MDEV-23580: WSREP_SST: [ERROR] rsync daemon port has been taken10.4-MDEV-23580

This commit contains a large set of further bug fixes and
improvements to SST scripts for Galera, continuing the work
that was started in MDEV-24962 to make SST scripts work smoothly
in different network configurations (especially using ipv6) and
with different environment settings:

 1) The ipv6 addresses were incorrectly handled in the SST script
    for rsync (incorrect address substitution for establishing a
    connection, incorrect address substitution for bind, and so on);
 2) Checking the locality of the ip-address in SST scripts did not
    support ipv6 addresses (such as "[::1]"), which were falsely
    identified as non-local ip, which further did not allow running
    two SSTs on different local addresses on the same machine.
    On the other hand, this bug masked some other errors (related
    to handling ipv6 addresses);
 3) The code for checking the locality of the ip address was different
    in the SST scripts for rsync and for mysqldump, with individual
    flaws. This code is now made common and moved to wsrep_sst_common;
 4) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) in the wait_for_listen() and check_pid_and_port() functions
    did not process ipv6 addresses correctly in all cases (not for all
    branches);
 5) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) in the wait_for_listen() and check_pid_and_port() functions
    for some code branches could give a false positive result due to
    the textual match of prefixes in the port number and/or PID of
    the process;
 6) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) was supported through different utilities in SST scripts
    for mariabackup and for rsync, and with various minor flaws in
    the code. Now the code is still different in these scripts, but
    it supports a common set of utilities (lsof, ss, sockstat) and
    is synchronized across patterns that used to check the output
    of  these utilities;
 7) In SST via mariabackup, the signal about readiness to receive data
    is sometimes sent too early - immediately after listen(), and not
    after accept() (which are called by socat or netcat utility).
 8) Checking availability of the some options of some utilities was
    done using the grep pattern, which easily gives false positives;
 9) Common name (CN) for local addresses, if not explicitly specified,
    is now always replaced to "localhost" to avoid the need to generate
    many separate certificates for local addresses of one machine and
    not to depend on which the local address is currently used in test
    (ipv4 or ipv6, etc.);
10) In tests galera_sst_mariabackup_encrypt_with_key_server and
    galera_sst_rsync_encrypt_with_key_server the correct certificate
    is selected to avoid commonname (CN) mismatch problems;
11) Further refactoring to protect against spaces in file names.
12) Further general refactoring to eliminate bash-specific constructs
    or to improve code readability;
13) The code for setting options for the nc (netcat) utility was
    different in different scripts for SST - now it is made identical.
14) Fixed long-time broken encryption via xbcrypt in combination with
    mariabackup and added support for key-based encryption via openssl
    utility, which is now enabled by default for encrypt=1 mode (this
    default mode can be changed using a new configuration file option
    "encypt-format=openssl|xbcrypt", which can be placed in the [mysqld],
    [sst] or in the [xtrabackup] section) - this change will allow us
    to use and to test the encypt=1 encryption without installing
    non-standard third-party utilities.

6 files changed, 32 insertions, 9 deletions

diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.cnf b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.cnf
new file mode 100644
index 00000000000..865c91f9a67
--- /dev/null
+++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.cnf
@@ -0,0 +1,13 @@
+!include ../galera_2nodes.cnf
+
+[mysqld]
+wsrep_sst_method=mariabackup
+wsrep_sst_auth="root:"
+wsrep_debug=1
+
+[sst]
+encrypt-format=openssl
+encrypt=1
+encrypt-algo=aes-256-ctr
+encrypt-key=4FA92C5873672E20FB163A0BCB2BB4A4
+transferfmt=@ENV.MTR_GALERA_TFMT
diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.test
new file mode 100644
index 00000000000..1a78aa22cb3
--- /dev/null
+++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.test
@@ -0,0 +1,12 @@
+#
+# This test checks that encryption with key using openssl with options
+# passed to mariabackup via the my.cnf file
+#
+--source include/galera_cluster.inc
+--source include/have_innodb.inc
+--source include/have_mariabackup.inc
+
+SELECT 1;
+
+--let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
+--source include/wait_condition.inc
diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf
index 12fca48e065..0dc79df5a80 100644
--- a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf
+++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf
@@ -3,11 +3,11 @@
 [mysqld]
 wsrep_sst_method=mariabackup
 wsrep_sst_auth="root:"
-wsrep_debug=ON
+wsrep_debug=1
 
-ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem
-ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem
+ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
+ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
 ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
 
 [sst]
-ssl-mode=VERIFY_CA
\ No newline at end of file
+ssl-mode=VERIFY_CA
diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test
index 19ebd0cf51e..5673dda30cb 100644
--- a/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test
+++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test
@@ -18,7 +18,7 @@ SELECT 1;
 
 # Confirm that transfer was SSL-encrypted
 --let $assert_text = Using openssl based encryption with socat
---let $assert_select = Using openssl based encryption with socat: with key and c
+--let $assert_select = Using openssl based encryption with socat: with key and crt
 --let $assert_count = 1
 --let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err
 --let $assert_only_after = CURRENT_TEST
diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf
index f131088f582..948b52d4bf7 100644
--- a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf
+++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf
@@ -12,4 +12,3 @@ wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore
 
 [mysqld.2]
 wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true'
-
diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf
index 8e31e69a590..8ed9348e789 100644
--- a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf
+++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf
@@ -2,8 +2,8 @@
 
 [mysqld]
 wsrep_sst_method=rsync
-ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem
-ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem
+ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
+ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
 ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
 
 [sst]
@@ -14,4 +14,3 @@ wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore
 
 [mysqld.2]
 wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true'
-