[MDEV-28302] Feature request: configurable defaults for MASTER_SSL_* settings for CHANGE MASTER Created: 2022-04-12  Updated: 2023-11-30

Status: Open
Project: MariaDB Server
Component/s: Replication, SSL
Fix Version/s: None

Type: New Feature Priority: Major
Reporter: Hartmut Holzgraefe Assignee: Andrei Elkin
Resolution: Unresolved Votes: 1
Labels: None

Issue Links:
Relates
relates to MXS-4096 Binlog Routers SHOW SLAVE STATUS does... Closed

 Description   

When having multiple replication channels (or when changing what primary to replicate from often) and using two-way TLS the client certificate and CA files used as MASTER_SSL_* parameters in CHANGE MASTER TO will usually be the same and not change between connections to different primaries.

So it may make sense to be able to configure a client certificate to be used for all replication channels in a central place instead of having to add MASTER_SSL_CA, MASTER_SSL_CERT and MASTER_SSL_KEY (and maybe MASTER_SSL_VERIFY_SERVER_CERT, too) again and again each time a CHANGE MASTER TO is done.

E.g.:

replication_ssl_ca=...
 
replication_ssl_cert=...
 
replication_ssl_key=...

and maybe also an explicit MASTER_SSL_USE_DEFAULTS option to CHANGE MASTER to only use such default settings on demand.

 Comments   
Comment by Andrei Elkin [ 2022-06-13 ]

hholzgra, to a beyond new global var alternative, like yours

> maybe also an explicit MASTER_SSL_USE_DEFAULTS option to CHANGE MASTER

how would look to you the following syntax form

CHANGE MASTER 'new_connection' TO LIKE 'default_connection', ..., any-option = custom-value

so the default configuration for a new connection 'new_connection' would be first copied from 'default_connection' "parent" and
any option like any-option value's can be overridden/customized?

Comment by Hartmut Holzgraefe [ 2022-09-05 ]

That might work, too. Advantage would be that no additional config settings are needed. Disadvantage may be that some individual settings might get inadvertently, e.g. we might want to exclude log file and position from being copied ...

Comment by Michael Widenius [ 2023-11-06 ]

How about having all the options to CHANGE MASTER also as user variables set in my.cnf (with a MASTER_ prefix for all options).
Then one could use CHANGE_MASTER .. ANY_OPTION=DEFAULT to use the value from the corresponding variable?

combining this with LIKE 'default_connection' would be powerful. The problem with default_connection is that in this case we need a way to disable some options that should not be set (like disabling SSL).

Comment by Sergei Golubchik [ 2023-11-08 ]

it doesn't make much sense to have defaults for all options, in fact it'll be more error prone to do that. The list of options (according to KB) is

    MASTER_BIND = 'interface_name'
 
  | MASTER_HOST = 'host_name'
 
  | MASTER_USER = 'user_name'
 
  | MASTER_PASSWORD = 'password'
 
  | MASTER_PORT = port_num
 
  | MASTER_CONNECT_RETRY = interval
 
  | MASTER_HEARTBEAT_PERIOD = interval
 
  | MASTER_LOG_FILE = 'master_log_name'
 
  | MASTER_LOG_POS = master_log_pos
 
  | RELAY_LOG_FILE = 'relay_log_name'
 
  | RELAY_LOG_POS = relay_log_pos
 
  | MASTER_DELAY = interval
 
  | MASTER_SSL = {0|1}
 
  | MASTER_SSL_CA = 'ca_file_name'
 
  | MASTER_SSL_CAPATH = 'ca_directory_name'
 
  | MASTER_SSL_CERT = 'cert_file_name'
 
  | MASTER_SSL_CRL = 'crl_file_name'
 
  | MASTER_SSL_CRLPATH = 'crl_directory_name'
 
  | MASTER_SSL_KEY = 'key_file_name'
 
  | MASTER_SSL_CIPHER = 'cipher_list'
 
  | MASTER_SSL_VERIFY_SERVER_CERT = {0|1}
 
  | MASTER_USE_GTID = {current_pos|slave_pos|no}
 
  | MASTER_DEMOTE_TO_SLAVE = bool
 
  | IGNORE_SERVER_IDS = (server_id_list)
 
  | DO_DOMAIN_IDS = ([N,..])
 
  | IGNORE_DOMAIN_IDS = ([N,..])

Out of these, MASTER_CONNECT_RETRY, MASTER_HEARTBEAT_PERIOD, MASTER_SSL*, MASTER_USE_GTID look like one might want to have the same value for them over all masters in a multi-master replication. So they would benefit from global server-wide defaults.

Generated at Thu Feb 08 09:59:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.