MDEV-31809 addendum: corrections for SST scripts and for test failures

2ba1a8b8 · Julius Goryavsky · a1e5a284 · 2ba1a8b8 · 2ba1a8b8 · 2ba1a8b8
Commit 2ba1a8b8 authored Jun 11, 2024 by Julius Goryavsky
5 changed files
--- a/mysql-test/suite/galera/t/galera_defaults.cnf
+++ b/mysql-test/suite/galera/t/galera_defaults.cnf
 !include ../galera_2nodes.cnf

+[mysqld]
+wsrep_sst_auth="root:"
+
 [mysqld.1]
 wsrep_provider_options='base_port=@mysqld.1.#galera_port;gmcast.segment=1'


--- a/scripts/wsrep_sst_common.sh
+++ b/scripts/wsrep_sst_common.sh
@@ -152,7 +152,6 @@ WSREP_SST_OPT_DATA=""
 WSREP_SST_OPT_AUTH="${WSREP_SST_OPT_AUTH:-}"
 WSREP_SST_OPT_USER="${WSREP_SST_OPT_USER:-}"
 WSREP_SST_OPT_PSWD="${WSREP_SST_OPT_PSWD:-}"
-WSREP_SST_OPT_REMOTE_AUTH="${WSREP_SST_OPT_REMOTE_AUTH:-}"
 WSREP_SST_OPT_DEFAULT=""
 WSREP_SST_OPT_DEFAULTS=""
 WSREP_SST_OPT_EXTRA_DEFAULT=""
@@ -1008,11 +1007,6 @@ in_config()
    echo $found
 }

-wsrep_auth_not_set()
-{
-    [ -z "$WSREP_SST_OPT_AUTH" ]
-}
-
 # Get rid of incorrect values resulting from substitution
 # in programs external to the script:
 if [ "$WSREP_SST_OPT_USER" = '(null)' ]; then
@@ -1028,12 +1022,12 @@ fi
 # Let's read the value of the authentication string from the
 # configuration file so that it does not go to the command line
 # and does not appear in the ps output:
-if wsrep_auth_not_set; then
+if [ -z "$WSREP_SST_OPT_AUTH" ]; then
    WSREP_SST_OPT_AUTH=$(parse_cnf 'sst' 'wsrep-sst-auth')
 fi

 # Splitting WSREP_SST_OPT_AUTH as "user:password" pair:
-if ! wsrep_auth_not_set; then
+if [ -n "$WSREP_SST_OPT_AUTH" ]; then
    # Extract username as shortest prefix up to first ':' character:
    WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}"
    if [ -z "$WSREP_SST_OPT_USER" ]; then
@@ -1057,12 +1051,13 @@ if ! wsrep_auth_not_set; then
    fi
 fi

+WSREP_SST_OPT_REMOTE_AUTH="${WSREP_SST_OPT_REMOTE_AUTH:-}"
 WSREP_SST_OPT_REMOTE_USER=
 WSREP_SST_OPT_REMOTE_PSWD=
 if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ]; then
    # Split auth string at the last ':'
-    readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}"
-    readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}"
+    WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}"
+    WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}"
 fi

 # Reads incoming data from STDIN and sets the variables
@@ -1077,8 +1072,9 @@ fi
 read_variables_from_stdin()
 {
    while read line; do
-        key=${line%%=*}
-        value=${line#*=}
+        local key="${line%%=*}"
+        local value=""
+        [ "$key" != "$line" ] && value="${line#*=}"
        case "$key" in
            'sst_user')
                WSREP_SST_OPT_USER="$value"

--- a/scripts/wsrep_sst_mariabackup.sh
+++ b/scripts/wsrep_sst_mariabackup.sh
@@ -1098,15 +1098,13 @@ if [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then
        itmpdir="$(mktemp -d)"
        wsrep_log_info "Using '$itmpdir' as mariadb-abackup working directory"

-        usrst=0
        if [ -n "$WSREP_SST_OPT_USER" ]; then
           INNOEXTRA="$INNOEXTRA --user='$WSREP_SST_OPT_USER'"
-           usrst=1
        fi

        if [ -n "$WSREP_SST_OPT_PSWD" ]; then
            export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
-        elif [ $usrst -eq 1 ]; then
+        elif [ -n "$WSREP_SST_OPT_USER" ]; then
            # Empty password, used for testing, debugging etc.
            unset MYSQL_PWD
        fi

--- a/scripts/wsrep_sst_mysqldump.sh
+++ b/scripts/wsrep_sst_mysqldump.sh
@@ -47,10 +47,19 @@ if ! $MYSQL_CLIENT --version | grep -q -E '(Distrib 10\.[1-9])|( from 1[1-9]\.)'
 fi

 AUTH=""
-usrst=0
 if [ -n "$WSREP_SST_OPT_USER" ]; then
    AUTH="-u$WSREP_SST_OPT_USER"
-    usrst=1
+fi
+
+# Both donor and joiner must have the same wsrep_sst_auth
+# configuration and different (and thus automatically generated)
+# authentication credentials can't be used for this type of SST.
+# In this case the SST will fail if joiner does not provide
+# correct authentication.
+REMOTE_AUTH="$AUTH"
+if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
+   REMOTE_AUTH="-u$WSREP_SST_OPT_REMOTE_USER"
+   [ -z "$AUTH" ] && AUTH="$REMOTE_AUTH"
 fi

 # Refs https://github.com/codership/mysql-wsrep/issues/141
@@ -64,19 +73,16 @@ fi
 # word, it is arguably more secure than passing password on the command line.
 if [ -n "$WSREP_SST_OPT_REMOTE_PSWD" ]; then
    export MYSQL_PWD="$WSREP_SST_OPT_REMOTE_PSWD"
-elif [ $usrst -eq 1 ]; then
+elif [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
+    # Empty password, used for testing, debugging etc.
+    unset MYSQL_PWD
+elif [ -n "$WSREP_SST_OPT_PSWD" ]; then
+    export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+elif [ -n "$WSREP_SST_OPT_USER" ]; then
    # Empty password, used for testing, debugging etc.
    unset MYSQL_PWD
 fi

-# The above also means that both donor and joiner must have the same
-# wsrep_sst_auth configuration and and different (and thus automatically
-# generated) authentication credentials can't be used for this type of SST
-# In this case the SST will fail if joiner does not provide correct
-# authentication.
-[ -n "$WSREP_SST_OPT_REMOTE_USER" ] && REMOTE_AUTH="-u$WSREP_SST_OPT_REMOTE_USER" || REMOTE_AUTH=
-[ -n "$REMOTE_AUTH" ] && AUTH="$REMOTE_AUTH" || AUTH=
-
 STOP_WSREP='SET wsrep_on=OFF;'

 # mysqldump cannot restore CSV tables, fix this issue

--- a/sql/wsrep_sst.cc
+++ b/sql/wsrep_sst.cc
@@ -1576,7 +1576,9 @@ wsrep_sst_cleanup_user(THD* const thd)
  if ((err = mysql.errnum()) ||
      (err = mysql.disable_replication()) ||
      ((err = mysql.execute("DELETE FROM mysql.user WHERE user LIKE '" SST_USER_PREFIX "%';")) &&
-        err != ER_NO_SUCH_TABLE)) {
+        err != ER_NO_SUCH_TABLE &&
+        err != ER_UPDATE_WITHOUT_KEY_IN_SAFE_MODE))
+  {
    WSREP_WARN("Failed to clean up SST user(s): %d (%s)", err, mysql.errstr());
  }
 }