Merge branch '10.1' of https://github.com/MariaDB/server into sysprg/10.1-MDEV-10754

author: Julius Goryavsky <sysprg@gmail.com> 2018-08-08 15:47:57 +0200
committer: Julius Goryavsky <sysprg@gmail.com> 2018-08-08 15:47:57 +0200
commit: 6d5b71e02ac79f19f4e3d8a15e7a5d415b09cd29 (patch)
tree: a3c36494d2d9925dce06317673c67d251446298f /scripts/wsrep_sst_rsync.sh
parent: 46d5e1f2fddbb4589a8763508cea8589941a2b2f (diff)
parent: 757e3b88d26f8282df83f42ea3c451d2d2dac3cf (diff)
download: mariadb-git-6d5b71e02ac79f19f4e3d8a15e7a5d415b09cd29.tar.gz
1 files changed, 60 insertions, 7 deletions
diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh
index 3659a60832c..6d8d5d1168a 100644
--- a/scripts/wsrep_sst_rsync.sh
+++ b/scripts/wsrep_sst_rsync.sh
@@ -41,6 +41,8 @@ cleanup_joiner()
     kill -9 $RSYNC_REAL_PID >/dev/null 2>&1 || \
     :
     rm -rf "$RSYNC_CONF"
+    rm -f "$STUNNEL_CONF"
+    rm -f "$STUNNEL_PID"
     rm -rf "$MAGIC_FILE"
     rm -rf "$RSYNC_PID"
     wsrep_log_info "Joiner cleanup done."
@@ -75,7 +77,7 @@ check_pid_and_port()
     local port_info=$(lsof -i :$rsync_port -Pn 2>/dev/null | \
         grep "(LISTEN)")
     local is_rsync=$(echo $port_info | \
-        grep -w '^rsync[[:space:]]\+'"$rsync_pid" 2>/dev/null)
+        grep -wE '^(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null)
 
     if [ -n "$port_info" -a -z "$is_rsync" ]; then
         wsrep_log_error "rsync daemon port '$rsync_port' has been taken"
@@ -86,6 +88,12 @@ check_pid_and_port()
         [ $(cat $pid_file) -eq $rsync_pid ]
 }
 
+STUNNEL_CONF="$WSREP_SST_OPT_DATA/stunnel.conf"
+rm -f "$STUNNEL_CONF"
+
+STUNNEL_PID="$WSREP_SST_OPT_DATA/stunnel.pid"
+rm -f "$STUNNEL_PID"
+
 MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_sst_complete"
 rm -rf "$MAGIC_FILE"
 
@@ -130,9 +138,28 @@ FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes'
         -f '+ /wsrep_sst_binlog.tar' -f '+ $INNODB_DATA_HOME_DIR/ib_lru_dump'
         -f '+ $INNODB_DATA_HOME_DIR/ibdata*' -f '+ /*/' -f '- /*')
 
+SSTKEY=$(parse_cnf sst tkey "")
+SSTCERT=$(parse_cnf sst tcert "")
+STUNNEL=""
+if [ -f "$SSTKEY" ] && [ -f "$SSTCERT" ] && wsrep_check_programs stunnel
+then
+    STUNNEL="stunnel ${STUNNEL_CONF}"
+fi
+
 if [ "$WSREP_SST_OPT_ROLE" = "donor" ]
 then
 
+cat << EOF > "$STUNNEL_CONF"
+CApath = ${SSTCERT%/*}
+foreground = yes
+pid = $STUNNEL_PID
+debug = warning
+client = yes
+connect = ${WSREP_SST_OPT_ADDR%/*}
+TIMEOUTclose = 0
+verifyPeer = yes
+EOF
+
     if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
     then
 
@@ -192,7 +219,8 @@ then
 
         # first, the normal directories, so that we can detect incompatible protocol
         RC=0
-        rsync --owner --group --perms --links --specials \
+        rsync ${STUNNEL:+--rsh="$STUNNEL"} \
+              --owner --group --perms --links --specials \
               --ignore-times --inplace --dirs --delete --quiet \
               $WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \
               rsync://$WSREP_SST_OPT_ADDR >&2 || RC=$?
@@ -215,7 +243,8 @@ then
         fi
 
         # second, we transfer InnoDB log files
-        rsync --owner --group --perms --links --specials \
+        rsync ${STUNNEL:+--rsh="$STUNNEL"} \
+              --owner --group --perms --links --specials \
               --ignore-times --inplace --dirs --delete --quiet \
               $WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \
               rsync://$WSREP_SST_OPT_ADDR-log_dir >&2 || RC=$?
@@ -234,7 +263,8 @@ then
 
         find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" \
              -print0 | xargs -I{} -0 -P $count \
-             rsync --owner --group --perms --links --specials \
+             rsync ${STUNNEL:+--rsh="$STUNNEL"} \
+             --owner --group --perms --links --specials \
              --ignore-times --inplace --recursive --delete --quiet \
              $WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \
              rsync://$WSREP_SST_OPT_ADDR/{} >&2 || RC=$?
@@ -257,7 +287,8 @@ then
     echo "continue" # now server can resume updating data
 
     echo "$STATE" > "$MAGIC_FILE"
-    rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR
+    rsync ${STUNNEL:+--rsh="$STUNNEL"} \
+          --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR
 
     echo "done $STATE"
 
@@ -315,8 +346,30 @@ EOF
 
     # listen at all interfaces (for firewalled setups)
     readonly RSYNC_PORT=${WSREP_SST_OPT_PORT:-4444}
-    rsync --daemon --no-detach --port $RSYNC_PORT --config "$RSYNC_CONF" &
-    RSYNC_REAL_PID=$!
+
+cat << EOF > "$STUNNEL_CONF"
+key = $SSTKEY
+cert = $SSTCERT
+foreground = yes
+pid = $STUNNEL_PID
+debug = warning
+client = no
+[rsync]
+accept = $RSYNC_PORT
+exec = $(which rsync)
+execargs = rsync --server --daemon --config=$RSYNC_CONF .
+EOF
+
+    if [ -z "$STUNNEL" ]
+    then
+        # listen at all interfaces (for firewalled setups)
+        rsync --daemon --no-detach --port $RSYNC_PORT --config "$RSYNC_CONF" &
+        RSYNC_REAL_PID=$!
+    else
+        stunnel "$STUNNEL_CONF" &
+        RSYNC_REAL_PID=$!
+        RSYNC_PID=$STUNNEL_PID
+    fi
 
     until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT
     do
author	Julius Goryavsky <sysprg@gmail.com>	2018-08-08 15:47:57 +0200
committer	Julius Goryavsky <sysprg@gmail.com>	2018-08-08 15:47:57 +0200
commit	6d5b71e02ac79f19f4e3d8a15e7a5d415b09cd29 (patch)
tree	a3c36494d2d9925dce06317673c67d251446298f /scripts/wsrep_sst_rsync.sh
parent	46d5e1f2fddbb4589a8763508cea8589941a2b2f (diff)
parent	757e3b88d26f8282df83f42ea3c451d2d2dac3cf (diff)
download	mariadb-git-6d5b71e02ac79f19f4e3d8a15e7a5d415b09cd29.tar.gz