Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.1(EOL)
Description
Hi,
This PR adds the ability to use stunnel during rsync SST, thus encrypting data on the wire.
You then just have to have stunnel binary available, and the following in server configuration :
[sst]
tkey = /etc/mysql/certs/client-key.pem
tcert = /etc/mysql/certs/client-cert.pem
- ca-cert.pem is not needed in configuration but will be used for peer verification
stunnel will then be used.
You will also have to be sure your certs dir is hashed :
openssl rehash /etc/mysql/certs/
Attachments
Issue Links
- relates to
-
MDEV-16988 Galera rsync method can now use stunnel to encrypt data transmission.
-
- Open
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Priority | Major [ 3 ] | Critical [ 2 ] |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| issue.field.resolutiondate | 2018-08-05 06:28:23.0 | 2018-08-05 06:28:23.542 |
| Component/s | Galera SST [ 10121 ] | |
| Component/s | wsrep [ 11500 ] | |
| Fix Version/s | 10.1.36 [ 23117 ] | |
| Fix Version/s | 10.2.17 [ 23111 ] | |
| Fix Version/s | 10.3.9 [ 23114 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.1 [ 16100 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
| Fix Version/s | 10.2.18 [ 23112 ] | |
| Fix Version/s | 10.3.10 [ 23140 ] | |
| Fix Version/s | 10.2.17 [ 23111 ] | |
| Fix Version/s | 10.3.9 [ 23114 ] |
| Link | This issue relates to MDEV-16988 [ MDEV-16988 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Closed [ 6 ] | Stalled [ 10000 ] |
| issue.field.resolutiondate | 2018-08-24 12:13:58.0 | 2018-08-24 12:13:58.358 |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 85923 ] | MariaDB v4 [ 153920 ] |
My attempt at resolving the merge conflict in 10.2 failed. Please fix this in 10.2.