[MXS-4683] ssl parameters specified on the bootstrap server are not copied to the rest Created: 2023-07-26  Updated: 2023-07-26  Resolved: 2023-07-26

Status: Closed
Project: MariaDB MaxScale
Component/s: xpandmon
Affects Version/s: 6.4, 22.08, 23.02
Fix Version/s: 6.4.8, 22.08.7, 23.02.3

Type: Bug Priority: Major
Reporter: susil.behera Assignee: Johan Wikman
Resolution: Fixed Votes: 0
Labels: None
Environment:

Builds>
Xpand = transylvania-18710
Maxscale test build =
https://mdbe-ci-repo.mariadb.net/public/Maxscale/MXS-4506_1707b/centos/7/x86_64/maxscale-99.99.99-1.rhel.7.x86_64.rpm

Issue Links:
Relates
relates to MXS-4219 Settings of bootstrap servers are not... Closed

 Description   

SSL parameters specified on the bootstrap server are not copied down to the volatile ones. This is causing SSL setup between MaxScale and XPAND not working properly.

Repro
------
1. setup xpand cluster with ssl
3-node Xpand cluster

2. Configure maxscale with one xpand node as a server

  1. cat /etc/maxscale.cnf
    [maxscale]
    log_info=1
    logdir=/data/clustrix/log
    threads=auto

[xpand1]
type=server
address=oak012white.colo.sproutsys.com
port=3306
protocol=mariadbbackend
ssl=true
ssl_cert=/etc/ssl/maxscale/server-cert.pem
ssl_key=/etc/ssl/maxscale/server-key.pem
ssl_ca=/etc/ssl/maxscale/ca-cert.pem

  1. Backend specific monitor and router:
    [Backend-Monitor]
    type=monitor
    module=xpandmon
    servers=xpand1
    user=maxscale
    password=maxscale_pw
    cluster_monitor_interval=10000ms

[Read-Only-Service]
type=service
router=readconnroute
user=maxscale
password=maxscale_pw
router_options=running
cluster=Backend-Monitor

[Read-Only-Listener]
type=listener
service=Read-Only-Service
protocol=MariaDBClient
address=0.0.0.0
port=3307
authenticator=pamauth
authenticator_options=pam_backend_mapping=mariadb_passthrough
ssl=true
ssl_cert=/etc/ssl/maxscale/client-cert.pem
ssl_key=/etc/ssl/maxscale/client-key.pem
ssl_ca=/etc/ssl/maxscale/ca-cert.pem

3. start maxscale

4. show server shows ssl=true only for one xpand node, for the remaining it's ssl=false

 Comments   
Comment by Johan Wikman [ 2023-07-26 ]

Now the following parameters are copied from the bootstrap server(s) when the dynamic servers are created when dynamic_node_detection is true: max_routing_connections, persistmaxtime, persistpoolmax, proxy_protocol, ssl, ssl_ca, ssl_cert, ssl_cert_verify_depth, ssl_cipher, ssl_key, ssl_verify_peer_certificate, ssl_verify_peer_host, ssl_version.

That is, if ssl parameters have been specified for the bootstrap server(s) then ssl will be used also when connections are created to the dynamic ones.

Generated at Thu Feb 08 04:30:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.