diff options
| author | benrubson <ben.rubson@gmail.com> | 2018-02-12 22:08:57 +0100 |
|---|---|---|
| committer | Vasil Dimov <vasil.dimov@galeracluster.com> | 2018-08-24 13:35:44 +0200 |
| commit | 4c652fc62e76481b2b608fb35545f6ca1d5987fa (patch) | |
| tree | 4eb2ce3b17d03ba2ba196b3b8894a84de1baf9ba /scripts/wsrep_sst_rsync.sh | |
| parent | 1b4c5b7327e84f9c9dd86d72b5ae706d9e82d9b0 (diff) | |
| download | mariadb-git-4c652fc62e76481b2b608fb35545f6ca1d5987fa.tar.gz | |
Use stunnel during rsync SST if available
(cherry picked from commit 1adc382c2fb4300059d130521a24a1dab141531e)
Diffstat (limited to 'scripts/wsrep_sst_rsync.sh')
| -rw-r--r-- | scripts/wsrep_sst_rsync.sh | 74 |
1 files changed, 64 insertions, 10 deletions
diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh index 88b1352db2e..44625a549e3 100644 --- a/scripts/wsrep_sst_rsync.sh +++ b/scripts/wsrep_sst_rsync.sh @@ -41,6 +41,8 @@ cleanup_joiner() kill -9 $RSYNC_REAL_PID >/dev/null 2>&1 || \ : rm -rf "$RSYNC_CONF" + rm -f "$STUNNEL_CONF" + rm -f "$STUNNEL_PID" rm -rf "$MAGIC_FILE" rm -rf "$RSYNC_PID" wsrep_log_info "Joiner cleanup done." @@ -68,7 +70,7 @@ check_pid_and_port() local port_info="$(sockstat -46lp ${rsync_port} 2>/dev/null | \ grep ":${rsync_port}")" local is_rsync="$(echo $port_info | \ - grep '[[:space:]]\+rsync[[:space:]]\+'"$rsync_pid" 2>/dev/null)" + grep -E '[[:space:]]+(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null)" ;; *) if ! which lsof > /dev/null; then @@ -79,7 +81,7 @@ check_pid_and_port() local port_info="$(lsof -i :$rsync_port -Pn 2>/dev/null | \ grep "(LISTEN)")" local is_rsync="$(echo $port_info | \ - grep -w '^rsync[[:space:]]\+'"$rsync_pid" 2>/dev/null)" + grep -E '^(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null)" ;; esac @@ -119,6 +121,12 @@ is_local_ip() $get_addr_bin | grep "$address" > /dev/null } +STUNNEL_CONF="$WSREP_SST_OPT_DATA/stunnel.conf" +rm -f "$STUNNEL_CONF" + +STUNNEL_PID="$WSREP_SST_OPT_DATA/stunnel.pid" +rm -f "$STUNNEL_PID" + MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_sst_complete" rm -rf "$MAGIC_FILE" @@ -156,9 +164,28 @@ fi FILTER="-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes' -f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*'" +SSTKEY=$(parse_cnf sst tkey "") +SSTCERT=$(parse_cnf sst tcert "") +STUNNEL="" +if [ -f "$SSTKEY" ] && [ -f "$SSTCERT" ] && wsrep_check_programs stunnel +then + STUNNEL="stunnel ${STUNNEL_CONF}" +fi + if [ "$WSREP_SST_OPT_ROLE" = "donor" ] then +cat << EOF > "$STUNNEL_CONF" +CApath = ${SSTCERT%/*} +foreground = yes +pid = $STUNNEL_PID +debug = warning +client = yes +connect = ${WSREP_SST_OPT_ADDR%/*} +TIMEOUTclose = 0 +verifyPeer = yes +EOF + if [ $WSREP_SST_OPT_BYPASS -eq 0 ] then @@ -220,7 +247,8 @@ then # first, the normal directories, so that we can detect incompatible protocol RC=0 - eval rsync --owner --group --perms --links --specials \ + eval rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT ${FILTER} "$WSREP_SST_OPT_DATA/" \ rsync://$WSREP_SST_OPT_ADDR >&2 || RC=$? @@ -243,7 +271,8 @@ then fi # second, we transfer InnoDB log files - rsync --owner --group --perms --links --specials \ + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \ rsync://$WSREP_SST_OPT_ADDR-log_dir >&2 || RC=$? @@ -263,7 +292,8 @@ then find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" \ -print0 | xargs -I{} -0 -P $count \ - rsync --owner --group --perms --links --specials \ + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --recursive --delete --quiet \ $WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \ rsync://$WSREP_SST_OPT_ADDR/{} >&2 || RC=$? @@ -286,7 +316,8 @@ then echo "continue" # now server can resume updating data echo "$STATE" > "$MAGIC_FILE" - rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR echo "done $STATE" @@ -347,14 +378,37 @@ EOF # If the IP is local listen only in it if is_local_ip "$RSYNC_ADDR" then - rsync --daemon --no-detach --address "$RSYNC_ADDR" --port "$RSYNC_PORT" --config "$RSYNC_CONF" & + RSYNC_EXTRA_ARGS="--address $RSYNC_ADDR" + STUNNEL_ACCEPT="$RSYNC_ADDR:$RSYNC_PORT" else - # Not local, possibly a NAT, listen in all interface - rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" & + # Not local, possibly a NAT, listen on all interfaces + RSYNC_EXTRA_ARGS="" + STUNNEL_ACCEPT="$RSYNC_PORT" # Overwrite address with all RSYNC_ADDR="*" fi - RSYNC_REAL_PID=$! + + if [ -z "$STUNNEL" ] + then + rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" ${RSYNC_EXTRA_ARGS} & + RSYNC_REAL_PID=$! + else + cat << EOF > "$STUNNEL_CONF" +key = $SSTKEY +cert = $SSTCERT +foreground = yes +pid = $STUNNEL_PID +debug = warning +client = no +[rsync] +accept = $STUNNEL_ACCEPT +exec = $(which rsync) +execargs = rsync --server --daemon --config=$RSYNC_CONF . +EOF + stunnel "$STUNNEL_CONF" & + RSYNC_REAL_PID=$! + RSYNC_PID=$STUNNEL_PID + fi until check_pid_and_port "$RSYNC_PID" "$RSYNC_REAL_PID" "$RSYNC_ADDR" "$RSYNC_PORT" do |