SSL disabled without socket.ssl in Galera
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Galera | Status tracked in 3.x | |||||
2.x |
Fix Released
|
High
|
Alex Yurchenko | |||
3.x |
Fix Released
|
High
|
Alex Yurchenko | |||
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC | Status tracked in 5.6 | |||||
5.5 |
Fix Released
|
Undecided
|
Unassigned | |||
5.6 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I use the following setting in my my.cnf in order to use an SSL based replication:
wsrep_provider_
This worked fine until version 5.6.15-25.3
Today, I updated one node (3 nodes cluster, each running debian wheezy, package management via aptitude) to version 5.6.15-25.4
--> This node was not any more able to connect to the cluster.
The log file suggests that SSL is not intialized any more, possibly because too many arguments are passed to GCS and the socket_ssl.. options get cut off
Here is the relevant log file part from my old version running 5.6.15-25.3 (this worked fine) [I replaced my server name by xxx.myserver.com] --> one can see that the socket.ssl options are passed to GCS and that WSREP initialized the ssl context
--START--
2014-02-18 21:37:10 5790 [Note] WSREP: Passing config to GCS: base_host = xxx.myserver.com; base_port = 4567; cert.log_conflicts = no; gcache.dir = /var/lib/mysql/; gcache.
2014-02-18 21:37:10 5790 [Note] WSREP: Assign initial position for certification: -1, protocol version: -1
2014-02-18 21:37:10 5790 [Note] WSREP: wsrep_sst_grab()
2014-02-18 21:37:10 5790 [Note] WSREP: Start replication
2014-02-18 21:37:10 5790 [Note] WSREP: Setting initial position to 00000000-
2014-02-18 21:37:10 5790 [Note] WSREP: protonet asio version 0
2014-02-18 21:37:10 5790 [Note] WSREP: Using CRC-32C (optimized) for message checksums.
2014-02-18 21:37:10 5790 [Note] WSREP: initializing ssl context
2014-02-18 21:37:10 5790 [Note] WSREP: backend: asio
2014-02-18 21:37:10 5790 [Note] WSREP: GMCast version 0
2014-02-18 21:37:10 5790 [Note] WSREP: (70c02733-
--END--
And now the same part form the 5.6.15-25.4 version (this is buggy) [I replaced my server name by xxx.myserver.com] --> the socket.ssl options are not showing up in the "passing to GCS" line and SSL is not initialized as can be seen by the missing message and that it is listention at "tcp://" instead of "ssl://" at the last line
--START--
2014-03-09 11:22:19 21171 [Note] WSREP: Passing config to GCS: base_host = xxx.myserver.com; base_port = 4567; cert.log_conflicts = no; evs.inactive_
2014-03-09 11:22:20 21171 [Note] WSREP: Assign initial position for certification: 3564543, protocol version: -1
2014-03-09 11:22:20 21171 [Note] WSREP: wsrep_sst_grab()
2014-03-09 11:22:20 21171 [Note] WSREP: Start replication
2014-03-09 11:22:20 21171 [Note] WSREP: Setting initial position to 5dd126ae-
2014-03-09 11:22:20 21171 [Note] WSREP: protonet asio version 0
2014-03-09 11:22:20 21171 [Note] WSREP: Using CRC-32C (optimized) for message checksums.
2014-03-09 11:22:20 21171 [Note] WSREP: backend: asio
2014-03-09 11:22:20 21171 [Note] WSREP: GMCast version 0
2014-03-09 11:22:20 21171 [Note] WSREP: (b247d820-
--END--
Related branches
- David Bennett: Pending requested
- Diff: 0 lines
summary: |
- Update 5.6.15-25.3 - > 5.6.15-25.4: SSL not working any more + SSL disabled without socket.ssl in Galera |
@Frank,
Can you provide output of
show global variables like 'wsrep_ provider_ options' ;