xtrabackup 2.3.6 assumes SSL to be used when server has ssl certs configured
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB | Status tracked in 2.4 | |||||
2.3 |
Triaged
|
High
|
Unassigned | |||
2.4 |
Triaged
|
High
|
Unassigned |
Bug Description
Pre req:
- 3 Nodes PXC 5.6.32-78.1-56
- Percona Xtrabackup 2.3.6 on all nodes
- wsrep_sst_
SST works fine until i set up SSL, and then i have in my.cnf:
[mysqld]
...
wsrep_sst_
ssl_cert=
ssl_key=
ssl_ca=
...
[xtrabackup]
user=backupuser
password=123pass
--
Now:
- Kill one node, remove grastate.dat (to provoke an SST), start the node.
- The xtrabackup (on donor) fails to connect:
vagrant@n4:~$ sudo cat /var/lib/
161130 13:36:30 innobackupex: Starting the backup operation
IMPORTANT: Please check that the backup run completes successfully.
At the end of a successful backup run innobackupex
prints "completed OK!".
161130 13:36:30 Connecting to MySQL server host: localhost, user: backupuser, password: set, port: 3306, socket: /var/lib/
Failed to connect to MySQL server: SSL connection error: error:00000001:
---
The problem is that i have never even told the backupuser to require SSL:
Host: localhost
User: backupuser
... < sufficient grants, password is correct etc>
ssl_type:
...
---
It looks like that https:/
introduced this problem.
Moreover, it looks like xtrabackup looks for the ssl settings in [mysqld] section.
Should it not look for ssl settings in the client section?
Best regards
Johan
Hi Johan,
I could not reproduce the issue as per your step. Please find the attached testcase which I followed.
Thanks
Ramesh