[MDEV-18050] Port encrypt=4 from xtrabackup-v2 to mariabackup for SSTs - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 10.8.0, 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.4, 10.7.1
Component/s: Galera, Galera SST, mariabackup, SSL, wsrep
Labels:
- galera
- mariabackup
- ssl
- sst
- wsrep
- xtrabackup

Description

I can see that the xtrabackup-v2 SST script has an encrypt=4 option:

https://github.com/MariaDB/server/blob/312de43f40e221096b5565f6f4999eaadae09ef4/scripts/wsrep_sst_xtrabackup-v2.sh#L371

The mariabackup SST script does not appear to have this option:

https://github.com/MariaDB/server/blob/312de43f40e221096b5565f6f4999eaadae09ef4/scripts/wsrep_sst_mariabackup.sh#L252

Percona describes this option as:

Set encrypt=4 for SST encryption with SSL files generated by MySQL. This is the recommended mode.

Considering that you have all three necessary files:

[sst]
encrypt=4
ssl-ca=ca.pem
ssl-cert=server-cert.pem
ssl-key=server-key.pem

https://www.percona.com/doc/percona-xtradb-cluster/5.7/manual/xtrabackup_sst.html#encrypt

Attachments

Issue Links

relates to

MDEV-9436 When using xtrabackup-v2 SST, built-in xtrabackup SSL fails on CentOS/RHEL 6

Closed

MDEV-25359 Improve mariabackup SST script compliance with native MariaDB SSL practicies

Closed

MDEV-26360 Using hostnames for MariaBackup SSTs breaks certificate validation with encrypt=3

Closed

Activity

People

Assignee:: Julius Goryavsky

Reporter:: Geoff Montee (Inactive)

Votes:: 2 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2018-12-20 23:46

Updated:: 2021-12-01 19:34

Resolved:: 2021-11-28 01:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.