SSTCA" CAFILE_OPT="CAfile = $SSTCA"
else fi
CAFILE_OPT="CApath = $SSTCA" if [ -n "$SSTCAP" ]; then
CAPATH_OPT="CApath = $SSTCAP"
fi fi
if [ -n "$SSTCERT" ]; then if [ -n "$SSTCERT" ]; then
verify_ca_matches_cert "$SSTCA" "$SSTCERT" $SSTPATH verify_ca_matches_cert "$SSTCERT" "$SSTCA" "$SSTCAP"
fi fi
else
CAFILE_OPT=""
fi fi
VERIFY_OPT="" VERIFY_OPT=""
@ -295,7 +301,7 @@ then
exit 22 # EINVAL exit 22 # EINVAL
;; ;;
esac esac
if [ -z "$SSTCA" ]; then if [ -z "$SSTCA$SSTCAP" ]; then
wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path" wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path"
exit 22 # EINVAL exit 22 # EINVAL
fi fi
@ -318,9 +324,12 @@ fi
STUNNEL="" STUNNEL=""
if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then
STUNNEL_BIN="$(command -v stunnel)" if [ -z "${STUNNEL_BIN+x}" ]; then
STUNNEL_BIN=$(commandex 'stunnel')
fi
if [ -n "$STUNNEL_BIN" ]; then if [ -n "$STUNNEL_BIN" ]; then
wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA', ssl-mode='$SSLMODE'" wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA'," \
"CAPATH='$SSTCAP', ssl-mode='$SSLMODE'"
STUNNEL="$STUNNEL_BIN $STUNNEL_CONF" STUNNEL="$STUNNEL_BIN $STUNNEL_CONF"
fi fi
fi fi
@ -340,6 +349,7 @@ then
key = $SSTKEY key = $SSTKEY
cert = $SSTCERT cert = $SSTCERT
${CAFILE_OPT} ${CAFILE_OPT}
${CAPATH_OPT}
foreground = yes foreground = yes
pid = $STUNNEL_PID pid = $STUNNEL_PID
debug = warning debug = warning
@ -392,8 +402,8 @@ EOF
# Prepare binlog files # Prepare binlog files
cd "$BINLOG_DIRNAME" cd "$BINLOG_DIRNAME"
binlog_files_full=$(tail -n $BINLOG_N_FILES "$WSREP_SST_OPT_BINLOG_INDEX") binlog_files_full=$(tail -n $BINLOG_N_FILES \
"$WSREP_SST_OPT_BINLOG_INDEX")
binlog_files="" binlog_files=""
for ii in $binlog_files_full for ii in $binlog_files_full
do do
@ -417,9 +427,10 @@ EOF
WHOLE_FILE_OPT="--whole-file" WHOLE_FILE_OPT="--whole-file"
fi fi
# first, the normal directories, so that we can detect incompatible protocol # first, the normal directories, so that we can detect
# incompatible protocol:
RC=0 RC=0
eval rsync ${STUNNEL:+"'--rsh=$STUNNEL'"} \ eval rsync ${STUNNEL:+"--rsh='$STUNNEL'"} \
--owner --group --perms --links --specials \ --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \ --ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT $FILTER "'$WSREP_SST_OPT_DATA/'" \ $WHOLE_FILE_OPT $FILTER "'$WSREP_SST_OPT_DATA/'" \
@ -430,8 +441,9 @@ EOF
case $RC in case $RC in
12) RC=71 # EPROTO 12) RC=71 # EPROTO
wsrep_log_error \ wsrep_log_error \
"rsync server on the other end has incompatible protocol. " \ "rsync server on the other end has incompatible" \
"Make sure you have the same version of rsync on all nodes." "protocol. Make sure you have the same version of" \
"rsync on all nodes."
;; ;;
22) RC=12 # ENOMEM 22) RC=12 # ENOMEM
;; ;;
@ -481,9 +493,9 @@ EOF
find . -maxdepth 1 -mindepth 1 -type d -not -name 'lost+found' \ find . -maxdepth 1 -mindepth 1 -type d -not -name 'lost+found' \
-not -name '.zfs' -print0 | xargs -I{} -0 -P $backup_threads \ -not -name '.zfs' -print0 | xargs -I{} -0 -P $backup_threads \
rsync ${STUNNEL:+--rsh="$STUNNEL"} \ rsync ${STUNNEL:+--rsh="$STUNNEL"} \
--owner --group --perms --links --specials \ --owner --group --perms --links --specials --ignore-times \
--ignore-times --inplace --recursive --delete --quiet \ --inplace --recursive --delete --quiet $WHOLE_FILE_OPT \
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \ --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \
--exclude '*/aria_log_control' "$WSREP_SST_OPT_DATA/{}/" \ --exclude '*/aria_log_control' "$WSREP_SST_OPT_DATA/{}/" \
"rsync://$WSREP_SST_OPT_ADDR/{}" >&2 || RC=$? "rsync://$WSREP_SST_OPT_ADDR/{}" >&2 || RC=$?
@ -514,7 +526,8 @@ EOF
fi fi
rsync ${STUNNEL:+--rsh="$STUNNEL"} \ rsync ${STUNNEL:+--rsh="$STUNNEL"} \
--archive --quiet --checksum "$MAGIC_FILE" "rsync://$WSREP_SST_OPT_ADDR" --archive --quiet --checksum "$MAGIC_FILE" \
"rsync://$WSREP_SST_OPT_ADDR"
echo "done $STATE" echo "done $STATE"
@ -546,7 +559,8 @@ then
check_round=0 check_round=0
while check_pid "$STUNNEL_PID" 1 while check_pid "$STUNNEL_PID" 1
do do
wsrep_log_info "lingering stunnel daemon found at startup, waiting for it to exit" wsrep_log_info "Lingering stunnel daemon found at startup," \
"waiting for it to exit"
check_round=$(( check_round + 1 )) check_round=$(( check_round + 1 ))
if [ $check_round -eq 10 ]; then if [ $check_round -eq 10 ]; then
wsrep_log_error "stunnel daemon already running." wsrep_log_error "stunnel daemon already running."
@ -563,7 +577,8 @@ then
check_round=0 check_round=0
while check_pid "$RSYNC_PID" 1 while check_pid "$RSYNC_PID" 1
do do
wsrep_log_info "lingering rsync daemon found at startup, waiting for it to exit" wsrep_log_info "Lingering rsync daemon found at startup," \
"waiting for it to exit"
check_round=$(( check_round + 1 )) check_round=$(( check_round + 1 ))
if [ $check_round -eq 10 ]; then if [ $check_round -eq 10 ]; then
wsrep_log_error "rsync daemon already running." wsrep_log_error "rsync daemon already running."
@ -575,9 +590,7 @@ then
[ -f "$MAGIC_FILE" ] && rm -f "$MAGIC_FILE" [ -f "$MAGIC_FILE" ] && rm -f "$MAGIC_FILE"
[ -f "$BINLOG_TAR_FILE" ] && rm -f "$BINLOG_TAR_FILE" [ -f "$BINLOG_TAR_FILE" ] && rm -f "$BINLOG_TAR_FILE"
if [ -z "$STUNNEL" ]; then [ -z "$STUNNEL" ] && [ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF"
[ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF"
fi
ADDR="$WSREP_SST_OPT_ADDR" ADDR="$WSREP_SST_OPT_ADDR"
RSYNC_PORT="$WSREP_SST_OPT_PORT" RSYNC_PORT="$WSREP_SST_OPT_PORT"
@ -628,19 +641,21 @@ EOF
echo $$ > "$SST_PID" echo $$ > "$SST_PID"
if [ -z "$STUNNEL" ] if [ -z "$STUNNEL" ]; then
then rsync --daemon --no-detach --port "$RSYNC_PORT" \
rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS & --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS &
RSYNC_REAL_PID=$! RSYNC_REAL_PID=$!
TRANSFER_REAL_PID=$RSYNC_REAL_PID TRANSFER_REAL_PID=$RSYNC_REAL_PID
TRANSFER_PID="$RSYNC_PID" TRANSFER_PID="$RSYNC_PID"
else else
# Let's check if the path to the config file contains a space? # Let's check if the path to the config file contains a space?
RSYNC_BIN=$(commandex 'rsync')
if [ "${RSYNC_CONF#* }" = "$RSYNC_CONF" ]; then if [ "${RSYNC_CONF#* }" = "$RSYNC_CONF" ]; then
cat << EOF > "$STUNNEL_CONF" cat << EOF > "$STUNNEL_CONF"
key = $SSTKEY key = $SSTKEY
cert = $SSTCERT cert = $SSTCERT
${CAFILE_OPT} ${CAFILE_OPT}
${CAPATH_OPT}
foreground = yes foreground = yes
pid = $STUNNEL_PID pid = $STUNNEL_PID
debug = warning debug = warning
@ -650,17 +665,18 @@ ${CHECK_OPT}
${CHECK_OPT_LOCAL} ${CHECK_OPT_LOCAL}
[rsync] [rsync]
accept = $STUNNEL_ACCEPT accept = $STUNNEL_ACCEPT
exec = $(command -v rsync) exec = $RSYNC_BIN
execargs = rsync --server --daemon --config=$RSYNC_CONF . execargs = rsync --server --daemon --config=$RSYNC_CONF .
EOF EOF
else else
# The path contains a space, so we will run it via # The path contains a space, so we will run it via
# shell with "eval" command: # shell with "eval" command:
export RSYNC_CMD="eval $(command -v rsync) --server --daemon --config='$RSYNC_CONF' ." export RSYNC_CMD="eval '$RSYNC_BIN' --server --daemon --config='$RSYNC_CONF' ."
cat << EOF > "$STUNNEL_CONF" cat << EOF > "$STUNNEL_CONF"
key = $SSTKEY key = $SSTKEY
cert = $SSTCERT cert = $SSTCERT
${CAFILE_OPT} ${CAFILE_OPT}
${CAPATH_OPT}
foreground = yes foreground = yes
pid = $STUNNEL_PID pid = $STUNNEL_PID
debug = warning debug = warning
@ -688,7 +704,8 @@ EOF
# find out my Common Name # find out my Common Name
get_openssl get_openssl
if [ -z "$OPENSSL_BINARY" ]; then if [ -z "$OPENSSL_BINARY" ]; then
wsrep_log_error 'openssl not found but it is required for authentication' wsrep_log_error \
'openssl not found but it is required for authentication'
exit 42 exit 42
fi fi
CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$SSTCERT" | \ CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$SSTCERT" | \
@ -703,7 +720,8 @@ EOF
ADDR="$WSREP_SST_OPT_HOST" ADDR="$WSREP_SST_OPT_HOST"
fi fi
until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT" until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID \
"$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT"
do do
sleep 0.2 sleep 0.2
done done
@ -768,7 +786,8 @@ EOF
if [ -r "$MAGIC_FILE" ]; then if [ -r "$MAGIC_FILE" ]; then
if [ -n "$MY_SECRET" ]; then if [ -n "$MY_SECRET" ]; then
# check donor supplied secret # check donor supplied secret
SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \
cut -d ' ' -f 2)
if [ "$SECRET" != "$MY_SECRET" ]; then if [ "$SECRET" != "$MY_SECRET" ]; then
wsrep_log_error "Donor does not know my secret!" wsrep_log_error "Donor does not know my secret!"
wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'"

17
vio/viosslfactories.c
View File

@ -232,6 +232,12 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
long ssl_ctx_options; long ssl_ctx_options;
DBUG_ENTER("new_VioSSLFd"); DBUG_ENTER("new_VioSSLFd");
if (ca_file && ! ca_file[0]) ca_file = NULL;
if (ca_path && ! ca_path[0]) ca_path = NULL;
if (crl_file && ! crl_file[0]) crl_file = NULL;
if (crl_path && ! crl_path[0]) crl_path = NULL;
DBUG_PRINT("enter", DBUG_PRINT("enter",
("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' "
"cipher: '%s' crl_file: '%s' crl_path: '%s'", "cipher: '%s' crl_file: '%s' crl_path: '%s'",
@ -379,6 +385,11 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file,
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER; int verify= SSL_VERIFY_PEER;
if (ca_file && ! ca_file[0]) ca_file = NULL;
if (ca_path && ! ca_path[0]) ca_path = NULL;
if (crl_file && ! crl_file[0]) crl_file = NULL;
if (crl_path && ! crl_path[0]) crl_path = NULL;
/* /*
Turn off verification of servers certificate if both Turn off verification of servers certificate if both
ca_file and ca_path is set to NULL ca_file and ca_path is set to NULL
@ -411,6 +422,12 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file,
{ {
struct st_VioSSLFd *ssl_fd; struct st_VioSSLFd *ssl_fd;
int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
if (ca_file && ! ca_file[0]) ca_file = NULL;
if (ca_path && ! ca_path[0]) ca_path = NULL;
if (crl_file && ! crl_file[0]) crl_file = NULL;
if (crl_path && ! crl_path[0]) crl_path = NULL;
if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file,
ca_path, cipher, FALSE, error, ca_path, cipher, FALSE, error,
crl_file, crl_path, tls_version))) crl_file, crl_path, tls_version)))