diff options
19 files changed, 859 insertions, 259 deletions
diff --git a/mysql-test/std_data/capath/3106f582.0 b/mysql-test/std_data/capath/3106f582.0 new file mode 120000 index 00000000000..1310cfcff20 --- /dev/null +++ b/mysql-test/std_data/capath/3106f582.0 @@ -0,0 +1 @@ +cacert.pem
\ No newline at end of file diff --git a/mysql-test/std_data/capath/cacert.pem b/mysql-test/std_data/capath/cacert.pem new file mode 100644 index 00000000000..23dda2318e1 --- /dev/null +++ b/mysql-test/std_data/capath/cacert.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d0:4d:23:85:ee:59:b3:fa + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB + Validity + Not Before: Jan 27 10:11:10 2019 GMT + Not After : Jan 22 10:11:10 2039 GMT + Subject: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e8:0e:a7:84:d3:75:30:06:30:b2:10:b9:d1:88: + 36:2b:5e:f8:c8:44:57:cb:67:72:ab:96:95:33:d5: + 88:d1:8f:23:50:98:ba:6d:20:00:80:bd:35:d5:c1: + bf:98:49:c4:0a:15:4a:34:a6:21:9b:2e:8c:15:09: + f0:63:81:02:c2:7c:e2:53:e0:f7:a1:1a:40:5e:8f: + 41:4a:4c:56:d4:20:f1:d5:a7:c1:53:2e:ff:7e:37: + 17:cc:7e:74:bd:e2:22:33:ce:8c:77:62:a4:c5:3f: + 44:35:7b:7e:b9:f5:7d:8c:7a:27:58:fd:2c:42:86: + 2e:e7:6b:01:99:7b:fe:7d:a7:a1:4f:3e:39:39:54: + 1f:61:de:74:66:d1:77:4f:43:1b:66:70:29:85:de: + fc:8f:8e:1b:7b:a2:66:48:26:7f:9b:a6:fd:4a:e4: + dc:eb:ed:bd:f8:e3:f1:57:98:13:6f:f1:a3:2a:e3: + 73:bd:8d:7c:6f:4b:59:35:bc:b5:42:3e:99:a7:13: + 8d:be:2e:5c:9a:c6:5b:ab:ae:bf:00:e9:c8:ee:05: + 22:8e:d5:67:1a:47:9a:6d:9c:f9:42:3e:15:34:f8: + 31:ec:b4:7e:d3:92:95:b0:b8:f9:66:f3:bd:1d:31: + 2c:b1:90:62:a1:f8:4e:a6:5d:26:22:f0:e1:fe:16: + 2b:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 + X509v3 Authority Key Identifier: + keyid:CA:71:99:89:F0:72:AB:75:66:BB:65:6A:03:04:72:A5:7B:95:A6:93 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + df:fd:74:29:5b:5e:9a:8b:09:02:40:59:73:cb:71:47:3f:97: + 3d:a9:fd:c4:8c:01:29:c9:86:b8:71:55:ff:72:0e:50:dc:c8: + b5:e6:91:41:52:47:21:30:cc:4d:e7:3b:4b:db:55:ea:7d:46: + eb:53:e0:b7:1b:80:7c:b1:0c:d3:d1:bc:a0:73:ae:96:1f:fd: + 05:52:7e:54:d5:03:52:69:7b:34:5f:27:d7:98:da:98:76:73: + e6:bb:50:59:2a:94:90:67:03:1c:a4:76:2f:ee:ef:59:60:09: + 48:33:03:2b:52:ed:83:42:f8:71:19:7f:d8:be:40:ed:20:01: + 90:3c:7e:1c:8b:d2:9f:f3:2f:09:1f:50:c8:10:e1:8a:d9:a5: + 49:9c:0b:74:17:b9:2b:68:f6:1e:73:c2:73:10:38:b3:35:e2: + 87:91:1b:a1:d1:9b:81:9d:1b:32:cc:03:6e:4c:82:95:81:11: + 42:56:e2:16:2b:22:65:db:40:2c:ca:dc:03:f4:d5:07:cf:f5: + 13:b2:cf:51:5b:24:cd:c7:d1:9b:42:8e:f9:df:5d:1e:5a:09: + a3:4f:a9:0b:f4:21:c5:bb:ff:02:93:67:e8:2d:ee:ab:d9:59: + 76:03:2c:a1:bd:fb:dc:af:b6:82:94:71:85:53:a8:18:0d:3a: + 9e:42:eb:59 +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJANBNI4XuWbP6MA0GCSqGSIb3DQEBCwUAMFYxDzANBgNV +BAMMBmNhY2VydDELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYD +VQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjAeFw0xOTAxMjcxMDExMTBa +Fw0zOTAxMjIxMDExMTBaMFYxDzANBgNVBAMMBmNhY2VydDELMAkGA1UEBhMCRkkx +ETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwH +TWFyaWFEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOgOp4TTdTAG +MLIQudGINite+MhEV8tncquWlTPViNGPI1CYum0gAIC9NdXBv5hJxAoVSjSmIZsu +jBUJ8GOBAsJ84lPg96EaQF6PQUpMVtQg8dWnwVMu/343F8x+dL3iIjPOjHdipMU/ +RDV7frn1fYx6J1j9LEKGLudrAZl7/n2noU8+OTlUH2HedGbRd09DG2ZwKYXe/I+O +G3uiZkgmf5um/Urk3Ovtvfjj8VeYE2/xoyrjc72NfG9LWTW8tUI+macTjb4uXJrG +W6uuvwDpyO4FIo7VZxpHmm2c+UI+FTT4Mey0ftOSlbC4+WbzvR0xLLGQYqH4TqZd +JiLw4f4WK2kCAwEAAaNQME4wHQYDVR0OBBYEFMpxmYnwcqt1ZrtlagMEcqV7laaT +MB8GA1UdIwQYMBaAFMpxmYnwcqt1ZrtlagMEcqV7laaTMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAN/9dClbXpqLCQJAWXPLcUc/lz2p/cSMASnJhrhx +Vf9yDlDcyLXmkUFSRyEwzE3nO0vbVep9RutT4LcbgHyxDNPRvKBzrpYf/QVSflTV +A1JpezRfJ9eY2ph2c+a7UFkqlJBnAxykdi/u71lgCUgzAytS7YNC+HEZf9i+QO0g +AZA8fhyL0p/zLwkfUMgQ4YrZpUmcC3QXuSto9h5zwnMQOLM14oeRG6HRm4GdGzLM +A25MgpWBEUJW4hYrImXbQCzK3AP01QfP9ROyz1FbJM3H0ZtCjvnfXR5aCaNPqQv0 +IcW7/wKTZ+gt7qvZWXYDLKG9+9yvtoKUcYVTqBgNOp5C61k= +-----END CERTIFICATE----- diff --git a/mysql-test/std_data/capath/ed1f42db.0 b/mysql-test/std_data/capath/ed1f42db.0 new file mode 120000 index 00000000000..1310cfcff20 --- /dev/null +++ b/mysql-test/std_data/capath/ed1f42db.0 @@ -0,0 +1 @@ +cacert.pem
\ No newline at end of file diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def index d92f3f7d6b8..955a2c82ebc 100644 --- a/mysql-test/suite/galera/disabled.def +++ b/mysql-test/suite/galera/disabled.def @@ -29,5 +29,4 @@ versioning_trx_id: MDEV-18590: galera.versioning_trx_id: Test failure: mysqltest galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons pxc-421: wsrep_provider is read-only for security reasons galera_sst_xtrabackup-v2: Test fails due to innodb issues -galera_sst_xtrabackup-v2_encrypt_with_key: Test fails due to innodb issues galera_sst_xtrabackup-v2_data_dir: Test fails due to innodb issues diff --git a/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath.result b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath.result new file mode 100644 index 00000000000..170ba62dd12 --- /dev/null +++ b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_capath.result @@ -0,0 +1,398 @@ +connection node_1; +connection node_2; +connection node_1; +Performing State Transfer on a server that has been shut down cleanly and restarted +connection node_1; +CREATE TABLE t1 (f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +COMMIT; +connection node_2; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +COMMIT; +Shutting down server ... +connection node_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +connect node_1a_galera_st_shutdown_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +connection node_2; +Starting server ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +COMMIT; +connection node_1a_galera_st_shutdown_slave; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +ROLLBACK; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +COMMIT; +SET AUTOCOMMIT=ON; +connection node_1; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +SET AUTOCOMMIT=ON; +Performing State Transfer on a server that starts from a clean var directory +This is accomplished by shutting down node #2 and removing its var directory before restarting it +connection node_1; +CREATE TABLE t1 (f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +COMMIT; +connection node_2; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +COMMIT; +Shutting down server ... +connection node_1; +Cleaning var directory ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +connect node_1a_galera_st_clean_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +connection node_2; +Starting server ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +COMMIT; +connection node_1a_galera_st_clean_slave; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +ROLLBACK; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +COMMIT; +SET AUTOCOMMIT=ON; +connection node_1; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +SET AUTOCOMMIT=ON; +Performing State Transfer on a server that has been killed and restarted +connection node_1; +CREATE TABLE t1 (f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +COMMIT; +connection node_2; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +COMMIT; +Killing server ... +connection node_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +INSERT INTO t1 VALUES ('node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +connect node_1a_galera_st_kill_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +connection node_2; +Performing --wsrep-recover ... +Starting server ... +Using --wsrep-start-position when starting mysqld ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +INSERT INTO t1 VALUES ('node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 VALUES ('node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +INSERT INTO t1 VALUES ('node1_committed_after'); +COMMIT; +connection node_1a_galera_st_kill_slave; +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES ('node1_to_be_rollbacked_after'); +ROLLBACK; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +COMMIT; +SET AUTOCOMMIT=ON; +connection node_1; +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +SET AUTOCOMMIT=ON; +Performing State Transfer on a server that has been killed and restarted +while a DDL was in progress on it +connection node_1; +CREATE TABLE t1 (f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +INSERT INTO t1 VALUES ('node1_committed_before'); +connection node_2; +START TRANSACTION; +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +INSERT INTO t1 VALUES ('node2_committed_before'); +COMMIT; +SET GLOBAL debug_dbug = 'd,sync.alter_opened_table'; +connection node_1; +ALTER TABLE t1 ADD COLUMN f2 INTEGER; +connection node_2; +SET wsrep_sync_wait = 0; +Killing server ... +connection node_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (f1) VALUES ('node1_committed_during'); +INSERT INTO t1 (f1) VALUES ('node1_committed_during'); +INSERT INTO t1 (f1) VALUES ('node1_committed_during'); +INSERT INTO t1 (f1) VALUES ('node1_committed_during'); +INSERT INTO t1 (f1) VALUES ('node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +connection node_2; +Performing --wsrep-recover ... +connection node_2; +Starting server ... +Using --wsrep-start-position when starting mysqld ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (f1) VALUES ('node2_committed_after'); +INSERT INTO t1 (f1) VALUES ('node2_committed_after'); +INSERT INTO t1 (f1) VALUES ('node2_committed_after'); +INSERT INTO t1 (f1) VALUES ('node2_committed_after'); +INSERT INTO t1 (f1) VALUES ('node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (f1) VALUES ('node1_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_committed_after'); +INSERT INTO t1 (f1) VALUES ('node1_committed_after'); +COMMIT; +connection node_1a_galera_st_kill_slave_ddl; +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +INSERT INTO t1 (f1) VALUES ('node1_to_be_rollbacked_after'); +ROLLBACK; +SELECT COUNT(*) = 2 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; +COUNT(*) = 2 +1 +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +COMMIT; +SET AUTOCOMMIT=ON; +connection node_1; +SELECT COUNT(*) = 2 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; +COUNT(*) = 2 +1 +SELECT COUNT(*) = 35 FROM t1; +COUNT(*) = 35 +1 +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +SET AUTOCOMMIT=ON; +SET GLOBAL debug_dbug = $debug_orig; +include/assert_grep.inc [Using stunnel for SSL encryption] diff --git a/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key.result b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key.result index 251c087412b..170ba62dd12 100644 --- a/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key.result +++ b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key.result @@ -1,7 +1,5 @@ connection node_1; connection node_2; -connection node_2; -CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); connection node_1; Performing State Transfer on a server that has been shut down cleanly and restarted connection node_1; diff --git a/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_server.result b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_server.result index 251c087412b..170ba62dd12 100644 --- a/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_server.result +++ b/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_server.result @@ -1,7 +1,5 @@ connection node_1; connection node_2; -connection node_2; -CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); connection node_1; Performing State Transfer on a server that has been shut down cleanly and restarted connection node_1; diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test index 953a1635559..7a3a6c825c4 100644 --- a/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test +++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test @@ -66,6 +66,7 @@ COMMIT; --source include/wait_condition.inc --echo Cleaning var directory ... +--remove_file $MYSQLTEST_VARDIR/mysqld.2/data/grastate.dat --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/mtr --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/performance_schema --remove_files_wildcard $MYSQLTEST_VARDIR/mysqld.2/data/test diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.cnf b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.cnf new file mode 100644 index 00000000000..3ab762df013 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.cnf @@ -0,0 +1,20 @@ +!include ../galera_2nodes.cnf + +[mysqld] +wsrep_sst_method=rsync +ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem +ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem +ssl-capath=@ENV.MYSQL_TEST_DIR/std_data/capath +# We need to turn off the default setting for the duration +# of the test (to test working with a directory instead of +# a file): +ssl-ca= + +[sst] +ssl-mode=VERIFY_CA + +[mysqld.1] +wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true' + +[mysqld.2] +wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true' diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.test b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.test new file mode 100644 index 00000000000..a2d92723ec4 --- /dev/null +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_capath.test @@ -0,0 +1,26 @@ +--source include/big_test.inc +--source include/galera_cluster.inc +--source include/have_debug.inc +--source include/have_stunnel.inc + +# Save original auto_increment_offset values. +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + +--connection node_1 +--source suite/galera/include/galera_st_shutdown_slave.inc +--source suite/galera/include/galera_st_clean_slave.inc + +--source suite/galera/include/galera_st_kill_slave.inc +--source suite/galera/include/galera_st_kill_slave_ddl.inc + +# Confirm that transfer was SSL-encrypted +--let $assert_text = Using stunnel for SSL encryption +--let $assert_select = Using stunnel for SSL encryption +--let $assert_count = 5 +--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let $assert_only_after = CURRENT_TEST +--source include/assert_grep.inc + +--source include/auto_increment_offset_restore.inc diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test index 838c473b9ce..a2d92723ec4 100644 --- a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test @@ -8,9 +8,6 @@ --let $node_2=node_2 --source include/auto_increment_offset_save.inc ---connection node_2 -CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); - --connection node_1 --source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_clean_slave.inc diff --git a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test index 838c473b9ce..a2d92723ec4 100644 --- a/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test +++ b/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test @@ -8,9 +8,6 @@ --let $node_2=node_2 --source include/auto_increment_offset_save.inc ---connection node_2 -CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory"); - --connection node_1 --source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_clean_slave.inc diff --git a/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup.test b/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup.test index dc3331d1be3..2bb2bb284e9 100644 --- a/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup.test +++ b/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup.test @@ -1,3 +1,4 @@ +--source include/big_test.inc --source include/galera_cluster.inc --source include/check_ipv6.inc --source include/have_innodb.inc diff --git a/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup_section.test b/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup_section.test index c88ff99790c..86607e61542 100644 --- a/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup_section.test +++ b/mysql-test/suite/galera_3nodes/t/galera_ipv6_mariabackup_section.test @@ -1,3 +1,4 @@ +--source include/big_test.inc --source include/galera_cluster.inc --source include/check_ipv6.inc --source include/have_innodb.inc diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh index dbd639595df..5c84aa7c17f 100644 --- a/scripts/wsrep_sst_common.sh +++ b/scripts/wsrep_sst_common.sh @@ -19,6 +19,9 @@ set -u +# Setting the path for some utilities on CentOS +export PATH="$PATH:/usr/sbin:/usr/bin:/sbin:/bin" + WSREP_SST_OPT_BYPASS=0 WSREP_SST_OPT_BINLOG="" WSREP_SST_OPT_BINLOG_INDEX="" @@ -384,10 +387,8 @@ case "$1" in skip_mysqld_arg=1 ;; '--innodb-force-recovery') - if [ -n "$value" ]; then - if [ "$value" -ne 0 ]; then - INNODB_FORCE_RECOVERY="$value" - fi + if [ -n "$value" -a "$value" != "0" ]; then + INNODB_FORCE_RECOVERY="$value" fi skip_mysqld_arg=1 ;; @@ -584,7 +585,8 @@ get_binlog() if [ -n "$WSREP_SST_OPT_ADDR_PORT" ]; then if [ -n "$WSREP_SST_OPT_PORT" ]; then if [ "$WSREP_SST_OPT_PORT" != "$WSREP_SST_OPT_ADDR_PORT" ]; then - echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT differs from port in --address=$WSREP_SST_OPT_ADDR" >&2 + echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT" \ + "differs from port in --address=$WSREP_SST_OPT_ADDR" >&2 exit 2 fi else @@ -616,8 +618,19 @@ fi readonly WSREP_SST_OPT_ADDR readonly WSREP_SST_OPT_ADDR_PORT -# try to use my_print_defaults, mysql and mysqldump that come with the sources -# (for MTR suite) +commandex() +{ + if [ -n "$BASH_VERSION" ]; then + command -v "$1" || : + elif [ -x "$1" ]; then + echo "$1" + else + which "$1" || : + fi +} + +# try to use my_print_defaults, mysql and mysqldump that come +# with the sources (for MTR suite): script_binary=$(dirname "$0") SCRIPTS_DIR=$(cd "$script_binary"; pwd -P) EXTRA_DIR="$SCRIPTS_DIR/../extra" @@ -626,13 +639,13 @@ CLIENT_DIR="$SCRIPTS_DIR/../client" if [ -x "$CLIENT_DIR/mysql" ]; then MYSQL_CLIENT="$CLIENT_DIR/mysql" else - MYSQL_CLIENT="$(command -v mysql)" + MYSQL_CLIENT=$(commandex 'mysql') fi if [ -x "$CLIENT_DIR/mysqldump" ]; then MYSQLDUMP="$CLIENT_DIR/mysqldump" else - MYSQLDUMP="$(command -v mysqldump)" + MYSQLDUMP=$(commandex 'mysqldump') fi wsrep_log() @@ -663,7 +676,7 @@ if [ -x "$SCRIPTS_DIR/my_print_defaults" ]; then elif [ -x "$EXTRA_DIR/my_print_defaults" ]; then MY_PRINT_DEFAULTS="$EXTRA_DIR/my_print_defaults" else - MY_PRINT_DEFAULTS="$(command -v my_print_defaults)" + MY_PRINT_DEFAULTS=$(commandex 'my_print_defaults') if [ -z "$MY_PRINT_DEFAULTS" ]; then wsrep_log_error "my_print_defaults not found in path" exit 2 @@ -673,16 +686,16 @@ fi readonly MY_PRINT_DEFAULTS wsrep_defaults="$WSREP_SST_OPT_DEFAULTS" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULTS:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" -readonly WSREP_SST_OPT_CONF="$wsrep_defaults" +readonly WSREP_SST_OPT_CONF="${wsrep_defaults:+ }$wsrep_defaults" wsrep_defaults="$WSREP_SST_OPT_DEFAULT" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULT" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULT:+ }$WSREP_SST_OPT_EXTRA_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" -readonly WSREP_SST_OPT_CONF_UNQUOTED="$wsrep_defaults" +readonly WSREP_SST_OPT_CONF_UNQUOTED="${wsrep_defaults:+ }$wsrep_defaults" # # User can specify mariabackup specific settings that will be used during sst @@ -819,8 +832,7 @@ if wsrep_auth_not_set; then fi # Splitting WSREP_SST_OPT_AUTH as "user:password" pair: -if ! wsrep_auth_not_set -then +if ! wsrep_auth_not_set; then # Extract username as shortest prefix up to first ':' character: WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}" if [ -z "$WSREP_SST_OPT_USER" ]; then @@ -848,8 +860,7 @@ readonly WSREP_SST_OPT_USER readonly WSREP_SST_OPT_PSWD readonly WSREP_SST_OPT_AUTH -if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ] -then +if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ]; then # Split auth string at the last ':' readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}" readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}" @@ -860,8 +871,7 @@ fi readonly WSREP_SST_OPT_REMOTE_AUTH -if [ -n "$WSREP_SST_OPT_DATA" ] -then +if [ -n "$WSREP_SST_OPT_DATA" ]; then SST_PROGRESS_FILE="$WSREP_SST_OPT_DATA/sst_in_progress" else SST_PROGRESS_FILE="" @@ -870,13 +880,14 @@ fi wsrep_cleanup_progress_file() { [ -n "$SST_PROGRESS_FILE" -a \ - -f "$SST_PROGRESS_FILE" ] && rm -f "$SST_PROGRESS_FILE" 2>/dev/null || true + -f "$SST_PROGRESS_FILE" ] && \ + rm -f "$SST_PROGRESS_FILE" 2>/dev/null || : } wsrep_check_program() { local prog="$1" - local cmd=$(command -v "$prog") + local cmd=$(commandex "$prog") if [ -z "$cmd" ]; then echo "'$prog' not found in PATH" return 2 # no such file or directory @@ -898,9 +909,9 @@ wsrep_check_programs() wsrep_check_datadir() { - if [ -z "$WSREP_SST_OPT_DATA" ] - then - wsrep_log_error "The '--datadir' parameter must be passed to the SST script" + if [ -z "$WSREP_SST_OPT_DATA" ]; then + wsrep_log_error \ + "The '--datadir' parameter must be passed to the SST script" exit 2 fi } @@ -912,10 +923,10 @@ get_openssl() return fi # Let's look for openssl: - OPENSSL_BINARY="$(command -v openssl)" + OPENSSL_BINARY=$(commandex 'openssl') if [ -z "$OPENSSL_BINARY" ]; then OPENSSL_BINARY='/usr/bin/openssl' - if [ -z "$OPENSSL_BINARY" ]; then + if [ ! -x "$OPENSSL_BINARY" ]; then OPENSSL_BINARY="" fi fi @@ -928,13 +939,12 @@ get_openssl() wsrep_gen_secret() { get_openssl - if [ -n "$OPENSSL_BINARY" ] - then + if [ -n "$OPENSSL_BINARY" ]; then echo $("$OPENSSL_BINARY" rand -hex 16) else printf "%04x%04x%04x%04x%04x%04x%04x%04x" \ - $RANDOM $RANDOM $RANDOM $RANDOM \ - $RANDOM $RANDOM $RANDOM $RANDOM + $RANDOM $RANDOM $RANDOM $RANDOM \ + $RANDOM $RANDOM $RANDOM $RANDOM fi } @@ -968,14 +978,14 @@ is_local_ip() fi # Now let's check if the given address is assigned to # one of the network cards: - local ip_util="$(command -v ip)" + local ip_util=$(commandex 'ip') if [ -n "$ip_util" ]; then # ip address show ouput format is " inet[6] <address>/<mask>": "$ip_util" address show \ | grep -E "^[[:space:]]*inet.? [^[:space:]]+/" -o \ | grep -F " $1/" >/dev/null && return 0 else - local ifconfig_util="$(command -v ifconfig)" + local ifconfig_util=$(commandex 'ifconfig') if [ -n "$ifconfig_util" ]; then # ifconfig output format is " inet[6] <address> ...": "$ifconfig_util" \ @@ -992,15 +1002,15 @@ check_sockets_utils() sockstat_available=0 ss_available=0 - [ -n "$(command -v lsof)" ] && lsof_available=1 - [ -n "$(command -v sockstat)" ] && sockstat_available=1 - [ -n "$(command -v ss)" ] && ss_available=1 + [ -n "$(commandex lsof)" ] && lsof_available=1 + [ -n "$(commandex sockstat)" ] && sockstat_available=1 + [ -n "$(commandex ss)" ] && ss_available=1 if [ $lsof_available -eq 0 -a \ $sockstat_available -eq 0 -a \ $ss_available -eq 0 ] then - wsrep_log_error "Neither lsof, nor sockstat or ss tool was found in " \ + wsrep_log_error "Neither lsof, nor sockstat or ss tool was found in" \ "the PATH. Make sure you have it installed." exit 2 # ENOENT fi @@ -1085,26 +1095,38 @@ check_for_dhparams() # verify_ca_matches_cert() { - local ca="$1" - local cert="$2" - local path=${3:-0} + local cert="$1" + local ca="$2" + local cap="$3" # If the openssl utility is not installed, then # we will not do this certificate check: get_openssl if [ -z "$OPENSSL_BINARY" ]; then + wsrep_log_info "openssl utility not found" return fi - local not_match=0 + local readable=1; [ ! -r "$cert" ] && readable=0 + [ -n "$ca" ] && [ ! -r "$ca" ] && readable=0 + [ -n "$cap" ] && [ ! -r "$cap" ] && readable=0 - if [ $path -eq 0 ]; then - "$OPENSSL_BINARY" verify -verbose -CAfile "$ca" "$cert" >/dev/null 2>&1 || not_match=1 - else - "$OPENSSL_BINARY" verify -verbose -CApath "$ca" "$cert" >/dev/null 2>&1 || not_match=1 + if [ readable -eq 0 ]; then + wsrep_log_error \ + "Both PEM file and CA file (or path) must be readable" + exit 22 fi + local not_match=0 + local errmsg + errmsg=$("$OPENSSL_BINARY" verify -verbose \ + ${ca:+ -CAfile} ${ca:+ "$ca"} \ + ${cap:+ -CApath} ${cap:+ "$cap"} \ + "$cert" 2>&1) || not_match=1 + if [ $not_match -eq 1 ]; then + wsrep_log_info "run: \"$OPENSSL_BINARY\" verify -verbose${ca:+ -CAfile \"$ca\"}${cap:+ -CApath \"$cap\"} \"$cert\"" + wsrep_log_info "output: $errmsg" wsrep_log_error "******** FATAL ERROR ********************************************" wsrep_log_error "* The certifcate and CA (certificate authority) do not match. *" wsrep_log_error "* It does not appear that the certificate was issued by the CA. *" @@ -1124,12 +1146,18 @@ verify_ca_matches_cert() # verify_cert_matches_key() { - local cert_path="$1" - local key_path="$2" + local cert="$1" + local key="$2" + + if [ ! -r "$key" -o ! -r "$cert" ]; then + wsrep_log_error "Both the certificate file and the key file" \ + "must be readable" + exit 22 + fi # If the diff utility is not installed, then # we will not do this certificate check: - if [ -z "$(command -v diff)" ]; then + if [ -z "$(commandex diff)" ]; then return fi @@ -1142,13 +1170,13 @@ verify_cert_matches_key() # Generate the public key from the cert and the key. # They should match (otherwise we can't create an SSL connection). - if ! diff <("$OPENSSL_BINARY" x509 -in "$cert_path" -pubkey -noout 2>/dev/null) \ - <("$OPENSSL_BINARY" pkey -in "$key_path" -pubout 2>/dev/null) >/dev/null 2>&1 + if ! diff <("$OPENSSL_BINARY" x509 -in "$cert" -pubkey -noout 2>/dev/null) \ + <("$OPENSSL_BINARY" pkey -in "$key" -pubout 2>/dev/null) >/dev/null 2>&1 then - wsrep_log_error "******************* FATAL ERROR ****************" - wsrep_log_error "* The certifcate and private key do not match. *" - wsrep_log_error "* Please check your certificate and key files. *" - wsrep_log_error "************************************************" + wsrep_log_error "******************* FATAL ERROR *****************" + wsrep_log_error "* The certificate and private key do not match. *" + wsrep_log_error "* Please check your certificate and key files. *" + wsrep_log_error "*************************************************" exit 22 fi } @@ -1305,9 +1333,9 @@ get_proc() elif [ "$OS" = 'Darwin' -o "$OS" = 'FreeBSD' ]; then nproc=$(sysctl -n hw.ncpu) fi + set -e if [ -z "$nproc" ] || [ $nproc -eq 0 ]; then nproc=1 fi - set -e fi } diff --git a/scripts/wsrep_sst_mariabackup.sh b/scripts/wsrep_sst_mariabackup.sh index b429a9effd5..4bca785fcad 100644 --- a/scripts/wsrep_sst_mariabackup.sh +++ b/scripts/wsrep_sst_mariabackup.sh @@ -20,10 +20,11 @@ # https://mariadb.com/kb/en/mariabackup-overview/ # Make sure to read that before proceeding! +OS="$(uname)" + . $(dirname "$0")/wsrep_sst_common wsrep_check_datadir -OS="$(uname)" ealgo="" eformat="" ekey="" @@ -34,7 +35,7 @@ ssyslog="" ssystag="" BACKUP_PID="" tcert="" -tpath=0 +tcap="" tpem="" tkey="" tmode="DISABLED" @@ -88,14 +89,14 @@ readonly SECRET_TAG="secret" # For backup locks it is 1 sent by joiner sst_ver=1 -if [ -n "$(command -v pv)" ] && pv --help | grep -qw -- '-F'; then +if [ -n "$(commandex pv)" ] && pv --help | grep -qw -- '-F'; then pvopts="$pvopts $pvformat" fi pcmd="pv $pvopts" declare -a RC -BACKUP_BIN="$(command -v mariabackup)" -if [ ! -x "$BACKUP_BIN" ]; then +BACKUP_BIN=$(commandex 'mariabackup') +if [ -z "$BACKUP_BIN" ]; then wsrep_log_error 'mariabackup binary not found in path' exit 42 fi @@ -145,14 +146,14 @@ get_keys() if [ $encrypt -eq 0 ]; then if [ -n "$ealgo" -o -n "$ekey" -o -n "$ekeyfile" ]; then - wsrep_log_error "Options for encryption are specified, " \ + wsrep_log_error "Options for encryption are specified," \ "but encryption itself is disabled. SST may fail." fi return fi if [ $sfmt = 'tar' ]; then - wsrep_log_info "NOTE: key-based encryption (encrypt=1) " \ + wsrep_log_info "NOTE: key-based encryption (encrypt=1)" \ "cannot be enabled with tar format" encrypt=-1 return @@ -165,16 +166,18 @@ get_keys() exit 3 fi - if [ -z "$ekey" -a ! -r "$ekeyfile" ]; then - wsrep_log_error "FATAL: Either key must be specified " \ - "or keyfile must be readable" - exit 3 + if [ -z "$ekey" ]; then + if [ ! -r "$ekeyfile" ]; then + wsrep_log_error "FATAL: Either key must be specified" \ + "or keyfile must be readable" + exit 3 + fi fi if [ "$eformat" = 'openssl' ]; then get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error "If encryption using the openssl is enabled, " \ + wsrep_log_error "If encryption using the openssl is enabled," \ "then you need to install openssl" exit 2 fi @@ -192,12 +195,12 @@ get_keys() ecmd="$ecmd -k '$ekey'" fi elif [ "$eformat" = 'xbcrypt' ]; then - if [ -z "$(command -v xbcrypt)" ]; then - wsrep_log_error "If encryption using the xbcrypt is enabled, " \ + if [ -z "$(commandex xbcrypt)" ]; then + wsrep_log_error "If encryption using the xbcrypt is enabled," \ "then you need to install xbcrypt" exit 2 fi - wsrep_log_info "NOTE: xbcrypt-based encryption, " \ + wsrep_log_info "NOTE: xbcrypt-based encryption," \ "supported only from Xtrabackup 2.1.4" if [ -z "$ekey" ]; then ecmd="xbcrypt --encrypt-algo='$ealgo' --encrypt-key-file='$ekeyfile'" @@ -342,40 +345,34 @@ get_transfer() CN_option=",commonname=''" if [ $encrypt -eq 2 ]; then - wsrep_log_info "Using openssl based encryption with socat: with crt and pem" - if [ -z "$tpem" -o -z "$tcert" ]; then + wsrep_log_info \ + "Using openssl based encryption with socat: with crt and pem" + if [ -z "$tpem" -o -z "$tcert$tcap" ]; then wsrep_log_error \ "Both PEM file and CRT file (or path) are required" exit 22 fi - if [ ! -r "$tpem" -o ! -r "$tcert" ]; then - wsrep_log_error \ - "Both PEM file and CRT file (or path) must be readable" - exit 22 + verify_ca_matches_cert "$tpem" "$tcert" "$tcap" + tcmd="$tcmd,cert='$tpem'" + if [ -n "$tcert" ]; then + tcmd="$tcmd,cafile='$tcert'" fi - verify_ca_matches_cert "$tcert" "$tpem" $tpath - if [ $tpath -eq 0 ]; then - tcmd="$tcmd,cert='$tpem',cafile='$tcert'" - else - tcmd="$tcmd,cert='$tpem',capath='$tcert'" + if [ -n "$tcap" ]; then + tcmd="$tcmd,capath='$tcap'" fi stagemsg="$stagemsg-OpenSSL-Encrypted-2" - wsrep_log_info "$action with cert=$tpem, ca=$tcert" + wsrep_log_info "$action with cert='$tpem', ca='$tcert', capath='$tcap'" elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then - wsrep_log_info "Using openssl based encryption with socat: with key and crt" + wsrep_log_info \ + "Using openssl based encryption with socat: with key and crt" if [ -z "$tpem" -o -z "$tkey" ]; then - wsrep_log_error "Both certificate file (or path) " \ - "and key file are required" - exit 22 - fi - if [ ! -r "$tpem" -o ! -r "$tkey" ]; then - wsrep_log_error "Both certificate file (or path) " \ - "and key file must be readable" + wsrep_log_error "Both the certificate file (or path) and" \ + "the key file are required" exit 22 fi verify_cert_matches_key "$tpem" "$tkey" stagemsg="$stagemsg-OpenSSL-Encrypted-3" - if [ -z "$tcert" ]; then + if [ -z "$tcert$tcap" ]; then if [ $encrypt -eq 4 ]; then wsrep_log_error \ "Peer certificate file (or path) required if encrypt=4" @@ -384,14 +381,11 @@ get_transfer() # no verification CN_option="" tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0" - wsrep_log_info "$action with cert=$tpem, key=$tkey, verify=0" + wsrep_log_info \ + "$action with cert='$tpem', key='$tkey', verify=0" else # CA verification - if [ ! -r "$tcert" ]; then - wsrep_log_error "Certificate file or path must be readable" - exit 22 - fi - verify_ca_matches_cert "$tcert" "$tpem" $tpath + verify_ca_matches_cert "$tpem" "$tcert" "$tcap" if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'" elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ] @@ -402,12 +396,15 @@ get_transfer() else CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'" fi - if [ $tpath -eq 0 ]; then - tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'" - else - tcmd="$tcmd,cert='$tpem',key='$tkey',capath='$tcert'" + tcmd="$tcmd,cert='$tpem',key='$tkey'" + if [ -n "$tcert" ]; then + tcmd="$tcmd,cafile='$tcert'" + fi + if [ -n "$tcap" ]; then + tcmd="$tcmd,capath='$tcap'" fi - wsrep_log_info "$action with cert=$tpem, key=$tkey, ca=$tcert" + wsrep_log_info "$action with cert='$tpem', key='$tkey'," \ + "ca='$tcert', capath='$tcap'" fi else wsrep_log_info "Unknown encryption mode: encrypt=$encrypt" @@ -425,7 +422,9 @@ get_transfer() get_footprint() { pushd "$WSREP_SST_OPT_DATA" 1>/dev/null - payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' -type f -print0 | du --files0-from=- --block-size=1 -c -s | awk 'END { print $1 }') + payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' \ + -type f -print0 | du --files0-from=- --block-size=1 -c -s | \ + awk 'END { print $1 }') if [ "$compress" != 'none' ]; then # QuickLZ has around 50% compression ratio # When compression/compaction used, the progress is only an approximate. @@ -438,7 +437,7 @@ get_footprint() adjust_progress() { - if [ -z "$(command -v pv)" ]; then + if [ -z "$(commandex pv)" ]; then wsrep_log_error "pv not found in path: $PATH" wsrep_log_error "Disabling all progress/rate-limiting" pcmd="" @@ -470,33 +469,42 @@ check_server_ssl_config() { # backward-compatible behavior: tcert=$(parse_cnf 'sst' 'tca') + tcap=$(parse_cnf 'sst' 'tcapath') tpem=$(parse_cnf 'sst' 'tcert') tkey=$(parse_cnf 'sst' 'tkey') # reading new ssl configuration options: local tcert2=$(parse_cnf "$encgroups" 'ssl-ca') + local tcap2=$(parse_cnf "$encgroups" 'ssl-capath') local tpem2=$(parse_cnf "$encgroups" 'ssl-cert') local tkey2=$(parse_cnf "$encgroups" 'ssl-key') # if there are no old options, then we take new ones: - if [ -z "$tcert" -a -z "$tpem" -a -z "$tkey" ]; then + if [ -z "$tcert" -a -z "$tcap" -a -z "$tpem" -a -z "$tkey" ]; then tcert="$tcert2" + tcap="$tcap2" tpem="$tpem2" tkey="$tkey2" # checking for presence of the new-style SSL configuration: - elif [ -n "$tcert2" -o -n "$tpem2" -o -n "$tkey2" ]; then + elif [ -n "$tcert2" -o -n "$tcap2" -o -n "$tpem2" -o -n "$tkey2" ]; then if [ "$tcert" != "$tcert2" -o \ + "$tcap" != "$tcap2" -o \ "$tpem" != "$tpem2" -o \ "$tkey" != "$tkey2" ] then - wsrep_log_info "new ssl configuration options (ssl-ca, ssl-cert " \ - "and ssl-key) are ignored by SST due to presence " \ - "of the tca, tcert and/or tkey in the [sst] section" + wsrep_log_info \ + "new ssl configuration options (ssl-ca[path], ssl-cert" \ + "and ssl-key) are ignored by SST due to presence" \ + "of the tca[path], tcert and/or tkey in the [sst] section" fi fi if [ -n "$tcert" ]; then - tcert=$(trim_string "$tcert") - if [ "${tcert%/}" != "$tcert" ]; then - tpath=1 - fi + tcert=$(trim_string "$tcert") + if [ "${tcert%/}" != "$tcert" ] || [ -d "$tcert" ]; then + tcap="$tcert" + tcert="" + fi + fi + if [ -n "$tcap" ]; then + tcap=$(trim_string "$tcap") fi } @@ -506,10 +514,10 @@ read_cnf() tfmt=$(parse_cnf sst transferfmt 'socat') encrypt=$(parse_cnf "$encgroups" 'encrypt' 0) - tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | tr [:lower:] [:upper:]) + tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | \ + tr [:lower:] [:upper:]) - if [ $encrypt -eq 0 -o $encrypt -ge 2 ] - then + if [ $encrypt -eq 0 -o $encrypt -ge 2 ]; then if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]; then check_server_ssl_config fi @@ -517,11 +525,13 @@ read_cnf() if [ 0 -eq $encrypt -a -n "$tpem" -a -n "$tkey" ] then encrypt=3 # enable cert/key SSL encyption - # avoid CA verification if not set explicitly: - # nodes may happen to have different CA if self-generated - # zeroing up tcert does the trick - [ "${tmode#VERIFY}" != "$tmode" ] || tcert="" + # nodes may happen to have different CA if self-generated, + # zeroing up tcert and tcap does the trick: + if [ "${tmode#VERIFY}" = "$tmode" ]; then + tcert="" + tcap="" + fi fi fi elif [ $encrypt -eq 1 ]; then @@ -535,8 +545,9 @@ read_cnf() fi fi - wsrep_log_info "SSL configuration: CA='$tcert', CERT='$tpem'," \ - "KEY='$tkey', MODE='$tmode', encrypt='$encrypt'" + wsrep_log_info "SSL configuration: CA='$tcert', CAPATH='$tcap'," \ + "CERT='$tpem', KEY='$tkey', MODE='$tmode'," \ + "encrypt='$encrypt'" sockopt=$(parse_cnf sst sockopt "") progress=$(parse_cnf sst progress "") @@ -561,7 +572,8 @@ read_cnf() sstlogarchivedir=$(parse_cnf sst sst-log-archive-dir '/tmp/sst_log_archive') if [ $speciald -eq 0 ]; then - wsrep_log_error "sst-special-dirs equal to 0 is not supported, falling back to 1" + wsrep_log_error \ + "sst-special-dirs equal to 0 is not supported, falling back to 1" speciald=1 fi @@ -589,7 +601,7 @@ get_stream() { if [ "$sfmt" = 'mbstream' -o "$sfmt" = 'xbstream' ]; then sfmt='mbstream' - STREAM_BIN="$(command -v mbstream)" + local STREAM_BIN=$(commandex "$sfmt") if [ -z "$STREAM_BIN" ]; then wsrep_log_error "Streaming with $sfmt, but $sfmt not found in path" exit 42 @@ -621,7 +633,7 @@ cleanup_at_exit() # Since this is invoked just after exit NNN local estatus=$? if [ $estatus -ne 0 ]; then - wsrep_log_error "Cleanup after exit with status:$estatus" + wsrep_log_error "Cleanup after exit with status: $estatus" fi if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then @@ -630,7 +642,8 @@ cleanup_at_exit() else if [ -n "$BACKUP_PID" ]; then if check_pid "$BACKUP_PID" 1; then - wsrep_log_error "mariabackup process is still running. Killing..." + wsrep_log_error \ + "mariabackup process is still running. Killing..." cleanup_pid $CHECK_PID "$BACKUP_PID" fi fi @@ -638,8 +651,8 @@ cleanup_at_exit() fi if [ -n "$progress" -a -p "$progress" ]; then - wsrep_log_info "Cleaning up fifo file $progress" - rm -f "$progress" || true + wsrep_log_info "Cleaning up fifo file: $progress" + rm -f "$progress" || : fi wsrep_log_info "Cleaning up temporary directories" @@ -649,8 +662,8 @@ cleanup_at_exit() [ -d "$STATDIR" ] && rm -rf "$STATDIR" fi else - [ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || true - [ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || true + [ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || : + [ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || : fi # Final cleanup @@ -662,7 +675,7 @@ cleanup_at_exit() # This means a signal was delivered to the process. # So, more cleanup. if [ $estatus -ge 128 ]; then - kill -KILL -- -$$ || true + kill -KILL -- -$$ || : fi fi @@ -738,7 +751,7 @@ recv_joiner() local ltcmd="$tcmd" if [ $tmt -gt 0 ]; then - if [ -n "$(command -v timeout)" ]; then + if [ -n "$(commandex timeout)" ]; then if timeout --help | grep -qw -- '-k'; then ltcmd="timeout -k $(( tmt+10 )) $tmt $tcmd" else @@ -760,14 +773,14 @@ recv_joiner() popd 1>/dev/null if [ ${RC[0]} -eq 124 ]; then - wsrep_log_error "Possible timeout in receiving first data from " \ + wsrep_log_error "Possible timeout in receiving first data from" \ "donor in gtid stage: exit codes: ${RC[@]}" exit 32 fi for ecode in "${RC[@]}"; do if [ $ecode -ne 0 ]; then - wsrep_log_error "Error while getting data from donor node: " \ + wsrep_log_error "Error while getting data from donor node:" \ "exit codes: ${RC[@]}" exit 32 fi @@ -776,7 +789,7 @@ recv_joiner() if [ $checkf -eq 1 ]; then if [ ! -r "$MAGIC_FILE" ]; then # this message should cause joiner to abort - wsrep_log_error "receiving process ended without creating " \ + wsrep_log_error "receiving process ended without creating" \ "'$MAGIC_FILE'" wsrep_log_info "Contents of datadir" wsrep_log_info $(ls -l "$dir/"*) @@ -784,10 +797,11 @@ recv_joiner() fi # check donor supplied secret - SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) + SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \ + cut -d ' ' -f 2) if [ "$SECRET" != "$MY_SECRET" ]; then wsrep_log_error "Donor does not know my secret!" - wsrep_log_info "Donor:'$SECRET', my:'$MY_SECRET'" + wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" exit 32 fi @@ -810,7 +824,7 @@ send_donor() for ecode in "${RC[@]}"; do if [ $ecode -ne 0 ]; then - wsrep_log_error "Error while sending data to joiner node: " \ + wsrep_log_error "Error while sending data to joiner node:" \ "exit codes: ${RC[@]}" exit 32 fi @@ -823,7 +837,9 @@ monitor_process() while true ; do if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1; then - wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." + wsrep_log_error \ + "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \ + "terminated unexpectedly." kill -- -"$WSREP_SST_OPT_PARENT" exit 32 fi @@ -845,7 +861,7 @@ read_cnf setup_ports if "$BACKUP_BIN" --help 2>/dev/null | grep -qw -- '--version-check'; then - disver='--no-version-check' + disver=' --no-version-check' fi # if no command line argument and INNODB_DATA_HOME_DIR environment variable @@ -867,7 +883,7 @@ INNODB_DATA_HOME_DIR=$(pwd -P) cd "$OLD_PWD" if [ $ssyslog -eq 1 ]; then - if [ -n "$(command -v logger)" ]; then + if [ -n "$(commandex logger)" ]; then wsrep_log_info "Logging all stderr of SST/mariabackup to syslog" exec 2> >(logger -p daemon.err -t ${ssystag}wsrep-sst-$WSREP_SST_OPT_ROLE) @@ -898,10 +914,8 @@ else fi fi - if [ -e "$INNOAPPLYLOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOAPPLYLOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOAPPLYLOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -912,10 +926,8 @@ else gzip "$newfile" fi - if [ -e "$INNOMOVELOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOMOVELOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOMOVELOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -926,10 +938,8 @@ else gzip "$newfile" fi - if [ -e "$INNOBACKUPLOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOBACKUPLOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOBACKUPLOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -949,15 +959,15 @@ setup_commands() { local mysqld_args="" if [ -n "$WSREP_SST_OPT_MYSQLD" ]; then - mysqld_args="--mysqld-args $WSREP_SST_OPT_MYSQLD" + mysqld_args=" --mysqld-args $WSREP_SST_OPT_MYSQLD" fi - if [ -z "$INNODB_FORCE_RECOVERY" ]; then - INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY" - else - INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --innodb-force-recovery=$INNODB_FORCE_RECOVERY --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY" + local recovery="" + if [ -n "$INNODB_FORCE_RECOVERY" ]; then + recovery=" --innodb-force-recovery=$INNODB_FORCE_RECOVERY" fi - INNOMOVE="$BACKUP_BIN $WSREP_SST_OPT_CONF --move-back $disver $impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE" - INNOBACKUP="$BACKUP_BIN $WSREP_SST_OPT_CONF --backup $disver $iopts $tmpopts $INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA' $mysqld_args $INNOBACKUP" + INNOAPPLY="$BACKUP_BIN --prepare$disver$recovery${iapts:+ }$iapts$INNOEXTRA --target-dir='$DATA' --datadir='$DATA'$mysqld_args $INNOAPPLY" + INNOMOVE="$BACKUP_BIN$WSREP_SST_OPT_CONF --move-back$disver${impts:+ }$impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE" + INNOBACKUP="$BACKUP_BIN$WSREP_SST_OPT_CONF --backup$disver${iopts:+ }$iopts $tmpopts$INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA'$mysqld_args $INNOBACKUP" } get_stream @@ -1055,27 +1065,28 @@ then tcmd="$ecmd | $tcmd" fi - iopts="--databases-exclude='lost+found' $iopts" + iopts="--databases-exclude='lost+found'${iopts:+ }$iopts" if [ ${FORCE_FTWRL:-0} -eq 1 ]; then - wsrep_log_info "Forcing FTWRL due to environment variable FORCE_FTWRL equal to $FORCE_FTWRL" - iopts="--no-backup-locks $iopts" + wsrep_log_info "Forcing FTWRL due to environment variable" \ + "FORCE_FTWRL equal to $FORCE_FTWRL" + iopts="--no-backup-locks${iopts:+ }$iopts" fi # if compression is enabled for backup files, then add the # appropriate options to the mariabackup command line: if [ "$compress" != 'none' ]; then - iopts="--compress${compress:+=$compress} $iopts" + iopts="--compress${compress:+=$compress}${iopts:+ }$iopts" if [ -n "$compress_threads" ]; then - iopts="--compress-threads=$compress_threads $iopts" + iopts="--compress-threads=$compress_threads${iopts:+ }$iopts" fi if [ -n "$compress_chunk" ]; then - iopts="--compress-chunk-size=$compress_chunk $iopts" + iopts="--compress-chunk-size=$compress_chunk${iopts:+ }$iopts" fi fi if [ -n "$backup_threads" ]; then - iopts="--parallel=$backup_threads $iopts" + iopts="--parallel=$backup_threads${iopts:+ }$iopts" fi setup_commands @@ -1084,7 +1095,7 @@ then set -e if [ ${RC[0]} -ne 0 ]; then - wsrep_log_error "mariabackup finished with error: ${RC[0]}. " \ + wsrep_log_error "mariabackup finished with error: ${RC[0]}." \ "Check syslog or '$INNOBACKUPLOG' for details" exit 22 elif [ ${RC[$(( ${#RC[@]}-1 ))]} -eq 1 ]; then @@ -1125,7 +1136,8 @@ then elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ] then - [ -e "$SST_PROGRESS_FILE" ] && wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE" + [ -e "$SST_PROGRESS_FILE" ] && \ + wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE" [ -n "$SST_PROGRESS_FILE" ] && touch "$SST_PROGRESS_FILE" ib_home_dir="$INNODB_DATA_HOME_DIR" @@ -1146,7 +1158,7 @@ then ib_undo_dir="$INNODB_UNDO_DIR" if [ -n "$backup_threads" ]; then - impts="--parallel=$backup_threads $impts" + impts="--parallel=$backup_threads${impts:+ }$impts" fi stagemsg='Joiner-Recv' @@ -1165,15 +1177,15 @@ then ADDR="$WSREP_SST_OPT_ADDR" - if [ "${tmode#VERIFY}" != "$tmode" ] - then # backward-incompatible behavior + if [ "${tmode#VERIFY}" != "$tmode" ]; then + # backward-incompatible behavior: CN="" - if [ -n "$tpem" ] - then + if [ -n "$tpem" ]; then # find out my Common Name get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error 'openssl not found but it is required for authentication' + wsrep_log_error \ + 'openssl not found but it is required for authentication' exit 42 fi CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$tpem" | \ @@ -1213,15 +1225,17 @@ then if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1 then - wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." + wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \ + "terminated unexpectedly." exit 32 fi - if [ ! -r "$STATDIR/$IST_FILE" ] - then + if [ ! -r "$STATDIR/$IST_FILE" ]; then if [ -d "$DATA/.sst" ]; then - wsrep_log_info "WARNING: Stale temporary SST directory: '$DATA/.sst' from previous state transfer. Removing" + wsrep_log_info \ + "WARNING: Stale temporary SST directory:" \ + "'$DATA/.sst' from previous state transfer, removing..." rm -rf "$DATA/.sst" fi mkdir -p "$DATA/.sst" @@ -1229,17 +1243,20 @@ then jpid=$! wsrep_log_info "Proceeding with SST" - wsrep_log_info "Cleaning the existing datadir and innodb-data/log directories" + wsrep_log_info \ + "Cleaning the existing datadir and innodb-data/log directories" if [ "$OS" = 'FreeBSD' ]; then find -E ${ib_home_dir:+"$ib_home_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \ - "$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ + "$DATA" -mindepth 1 -prune -regex "$cpat" \ + -o -exec rm -rfv {} 1>&2 \+ else find ${ib_home_dir:+"$ib_home_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \ - "$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ + "$DATA" -mindepth 1 -prune -regex "$cpat" \ + -o -exec rm -rfv {} 1>&2 \+ fi get_binlog @@ -1248,9 +1265,9 @@ then binlog_dir=$(dirname "$WSREP_SST_OPT_BINLOG") cd "$binlog_dir" wsrep_log_info "Cleaning the binlog directory $binlog_dir as well" - rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || true + rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || : [ -f "$WSREP_SST_OPT_BINLOG_INDEX" ] && \ - rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ || true + rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ || : cd "$OLD_PWD" fi @@ -1262,7 +1279,8 @@ then monitor_process $jpid if [ ! -s "$DATA/xtrabackup_checkpoints" ]; then - wsrep_log_error "xtrabackup_checkpoints missing, failed mariabackup/SST on donor" + wsrep_log_error "xtrabackup_checkpoints missing," \ + "failed mariabackup/SST on donor" exit 2 fi @@ -1277,7 +1295,7 @@ then if [ -n "$qpfiles" ]; then wsrep_log_info "Compressed qpress files found" - if [ -z "$(command -v qpress)" ]; then + if [ -z "$(commandex qpress)" ]; then wsrep_log_error "qpress utility not found in the path" exit 22 fi @@ -1300,14 +1318,17 @@ then # Decompress the qpress files wsrep_log_info "Decompression with $nproc threads" - timeit "Joiner-Decompression" "find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd" + timeit "Joiner-Decompression" \ + "find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd" extcode=$? if [ $extcode -eq 0 ]; then wsrep_log_info "Removing qpress files after decompression" find "$DATA" -type f -name '*.qp' -delete if [ $? -ne 0 ]; then - wsrep_log_error "Something went wrong with deletion of qpress files. Investigate" + wsrep_log_error \ + "Something went wrong with deletion of qpress files." \ + "Investigate" fi else wsrep_log_error "Decompression failed. Exit code: $extcode" @@ -1321,7 +1342,7 @@ then BINLOG_FILENAME=$(basename "$WSREP_SST_OPT_BINLOG") # To avoid comparing data directory and BINLOG_DIRNAME - mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || true + mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || : cd "$BINLOG_DIRNAME" for bfile in $(ls -1 "$BINLOG_FILENAME".[0-9]*); do @@ -1336,7 +1357,8 @@ then timeit "mariabackup prepare stage" "$INNOAPPLY" if [ $? -ne 0 ]; then - wsrep_log_error "mariabackup apply finished with errors. Check syslog or '$INNOAPPLYLOG' for details" + wsrep_log_error "mariabackup apply finished with errors." \ + "Check syslog or '$INNOAPPLYLOG' for details." exit 22 fi diff --git a/scripts/wsrep_sst_mysqldump.sh b/scripts/wsrep_sst_mysqldump.sh index 798bee1ac10..bed2cac0a9a 100644 --- a/scripts/wsrep_sst_mysqldump.sh +++ b/scripts/wsrep_sst_mysqldump.sh @@ -19,7 +19,6 @@ # This is a reference script for mysqldump-based state snapshot tansfer . $(dirname "$0")/wsrep_sst_common -PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin EINVAL=22 @@ -93,8 +92,7 @@ DROP PREPARE stmt;" SET_START_POSITION="SET GLOBAL wsrep_start_position='$WSREP_SST_OPT_GTID';" SET_WSREP_GTID_DOMAIN_ID="" -if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ] -then +if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ]; then SET_WSREP_GTID_DOMAIN_ID=" SET @val = (SELECT GLOBAL_VALUE FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES WHERE VARIABLE_NAME = 'WSREP_GTID_STRICT_MODE' AND GLOBAL_VALUE > 0); SET @stmt = IF (@val IS NOT NULL, 'SET GLOBAL WSREP_GTID_DOMAIN_ID=$WSREP_SST_OPT_GTID_DOMAIN_ID', 'SET @dummy = 0'); @@ -103,7 +101,7 @@ then DROP PREPARE stmt;" fi -MYSQL="$MYSQL_CLIENT $WSREP_SST_OPT_CONF_UNQUOTED "\ +MYSQL="$MYSQL_CLIENT$WSREP_SST_OPT_CONF_UNQUOTED "\ "$AUTH -h$WSREP_SST_OPT_HOST_UNESCAPED "\ "-P$WSREP_SST_OPT_PORT --disable-reconnect --connect_timeout=10" @@ -125,8 +123,7 @@ SET_GTID_BINLOG_STATE="" SQL_LOG_BIN_OFF="" # Safety check -if [ ${SERVER_VERSION%%.*} -gt 5 ] -then +if [ ${SERVER_VERSION%%.*} -gt 5 ]; then # If binary logging is enabled on the joiner node, we need to copy donor's # gtid_binlog_state to joiner. In order to do that, a RESET MASTER must be # executed to erase binary logs (if any). Binary logging should also be @@ -140,7 +137,7 @@ then fi # NOTE: we don't use --routines here because we're dumping mysql.proc table -MYSQLDUMP="$MYSQLDUMP $WSREP_SST_OPT_CONF_UNQUOTED $AUTH -S$WSREP_SST_OPT_SOCKET \ +MYSQLDUMP="$MYSQLDUMP$WSREP_SST_OPT_CONF_UNQUOTED $AUTH -S$WSREP_SST_OPT_SOCKET \ --add-drop-database --add-drop-table --skip-add-locks --create-options \ --disable-keys --extended-insert --skip-lock-tables --quick --set-charset \ --skip-comments --flush-privileges --all-databases --events" diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh index 29c9cd43470..b0cc8cb3066 100644 --- a/scripts/wsrep_sst_rsync.sh +++ b/scripts/wsrep_sst_rsync.sh @@ -25,9 +25,6 @@ STUNNEL_REAL_PID=0 # stunnel process id OS="$(uname)" [ "$OS" = 'Darwin' ] && export -n LD_LIBRARY_PATH -# Setting the path for lsof on CentOS -export PATH="/usr/sbin:/sbin:$PATH" - . $(dirname "$0")/wsrep_sst_common wsrep_check_datadir @@ -37,7 +34,8 @@ cleanup_joiner() { local failure=0 - wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID, stunnel PID=$STUNNEL_REAL_PID" + wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID," \ + "stunnel PID=$STUNNEL_REAL_PID" if [ -n "$STUNNEL" ]; then if cleanup_pid $STUNNEL_REAL_PID "$STUNNEL_PID" "$STUNNEL_CONF"; then @@ -87,7 +85,7 @@ check_pid_and_port() if [ $lsof_available -ne 0 ]; then port_info=$(lsof -Pnl -i ":$port" 2>/dev/null | \ - grep -F '(LISTEN)') + grep -F '(LISTEN)') echo "$port_info" | \ grep -q -E "[[:space:]](\\*|\\[?::\\]?):$port[[:space:]]" && busy=1 else @@ -124,7 +122,7 @@ check_pid_and_port() fi if ! check_port "$pid" "$port" "$utils"; then - wsrep_log_error "rsync or stunnel daemon port '$port' " \ + wsrep_log_error "rsync or stunnel daemon port '$port'" \ "has been taken by another program" exit 16 # EBUSY fi @@ -223,6 +221,7 @@ FILTER="-f '- /lost+found' SSTKEY=$(parse_cnf 'sst' 'tkey') SSTCERT=$(parse_cnf 'sst' 'tcert') SSTCA=$(parse_cnf 'sst' 'tca') +SSTCAP=$(parse_cnf 'sst' 'tcapath') SST_SECTIONS="--mysqld|sst" @@ -231,28 +230,34 @@ check_server_ssl_config() SSTKEY=$(parse_cnf "$SST_SECTIONS" 'ssl-key') SSTCERT=$(parse_cnf "$SST_SECTIONS" 'ssl-cert') SSTCA=$(parse_cnf "$SST_SECTIONS" 'ssl-ca') + SSTCAP=$(parse_cnf "$SST_SECTIONS" 'ssl-capath') } SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:]) # no old-style SSL config in [sst], check for new one: -if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then +if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" -a -z "$SSTCAP" ]; then check_server_ssl_config fi -SSTPATH=0 if [ -n "$SSTCA" ]; then - SSTCA=$(trim_string "$SSTCA") - if [ "${SSTCA%/}" != "$SSTCA" ]; then - SSTPATH=1 - fi + SSTCA=$(trim_string "$SSTCA") + if [ "${SSTCA%/}" != "$SSTCA" ] || [ -d "$SSTCA" ]; then + SSTCAP="$SSTCA" + SSTCA="" + fi +fi + +if [ -n "$SSTCAP" ]; then + SSTCAP=$(trim_string "$SSTCAP") fi if [ -z "$SSLMODE" ]; then # Implicit verification if CA is set and the SSL mode # is not specified by user: - if [ -n "$SSTCA" ]; then - if [ -n "$(command -v stunnel)" ]; then + if [ -n "$SSTCA$SSTCAP" ]; then + STUNNEL_BIN=$(commandex 'stunnel') + if [ -n "$STUNNEL_BIN" ]; then SSLMODE='VERIFY_CA' fi # Require SSL by default if SSL key and cert are present: @@ -265,17 +270,18 @@ if [ -n "$SSTCERT" -a -n "$SSTKEY" ]; then verify_cert_matches_key "$SSTCERT" "$SSTKEY" fi -if [ -n "$SSTCA" ]; then - if [ $SSTPATH -eq 0 ]; then +CAFILE_OPT="" +CAPATH_OPT="" +if [ -n "$SSTCA$SSTCAP" ]; then + if [ -n "$SSTCA" ]; then CAFILE_OPT="CAfile = $SSTCA" - else - CAFILE_OPT="CApath = $SSTCA" + fi + if [ -n "$SSTCAP" ]; then + CAPATH_OPT="CApath = $SSTCAP" fi if [ -n "$SSTCERT" ]; then - verify_ca_matches_cert "$SSTCA" "$SSTCERT" $SSTPATH + verify_ca_matches_cert "$SSTCERT" "$SSTCA" "$SSTCAP" fi -else - CAFILE_OPT="" fi VERIFY_OPT="" @@ -295,7 +301,7 @@ then exit 22 # EINVAL ;; esac - if [ -z "$SSTCA" ]; then + if [ -z "$SSTCA$SSTCAP" ]; then wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path" exit 22 # EINVAL fi @@ -318,9 +324,12 @@ fi STUNNEL="" if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then - STUNNEL_BIN="$(command -v stunnel)" + if [ -z "${STUNNEL_BIN+x}" ]; then + STUNNEL_BIN=$(commandex 'stunnel') + fi if [ -n "$STUNNEL_BIN" ]; then - wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA', ssl-mode='$SSLMODE'" + wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA'," \ + "CAPATH='$SSTCAP', ssl-mode='$SSLMODE'" STUNNEL="$STUNNEL_BIN $STUNNEL_CONF" fi fi @@ -340,6 +349,7 @@ then key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -392,8 +402,8 @@ EOF # Prepare binlog files cd "$BINLOG_DIRNAME" - binlog_files_full=$(tail -n $BINLOG_N_FILES "$WSREP_SST_OPT_BINLOG_INDEX") - + binlog_files_full=$(tail -n $BINLOG_N_FILES \ + "$WSREP_SST_OPT_BINLOG_INDEX") binlog_files="" for ii in $binlog_files_full do @@ -417,9 +427,10 @@ EOF WHOLE_FILE_OPT="--whole-file" fi - # first, the normal directories, so that we can detect incompatible protocol + # first, the normal directories, so that we can detect + # incompatible protocol: RC=0 - eval rsync ${STUNNEL:+"'--rsh=$STUNNEL'"} \ + eval rsync ${STUNNEL:+"--rsh='$STUNNEL'"} \ --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT $FILTER "'$WSREP_SST_OPT_DATA/'" \ @@ -430,8 +441,9 @@ EOF case $RC in 12) RC=71 # EPROTO wsrep_log_error \ - "rsync server on the other end has incompatible protocol. " \ - "Make sure you have the same version of rsync on all nodes." + "rsync server on the other end has incompatible" \ + "protocol. Make sure you have the same version of" \ + "rsync on all nodes." ;; 22) RC=12 # ENOMEM ;; @@ -481,9 +493,9 @@ EOF find . -maxdepth 1 -mindepth 1 -type d -not -name 'lost+found' \ -not -name '.zfs' -print0 | xargs -I{} -0 -P $backup_threads \ rsync ${STUNNEL:+--rsh="$STUNNEL"} \ - --owner --group --perms --links --specials \ - --ignore-times --inplace --recursive --delete --quiet \ - $WHOLE_FILE_OPT --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \ + --owner --group --perms --links --specials --ignore-times \ + --inplace --recursive --delete --quiet $WHOLE_FILE_OPT \ + --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \ --exclude '*/aria_log_control' "$WSREP_SST_OPT_DATA/{}/" \ "rsync://$WSREP_SST_OPT_ADDR/{}" >&2 || RC=$? @@ -514,7 +526,8 @@ EOF fi rsync ${STUNNEL:+--rsh="$STUNNEL"} \ - --archive --quiet --checksum "$MAGIC_FILE" "rsync://$WSREP_SST_OPT_ADDR" + --archive --quiet --checksum "$MAGIC_FILE" \ + "rsync://$WSREP_SST_OPT_ADDR" echo "done $STATE" @@ -546,7 +559,8 @@ then check_round=0 while check_pid "$STUNNEL_PID" 1 do - wsrep_log_info "lingering stunnel daemon found at startup, waiting for it to exit" + wsrep_log_info "Lingering stunnel daemon found at startup," \ + "waiting for it to exit" check_round=$(( check_round + 1 )) if [ $check_round -eq 10 ]; then wsrep_log_error "stunnel daemon already running." @@ -563,7 +577,8 @@ then check_round=0 while check_pid "$RSYNC_PID" 1 do - wsrep_log_info "lingering rsync daemon found at startup, waiting for it to exit" + wsrep_log_info "Lingering rsync daemon found at startup," \ + "waiting for it to exit" check_round=$(( check_round + 1 )) if [ $check_round -eq 10 ]; then wsrep_log_error "rsync daemon already running." @@ -575,9 +590,7 @@ then [ -f "$MAGIC_FILE" ] && rm -f "$MAGIC_FILE" [ -f "$BINLOG_TAR_FILE" ] && rm -f "$BINLOG_TAR_FILE" - if [ -z "$STUNNEL" ]; then - [ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF" - fi + [ -z "$STUNNEL" ] && [ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF" ADDR="$WSREP_SST_OPT_ADDR" RSYNC_PORT="$WSREP_SST_OPT_PORT" @@ -628,19 +641,21 @@ EOF echo $$ > "$SST_PID" - if [ -z "$STUNNEL" ] - then - rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS & + if [ -z "$STUNNEL" ]; then + rsync --daemon --no-detach --port "$RSYNC_PORT" \ + --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS & RSYNC_REAL_PID=$! TRANSFER_REAL_PID=$RSYNC_REAL_PID TRANSFER_PID="$RSYNC_PID" else # Let's check if the path to the config file contains a space? + RSYNC_BIN=$(commandex 'rsync') if [ "${RSYNC_CONF#* }" = "$RSYNC_CONF" ]; then cat << EOF > "$STUNNEL_CONF" key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -650,17 +665,18 @@ ${CHECK_OPT} ${CHECK_OPT_LOCAL} [rsync] accept = $STUNNEL_ACCEPT -exec = $(command -v rsync) +exec = $RSYNC_BIN execargs = rsync --server --daemon --config=$RSYNC_CONF . EOF else # The path contains a space, so we will run it via # shell with "eval" command: - export RSYNC_CMD="eval $(command -v rsync) --server --daemon --config='$RSYNC_CONF' ." + export RSYNC_CMD="eval '$RSYNC_BIN' --server --daemon --config='$RSYNC_CONF' ." cat << EOF > "$STUNNEL_CONF" key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -688,7 +704,8 @@ EOF # find out my Common Name get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error 'openssl not found but it is required for authentication' + wsrep_log_error \ + 'openssl not found but it is required for authentication' exit 42 fi CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$SSTCERT" | \ @@ -703,7 +720,8 @@ EOF ADDR="$WSREP_SST_OPT_HOST" fi - until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT" + until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID \ + "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT" do sleep 0.2 done @@ -722,7 +740,7 @@ EOF if ! ps -p $MYSQLD_PID >/dev/null 2>&1 then wsrep_log_error \ - "Parent mysqld process (PID: $MYSQLD_PID) terminated unexpectedly." + "Parent mysqld process (PID: $MYSQLD_PID) terminated unexpectedly." kill -- -$MYSQLD_PID sleep 1 exit 32 @@ -768,10 +786,11 @@ EOF if [ -r "$MAGIC_FILE" ]; then if [ -n "$MY_SECRET" ]; then # check donor supplied secret - SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) + SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \ + cut -d ' ' -f 2) if [ "$SECRET" != "$MY_SECRET" ]; then wsrep_log_error "Donor does not know my secret!" - wsrep_log_info "Donor:'$SECRET', my:'$MY_SECRET'" + wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" exit 32 fi # remove secret from the magic file, and output diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 8ab7565a666..08f0905e044 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -178,6 +178,12 @@ new_VioSSLFd(const char *key_file, const char *cert_file, struct st_VioSSLFd *ssl_fd; long ssl_ctx_options= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; DBUG_ENTER("new_VioSSLFd"); + + if (ca_file && ! ca_file[0]) ca_file = NULL; + if (ca_path && ! ca_path[0]) ca_path = NULL; + if (crl_file && ! crl_file[0]) crl_file = NULL; + if (crl_path && ! crl_path[0]) crl_path = NULL; + DBUG_PRINT("enter", ("key_file: '%s' cert_file: '%s' ca_file: '%s' ca_path: '%s' " "cipher: '%s' crl_file: '%s' crl_path: '%s' ", @@ -308,6 +314,11 @@ new_VioSSLConnectorFd(const char *key_file, const char *cert_file, struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER; + if (ca_file && ! ca_file[0]) ca_file = NULL; + if (ca_path && ! ca_path[0]) ca_path = NULL; + if (crl_file && ! crl_file[0]) crl_file = NULL; + if (crl_path && ! crl_path[0]) crl_path = NULL; + /* Turn off verification of servers certificate if both ca_file and ca_path is set to NULL @@ -339,6 +350,12 @@ new_VioSSLAcceptorFd(const char *key_file, const char *cert_file, { struct st_VioSSLFd *ssl_fd; int verify= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; + + if (ca_file && ! ca_file[0]) ca_file = NULL; + if (ca_path && ! ca_path[0]) ca_path = NULL; + if (crl_file && ! crl_file[0]) crl_file = NULL; + if (crl_path && ! crl_path[0]) crl_path = NULL; + if (!(ssl_fd= new_VioSSLFd(key_file, cert_file, ca_file, ca_path, cipher, FALSE, error, crl_file, crl_path))) |