Issue since upgrading to 5.7.34 #394
Comments
|
State snapshot transfers don't happen through replication provider and so provider options don't apply to SST. |
|
If I'm reading this document correctly. In order to turn SSL on for RSYNC SST (which wasn't available before 5.7.34), I have to shut down the entire cluster? So, I'm not sure why when upgrading one of the nodes from 5.7.31 to 5.7.34 would turn SSL on. Are you saying that before upgrading each node I would need to set ssl-mode=DISABLE in the [sst] Thanks, |
I've downloaded the Download Linux binary x86_64 of (MySQL 5.7.34 with wsrep Patch Version 25.26).
After installing this new version, it looks like the wrong certs are being used for SST.
Instead of using the certs listed in the wsrep_provider_options, it's using the certs for client connections.
Here are my settings in my.cnf file:
ssl-ca=/mysql/newcerts/ca-cert.pem
ssl-cert=/mysql/newcerts/server-cert.pem
ssl-key=/mysql/newcerts/server-key.pem
wsrep_provider_options = "gmcast.listen_addr=tcp://xxxx.xxx.xxx.xxx.edu:4316;socket.ssl_cert=/mysql/newcerts2/ca-cert.pem; socket.ssl_key=/mysql/newcerts2/ca-key.pem; gcache.size=400M"
Notice the certs for clients are different than they are for wsrep_provider_options (newcerts vs newcerts2)
However, after restarting with the newer version. I get the following error.
2021-08-10T13:17:03.062582-05:00 0 [Note] WSREP: Running: 'wsrep_sst_rsync --role 'joiner' --address 'xxxx.xxx.xxx.xxx.edu' --datadir '/mysql/data/miltertest1GC/' --defaults-file '/mysql/product/MySQLGalera5.7/my.cnf' --defaults-group-suffix '' --parent '11045' '' '
WSREP_SST: [INFO] Using stunnel for SSL encryption: CAfile: /mysql/newcerts/ca-cert.pem, SSLMODE: PREFFERED (20210810 13:17:03.160)
For my configuration, I think based on previous versions, SSL should be using the certs in /mysql/newcerts2.
Thanks,
Jenn
The text was updated successfully, but these errors were encountered: