-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDEV-27181: Galera SST scripts should use ssl_capath for CA directory
1. Galera SST scripts should use ssl_capath (not ssl_ca) for CA directory. The current implementation tries to automatically detect the path using the trailing slash in the ssl_ca variable value, but this approach is not compatible with the server configuration. Now, by analogy with the server, SST scripts also use a separate ssl_capath variable. In addition, a similar tcapath variable has been added for the old-style configuration (in the "sst" section). 2. Openssl utility detection made more reliable. 3. Removed extra spaces in automatically generated command lines - to simplify debugging of the SST scripts. 4. In general, the code for detecting the presence or absence of auxiliary utilities has been improved - it is made more reliable in some configurations (and for shells other than bash).
- Loading branch information
Showing
19 changed files
with
1,172 additions
and
258 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
cacert.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
Certificate: | ||
Data: | ||
Version: 3 (0x2) | ||
Serial Number: | ||
d0:4d:23:85:ee:59:b3:fa | ||
Signature Algorithm: sha256WithRSAEncryption | ||
Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB | ||
Validity | ||
Not Before: Jan 27 10:11:10 2019 GMT | ||
Not After : Jan 22 10:11:10 2039 GMT | ||
Subject: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB | ||
Subject Public Key Info: | ||
Public Key Algorithm: rsaEncryption | ||
Public-Key: (2048 bit) | ||
Modulus: | ||
00:e8:0e:a7:84:d3:75:30:06:30:b2:10:b9:d1:88: | ||
36:2b:5e:f8:c8:44:57:cb:67:72:ab:96:95:33:d5: | ||
88:d1:8f:23:50:98:ba:6d:20:00:80:bd:35:d5:c1: | ||
bf:98:49:c4:0a:15:4a:34:a6:21:9b:2e:8c:15:09: | ||
f0:63:81:02:c2:7c:e2:53:e0:f7:a1:1a:40:5e:8f: | ||
41:4a:4c:56:d4:20:f1:d5:a7:c1:53:2e:ff:7e:37: | ||
17:cc:7e:74:bd:e2:22:33:ce:8c:77:62:a4:c5:3f: | ||
44:35:7b:7e:b9:f5:7d:8c:7a:27:58:fd:2c:42:86: | ||
2e:e7:6b:01:99:7b:fe:7d:a7:a1:4f:3e:39:39:54: | ||
1f:61:de:74:66:d1:77:4f:43:1b:66:70:29:85:de: | ||
fc:8f:8e:1b:7b:a2:66:48:26:7f:9b:a6:fd:4a:e4: | ||
dc:eb:ed:bd:f8:e3:f1:57:98:13:6f:f1:a3:2a:e3: | ||
73:bd:8d:7c:6f:4b:59:35:bc:b5:42:3e:99:a7:13: | ||
8d:be:2e:5c:9a:c6:5b:ab:ae:bf:00:e9:c8:ee:05: | ||
22:8e:d5:67:1a:47:9a:6d:9c:f9:42:3e:15:34:f8: | ||
31:ec:b4:7e:d3:92:95:b0:b8:f9:66:f3:bd:1d:31: | ||
2c:b1:90:62:a1:f8:4e:a6:5d:26:22:f0:e1:fe:16: | ||
2b:69 | ||
Exponent: 65537 (0x10001) | ||
X509v3 extensions: | ||
X509v3 Subject Key Identifier: | ||
CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 | ||
X509v3 Authority Key Identifier: | ||
keyid:CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 | ||
|
||
X509v3 Basic Constraints: | ||
CA:TRUE | ||
Signature Algorithm: sha256WithRSAEncryption | ||
df:fd:74:29:5b:5e:9a:8b:09:02:40:59:73:cb:71:47:3f:97: | ||
3d:a9:fd:c4:8c:01:29:c9:86:b8:71:55:ff:72:0e:50:dc:c8: | ||
b5:e6:91:41:52:47:21:30:cc:4d:e7:3b:4b:db:55:ea:7d:46: | ||
eb:53:e0:b7:1b:80:7c:b1:0c:d3:d1:bc:a0:73:ae:96:1f:fd: | ||
05:52:7e:54:d5:03:52:69:7b:34:5f:27:d7:98:da:98:76:73: | ||
e6:bb:50:59:2a:94:90:67:03:1c:a4:76:2f:ee:ef:59:60:09: | ||
48:33:03:2b:52:ed:83:42:f8:71:19:7f:d8:be:40:ed:20:01: | ||
90:3c:7e:1c:8b:d2:9f:f3:2f:09:1f:50:c8:10:e1:8a:d9:a5: | ||
49:9c:0b:74:17:b9:2b:68:f6:1e:73:c2:73:10:38:b3:35:e2: | ||
87:91:1b:a1:d1:9b:81:9d:1b:32:cc:03:6e:4c:82:95:81:11: | ||
42:56:e2:16:2b:22:65:db:40:2c:ca:dc:03:f4:d5:07:cf:f5: | ||
13:b2:cf:51:5b:24:cd:c7:d1:9b:42:8e:f9:df:5d:1e:5a:09: | ||
a3:4f:a9:0b:f4:21:c5:bb:ff:02:93:67:e8:2d:ee:ab:d9:59: | ||
76:03:2c:a1:bd:fb:dc:af:b6:82:94:71:85:53:a8:18:0d:3a: | ||
9e:42:eb:59 | ||
-----BEGIN CERTIFICATE----- | ||
MIIDfzCCAmegAwIBAgIJANBNI4XuWbP6MA0GCSqGSIb3DQEBCwUAMFYxDzANBgNV | ||
BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD | ||
VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xOTAxMjcxMDExMTBa | ||
Fw0zOTAxMjIxMDExMTBaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx | ||
ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH | ||
TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgOp4TTdTAG | ||
MLIQudGINite+MhEV8tncquWlTPViNGPI1CYum0gAIC9NdXBv5hJxAoVSjSmIZsu | ||
jBUJ8GOBAsJ84lPg96EaQF6PQUpMVtQg8dWnwVMu/343F8x+dL3iIjPOjHdipMU/ | ||
RDV7frn1fYx6J1j9LEKGLudrAZl7/n2noU8+OTlUH2HedGbRd09DG2ZwKYXe/I+O | ||
G3uiZkgmf5um/Urk3Ovtvfjj8VeYE2/xoyrjc72NfG9LWTW8tUI+macTjb4uXJrG | ||
W6uuvwDpyO4FIo7VZxpHmm2c+UI+FTT4Mey0ftOSlbC4+WbzvR0xLLGQYqH4TqZd | ||
JiLw4f4WK2kCAwEAAaNQME4wHQYDVR0OBBYEFMpxmYnwcqt1ZrtlagMEcqV7laaT | ||
MB8GA1UdIwQYMBaAFMpxmYnwcqt1ZrtlagMEcqV7laaTMAwGA1UdEwQFMAMBAf8w | ||
DQYJKoZIhvcNAQELBQADggEBAN/9dClbXpqLCQJAWXPLcUc/lz2p/cSMASnJhrhx | ||
Vf9yDlDcyLXmkUFSRyEwzE3nO0vbVep9RutT4LcbgHyxDNPRvKBzrpYf/QVSflTV | ||
A1JpezRfJ9eY2ph2c+a7UFkqlJBnAxykdi/u71lgCUgzAytS7YNC+HEZf9i+QO0g | ||
AZA8fhyL0p/zLwkfUMgQ4YrZpUmcC3QXuSto9h5zwnMQOLM14oeRG6HRm4GdGzLM | ||
A25MgpWBEUJW4hYrImXbQCzK3AP01QfP9ROyz1FbJM3H0ZtCjvnfXR5aCaNPqQv0 | ||
IcW7/wKTZ+gt7qvZWXYDLKG9+9yvtoKUcYVTqBgNOp5C61k= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
cacert.pem |
191 changes: 191 additions & 0 deletions
191
mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath,debug.rdiff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,191 @@ | ||
--- r/galera_sst_rsync_encrypt_with_server.result | ||
+++ r/galera_sst_rsync_encrypt_with_server,debug.reject | ||
@@ -519,4 +519,188 @@ | ||
1 | ||
DROP TABLE t1; | ||
COMMIT; | ||
+Performing State Transfer on a server that has been killed and restarted | ||
+while a DDL was in progress on it | ||
+connection node_1; | ||
+CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB; | ||
+SET AUTOCOMMIT=OFF; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 VALUES (1,'node1_committed_before'); | ||
+INSERT INTO t1 VALUES (2,'node1_committed_before'); | ||
+INSERT INTO t1 VALUES (3,'node1_committed_before'); | ||
+INSERT INTO t1 VALUES (4,'node1_committed_before'); | ||
+INSERT INTO t1 VALUES (5,'node1_committed_before'); | ||
+connection node_2; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 VALUES (6,'node2_committed_before'); | ||
+INSERT INTO t1 VALUES (7,'node2_committed_before'); | ||
+INSERT INTO t1 VALUES (8,'node2_committed_before'); | ||
+INSERT INTO t1 VALUES (9,'node2_committed_before'); | ||
+INSERT INTO t1 VALUES (10,'node2_committed_before'); | ||
+COMMIT; | ||
+SET GLOBAL debug_dbug = 'd,sync.alter_opened_table'; | ||
+connection node_1; | ||
+ALTER TABLE t1 ADD COLUMN f2 INTEGER; | ||
+connection node_2; | ||
+SET wsrep_sync_wait = 0; | ||
+Killing server ... | ||
+connection node_1; | ||
+SET AUTOCOMMIT=OFF; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during'); | ||
+INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during'); | ||
+INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during'); | ||
+INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during'); | ||
+INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during'); | ||
+COMMIT; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after'); | ||
+connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1; | ||
+SET AUTOCOMMIT=OFF; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after'); | ||
+connection node_2; | ||
+Performing --wsrep-recover ... | ||
+connection node_2; | ||
+Starting server ... | ||
+Using --wsrep-start-position when starting mysqld ... | ||
+SET AUTOCOMMIT=OFF; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after'); | ||
+COMMIT; | ||
+connection node_1; | ||
+INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after'); | ||
+COMMIT; | ||
+SET AUTOCOMMIT=OFF; | ||
+START TRANSACTION; | ||
+INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after'); | ||
+COMMIT; | ||
+connection node_1a_galera_st_kill_slave_ddl; | ||
+INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after'); | ||
+INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after'); | ||
+ROLLBACK; | ||
+SET AUTOCOMMIT=ON; | ||
+SET SESSION wsrep_sync_wait=15; | ||
+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; | ||
+EXPECT_3 | ||
+3 | ||
+SELECT COUNT(*) AS EXPECT_35 FROM t1; | ||
+EXPECT_35 | ||
+35 | ||
+SELECT * FROM t1; | ||
+id f1 f2 | ||
+1 node1_committed_before NULL | ||
+2 node1_committed_before NULL | ||
+3 node1_committed_before NULL | ||
+4 node1_committed_before NULL | ||
+5 node1_committed_before NULL | ||
+6 node2_committed_before NULL | ||
+7 node2_committed_before NULL | ||
+8 node2_committed_before NULL | ||
+9 node2_committed_before NULL | ||
+10 node2_committed_before NULL | ||
+11 node1_committed_during NULL | ||
+12 node1_committed_during NULL | ||
+13 node1_committed_during NULL | ||
+14 node1_committed_during NULL | ||
+15 node1_committed_during NULL | ||
+16 node1_to_be_committed_after NULL | ||
+17 node1_to_be_committed_after NULL | ||
+18 node1_to_be_committed_after NULL | ||
+19 node1_to_be_committed_after NULL | ||
+20 node1_to_be_committed_after NULL | ||
+26 node2_committed_after NULL | ||
+27 node2_committed_after NULL | ||
+28 node2_committed_after NULL | ||
+29 node2_committed_after NULL | ||
+30 node2_committed_after NULL | ||
+31 node1_to_be_committed_after NULL | ||
+32 node1_to_be_committed_after NULL | ||
+33 node1_to_be_committed_after NULL | ||
+34 node1_to_be_committed_after NULL | ||
+35 node1_to_be_committed_after NULL | ||
+36 node1_committed_after NULL | ||
+37 node1_committed_after NULL | ||
+38 node1_committed_after NULL | ||
+39 node1_committed_after NULL | ||
+40 node1_committed_after NULL | ||
+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; | ||
+COUNT(*) = 0 | ||
+1 | ||
+COMMIT; | ||
+connection node_1; | ||
+SET AUTOCOMMIT=ON; | ||
+SET SESSION wsrep_sync_wait=15; | ||
+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; | ||
+EXPECT_3 | ||
+3 | ||
+SELECT COUNT(*) AS EXPECT_35 FROM t1; | ||
+EXPECT_35 | ||
+35 | ||
+SELECT * FROM t1; | ||
+id f1 f2 | ||
+1 node1_committed_before NULL | ||
+2 node1_committed_before NULL | ||
+3 node1_committed_before NULL | ||
+4 node1_committed_before NULL | ||
+5 node1_committed_before NULL | ||
+6 node2_committed_before NULL | ||
+7 node2_committed_before NULL | ||
+8 node2_committed_before NULL | ||
+9 node2_committed_before NULL | ||
+10 node2_committed_before NULL | ||
+11 node1_committed_during NULL | ||
+12 node1_committed_during NULL | ||
+13 node1_committed_during NULL | ||
+14 node1_committed_during NULL | ||
+15 node1_committed_during NULL | ||
+16 node1_to_be_committed_after NULL | ||
+17 node1_to_be_committed_after NULL | ||
+18 node1_to_be_committed_after NULL | ||
+19 node1_to_be_committed_after NULL | ||
+20 node1_to_be_committed_after NULL | ||
+26 node2_committed_after NULL | ||
+27 node2_committed_after NULL | ||
+28 node2_committed_after NULL | ||
+29 node2_committed_after NULL | ||
+30 node2_committed_after NULL | ||
+31 node1_to_be_committed_after NULL | ||
+32 node1_to_be_committed_after NULL | ||
+33 node1_to_be_committed_after NULL | ||
+34 node1_to_be_committed_after NULL | ||
+35 node1_to_be_committed_after NULL | ||
+36 node1_committed_after NULL | ||
+37 node1_committed_after NULL | ||
+38 node1_committed_after NULL | ||
+39 node1_committed_after NULL | ||
+40 node1_committed_after NULL | ||
+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; | ||
+COUNT(*) = 0 | ||
+1 | ||
+DROP TABLE t1; | ||
+COMMIT; | ||
+SET GLOBAL debug_dbug = $debug_orig; | ||
include/assert_grep.inc [Using stunnel for SSL encryption] |
Oops, something went wrong.