diff options
| author | Jan Lindström <jan.lindstrom@mariadb.com> | 2018-08-05 09:27:13 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-05 09:27:13 +0300 |
| commit | b9f0112248ee085199b2918f2c9d74ec7099a21e (patch) | |
| tree | 4f73fbdae9af75ab1e924270b2fdd26dc7f58dd5 /scripts | |
| parent | 50c426200224a4527e84052aa2ab32be893f43f4 (diff) | |
| parent | 1adc382c2fb4300059d130521a24a1dab141531e (diff) | |
| download | mariadb-git-b9f0112248ee085199b2918f2c9d74ec7099a21e.tar.gz | |
Merge pull request #609 from benrubson/stunnel
MDEV-15511 - Use stunnel during rsync SST if available
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/wsrep_sst_rsync.sh | 67 |
1 files changed, 60 insertions, 7 deletions
diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh index 81120b66d5a..8bff9fca942 100644 --- a/scripts/wsrep_sst_rsync.sh +++ b/scripts/wsrep_sst_rsync.sh @@ -41,6 +41,8 @@ cleanup_joiner() kill -9 $RSYNC_REAL_PID >/dev/null 2>&1 || \ : rm -rf "$RSYNC_CONF" + rm -f "$STUNNEL_CONF" + rm -f "$STUNNEL_PID" rm -rf "$MAGIC_FILE" rm -rf "$RSYNC_PID" wsrep_log_info "Joiner cleanup done." @@ -75,7 +77,7 @@ check_pid_and_port() local port_info=$(lsof -i :$rsync_port -Pn 2>/dev/null | \ grep "(LISTEN)") local is_rsync=$(echo $port_info | \ - grep -w '^rsync[[:space:]]\+'"$rsync_pid" 2>/dev/null) + grep -wE '^(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null) if [ -n "$port_info" -a -z "$is_rsync" ]; then wsrep_log_error "rsync daemon port '$rsync_port' has been taken" @@ -86,6 +88,12 @@ check_pid_and_port() [ $(cat $pid_file) -eq $rsync_pid ] } +STUNNEL_CONF="$WSREP_SST_OPT_DATA/stunnel.conf" +rm -f "$STUNNEL_CONF" + +STUNNEL_PID="$WSREP_SST_OPT_DATA/stunnel.pid" +rm -f "$STUNNEL_PID" + MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_sst_complete" rm -rf "$MAGIC_FILE" @@ -123,9 +131,28 @@ fi FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes' -f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*') +SSTKEY=$(parse_cnf sst tkey "") +SSTCERT=$(parse_cnf sst tcert "") +STUNNEL="" +if [ -f "$SSTKEY" ] && [ -f "$SSTCERT" ] && wsrep_check_programs stunnel +then + STUNNEL="stunnel ${STUNNEL_CONF}" +fi + if [ "$WSREP_SST_OPT_ROLE" = "donor" ] then +cat << EOF > "$STUNNEL_CONF" +CApath = ${SSTCERT%/*} +foreground = yes +pid = $STUNNEL_PID +debug = warning +client = yes +connect = ${WSREP_SST_OPT_ADDR%/*} +TIMEOUTclose = 0 +verifyPeer = yes +EOF + if [ $WSREP_SST_OPT_BYPASS -eq 0 ] then @@ -185,7 +212,8 @@ then # first, the normal directories, so that we can detect incompatible protocol RC=0 - rsync --owner --group --perms --links --specials \ + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \ rsync://$WSREP_SST_OPT_ADDR >&2 || RC=$? @@ -208,7 +236,8 @@ then fi # second, we transfer InnoDB log files - rsync --owner --group --perms --links --specials \ + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \ rsync://$WSREP_SST_OPT_ADDR-log_dir >&2 || RC=$? @@ -227,7 +256,8 @@ then find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" \ -print0 | xargs -I{} -0 -P $count \ - rsync --owner --group --perms --links --specials \ + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --owner --group --perms --links --specials \ --ignore-times --inplace --recursive --delete --quiet \ $WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \ rsync://$WSREP_SST_OPT_ADDR/{} >&2 || RC=$? @@ -250,7 +280,8 @@ then echo "continue" # now server can resume updating data echo "$STATE" > "$MAGIC_FILE" - rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR + rsync ${STUNNEL:+--rsh="$STUNNEL"} \ + --archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR echo "done $STATE" @@ -308,8 +339,30 @@ EOF # listen at all interfaces (for firewalled setups) readonly RSYNC_PORT=${WSREP_SST_OPT_PORT:-4444} - rsync --daemon --no-detach --port $RSYNC_PORT --config "$RSYNC_CONF" & - RSYNC_REAL_PID=$! + +cat << EOF > "$STUNNEL_CONF" +key = $SSTKEY +cert = $SSTCERT +foreground = yes +pid = $STUNNEL_PID +debug = warning +client = no +[rsync] +accept = $RSYNC_PORT +exec = $(which rsync) +execargs = rsync --server --daemon --config=$RSYNC_CONF . +EOF + + if [ -z "$STUNNEL" ] + then + # listen at all interfaces (for firewalled setups) + rsync --daemon --no-detach --port $RSYNC_PORT --config "$RSYNC_CONF" & + RSYNC_REAL_PID=$! + else + stunnel "$STUNNEL_CONF" & + RSYNC_REAL_PID=$! + RSYNC_PID=$STUNNEL_PID + fi until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT do |