mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-25719: stunnel uses "verifyChain" without subject checks
Another batch of changes that should make the SST process
more reliable in all scenarios:
1) Added hostname or CN verification when stunnel is used
with certificate chain verification (verifyChain = yes);
2) Added check for the absence of the stunnel utility for
mtr tests;
3) Deletion of working files before and after SST is done
more accurately;
4) rsync on joiner can be run even if the path to its
configuration file contains spaces;
5) More accurate directory creation (for data files and
for logs);
6) IST with mysqldump no longer turns off statement logging;
7) Reset password for mysqldump when password is empty but
username is specified;
8) More reliable quoting when generating statements in
wsrep_sst_mysqldump;
9) Added explicit generation of 2048-bit Diffie-Hellman
parameters for sockat < 1.7.3, by analogy with xtrabackup;
10) Compression parameters for qpress are read from all
suitable server groups in configuration file, as well as
from the [sst] and [xtrabackup] groups;
11) Added a test that checks compression using qpress;
12) Checking for optional utilities is modified to work even
if they implemented as built-in shell commands (unlikely
on real systems, but more reliable).
This commit is contained in:
Julius Goryavsky
@ -45,7 +45,12 @@ then
|
||||
exit $EINVAL
|
||||
fi
|
||||
|
||||
[ -n "$WSREP_SST_OPT_USER" ] && AUTH="-u$WSREP_SST_OPT_USER" || AUTH=
|
||||
AUTH=""
|
||||
usrst=0
|
||||
if [ -n "$WSREP_SST_OPT_USER" ]; then
|
||||
AUTH="-u$WSREP_SST_OPT_USER"
|
||||
usrst=1
|
||||
fi
|
||||
|
||||
# Refs https://github.com/codership/mysql-wsrep/issues/141
|
||||
# Passing password in MYSQL_PWD environment variable is considered
|
||||
@ -56,9 +61,14 @@ fi
|
||||
# whereas (at least on Linux) unprivileged user can't see process environment
|
||||
# that he does not own. So while it may be not secure in the NSA sense of the
|
||||
# word, it is arguably more secure than passing password on the command line.
|
||||
[ -n "$WSREP_SST_OPT_PSWD" ] && export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
|
||||
if [ -n "$WSREP_SST_OPT_PSWD" ]; then
|
||||
export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
|
||||
elif [ $usrst -eq 1 ]; then
|
||||
# Empty password, used for testing, debugging etc.
|
||||
unset MYSQL_PWD
|
||||
fi
|
||||
|
||||
STOP_WSREP="SET wsrep_on=OFF;"
|
||||
STOP_WSREP='SET wsrep_on=OFF;'
|
||||
|
||||
# mysqldump cannot restore CSV tables, fix this issue
|
||||
CSV_TABLES_FIX="
|
||||
@ -68,13 +78,13 @@ USE mysql;
|
||||
|
||||
SET @cond = (SELECT (SUPPORT = 'YES' or SUPPORT = 'DEFAULT') FROM INFORMATION_SCHEMA.ENGINES WHERE ENGINE = 'csv');
|
||||
|
||||
SET @stmt = IF (@cond = '1', 'CREATE TABLE IF NOT EXISTS general_log ( event_time timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), user_host mediumtext NOT NULL, thread_id bigint(21) unsigned NOT NULL, server_id int(10) unsigned NOT NULL, command_type varchar(64) NOT NULL, argument mediumtext NOT NULL) ENGINE=CSV DEFAULT CHARSET=utf8 COMMENT=\"General log\"', 'SET @dummy = 0');
|
||||
SET @stmt = IF (@cond = '1', 'CREATE TABLE IF NOT EXISTS general_log ( event_time timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), user_host mediumtext NOT NULL, thread_id bigint(21) unsigned NOT NULL, server_id int(10) unsigned NOT NULL, command_type varchar(64) NOT NULL, argument mediumtext NOT NULL) ENGINE=CSV DEFAULT CHARSET=utf8mb3 COMMENT=\"General log\"', 'SET @dummy = 0');
|
||||
|
||||
PREPARE stmt FROM @stmt;
|
||||
EXECUTE stmt;
|
||||
DROP PREPARE stmt;
|
||||
|
||||
SET @stmt = IF (@cond = '1', 'CREATE TABLE IF NOT EXISTS slow_log ( start_time timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), user_host mediumtext NOT NULL, query_time time(6) NOT NULL, lock_time time(6) NOT NULL, rows_sent int(11) NOT NULL, rows_examined int(11) NOT NULL, db varchar(512) NOT NULL, last_insert_id int(11) NOT NULL, insert_id int(11) NOT NULL, server_id int(10) unsigned NOT NULL, sql_text mediumtext NOT NULL, thread_id bigint(21) unsigned NOT NULL) ENGINE=CSV DEFAULT CHARSET=utf8 COMMENT=\"Slow log\"', 'SET @dummy = 0');
|
||||
SET @stmt = IF (@cond = '1', 'CREATE TABLE IF NOT EXISTS slow_log ( start_time timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), user_host mediumtext NOT NULL, query_time time(6) NOT NULL, lock_time time(6) NOT NULL, rows_sent int(11) NOT NULL, rows_examined int(11) NOT NULL, db varchar(512) NOT NULL, last_insert_id int(11) NOT NULL, insert_id int(11) NOT NULL, server_id int(10) unsigned NOT NULL, sql_text mediumtext NOT NULL, thread_id bigint(21) unsigned NOT NULL) ENGINE=CSV DEFAULT CHARSET=utf8mb3 COMMENT=\"Slow log\"', 'SET @dummy = 0');
|
||||
|
||||
PREPARE stmt FROM @stmt;
|
||||
EXECUTE stmt;
|
||||
@ -99,15 +109,15 @@ MYSQL="$MYSQL_CLIENT $WSREP_SST_OPT_CONF "\
|
||||
|
||||
# Check if binary logging is enabled on the joiner node.
|
||||
# Note: SELECT cannot be used at this point.
|
||||
LOG_BIN=$(echo "set statement wsrep_sync_wait=0 for SHOW VARIABLES LIKE 'log_bin'" | $MYSQL |\
|
||||
LOG_BIN=$(echo "set statement wsrep_sync_wait=0 for SHOW VARIABLES LIKE 'log_bin'" | $MYSQL | \
|
||||
tail -1 | awk -F ' ' '{ print $2 }')
|
||||
|
||||
# Check the joiner node's server version.
|
||||
SERVER_VERSION=$(echo "set statement wsrep_sync_wait=0 for SHOW VARIABLES LIKE 'version'" | $MYSQL |\
|
||||
SERVER_VERSION=$(echo "set statement wsrep_sync_wait=0 for SHOW VARIABLES LIKE 'version'" | $MYSQL | \
|
||||
tail -1 | awk -F ' ' '{ print $2 }')
|
||||
|
||||
# Retrieve the donor's @@global.gtid_binlog_state.
|
||||
GTID_BINLOG_STATE=$(echo "SHOW GLOBAL VARIABLES LIKE 'gtid_binlog_state'" | $MYSQL |\
|
||||
GTID_BINLOG_STATE=$(echo "SHOW GLOBAL VARIABLES LIKE 'gtid_binlog_state'" | $MYSQL | \
|
||||
tail -1 | awk -F ' ' '{ print $2 }')
|
||||
|
||||
RESET_MASTER=""
|
||||
@ -115,7 +125,7 @@ SET_GTID_BINLOG_STATE=""
|
||||
SQL_LOG_BIN_OFF=""
|
||||
|
||||
# Safety check
|
||||
if [ "${SERVER_VERSION%%.*}" != '5' ]
|
||||
if [ ${SERVER_VERSION%%.*} -gt 5 ]
|
||||
then
|
||||
# If binary logging is enabled on the joiner node, we need to copy donor's
|
||||
# gtid_binlog_state to joiner. In order to do that, a RESET MASTER must be
|
||||
@ -135,29 +145,29 @@ MYSQLDUMP="$MYSQLDUMP $WSREP_SST_OPT_CONF $AUTH -S$WSREP_SST_OPT_SOCKET \
|
||||
--disable-keys --extended-insert --skip-lock-tables --quick --set-charset \
|
||||
--skip-comments --flush-privileges --all-databases --events"
|
||||
|
||||
# need to disable logging when loading the dump
|
||||
# reason is that dump contains ALTER TABLE for log tables, and
|
||||
# this causes an error if logging is enabled
|
||||
GENERAL_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@GENERAL_LOG"`
|
||||
SLOW_LOG_OPT=`$MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@SLOW_QUERY_LOG"`
|
||||
$MYSQL -e "$STOP_WSREP SET GLOBAL GENERAL_LOG=OFF"
|
||||
$MYSQL -e "$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
|
||||
|
||||
# commands to restore log settings
|
||||
RESTORE_GENERAL_LOG="SET GLOBAL GENERAL_LOG=$GENERAL_LOG_OPT;"
|
||||
RESTORE_SLOW_QUERY_LOG="SET GLOBAL SLOW_QUERY_LOG=$SLOW_LOG_OPT;"
|
||||
|
||||
if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
|
||||
then
|
||||
(echo $STOP_WSREP && echo $RESET_MASTER && \
|
||||
echo $SET_GTID_BINLOG_STATE && echo $SQL_LOG_BIN_OFF && \
|
||||
echo $STOP_WSREP && $MYSQLDUMP && echo $CSV_TABLES_FIX && \
|
||||
echo $RESTORE_GENERAL_LOG && echo $RESTORE_SLOW_QUERY_LOG && \
|
||||
echo $SET_START_POSITION && echo $SET_WSREP_GTID_DOMAIN_ID \
|
||||
# need to disable logging when loading the dump
|
||||
# reason is that dump contains ALTER TABLE for log tables, and
|
||||
# this causes an error if logging is enabled
|
||||
GENERAL_LOG_OPT=$($MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@GENERAL_LOG")
|
||||
SLOW_LOG_OPT=$($MYSQL --skip-column-names -e "$STOP_WSREP SELECT @@SLOW_QUERY_LOG")
|
||||
|
||||
LOG_OFF="SET GLOBAL GENERAL_LOG=OFF; SET GLOBAL SLOW_QUERY_LOG=OFF;"
|
||||
|
||||
# commands to restore log settings
|
||||
RESTORE_GENERAL_LOG="SET GLOBAL GENERAL_LOG=$GENERAL_LOG_OPT;"
|
||||
RESTORE_SLOW_QUERY_LOG="SET GLOBAL SLOW_QUERY_LOG=$SLOW_LOG_OPT;"
|
||||
|
||||
(echo "$STOP_WSREP" && echo "$LOG_OFF" && echo "$RESET_MASTER" && \
|
||||
echo "$SET_GTID_BINLOG_STATE" && echo "$SQL_LOG_BIN_OFF" && \
|
||||
echo "$STOP_WSREP" && $MYSQLDUMP && echo "$CSV_TABLES_FIX" && \
|
||||
echo "$RESTORE_GENERAL_LOG" && echo "$RESTORE_SLOW_QUERY_LOG" && \
|
||||
echo "$SET_START_POSITION" && echo "$SET_WSREP_GTID_DOMAIN_ID" \
|
||||
|| echo "SST failed to complete;") | $MYSQL
|
||||
else
|
||||
wsrep_log_info "Bypassing state dump."
|
||||
echo $SET_START_POSITION | $MYSQL
|
||||
echo "$SET_START_POSITION" | $MYSQL
|
||||
fi
|
||||
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user