Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
6.4.11, 22.08.9
-
None
-
MXS-SPRINT-195
Description
SSL certificates don't show up in SLAVE STATUS when Master rejoins after being Down.
MariaDB ver(Master & Slave): 10.6.7-3
Maxscale ver: 6.4.11
MariaDB Master config: master_server.cnf
master_client.cnf
MariaDB Slave config: slave_server.cnf slave_client.cnf
Maxscale config: maxscale.cnf
Steps to reproduce:
1. Enable SSL replication and have Maxscale monitor the servers with SSL
I followed this blog to create SSL certificates and enable SSL replication.
[root@localhost ~]# maxctrl list servers |
┌─────────┬───────────────┬──────┬─────────────┬─────────────────┬──────────┐
|
│ Server │ Address │ Port │ Connections │ State │ GTID │
|
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server1 │ 192.168.20.22 │ 3306 │ 0 │ Master, Running │ 0-100-54 │ |
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server2 │ 192.168.20.28 │ 3306 │ 0 │ Slave, Running │ 0-100-54 │ |
└─────────┴───────────────┴──────┴─────────────┴─────────────────┴──────────┘
|
2. SHOW SLAVE STATUS\G output from the slave server2
MariaDB [(none)]> SHOW ALL SLAVES STATUS\G
|
*************************** 1. row *************************** |
Connection_name:
|
Slave_SQL_State: Slave has read all relay log; waiting for more updates |
Slave_IO_State: Waiting for master to send event |
Master_Host: 192.168.20.22 |
Master_User: repl_ssl
|
Master_Port: 3306 |
Connect_Retry: 60 |
Master_Log_File: mariadb-server2-bin.000016 |
Read_Master_Log_Pos: 405 |
Relay_Log_File: mariadb_slave3-relay-bin.000021 |
Relay_Log_Pos: 714 |
Relay_Master_Log_File: mariadb-server2-bin.000016 |
Slave_IO_Running: Yes
|
Slave_SQL_Running: Yes
|
Replicate_Do_DB:
|
Replicate_Ignore_DB:
|
Replicate_Do_Table:
|
Replicate_Ignore_Table:
|
Replicate_Wild_Do_Table:
|
Replicate_Wild_Ignore_Table:
|
Last_Errno: 0 |
Last_Error:
|
Skip_Counter: 0 |
Exec_Master_Log_Pos: 405 |
Relay_Log_Space: 1089 |
Until_Condition: None
|
Until_Log_File:
|
Until_Log_Pos: 0 |
Master_SSL_Allowed: Yes
|
Master_SSL_CA_File: /etc/my.cnf.d/certs/ca-cert.pem
|
Master_SSL_CA_Path:
|
Master_SSL_Cert: /etc/my.cnf.d/certs/client-cert.pem
|
Master_SSL_Cipher:
|
Master_SSL_Key: /etc/my.cnf.d/certs/client-key.pem
|
Seconds_Behind_Master: 0 |
Master_SSL_Verify_Server_Cert: No
|
Last_IO_Errno: 0 |
Last_IO_Error:
|
Last_SQL_Errno: 0 |
Last_SQL_Error:
|
Replicate_Ignore_Server_Ids:
|
Master_Server_Id: 100 |
Master_SSL_Crl: /etc/my.cnf.d/certs/ca-cert.pem
|
Master_SSL_Crlpath:
|
Using_Gtid: Slave_Pos
|
Gtid_IO_Pos: 0-100-54 |
Replicate_Do_Domain_Ids:
|
Replicate_Ignore_Domain_Ids:
|
Parallel_Mode: optimistic
|
SQL_Delay: 0 |
SQL_Remaining_Delay: NULL
|
Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates |
Slave_DDL_Groups: 8 |
Slave_Non_Transactional_Groups: 1 |
Slave_Transactional_Groups: 0 |
Retried_transactions: 0 |
Max_relay_log_size: 1073741824 |
Executed_log_entries: 128 |
Slave_received_heartbeats: 0 |
Slave_heartbeat_period: 30.000 |
Gtid_Slave_Pos: 0-100-54 |
1 row in set (0.000 sec) |
3. stop mariadb service on Master and let the slave become the new Master
systemctl stop mariadb
|
|
|
maxctrl list servers
|
┌─────────┬───────────────┬──────┬─────────────┬────────────────┬──────────┐
|
│ Server │ Address │ Port │ Connections │ State │ GTID │
|
├─────────┼───────────────┼──────┼─────────────┼────────────────┼──────────┤
|
│ server1 │ 192.168.20.22 │ 3306 │ 0 │ Down │ 0-100-54 │ |
├─────────┼───────────────┼──────┼─────────────┼────────────────┼──────────┤
|
│ server2 │ 192.168.20.28 │ 3306 │ 0 │ Slave, Running │ 0-100-54 │ |
└─────────┴───────────────┴──────┴─────────────┴────────────────┴──────────┘
|
|
|
maxctrl list servers
|
┌─────────┬───────────────┬──────┬─────────────┬─────────────────┬──────────┐
|
│ Server │ Address │ Port │ Connections │ State │ GTID │
|
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server1 │ 192.168.20.22 │ 3306 │ 0 │ Down │ 0-100-54 │ |
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server2 │ 192.168.20.28 │ 3306 │ 0 │ Master, Running │ 0-100-54 │ |
└─────────┴───────────────┴──────┴─────────────┴─────────────────┴──────────┘
|
4. Now start the mariadb service
systemctl start mariadb
|
|
|
maxctrl list servers
|
┌─────────┬───────────────┬──────┬─────────────┬─────────────────┬──────────┐
|
│ Server │ Address │ Port │ Connections │ State │ GTID │
|
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server1 │ 192.168.20.22 │ 3306 │ 0 │ Slave, Running │ 0-100-54 │ |
├─────────┼───────────────┼──────┼─────────────┼─────────────────┼──────────┤
|
│ server2 │ 192.168.20.28 │ 3306 │ 0 │ Master, Running │ 0-100-54 │ |
└─────────┴───────────────┴──────┴─────────────┴─────────────────┴──────────┘
|
5. SLAVE STATUS output from server1 new Slave (previous Master)
MariaDB [(none)]> SHOW ALL SLAVES STATUS\G
|
*************************** 1. row *************************** |
Connection_name:
|
Slave_SQL_State: Slave has read all relay log; waiting for more updates |
Slave_IO_State: Waiting for master to send event |
Master_Host: 192.168.20.28 |
Master_User: repl_ssl
|
Master_Port: 3306 |
Connect_Retry: 60 |
Master_Log_File: mariadb_slave3-bin.000002 |
Read_Master_Log_Pos: 2091 |
Relay_Log_File: mariadb-server2-relay-bin.000002 |
Relay_Log_Pos: 702 |
Relay_Master_Log_File: mariadb_slave3-bin.000002 |
Slave_IO_Running: Yes
|
Slave_SQL_Running: Yes
|
Replicate_Do_DB:
|
Replicate_Ignore_DB:
|
Replicate_Do_Table:
|
Replicate_Ignore_Table:
|
Replicate_Wild_Do_Table:
|
Replicate_Wild_Ignore_Table:
|
Last_Errno: 0 |
Last_Error:
|
Skip_Counter: 0 |
Exec_Master_Log_Pos: 2091 |
Relay_Log_Space: 1021 |
Until_Condition: None
|
Until_Log_File:
|
Until_Log_Pos: 0 |
Master_SSL_Allowed: Yes
|
Master_SSL_CA_File:
|
Master_SSL_CA_Path:
|
Master_SSL_Cert:
|
Master_SSL_Cipher:
|
Master_SSL_Key:
|
Seconds_Behind_Master: 0 |
Master_SSL_Verify_Server_Cert: No
|
Last_IO_Errno: 0 |
Last_IO_Error:
|
Last_SQL_Errno: 0 |
Last_SQL_Error:
|
Replicate_Ignore_Server_Ids:
|
Master_Server_Id: 200 |
Master_SSL_Crl:
|
Master_SSL_Crlpath:
|
Using_Gtid: Current_Pos
|
Gtid_IO_Pos: 0-100-54 |
Replicate_Do_Domain_Ids:
|
Replicate_Ignore_Domain_Ids:
|
Parallel_Mode: optimistic
|
SQL_Delay: 0 |
SQL_Remaining_Delay: NULL
|
Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates |
Slave_DDL_Groups: 0 |
Slave_Non_Transactional_Groups: 0 |
Slave_Transactional_Groups: 0 |
Retried_transactions: 0 |
Max_relay_log_size: 1073741824 |
Executed_log_entries: 8 |
Slave_received_heartbeats: 0 |
Slave_heartbeat_period: 30.000 |
Gtid_Slave_Pos: 0-100-54 |
1 row in set (0.000 sec) |
Shows Master_SSL_Allowed: Yes but certificates are not displayed.
|
Error log |
2023-11-01 11:34:06 0 [Note] /usr/sbin/mariadbd: ready for connections. |
Version: '10.6.7-3-MariaDB-enterprise-log' socket: '/var/lib/mysql/mysql.sock' port: 3306 MariaDB Enterprise Server |
2023-11-01 11:34:07 4 [Note] Master connection name: '' Master_info_file: 'master.info' Relay_info_file: 'relay-log.info' |
2023-11-01 11:34:07 4 [Warning] Neither --relay-log nor --relay-log-index were used; so replication may break when this MariaDB server acts as a replica and has its hostname changed. Please use '--log-basename=#' or '--relay-log=mariadb-server2-relay-bin' to avoid this problem. |
2023-11-01 11:34:07 4 [Note] 'CHANGE MASTER TO executed'. Previous state master_host='', master_port='3306', master_log_file='', master_log_pos='4'. New state master_host='192.168.20.28', master_port='3306', master_log_file='', master_log_pos='4'. |
2023-11-01 11:34:07 4 [Note] Previous Using_Gtid=No. New Using_Gtid=Current_Pos |
2023-11-01 11:34:07 5 [Note] Slave I/O thread: Start asynchronous replication to master 'repl_ssl@192.168.20.28:3306' in log '' at position 4 |
2023-11-01 11:34:07 6 [Note] Slave SQL thread initialized, starting replication in log 'FIRST' at position 4, relay log './mariadb-server2-relay-bin.000001' position: 4; GTID position '0-100-54' |
2023-11-01 11:34:07 5 [Note] Slave I/O thread: connected to master 'repl_ssl@192.168.20.28:3306',replication starts at GTID position '0-100-54' |
Attachments
Issue Links
- relates to
-
-
- Closed
-