Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26211

Cluster joiner node is failed to start when using TLS mariabackup SST encryption built into socat

    XMLWordPrintable

Details

    Description

      Start 2 node cluster using TLS mariabackup SST encryption built into socat.

      config info
      		 
       
      		 
      wsrep_provider_options='gmcast.listen_addr=tcp://127.0.0.1:4808;'
      		 
      ssl-ca = /dev/shm/qa/cert/ca.pem
      		 
      ssl-cert = /dev/shm/qa/cert/server-cert.pem
      		 
      ssl-key = /dev/shm/qa/cert/server-key.pem
      		 
      [sst]
      		 
      encrypt = 2
      		 
      tca = /dev/shm/qa/cert/sst_encypt2.crt
      		 
      tcert = /dev/shm/qa/cert/sst_encypt2.pem
      		 
      $

      Error info from donor node.

      2021-07-21 16:49:12 0 [Note] WSREP: Running: 'wsrep_sst_mariabackup --role 'donor' --address 'ax3win:4444/xtrabackup_sst//1' --local-port '4800' --socket '/dev/shm/qa/node1/mysql.sock' --datadir '/dev/shm/qa/node1/' --defaults-file '/dev/shm/qa/conf/node1.cnf' --gtid '92245b05-ea43-11eb-89cc-ba6f0392455f:0' --gtid-domain-id '0' --mysqld-args --defaults-file=/dev/shm/qa/conf/node1.cnf --wsrep-new-cluster'
      		 
      2021-07-21 16:49:12 2 [Note] WSREP: sst_donor_thread signaled with 0
      		 
      WSREP_SST: [INFO] SSL configuration: CA='/dev/shm/qa/cert/sst_encypt2.crt', CERT='/dev/shm/qa/cert/sst_encypt2.pem', KEY='', MODE='DISABLED', encrypt='2' (20210721 16:49:12.800)
      		 
      WSREP_SST: [INFO] Streaming with mbstream (20210721 16:49:12.950)
      		 
      WSREP_SST: [INFO] Using socat as streamer (20210721 16:49:12.952)
      		 
      WSREP_SST: [INFO] Using openssl based encryption with socat: with crt and pem (20210721 16:49:12.959)
      		 
      WSREP_SST: [INFO] Encrypting with cert=/dev/shm/qa/cert/sst_encypt2.pem, cafile=/dev/shm/qa/cert/sst_encypt2.crt (20210721 16:49:12.968)
      		 
      WSREP_SST: [INFO] Using '/tmp/tmp.PqLfYMKEGR' as mariabackup temporary directory (20210721 16:49:12.990)
      		 
      WSREP_SST: [INFO] Using '/tmp/tmp.wt3mCpRqiI' as mariabackup working directory (20210721 16:49:12.995)
      		 
      WSREP_SST: [INFO] Streaming GTID file before SST (20210721 16:49:12.999)
      		 
      WSREP_SST: [INFO] Evaluating '/home/ramesh/framework/GAL_MD200721-mariadb-10.3.30-linux-x86_64-opt//bin/mbstream' -c 'xtrabackup_galera_info' | socat -u stdio openssl-connect:ax3win:4444,cert='/dev/shm/qa/cert/sst_encypt2.pem',cafile='/dev/shm/qa/cert/sst_encypt2.crt'; RC=( ${PIPESTATUS[@]} ) (20210721 16:49:13.002)
      		 
      2021/07/21 16:49:13 socat[2709097] E certificate is valid but its commonName does not match hostname
      		 
      WSREP_SST: [ERROR] Error while sending data to joiner node:  exit codes: 0 1 (20210721 16:49:13.020)
      		 
      WSREP_SST: [ERROR] Cleanup after exit with status:32 (20210721 16:49:13.022)
      		 
      WSREP_SST: [INFO] Cleaning up temporary directories (20210721 16:49:13.025)

      Attachments

        Activity

          People

            sysprg Julius Goryavsky
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.