1) The ipv6 addresses were incorrectly handled in the SST script
|
for rsync (incorrect address substitution for establishing a
|
connection, incorrect address substitution for bind, and so on);
|
2) Checking the locality of the ip-address in SST scripts did not
|
support ipv6 addresses (such as "[::1]"), which were falsely
|
identified as non-local ip, which further did not allow running
|
two SSTs on different local addresses on the same machine.
|
On the other hand, this bug masked some other errors (related
|
to handling ipv6 addresses);
|
3) The code for checking the locality of the ip address was different
|
in the SST scripts for rsync and for mysqldump, with individual
|
flaws. This code is now made common and moved to wsrep_sst_common;
|
4) Waiting for the start of the transport channel (socat, nc, rsync,
|
stunnel) in the wait_for_listen() and check_pid_and_port() functions
|
did not process ipv6 addresses correctly in all cases (not for all
|
branches);
|
5) Waiting for the start of the transport channel (socat, nc, rsync,
|
stunnel) in the wait_for_listen() and check_pid_and_port() functions
|
for some code branches could give a false positive result due to
|
the textual match of prefixes in the port number and/or PID of
|
the process;
|
6) Waiting for the start of the transport channel (socat, nc, rsync,
|
stunnel) was supported through different utilities in SST scripts
|
for mariabackup and for rsync, and with various minor flaws in
|
the code. Now the code is still different in these scripts, but
|
it supports a common set of utilities (lsof, ss, sockstat) and
|
is synchronized across patterns that used to check the output
|
of these utilities;
|
7) In SST via mariabackup, the signal about readiness to receive data
|
is sometimes sent too early - immediately after listen(), and not
|
after accept() (which are called by socat or netcat utility).
|
8) Checking availability of the some options of some utilities was
|
done using the grep pattern, which easily gives false positives;
|
9) Common name (CN) for local addresses, if not explicitly specified,
|
is now always replaced to "localhost" to avoid the need to generate
|
many separate certificates for local addresses of one machine and
|
not to depend on which the local address is currently used in test
|
(ipv4 or ipv6, etc.);
|
10) In tests galera_sst_mariabackup_encrypt_with_key_server and
|
galera_sst_rsync_encrypt_with_key_server the correct certificate
|
is selected to avoid commonname (CN) mismatch problems;
|
11) Further refactoring to protect against spaces in file names.
|
12) Further general refactoring to eliminate bash-specific constructs
|
or to improve code readability;
|
13) The code for setting options for the nc (netcat) utility was
|
different in different scripts for SST - now it is made identical.
|
14) Fixed a long time ago broken encryption with xbcrypt combined with
|
mariabackup and Added mariabackup support for encryption in encrypt=1
|
mode using openssl (instead of xbcrypt utility), which may be enabled
|
by the new configuration file option "encypt-format=openssl" placed
|
in the [sst] or in the [xtrabackup] section (and enabled by default
|
if user prefers [sst] section) - this will allow us to use and to
|
test this encryption mode without installing third-party utilities
|
from Percona.
|