mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-04-17 20:55:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions1

MDEV-23580: WSREP_SST: [ERROR] rsync daemon port has been taken

Browse source 
This commit contains a large set of further bug fixes and
improvements to SST scripts for Galera, continuing the work
that was started in MDEV-24962 to make SST scripts work smoothly
in different network configurations (especially using ipv6) and
with different environment settings:

 1) The ipv6 addresses were incorrectly handled in the SST script
    for rsync (incorrect address substitution for establishing a
    connection, incorrect address substitution for bind, and so on);
 2) Checking the locality of the ip-address in SST scripts did not
    support ipv6 addresses (such as "[::1]"), which were falsely
    identified as non-local ip, which further did not allow running
    two SSTs on different local addresses on the same machine.
    On the other hand, this bug masked some other errors (related
    to handling ipv6 addresses);
 3) The code for checking the locality of the ip address was different
    in the SST scripts for rsync and for mysqldump, with individual
    flaws. This code is now made common and moved to wsrep_sst_common;
 4) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) in the wait_for_listen() and check_pid_and_port() functions
    did not process ipv6 addresses correctly in all cases (not for all
    branches);
 5) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) in the wait_for_listen() and check_pid_and_port() functions
    for some code branches could give a false positive result due to
    the textual match of prefixes in the port number and/or PID of
    the process;
 6) Waiting for the start of the transport channel (socat, nc, rsync,
    stunnel) was supported through different utilities in SST scripts
    for mariabackup and for rsync, and with various minor flaws in
    the code. Now the code is still different in these scripts, but
    it supports a common set of utilities (lsof, ss, sockstat) and
    is synchronized across patterns that used to check the output
    of  these utilities;
 7) In SST via mariabackup, the signal about readiness to receive data
    is sometimes sent too early - immediately after listen(), and not
    after accept() (which are called by socat or netcat utility).
 8) Checking availability of the some options of some utilities was
    done using the grep pattern, which easily gives false positives;
 9) Common name (CN) for local addresses, if not explicitly specified,
    is now always replaced to "localhost" to avoid the need to generate
    many separate certificates for local addresses of one machine and
    not to depend on which the local address is currently used in test
    (ipv4 or ipv6, etc.);
10) In tests galera_sst_mariabackup_encrypt_with_key_server and
    galera_sst_rsync_encrypt_with_key_server the correct certificate
    is selected to avoid commonname (CN) mismatch problems;
11) Further refactoring to protect against spaces in file names.
12) Further general refactoring to eliminate bash-specific constructs
    or to improve code readability;
13) The code for setting options for the nc (netcat) utility was
    different in different scripts for SST - now it is made identical.
14) Fixed long-time broken encryption via xbcrypt in combination with
    mariabackup and added support for key-based encryption via openssl
    utility, which is now enabled by default for encrypt=1 mode (this
    default mode can be changed using a new configuration file option
    "encypt-format=openssl|xbcrypt", which can be placed in the [mysqld],
    [sst] or in the [xtrabackup] section) - this change will allow us
    to use and to test the encypt=1 encryption without installing
    non-standard third-party utilities.
This commit is contained in:
Julius Goryavsky 2021-05-10 04:27:16 +02:00
parent 86dc7b4d4c
commit bcd6af931f
10 changed files with 517 additions and 353 deletions

3
mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key-openssl.result Normal file
View file

@ -0,0 +1,3 @@
SELECT 1;
1
1

13
mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.cnf Normal file
View file

@ -0,0 +1,13 @@
!include ../galera_2nodes.cnf
[mysqld]
wsrep_sst_method=mariabackup
wsrep_sst_auth="root:"
wsrep_debug=ON
[sst]
encrypt-format=openssl
encrypt=1
encrypt-algo=aes-256-ctr
encrypt-key=4FA92C5873672E20FB163A0BCB2BB4A4
transferfmt=@ENV.MTR_GALERA_TFMT

12
mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key-openssl.test Normal file
View file

@ -0,0 +1,12 @@
#
# This test checks that encryption with key using openssl with options
# passed to mariabackup via the my.cnf file
#
--source include/galera_cluster.inc
--source include/have_innodb.inc
--source include/have_mariabackup.inc
SELECT 1;
--let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size';
--source include/wait_condition.inc

4
mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.cnf
View file

@ -5,8 +5,8 @@ wsrep_sst_method=mariabackup
wsrep_sst_auth="root:"
wsrep_debug=1
ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem
ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem
ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
[sst]

2
mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test
View file

@ -18,7 +18,7 @@ SELECT 1;
# Confirm that transfer was SSL-encrypted
--let $assert_text = Using openssl based encryption with socat
--let $assert_select = Using openssl based encryption with socat: with key and c
--let $assert_select = Using openssl based encryption with socat: with key and crt
--let $assert_count = 1
--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err
--let $assert_only_after = CURRENT_TEST

4
mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf
View file

@ -2,8 +2,8 @@
[mysqld]
wsrep_sst_method=rsync
ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem
ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem
ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
[sst]

150
scripts/wsrep_sst_common.sh Normal file → Executable file
View file

@ -51,7 +51,7 @@ case "$1" in
#
# Break address string into host:port/path parts
#
case "${WSREP_SST_OPT_ADDR}" in
case "$WSREP_SST_OPT_ADDR" in
\[*)
# IPv6
# Remove the starting and ending square brackets, if present:
@ -81,7 +81,7 @@ case "$1" in
# up to "/" (if present):
WSREP_SST_OPT_ADDR_PORT="${remain%%/*}"
# If the "/" character is present, then the path is not empty:
if [ "${remain#*/}" != "${remain}" ]; then
if [ "${remain#*/}" != "$remain" ]; then
# This operation removes everything up to the "/" character,
# effectively removing the port number from the string:
readonly WSREP_SST_OPT_PATH="${remain#*/}"
@ -89,10 +89,10 @@ case "$1" in
readonly WSREP_SST_OPT_PATH=""
fi
# The rest of the string is the same as the path (for now):
remain="${WSREP_SST_OPT_PATH}"
remain="$WSREP_SST_OPT_PATH"
# If there is one more "/" in the string, then everything before
# it will be the module name, otherwise the module name is empty:
if [ "${remain%%/*}" != "${remain}" ]; then
if [ "${remain%%/*}" != "$remain" ]; then
# This operation removes the tail after the very first
# occurrence of the "/" character (inclusively):
readonly WSREP_SST_OPT_MODULE="${remain%%/*}"
@ -103,7 +103,7 @@ case "$1" in
remain="${WSREP_SST_OPT_PATH#*/}"
# If the rest of the string does not match the original, then there
# was something else besides the module name:
if [ "$remain" != "${WSREP_SST_OPT_PATH}" ]; then
if [ "$remain" != "$WSREP_SST_OPT_PATH" ]; then
# Extract the part that matches the LSN by removing all
# characters starting from the very first "/":
readonly WSREP_SST_OPT_LSN="${remain%%/*}"
@ -113,7 +113,7 @@ case "$1" in
# If the remainder does not match the original string,
# then there is something else (the version number in
# our case):
if [ "$remain" != "${WSREP_SST_OPT_LSN}" ]; then
if [ "$remain" != "$WSREP_SST_OPT_LSN" ]; then
# Let's extract the version number by removing the tail
# after the very first occurence of the "/" character
# (inclusively):
@ -535,7 +535,8 @@ readonly WSREP_SST_OPT_ADDR_PORT
# try to use my_print_defaults, mysql and mysqldump that come with the sources
# (for MTR suite)
SCRIPTS_DIR="$(cd $(dirname "$0"); pwd -P)"
script_binary=$(dirname "$0")
SCRIPTS_DIR=$(cd "$script_binary"; pwd -P)
EXTRA_DIR="$SCRIPTS_DIR/../extra"
CLIENT_DIR="$SCRIPTS_DIR/../client"
@ -581,30 +582,45 @@ readonly MY_PRINT_DEFAULTS="$MY_PRINT_DEFAULTS $WSREP_SST_OPT_CONF"
#
parse_cnf()
{
local group="$1"
local groups="$1"
local var="$2"
local reval=""
# normalize the variable names specified in cnf file (user can use _ or - for example log-bin or log_bin)
# then search for needed variable
# finally get the variable value (if variables has been specified multiple time use the last value only)
# normalize the variable names specified in the .cnf file
# (user can use '_' or '-', for example, log-bin or log_bin),
# then search for the last instance of the desired variable
# and finally get the value of that variable (if the variable
# was specified several times - we use only its last instance):
if [ "$group" = '--mysqld' -o \
"$group" = 'mysqld' ]; then
if [ -n "$WSREP_SST_OPT_SUFFIX_VALUE" ]; then
reval=$($MY_PRINT_DEFAULTS "mysqld$WSREP_SST_OPT_SUFFIX_VALUE" | awk 'BEGIN {OFS=FS="="} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") lastval=substr($0,length($1)+2)} END {print lastval}')
fi
fi
local pattern='BEGIN {OFS=FS="="} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") lastval=substr($0,length($1)+2)} END {print lastval}'
if [ -z "$reval" ]; then
reval=$($MY_PRINT_DEFAULTS "$group" | awk 'BEGIN {OFS=FS="="} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") lastval=substr($0,length($1)+2)} END {print lastval}')
fi
while [ -n "$groups" ]; do
# Remove the largest suffix starting with the '|' character:
local group="${groups%%\|*}"
# Remove the remainder (the group name) from the rest
# of the groups list (as if it were a prefix):
groups="${groups#$group}"
groups="${groups#\|}"
# if the group name is the same as the "[--]mysqld", then
# try to use it together with the group suffix:
if [ "${group#--}" = 'mysqld' -a -n "$WSREP_SST_OPT_SUFFIX_VALUE" ]; then
reval=$($MY_PRINT_DEFAULTS "mysqld$WSREP_SST_OPT_SUFFIX_VALUE" | awk "$pattern")
if [ -n "$reval" ]; then
break
fi
fi
# Let's try to use the group name as it is:
reval=$($MY_PRINT_DEFAULTS "$group" | awk "$pattern")
if [ -n "$reval" ]; then
break
fi
done
# use default if we haven't found a value
# use default if we haven't found a value:
if [ -z "$reval" ]; then
[ -n "${3:-}" ] && reval="$3"
fi
echo $reval
echo "$reval"
}
#
@ -615,18 +631,37 @@ parse_cnf()
#
in_config()
{
local group="$1"
local groups="$1"
local var="$2"
local found=0
if [ "$group" = '--mysqld' -o \
"$group" = 'mysqld' ]; then
if [ -n "$WSREP_SST_OPT_SUFFIX_VALUE" ]; then
found=$($MY_PRINT_DEFAULTS "mysqld$WSREP_SST_OPT_SUFFIX_VALUE" | awk 'BEGIN {OFS=FS="="; found=0} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") found=1} END {print found}')
fi
fi
if [ $found -eq 0 ]; then
found=$($MY_PRINT_DEFAULTS "$group" | awk 'BEGIN {OFS=FS="="; found=0} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") found=1} END {print found}')
fi
# normalize the variable names specified in the .cnf file
# (user can use '_' or '-', for example, log-bin or log_bin),
# then search for the last instance(s) of the desired variable:
local pattern='BEGIN {OFS=FS="="; found=0} {sub(/^--loose/,"-",$0); gsub(/_/,"-",$1); if ($1=="--'"$var"'") found=1} END {print found}'
while [ -n "$groups" ]; do
# Remove the largest suffix starting with the '|' character:
local group="${groups%%\|*}"
# Remove the remainder (the group name) from the rest
# of the groups list (as if it were a prefix):
groups="${groups#$group}"
groups="${groups#\|}"
# if the group name is the same as the "[--]mysqld", then
# try to use it together with the group suffix:
if [ "${group#--}" = 'mysqld' -a -n "$WSREP_SST_OPT_SUFFIX_VALUE" ]; then
found=$($MY_PRINT_DEFAULTS "mysqld$WSREP_SST_OPT_SUFFIX_VALUE" | awk "$pattern")
if [ $found -ne 0 ]; then
break
fi
fi
# Let's try to use the group name as it is:
found=$($MY_PRINT_DEFAULTS "$group" | awk "$pattern")
if [ $found -ne 0 ]; then
break
fi
done
echo $found
}
@ -747,7 +782,7 @@ wsrep_check_programs()
while [ $# -gt 0 ]
do
wsrep_check_program $1 || ret=$?
wsrep_check_program "$1" || ret=$?
shift
done
@ -793,3 +828,52 @@ wsrep_gen_secret()
$RANDOM $RANDOM $RANDOM $RANDOM
fi
}
is_local_ip()
{
[ "$1" = '127.0.0.1' ] && return 0
[ "$1" = '127.0.0.2' ] && return 0
[ "$1" = 'localhost' ] && return 0
[ "$1" = '[::1]' ] && return 0
[ "$1" = "$(hostname -s)" ] && return 0
[ "$1" = "$(hostname -f)" ] && return 0
[ "$1" = "$(hostname -d)" ] && return 0
local ip_util="$(command -v ip)"
if [ -x "$ip_util" ]; then
# ip address show ouput format is " inet[6] <address>/<mask>":
"$ip_util" address show \
| grep -E "^[[:space:]]*inet.? [^[:space:]]+/" -o \
| grep -F " $1/" >/dev/null && return 0
else
local ifconfig_util="$(command -v ifconfig)"
if [ -x "$ifconfig_util" ]; then
# ifconfig output format is " inet[6] <address> ...":
"$ifconfig_util" \
| grep -E "^[[:space:]]*inet.? [^[:space:]]+ " -o \
| grep -F " $1 " >/dev/null && return 0
fi
fi
return 1
}
check_sockets_utils()
{
lsof_available=0
sockstat_available=0
ss_available=0
[ -x "$(command -v lsof)" ] && lsof_available=1
[ -x "$(command -v sockstat)" ] && sockstat_available=1
[ -x "$(command -v ss)" ] && ss_available=1
if [ $lsof_available -eq 0 -a \
$sockstat_available -eq 0 -a \
$ss_available -eq 0 ]
then
wsrep_log_error "Neither lsof tool, nor ss or sockstat was found in " \
"the PATH! Make sure you have it installed."
exit 2 # ENOENT
fi
}

478
scripts/wsrep_sst_mariabackup.sh
View file

File diff suppressed because it is too large Load diff

26
scripts/wsrep_sst_mysqldump.sh
View file

@ -18,35 +18,18 @@
# This is a reference script for mysqldump-based state snapshot tansfer
. $(dirname $0)/wsrep_sst_common
. $(dirname "$0")/wsrep_sst_common
PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
EINVAL=22
local_ip()
{
[ "$1" = "127.0.0.1" ] && return 0
[ "$1" = "127.0.0.2" ] && return 0
[ "$1" = "localhost" ] && return 0
[ "$1" = "[::1]" ] && return 0
[ "$1" = "$(hostname -s)" ] && return 0
[ "$1" = "$(hostname -f)" ] && return 0
[ "$1" = "$(hostname -d)" ] && return 0
# Now if ip program is not found in the path, we can't return 0 since
# it would block any address. Thankfully grep should fail in this case
ip route get "$1" | grep local >/dev/null && return 0
return 1
}
if test -z "$WSREP_SST_OPT_HOST"; then wsrep_log_error "HOST cannot be nil"; exit $EINVAL; fi
if test -z "$WSREP_SST_OPT_PORT"; then wsrep_log_error "PORT cannot be nil"; exit $EINVAL; fi
if test -z "$WSREP_SST_OPT_LPORT"; then wsrep_log_error "LPORT cannot be nil"; exit $EINVAL; fi
if test -z "$WSREP_SST_OPT_SOCKET";then wsrep_log_error "SOCKET cannot be nil";exit $EINVAL; fi
if test -z "$WSREP_SST_OPT_GTID"; then wsrep_log_error "GTID cannot be nil"; exit $EINVAL; fi
if local_ip $WSREP_SST_OPT_HOST && \
if is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED" && \
[ "$WSREP_SST_OPT_PORT" = "$WSREP_SST_OPT_LPORT" ]
then
wsrep_log_error \
@ -111,7 +94,7 @@ then
fi
MYSQL="$MYSQL_CLIENT $WSREP_SST_OPT_CONF "\
"$AUTH -h${WSREP_SST_OPT_HOST_UNESCAPED} "\
"$AUTH -h$WSREP_SST_OPT_HOST_UNESCAPED "\
"-P$WSREP_SST_OPT_PORT --disable-reconnect --connect_timeout=10"
# Check if binary logging is enabled on the joiner node.
@ -139,7 +122,7 @@ then
# executed to erase binary logs (if any). Binary logging should also be
# turned off for the session so that gtid state does not get altered while
# the dump gets replayed on joiner.
if [[ "$LOG_BIN" == 'ON' ]]; then
if [ "$LOG_BIN" = 'ON' ]; then
RESET_MASTER="SET GLOBAL wsrep_on=OFF; RESET MASTER; SET GLOBAL wsrep_on=ON;"
SET_GTID_BINLOG_STATE="SET GLOBAL wsrep_on=OFF; SET @@global.gtid_binlog_state='$GTID_BINLOG_STATE'; SET GLOBAL wsrep_on=ON;"
SQL_LOG_BIN_OFF="SET @@session.sql_log_bin=OFF;"
@ -164,7 +147,6 @@ $MYSQL -e "$STOP_WSREP SET GLOBAL SLOW_QUERY_LOG=OFF"
RESTORE_GENERAL_LOG="SET GLOBAL GENERAL_LOG=$GENERAL_LOG_OPT;"
RESTORE_SLOW_QUERY_LOG="SET GLOBAL SLOW_QUERY_LOG=$SLOW_LOG_OPT;"
if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
then
(echo $STOP_WSREP && echo $RESET_MASTER && \

178
scripts/wsrep_sst_rsync.sh
View file

@ -23,13 +23,13 @@ RSYNC_PID= # rsync pid file
RSYNC_CONF= # rsync configuration file
RSYNC_REAL_PID= # rsync process id
OS=$(uname)
OS="$(uname)"
[ "$OS" = 'Darwin' ] && export -n LD_LIBRARY_PATH
# Setting the path for lsof on CentOS
export PATH="/usr/sbin:/sbin:$PATH"
. $(dirname $0)/wsrep_sst_common
. $(dirname "$0")/wsrep_sst_common
wsrep_check_datadir
wsrep_check_programs rsync
@ -48,7 +48,7 @@ cleanup_joiner()
rm -rf "$MAGIC_FILE"
rm -rf "$RSYNC_PID"
wsrep_log_info "Joiner cleanup done."
if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then
if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then
wsrep_cleanup_progress_file
fi
}
@ -57,68 +57,71 @@ cleanup_joiner()
check_pid()
{
local pid_file="$1"
[ -r "$pid_file" ] && ps -p $(cat "$pid_file") >/dev/null 2>&1
[ -r "$pid_file" ] && ps -p $(cat "$pid_file") 2>&1 >/dev/null
}
check_pid_and_port()
{
local pid_file="$1"
local rsync_pid=$2
local rsync_addr=$3
local rsync_port=$4
local rsync_addr="$3"
local rsync_port="$4"
case $OS in
FreeBSD)
local port_info="$(sockstat -46lp ${rsync_port} 2>/dev/null | \
grep ":${rsync_port}")"
local is_rsync="$(echo $port_info | \
grep -E '[[:space:]]+(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null)"
;;
*)
if [ ! -x "$(command -v lsof)" ]; then
wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed."
exit 2 # ENOENT
if [ -z "$rsync_port" -o -z "$rsync_addr" -o -z "$rsync_pid" ]; then
wsrep_log_error "check_pid_and_port(): bad arguments"
exit 2 # ENOENT
fi
local port_info is_rsync
if [ $lsof_available -ne 0 ]; then
port_info=$(lsof -i ":$rsync_port" -Pn 2>/dev/null | \
grep -F '(LISTEN)')
is_rsync=$(echo "$port_info" | \
grep -E "^(rsync|stunnel)[^[:space:]]*[[:space:]]+$rsync_pid[[:space:]]+")
elif [ $sockstat_available -ne 0 ]; then
port_info=$(sockstat -p "$rsync_port" 2>/dev/null | \
grep -F 'LISTEN')
is_rsync=$(echo "$port_info" | \
grep -E "[[:space:]]+(rsync|stunnel)[^[:space:]]*[[:space:]]+$rsync_pid[[:space:]]+")
elif [ $ss_available -ne 0 ]; then
port_info=$(ss -H -p -n -l "( sport = :$rsync_port )" 2>/dev/null)
is_rsync=$(echo "$port_info" | \
grep -E "users:\\(.*\\(\"(rsync|stunnel)[^[:space:]]*\".*\<pid=$rsync_pid\>.*\\)")
else
wsrep_log_error "unknown sockets utility"
exit 2 # ENOENT
fi
if [ -z "$is_rsync" ]; then
local is_listening_all
if [ $lsof_available -ne 0 ]; then
is_listening_all=$(echo "$port_info" | \
grep -E "[[:space:]](\\*|\\[?::\\]?):$rsync_port[[:space:]]")
else
if [ $sockstat_available -eq 0 ]; then
port_info=$(echo "$port_info" | grep -q -F 'users:(')
fi
port_info=$(echo "$port_info" | \
grep -E "[^[:space:]]+[[:space:]]+[^[:space:]]+[[:space:]]+[^[:space:]]+[[:space:]]+[^[:space:]]+[[:space:]]+[^[:space:]]+" -o)
is_listening_all=$(echo "$port_info" | \
grep -E "[[:space:]](\\*|\\[?::\\]?):$rsync_port\$")
fi
local port_info="$(lsof -i :$rsync_port -Pn 2>/dev/null | \
grep "(LISTEN)")"
local is_rsync="$(echo $port_info | \
grep -E '^(rsync|stunnel)[[:space:]]+'"$rsync_pid" 2>/dev/null)"
;;
esac
local is_listening_all="$(echo $port_info | \
grep "*:$rsync_port" 2>/dev/null)"
local is_listening_addr="$(echo $port_info | \
grep -F "$rsync_addr:$rsync_port" 2>/dev/null)"
if [ ! -z "$is_listening_all" -o ! -z "$is_listening_addr" ]; then
if [ -z "$is_rsync" ]; then
wsrep_log_error "rsync daemon port '$rsync_port' has been taken"
local is_listening_addr=$(echo "$port_info" | \
grep -w -F -- "$rsync_addr:$rsync_port")
if [ -z "$is_listening_addr" ]; then
is_listening_addr=$(echo "$port_info" | \
grep -w -F "[$rsync_addr]:$rsync_port")
fi
if [ -n "$is_listening_all" -o -n "$is_listening_addr" ]; then
wsrep_log_error "rsync or stunnel daemon port '$rsync_port' " \
"has been taken by another program"
exit 16 # EBUSY
fi
return 1
fi
check_pid "$pid_file" && \
[ -n "$port_info" ] && [ -n "$is_rsync" ] && \
[ $(cat "$pid_file") -eq $rsync_pid ]
}
is_local_ip()
{
local address="$1"
local get_addr_bin="$(command -v ifconfig)"
if [ -z "$get_addr_bin" ]
then
get_addr_bin="$(command -v ip) address show"
# Add an slash at the end, so we don't get false positive : 172.18.0.4 matches 172.18.0.41
# ip output format is "X.X.X.X/mask"
address="$address/"
else
# Add an space at the end, so we don't get false positive : 172.18.0.4 matches 172.18.0.41
# ifconfig output format is "X.X.X.X "
address="$address "
fi
$get_addr_bin | grep -F "$address" > /dev/null
check_pid "$pid_file" && [ $(cat "$pid_file") -eq $rsync_pid ]
}
STUNNEL_CONF="$WSREP_SST_OPT_DATA/stunnel.conf"
@ -225,11 +228,11 @@ check_server_ssl_config()
SSLMODE=$(parse_cnf 'sst' 'ssl-mode' | tr [:lower:] [:upper:])
if [ -z "$SSTKEY" -a -z "$SSTCERT" ]
if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]
then
# no old-style SSL config in [sst], check for new one
check_server_ssl_config 'sst'
if [ -z "$SSTKEY" -a -z "$SSTCERT" ]; then
if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then
check_server_ssl_config '--mysqld'
fi
fi
@ -279,7 +282,7 @@ fi
STUNNEL=""
if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ] && wsrep_check_programs stunnel
then
wsrep_log_info "Using stunnel for SSL encryption: CAfile: $SSTCA, SSLMODE: $SSLMODE"
wsrep_log_info "Using stunnel for SSL encryption: CAfile: '$SSTCA', SSLMODE: '$SSLMODE'"
STUNNEL="stunnel $STUNNEL_CONF"
fi
@ -296,7 +299,7 @@ foreground = yes
pid = $STUNNEL_PID
debug = warning
client = yes
connect = ${WSREP_SST_OPT_ADDR%/*}
connect = $WSREP_SST_OPT_HOST_UNESCAPED:$WSREP_SST_OPT_PORT
TIMEOUTclose = 0
${VERIFY_OPT}
EOF
@ -322,7 +325,7 @@ EOF
# (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR
# (c) ERROR file, in case flush tables operation failed.
while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1
while [ ! -r "$FLUSHED" ] && ! grep -q -F ':' "$FLUSHED" >/dev/null 2>&1
do
# Check whether ERROR file exists.
if [ -f "$ERROR" ]
@ -365,15 +368,14 @@ EOF
# first, the normal directories, so that we can detect incompatible protocol
RC=0
eval rsync ${STUNNEL:+--rsh=\"$STUNNEL\"} \
eval rsync "'${STUNNEL:+--rsh=$STUNNEL}'" \
--owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT ${FILTER} "$WSREP_SST_OPT_DATA/" \
rsync://$WSREP_SST_OPT_ADDR >&2 || RC=$?
$WHOLE_FILE_OPT $FILTER "'$WSREP_SST_OPT_DATA/'" \
"'rsync://$WSREP_SST_OPT_ADDR'" >&2 || RC=$?
if [ $RC -ne 0 ]; then
wsrep_log_error "rsync returned code $RC:"
case $RC in
12) RC=71 # EPROTO
wsrep_log_error \
@ -394,7 +396,7 @@ EOF
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT -f '+ /ibdata*' -f '+ /ib_lru_dump' \
-f '- **' "$INNODB_DATA_HOME_DIR/" \
rsync://$WSREP_SST_OPT_ADDR-data_dir >&2 || RC=$?
"rsync://$WSREP_SST_OPT_ADDR-data_dir" >&2 || RC=$?
if [ $RC -ne 0 ]; then
wsrep_log_error "rsync innodb_data_home_dir returned code $RC:"
@ -405,28 +407,32 @@ EOF
rsync ${STUNNEL:+--rsh="$STUNNEL"} \
--owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '+ /aria_log.*' -f '+ /aria_log_control' -f '- **' "$WSREP_LOG_DIR/" \
rsync://$WSREP_SST_OPT_ADDR-log_dir >&2 || RC=$?
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '+ /aria_log.*' \
-f '+ /aria_log_control' -f '- **' "$WSREP_LOG_DIR/" \
"rsync://$WSREP_SST_OPT_ADDR-log_dir" >&2 || RC=$?
if [ $RC -ne 0 ]; then
wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:"
exit 255 # unknown error
fi
# then, we parallelize the transfer of database directories, use . so that pathconcatenation works
# then, we parallelize the transfer of database directories,
# use . so that path concatenation works:
cd "$WSREP_SST_OPT_DATA"
count=1
[ "$OS" = "Linux" ] && count=$(grep -c processor /proc/cpuinfo)
[ "$OS" = "Darwin" -o "$OS" = "FreeBSD" ] && count=$(sysctl -n hw.ncpu)
[ "$OS" = 'Linux' ] && count=$(grep -c processor /proc/cpuinfo)
[ "$OS" = 'Darwin' -o "$OS" = 'FreeBSD' ] && count=$(sysctl -n hw.ncpu)
find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -not -name ".zfs" \
-print0 | xargs -I{} -0 -P $count \
find . -maxdepth 1 -mindepth 1 -type d -not -name 'lost+found' \
-not -name '.zfs' -print0 | xargs -I{} -0 -P $count \
rsync ${STUNNEL:+--rsh="$STUNNEL"} \
--owner --group --perms --links --specials \
--ignore-times --inplace --recursive --delete --quiet \
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' --exclude "*/aria_log.*" --exclude "*/aria_log_control" "$WSREP_SST_OPT_DATA"/{}/ \
rsync://$WSREP_SST_OPT_ADDR/{} >&2 || RC=$?
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \
--exclude '*/aria_log_control' "$WSREP_SST_OPT_DATA/{}/" \
"rsync://$WSREP_SST_OPT_ADDR/{}" >&2 || RC=$?
cd "$OLD_PWD"
@ -455,13 +461,13 @@ EOF
fi
rsync ${STUNNEL:+--rsh="$STUNNEL"} \
--archive --quiet --checksum "$MAGIC_FILE" rsync://$WSREP_SST_OPT_ADDR
--archive --quiet --checksum "$MAGIC_FILE" "rsync://$WSREP_SST_OPT_ADDR"
echo "done $STATE"
elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]
then
wsrep_check_programs lsof
check_sockets_utils
touch "$SST_PROGRESS_FILE"
MYSQLD_PID="$WSREP_SST_OPT_PARENT"
@ -488,6 +494,7 @@ then
ADDR="$WSREP_SST_OPT_ADDR"
RSYNC_PORT="$WSREP_SST_OPT_PORT"
RSYNC_ADDR="$WSREP_SST_OPT_HOST"
RSYNC_ADDR_UNESCAPED="$WSREP_SST_OPT_HOST_UNESCAPED"
trap "exit 32" HUP PIPE
trap "exit 3" INT TERM ABRT
@ -519,10 +526,10 @@ EOF
# rm -rf "$DATA"/ib_logfile* # we don't want old logs around
# If the IP is local listen only in it
if is_local_ip "$RSYNC_ADDR"
if is_local_ip "$RSYNC_ADDR_UNESCAPED"
then
RSYNC_EXTRA_ARGS="--address $RSYNC_ADDR"
STUNNEL_ACCEPT="$RSYNC_ADDR:$RSYNC_PORT"
RSYNC_EXTRA_ARGS="--address $RSYNC_ADDR_UNESCAPED"
STUNNEL_ACCEPT="$RSYNC_ADDR_UNESCAPED:$RSYNC_PORT"
else
# Not local, possibly a NAT, listen on all interfaces
RSYNC_EXTRA_ARGS=""
@ -533,7 +540,7 @@ EOF
if [ -z "$STUNNEL" ]
then
rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" ${RSYNC_EXTRA_ARGS} &
rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS &
RSYNC_REAL_PID=$!
else
cat << EOF > "$STUNNEL_CONF"
@ -543,18 +550,19 @@ ${CAFILE_OPT}
foreground = yes
pid = $STUNNEL_PID
debug = warning
debug = 6
client = no
[rsync]
accept = $STUNNEL_ACCEPT
exec = $(command -v rsync)
execargs = rsync --server --daemon --config='$RSYNC_CONF' .
execargs = rsync --server --daemon --config=$RSYNC_CONF .
EOF
stunnel "$STUNNEL_CONF" &
RSYNC_REAL_PID=$!
RSYNC_PID="$STUNNEL_PID"
fi
until check_pid_and_port "$RSYNC_PID" "$RSYNC_REAL_PID" "$RSYNC_ADDR" "$RSYNC_PORT"
until check_pid_and_port "$RSYNC_PID" "$RSYNC_REAL_PID" "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT"
do
sleep 0.2
done
@ -571,10 +579,10 @@ EOF
exit 42
fi
CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$SSTCERT" | \
tr "," "\n" | grep "CN =" | cut -d= -f2 | sed s/^\ // | \
tr "," "\n" | grep -F 'CN =' | cut -d= -f2 | sed s/^\ // | \
sed s/\ %//)
fi
MY_SECRET=$(wsrep_gen_secret)
MY_SECRET="$(wsrep_gen_secret)"
# Add authentication data to address
ADDR="$CN:$MY_SECRET@$WSREP_SST_OPT_HOST"
else
@ -624,7 +632,7 @@ EOF
if [ -r "$MAGIC_FILE" ]
then
# check donor supplied secret
SECRET=$(grep "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2)
SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2)
if [ "$SECRET" != "$MY_SECRET" ]; then
wsrep_log_error "Donor does not know my secret!"
wsrep_log_info "Donor:'$SECRET', my:'$MY_SECRET'"
@ -632,7 +640,7 @@ EOF
fi
# remove secret from magic file
grep -v "$SECRET_TAG " "$MAGIC_FILE" > "$MAGIC_FILE.new"
grep -v -F -- "$SECRET_TAG " "$MAGIC_FILE" > "$MAGIC_FILE.new"
mv "$MAGIC_FILE.new" "$MAGIC_FILE"
# UUID:seqno & wsrep_gtid_domain_id is received here.
@ -643,7 +651,7 @@ EOF
fi
wsrep_cleanup_progress_file
# cleanup_joiner
# cleanup_joiner
else
wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'"
exit 22 # EINVAL