[#MDEV-15511] Use stunnel during rsync SST if available

[MDEV-15511] Use stunnel during rsync SST if available Created: 2018-03-08 Updated: 2018-08-24 Resolved: 2018-08-24
Status:	Closed
Project:	MariaDB Server
Component/s:	Galera SST
Affects Version/s:	10.1
Fix Version/s:	10.1.36, 10.2.18, 10.3.10

Type:

Bug

Priority:

Critical

Reporter:

Sergey Vojtovich

Assignee:

Jan Lindström (Inactive)

Resolution:

Fixed

Votes:

Labels:

contribution, foundation

Issue Links:

Relates
relates to	MDEV-16988	Galera rsync method can now use stunn...	Open

Description

Hi,

This PR adds the ability to use stunnel during rsync SST, thus encrypting data on the wire.

You then just have to have stunnel binary available, and the following in server configuration :

[sst]
tkey = /etc/mysql/certs/client-key.pem
tcert = /etc/mysql/certs/client-cert.pem

ca-cert.pem is not needed in configuration but will be used for peer verification
stunnel will then be used.

You will also have to be sure your certs dir is hashed :
openssl rehash /etc/mysql/certs/

Comments

Comment by Marko Mäkelä [ 2018-08-21 ]

My attempt at resolving the merge conflict in 10.2 failed. Please fix this in 10.2.

Generated at Thu Feb 08 08:21:52 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.