mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/sql/wsrep_check_opts.cc
Alexey Yurchenko a1e5a284fc MDEV-31809 Automatic SST user account management 
Implement automatic creation of temporary accounts for SST and pass
account credentials to SST script via socket as opposed to environment
variables. Delete the user after the SST script returns,

Respect wsrep_sst_auth set by the adminitrator in case some additional
privilege grants are needed for particular SST method.

mysqldump SST requires significant change to make use of the new
automatic user generation facility. For now just make it compatible
by ignoring automatically generated user and rely only on wsrep_sst_auth
setting on the joiner node to keep backward compatibility.

Adapt mysqldump SST to automatic SST user generation changes:
 - disable special treatment for mysqldump SST on donor
 - make mysqldump SST script compatible with the new SST script
   interface.

Differentiate user privileges for different SST methods:
 - grant minimum required privileges for clone and xtrabackup SST
   accounts
 - grant all privileges to custom SST accounts as it is not known what
   is needed.
 - disable SST account generation for rsync SST since it is not needed.

MTR tests:
 - add MTR tests for clone and xtrabackup SSTs without wsrep_sst_auth,
 - add MTR test for testing masking of wsrep_sst_auth.
 - don't attmept to restore original wsrep_sst_auth in MTR tests as it
   is always masked.

Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>
2024-06-10 23:29:05 +02:00

105 lines
3.4 KiB
C++
Raw Blame History

/* Copyright 2011 Codership Oy <http://www.codership.com>
Copyright 2014 SkySQL Ab.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA */
#include "mariadb.h"
#include "mysqld.h"
#include "sys_vars_shared.h"
#include "wsrep.h"
#include "wsrep_sst.h"
#include "wsrep_mysqld.h"
extern char *my_bind_addr_str;
int wsrep_check_opts()
{
if (wsrep_slave_threads > 1)
{
sys_var *autoinc_lock_mode=
intern_find_sys_var(STRING_WITH_LEN("innodb_autoinc_lock_mode"));
bool is_null;
if (autoinc_lock_mode &&
autoinc_lock_mode->val_int(&is_null, 0, OPT_GLOBAL, 0) != 2)
{
WSREP_ERROR("Parallel applying (wsrep_slave_threads > 1) requires"
" innodb_autoinc_lock_mode= 2.");
return 1;
}
}
if (locked_in_memory)
{
WSREP_ERROR("Memory locking is not supported (locked_in_memory=ON)");
return 1;
}
if (!strcasecmp(wsrep_sst_method, "mysqldump"))
{
if (my_bind_addr_str &&
(!strcasecmp(my_bind_addr_str, "127.0.0.1") ||
!strcasecmp(my_bind_addr_str, "localhost")))
{
WSREP_WARN("wsrep_sst_method is set to 'mysqldump' yet "
"mysqld bind_address is set to '%s', which makes it "
"impossible to receive state transfer from another "
"node, since mysqld won't accept such connections. "
"If you wish to use mysqldump state transfer method, "
"set bind_address to allow mysql client connections "
"from other cluster members (e.g. 0.0.0.0).",
my_bind_addr_str);
}
}
else
{
// non-mysqldump SST requires wsrep_cluster_address on startup
if (!wsrep_cluster_address_exists())
{
WSREP_ERROR ("%s SST method requires wsrep_cluster_address to be "
"configured on startup.", wsrep_sst_method);
return 1;
}
}
if (strcasecmp(wsrep_sst_receive_address, "AUTO"))
{
if (!strncasecmp(wsrep_sst_receive_address, STRING_WITH_LEN("127.0.0.1")) ||
!strncasecmp(wsrep_sst_receive_address, STRING_WITH_LEN("localhost")))
{
WSREP_WARN("wsrep_sst_receive_address is set to '%s' which "
"makes it impossible for another host to reach this "
"one. Please set it to the address which this node "
"can be connected at by other cluster members.",
wsrep_sst_receive_address);
}
}
if (strcasecmp(wsrep_provider, WSREP_NONE))
{
if (global_system_variables.binlog_format != BINLOG_FORMAT_ROW)
{
WSREP_ERROR("Only binlog_format= 'ROW' is currently supported. "
"Configured value: '%s'. Please adjust your "
"configuration.",
binlog_format_names[global_system_variables.binlog_format]);
return 1;
}
}
wsrep_sst_auth_set(wsrep_sst_auth);
return 0;
}
Reference in a new issue View git blame Copy permalink