Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28302

Configurable defaults for MASTER_SSL_* settings for CHANGE MASTER

    XMLWordPrintable

Details

    • Hide
      Add the DEFAULT keyword for the following CHANGE MASTER fields, whose value can be configured with server options of the same name:
      master_connect_retry master_ssl master_ssl_ca master_ssl_capath master_ssl_cert master_ssl_cipher master_ssl_key master_ssl_verify_server_cert master_ssl_crl master_ssl_crlpath master_use_gtid master_retry_count master_heartbeat_period
      (See https://github.com/MariaDB/server/pull/4430 for a list of the negligible side effects)
      Show
      Add the DEFAULT keyword for the following CHANGE MASTER fields, whose value can be configured with server options of the same name: master_connect_retry master_ssl master_ssl_ca master_ssl_capath master_ssl_cert master_ssl_cipher master_ssl_key master_ssl_verify_server_cert master_ssl_crl master_ssl_crlpath master_use_gtid master_retry_count master_heartbeat_period (See https://github.com/MariaDB/server/pull/4430 for a list of the negligible side effects)
    • Q1/2026 Server Maintenance

    Description

      When having multiple replication channels (or when changing what primary to replicate from often) and using two-way TLS the client certificate and CA files used as MASTER_SSL_* parameters in CHANGE MASTER TO will usually be the same and not change between connections to different primaries.

      So it may make sense to be able to configure a client certificate to be used for all replication channels in a central place instead of having to add MASTER_SSL_CA, MASTER_SSL_CERT and MASTER_SSL_KEY (and maybe MASTER_SSL_VERIFY_SERVER_CERT, too) again and again each time a CHANGE MASTER TO is done.

      E.g.:

      replication_ssl_ca=...
      		 
      replication_ssl_cert=...
      		 
      replication_ssl_key=...

      and maybe also an explicit MASTER_SSL_USE_DEFAULTS option to CHANGE MASTER to only use such default settings on demand.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-38410 federated.error_on_close-8313 crash on exit

          • Critical - Crashes, loss of data, severe memory leak.
          • Approved

          Bug - A problem which impairs or prevents the functions of the product. MDEV-38613 `set_var_collation_client::update()` Segfault in Buildbot `amd64-msan-clang-20`

          • Blocker - Blocks development and/or testing work, production could not run.
          • Open
          includes

          Task - A task that needs to be done. MDEV-37362 Save the set/unset state of CHANGE MASTER configurations

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-37530 Refactor Master & Relay Log info to iterable tuples

          • Major - Major loss of function.
          • Approved
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-38496 SHOW SLAVE STATUS Reports Malformed Output For Few Invalid Values

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35584 11.4 relpica can't replicate form 10.6 master not configured for SSL using CHANGE MASTER default settings

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-38181 CHANGE MASTER Inconsistent Behavior for Repeat Arguments

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Needs Feedback

          Task - A task that needs to be done. MDEV-36141 Master & Relay Log Info: expand init_intvar_from_file from atoi to atoll

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MXS-4096 Binlog Routers SHOW SLAVE STATUS does not show SSL information

          • Major - Major loss of function.
          • Closed
          split to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36841 No ER_SLAVE_HEARTBEAT_VALUE_OUT_OF_RANGE_MAX warning when setting @@GLOBAL.slave_net_timeout to below CHANGE MASTER’s master_heartbeat_period

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          has action item

          DOCS-5928 Loading...

          Activity

            People

              ParadoxV5 Jimmy HĂş
              hholzgra Hartmut Holzgraefe
              Jimmy HĂş Jimmy HĂş
              Andrei Elkin Andrei Elkin
              Deepthi Eranti Sreenivas Deepthi Eranti Sreenivas
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.