1. 17 May, 2021 3 commits
    • Julius Goryavsky's avatar
      16898e7f
    • Julius Goryavsky's avatar
    • Julius Goryavsky's avatar
      MDEV-23580: WSREP_SST: [ERROR] rsync daemon port has been taken · 27ae7f2a
      Julius Goryavsky authored
      This commit contains a large set of further bug fixes and
      improvements to SST scripts for Galera, continuing the work
      that was started in MDEV-24962 to make SST scripts work smoothly
      in different network configurations (especially using ipv6) and
      with different environment settings:
      
       1) The ipv6 addresses were incorrectly handled in the SST script
          for rsync (incorrect address substitution for establishing a
          connection, incorrect address substitution for bind, and so on);
       2) Checking the locality of the ip-address in SST scripts did not
          support ipv6 addresses (such as "[::1]"), which were falsely
          identified as non-local ip, which further did not allow running
          two SSTs on different local addresses on the same machine.
          On the other hand, this bug masked some other errors (related
          to handling ipv6 addresses);
       3) The code for checking the locality of the ip address was different
          in the SST scripts for rsync and for mysqldump, with individual
          flaws. This code is now made common and moved to wsrep_sst_common;
       4) Waiting for the start of the transport channel (socat, nc, rsync,
          stunnel) in the wait_for_listen() and check_pid_and_port() functions
          did not process ipv6 addresses correctly in all cases (not for all
          branches);
       5) Waiting for the start of the transport channel (socat, nc, rsync,
          stunnel) in the wait_for_listen() and check_pid_and_port() functions
          for some code branches could give a false positive result due to
          the textual match of prefixes in the port number and/or PID of
          the process;
       6) Waiting for the start of the transport channel (socat, nc, rsync,
          stunnel) was supported through different utilities in SST scripts
          for mariabackup and for rsync, and with various minor flaws in
          the code. Now the code is still different in these scripts, but
          it supports a common set of utilities (lsof, ss, sockstat) and
          is synchronized across patterns that used to check the output
          of  these utilities;
       7) In SST via mariabackup, the signal about readiness to receive data
          is sometimes sent too early - immediately after listen(), and not
          after accept() (which are called by socat or netcat utility).
       8) Checking availability of the some options of some utilities was
          done using the grep pattern, which easily gives false positives;
       9) Common name (CN) for local addresses, if not explicitly specified,
          is now always replaced to "localhost" to avoid the need to generate
          many separate certificates for local addresses of one machine and
          not to depend on which the local address is currently used in test
          (ipv4 or ipv6, etc.);
      10) In tests galera_sst_mariabackup_encrypt_with_key_server and
          galera_sst_rsync_encrypt_with_key_server the correct certificate
          is selected to avoid commonname (CN) mismatch problems;
      11) Further refactoring to protect against spaces in file names.
      12) Further general refactoring to eliminate bash-specific constructs
          or to improve code readability;
      13) The code for setting options for the nc (netcat) utility was
          different in different scripts for SST - now it is made identical.
      14) Fixed long-time broken encryption via xbcrypt in combination with
          mariabackup and added support for key-based encryption via openssl
          utility, which is now enabled by default for encrypt=1 mode (this
          default mode can be changed using a new configuration file option
          "encypt-format=openssl|xbcrypt", which can be placed in the [mysqld],
          [sst] or in the [xtrabackup] section) - this change will allow us
          to use and to test the encypt=1 encryption without installing
          non-standard third-party utilities.
      27ae7f2a
  2. 10 May, 2021 3 commits
  3. 09 May, 2021 1 commit
  4. 08 May, 2021 5 commits
  5. 07 May, 2021 5 commits
  6. 06 May, 2021 1 commit
    • Alexey Yurchenko's avatar
      MDEV-25418: Improve mariabackup SST script compliance with native MariaDB SSL practices · 54d7ba96
      Alexey Yurchenko authored
      and configuration.
      
      1. Pass joiner's authentication information to donor together with address
         in State Transfer Request. This allows joiner to authenticate donor on
         connection. Previously joiner would accept data from anywhere.
      
      2. Deprecate custom SSL configuration variables tca, tcert and tkey in favor
         of more familiar ssl-ca, ssl-cert and ssl-key. For backward compatibility
         tca, tcert and tkey are still supported.
      
      3. Allow falling back to server-wide SSL configuration in [mysqld] if no SSL
         configuration is found in [sst] section of the config file.
      
      4. Introduce ssl-mode variable in [sst] section that takes standard values
         and has following effects:
          - old-style SSL configuration present in [sst]: no effect
            otherwise:
          - ssl-mode=DISABLED or absent: retains old, backward compatible behavior
            and ignores any other SSL configuration
          - ssl-mode=VERIFY*: verify joiner's certificate and CN on donor,
                              verify donor's secret on joiner
                              (passed to donor via State Transfer Request)
                              BACKWARD INCOMPATIBLE BEHAVIOR
          - anything else enables new SSL configuration convetions but does not
            require verification
      
          ssl-mode should be set to VERIFY only in a fully upgraded cluster.
      
          Examples:
      
          [mysqld]
          ssl-cert=/path/to/cert
          ssl-key=/path/to/key
          ssl-ca=/path/to/ca
      
          [sst]
      
           -- server-wide SSL configuration is ignored, SST does not use SSL
      
          [mysqld]
          ssl-cert=/path/to/cert
          ssl-key=/path/to/key
          ssl-ca=/path/to/ca
      
          [sst]
          ssl-mode=REQUIRED
      
           -- use server-wide SSL configuration for SST but don't attempt to
              verify the peer identity
      
          [sst]
          ssl-cert=/path/to/cert
          ssl-key=/path/to/key
          ssl-ca=/path/to/ca
          ssl-mode=VERIFY_CA
      
           -- use SST-specific SSL configuration for SST and require verification
              on both sides
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      54d7ba96
  7. 05 May, 2021 9 commits
  8. 04 May, 2021 5 commits
  9. 03 May, 2021 6 commits
    • Julius Goryavsky's avatar
      MDEV-24962: Galera SST innobackupex-move ignores Environment settings · 1ae7673a
      Julius Goryavsky authored
      After switching to the new mariabackup interface (instead of
      the outdated innobackupex interface, which is supported for
      compatibility), we need to explicitly pass a path to the datadir
      directory as a parameter, since in the new interface the value
      of this option is not automatically set in such a way that it
      always matches the SST/IST logic. This commit adds passing this
      option as an explicit parameter to mariabackup. This commit also
      removed unnecessary options that are not used and not supported
      by mariabackup.
      
      Also, numerous flaws in the common wsrep_sst_common script have
      been fixed:
      
       1) There are many bash-specific constructs in the script that
          may not be supported by other interpreters, which can lead
          to the most unexpected errors during SST, because failures
          in the interpretation of bash-specific constructs lead to
          incorrect parsing of arguments;
       2) There is parse_cnf() function which is often called by other
          scripts for the "mysqld" or "--mysqld" group, but it does not
          take into account the default group suffix, which leads to
          reading values only from the default group, which then leads
          to errors due to reading the default values instead of the
          values for a specific group;
       3) Some options such as --user, --innodb-data-home-dir or --datadir
          are not removed from the --mysqld-args list, although they are
          processed inside scripts (and passing of these options funther
          may cause problems for mariabackup);
       4) If an argument that the script understands is present in
          the --mysqld-args list twice, then this causes SST to fail,
          instead of reading the most recent value;
       5) The "--host" parameter is technically still supported among
          the arguments of the SST scripts, but in reality scripts do not
          work with it as expected, especially if it has an IPv6 address;
       6) If the port number is absent in the --address parameter value,
          but the port number is explicitly passed through the --port
          argument, then the scripts for mariabackup and xtrabackup-v2
          fail;
       7) If a new address interface is used (with the --address parameter),
          then automatic default port substitution is not performed, although
          it is supported for the legacy --host/--port interface.
       8) If there are spaces in the parameter values after --mysqld_args,
          then their further transfer does not occur correctly, which
          causes mariabackup to fail during SST - the space splits
          the argument in such a way that it breaks the parsing of the
          following parameters;
       9) If most of the parameters that are names or paths to the files
          or directories contain spaces, then SST scripts fail in an
          unpredictable way due to incorrect variable substitutions;
      10) If the --log-bin option is passed among the arguments of myqlds
          (--mysqld-args) without a parameter, and the --binlog option
          is not specified, then the script cannot substitute the default
          name for binlog and cannot construct binlog name using the
          --log-basename argument (which is against server specifications);
      11) Tail slashes are not removed from the directory names, which,
          upon further substitution, leads to the appearance of a double
          slash in the file paths;
      12) The explicit --binlog parameter (which is now always transmitted
          from the server side) and the "hidden" --log-bin parameter in the
          list of arguments after --mysqld-args are perceived as two different
          parameters in different parts of the scripts, and if they are do not
          match for some reason, this will lead to failures during SST;
      
      Also, all new changes from the 10.6 branch have been migrated here,
      including the latest pull requests for authentication (only the part
      that concerns SST scripts).
      
      It also fixes dozens of other bugs in all SST scripts.
      1ae7673a
    • Julius Goryavsky's avatar
      wsrep sst scripts: removing extra blank lines and spaces · e0324bf3
      Julius Goryavsky authored
      Removed numerous extra blank lines and spaces that interfere with
      reading and understanding program code, making it more difficult to
      find errors in scripts. I also removed all extra trailing spaces at
      the ends of lines, which lead to marking extra lines as changes
      (in subsequent changes). The amount of indentation in some parts
      of the code has also been normalized.
      e0324bf3
    • Nikita Malyavin's avatar
      Connect: remove Mongo dependencies · 72fa9dab
      Nikita Malyavin authored
      72fa9dab
    • Oleksandr Byelkin's avatar
      new CC · 098e4efd
      Oleksandr Byelkin authored
      098e4efd
    • Sergei Petrunia's avatar
      MDEV-10674: main.show_explain failed in buildbot · 562c8825
      Sergei Petrunia authored
      Fix a race condition in the testcase. The testcase assumed that
      State='Sending data' means that the thread is already in an
      InnoDB lock wait. This is not case, there is a gap between the
      state changing to Sending data and execution reaching the point
      where it is waiting for a lock.
      
      Use a more precise check instead, through I_S.INNODB_TRX.
      562c8825
    • Vladislav Vaintroub's avatar
  10. 30 Apr, 2021 2 commits
    • Sergei Petrunia's avatar
      MDEV-23723: Crash when test_if_skip_sort_order() is checked for derived ... · 2820f30d
      Sergei Petrunia authored
      The problem was caused by the following scenario:
      
      Subquery's table has two indexes, KEY a(a), KEY a_b(a,b)
      
      - LATERAL DERIVED optimization decides to use index a.
        = The subquery uses ref access over key a.
      - test_if_skip_sort_order() sees that KEY a_b satisfies the
        subquery's GROUP BY clause, and attempts to switch to it.
        = It fails to do so, because KEYUSE objects for index a_b
          are switched off.
      
      Fixed by disallowing to change the ref access key if it uses KEYUSE
      objects injected by LATERAL DERIVED optimization.
      2820f30d
    • Sujatha's avatar
      MDEV-16146: MariaDB slave stops with following errors. · abe6eb10
      Sujatha authored
      Problem:
      ========
      180511 11:07:58 [ERROR] Slave I/O: Unexpected master's heartbeat data:
      heartbeat is not compatible with local info;the event's data: log_file_name
      mysql-bin.000009 log_pos 1054262041, Error_code: 1623
      
      Analysis:
      =========
      In replication setup when master server doesn't have any events to send to
      slave server it sends an 'Heartbeat_log_event'. This event carries the
      current binary log filename and offset details. The offset values is stored
      within 4 bytes of event header. When the size of binary log is higher than
      UINT32_MAX the log_pos values will not fit in 4 bytes memory.  It overflows
      and hence slave stops with an error.
      
      Fix:
      ===
      Since we cannot extend the common_header of Log_event class, a greater than
      4GB value of Log_event::log_pos is made to be transported with a HeartBeat
      event's sub-header.  Log_event::log_pos in such case is set to zero to
      indicate that the 8 byte sub-header is allocated in the event.
      
      In case of cross version replication following behaviour is expected
      
      OLD - Server without fix
      NEW - Server with fix
      
      OLD<->NEW : works bidirectionally as long as the binlog offset is
                  (normally) within 4GB.
      
      When log_pos > UINT32_MAX
      OLD->NEW  : The 'log_pos' is bound to overflow and NEW slave may report
                  an invalid event/incompatible heart beat event error.
      NEW->OLD  : Since patched server sets log_pos=0 on overflow, OLD slave will
                  report invalid event error.
      abe6eb10