Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL)
-
None
Description
Start 2 node cluster using TLS mariabackup SST encryption built into socat.
config info
|
 |
wsrep_provider_options='gmcast.listen_addr=tcp://127.0.0.1:4808;'
|
ssl-ca = /dev/shm/qa/cert/ca.pem
|
ssl-cert = /dev/shm/qa/cert/server-cert.pem
|
ssl-key = /dev/shm/qa/cert/server-key.pem
|
[sst]
|
encrypt = 2
|
tca = /dev/shm/qa/cert/sst_encypt2.crt
|
tcert = /dev/shm/qa/cert/sst_encypt2.pem
|
$
|
Error info from donor node.
2021-07-21 16:49:12 0 [Note] WSREP: Running: 'wsrep_sst_mariabackup --role 'donor' --address 'ax3win:4444/xtrabackup_sst//1' --local-port '4800' --socket '/dev/shm/qa/node1/mysql.sock' --datadir '/dev/shm/qa/node1/' --defaults-file '/dev/shm/qa/conf/node1.cnf' --gtid '92245b05-ea43-11eb-89cc-ba6f0392455f:0' --gtid-domain-id '0' --mysqld-args --defaults-file=/dev/shm/qa/conf/node1.cnf --wsrep-new-cluster'
|
2021-07-21 16:49:12 2 [Note] WSREP: sst_donor_thread signaled with 0
|
WSREP_SST: [INFO] SSL configuration: CA='/dev/shm/qa/cert/sst_encypt2.crt', CERT='/dev/shm/qa/cert/sst_encypt2.pem', KEY='', MODE='DISABLED', encrypt='2' (20210721 16:49:12.800)
|
WSREP_SST: [INFO] Streaming with mbstream (20210721 16:49:12.950)
|
WSREP_SST: [INFO] Using socat as streamer (20210721 16:49:12.952)
|
WSREP_SST: [INFO] Using openssl based encryption with socat: with crt and pem (20210721 16:49:12.959)
|
WSREP_SST: [INFO] Encrypting with cert=/dev/shm/qa/cert/sst_encypt2.pem, cafile=/dev/shm/qa/cert/sst_encypt2.crt (20210721 16:49:12.968)
|
WSREP_SST: [INFO] Using '/tmp/tmp.PqLfYMKEGR' as mariabackup temporary directory (20210721 16:49:12.990)
|
WSREP_SST: [INFO] Using '/tmp/tmp.wt3mCpRqiI' as mariabackup working directory (20210721 16:49:12.995)
|
WSREP_SST: [INFO] Streaming GTID file before SST (20210721 16:49:12.999)
|
WSREP_SST: [INFO] Evaluating '/home/ramesh/framework/GAL_MD200721-mariadb-10.3.30-linux-x86_64-opt//bin/mbstream' -c 'xtrabackup_galera_info' | socat -u stdio openssl-connect:ax3win:4444,cert='/dev/shm/qa/cert/sst_encypt2.pem',cafile='/dev/shm/qa/cert/sst_encypt2.crt'; RC=( ${PIPESTATUS[@]} ) (20210721 16:49:13.002)
|
2021/07/21 16:49:13 socat[2709097] E certificate is valid but its commonName does not match hostname
|
WSREP_SST: [ERROR] Error while sending data to joiner node: exit codes: 0 1 (20210721 16:49:13.020)
|
WSREP_SST: [ERROR] Cleanup after exit with status:32 (20210721 16:49:13.022)
|
WSREP_SST: [INFO] Cleaning up temporary directories (20210721 16:49:13.025)
|