[MDEV-15511] Use stunnel during rsync SST if available - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.1
Fix Version/s: 10.1.36, 10.2.18, 10.3.10
Component/s: Galera SST
Labels:
- contribution
- foundation

Description

Hi,

This PR adds the ability to use stunnel during rsync SST, thus encrypting data on the wire.

You then just have to have stunnel binary available, and the following in server configuration :

[sst]
tkey = /etc/mysql/certs/client-key.pem
tcert = /etc/mysql/certs/client-cert.pem

ca-cert.pem is not needed in configuration but will be used for peer verification
stunnel will then be used.

You will also have to be sure your certs dir is hashed :
openssl rehash /etc/mysql/certs/

Attachments

Issue Links

relates to

MDEV-16988 Galera rsync method can now use stunnel to encrypt data transmission.

Open

Activity

People

Assignee:: Jan Lindström (Inactive)

Reporter:: Sergey Vojtovich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2018-03-08 15:29

Updated:: 2018-08-24 12:13

Resolved:: 2018-08-24 12:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.