From f35664f90382f3af7cf9476495e78955cdfe893a Mon Sep 17 00:00:00 2001 From: Timofey Turenko Date: Wed, 18 Dec 2019 13:56:49 +0200 Subject: [PATCH 1/4] Remove exception for RHEL 8 - now packages are also built with CentOS We do not build RHEL packageas, but create RHEL repos as symlinks to CentOS repos. For RHEL8 was an expection intruduced, because CentOS 8 was not available at the time when RHEL8 was released. Now CentOS 8 is also available, switching to CentOS 8 image. --- BUILD/mdbci/copy_repos.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/BUILD/mdbci/copy_repos.sh b/BUILD/mdbci/copy_repos.sh index fd9503c92..d791953b9 100755 --- a/BUILD/mdbci/copy_repos.sh +++ b/BUILD/mdbci/copy_repos.sh @@ -8,10 +8,7 @@ if [ "$box_type" == "RPM" ] ; then # Build can be executed to check if it is possible to build # and to run install and upgrade tests # with thre real RHEL, but we use CentOS packages for production - if [[ "$platform" != "rhel" || ( "$platform" == "rhel" && "$platform_version" == "8" ) ]]; then - if [[ "$platform" == "rhel" && "$platform_version" == "8" ]]; then - export platform="centos" - fi + if [[ "$platform" != "rhel" ]]; then export arch=`ssh $sshopt "arch"` . ${script_dir}/generate_build_info_path.sh From a73b183555e7cb75e7862f8b94f2297544a1c4e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Thu, 19 Dec 2019 08:39:42 +0200 Subject: [PATCH 2/4] MXS-2813: Mask password values in output The password values are now masked with asterisks. This tells whether a password is set or not but it does not expose any information about the password itself. --- include/maxscale/modinfo.h | 4 ++ maxctrl/test/createdestroy.js | 2 +- server/core/config.cc | 48 +++++++++++-------- .../modules/monitor/mariadbmon/mariadbmon.cc | 4 +- 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/include/maxscale/modinfo.h b/include/maxscale/modinfo.h index 68eee8e0d..434a28db2 100644 --- a/include/maxscale/modinfo.h +++ b/include/maxscale/modinfo.h @@ -80,6 +80,7 @@ enum mxs_module_param_type MXS_MODULE_PARAM_BOOL, /**< Boolean value */ MXS_MODULE_PARAM_STRING, /**< String value */ MXS_MODULE_PARAM_QUOTEDSTRING, /**< String enclosed in '"':s */ + MXS_MODULE_PARAM_PASSWORD, /**< Password value that is masked in all output */ MXS_MODULE_PARAM_ENUM, /**< Enumeration of string values */ MXS_MODULE_PARAM_PATH, /**< Path to a file or a directory */ MXS_MODULE_PARAM_SERVICE, /**< Service name */ @@ -245,6 +246,9 @@ static inline const char* mxs_module_param_type_to_string(enum mxs_module_param_ case MXS_MODULE_PARAM_STRING: return "string"; + case MXS_MODULE_PARAM_PASSWORD: + return "password string"; + case MXS_MODULE_PARAM_QUOTEDSTRING: return "quoted string"; diff --git a/maxctrl/test/createdestroy.js b/maxctrl/test/createdestroy.js index 59a76ff3d..17b1f72cd 100644 --- a/maxctrl/test/createdestroy.js +++ b/maxctrl/test/createdestroy.js @@ -63,7 +63,7 @@ describe("Create/Destroy Commands", function() { res.data.relationships.servers.data.length.should.equal(1) res.data.relationships.servers.data[0].id.should.equal("server4") res.data.attributes.parameters.user.should.equal("maxuser") - res.data.attributes.parameters.password.should.equal("maxpwd") + res.data.attributes.parameters.password.should.equal("*****") }) }) diff --git a/server/core/config.cc b/server/core/config.cc index 1e07eb079..6f6c711d4 100644 --- a/server/core/config.cc +++ b/server/core/config.cc @@ -294,9 +294,9 @@ const MXS_MODULE_PARAM config_service_params[] = MXS_MODULE_OPT_REQUIRED}, {CN_ROUTER_OPTIONS, MXS_MODULE_PARAM_STRING}, {CN_SERVERS, MXS_MODULE_PARAM_STRING}, - {CN_USER, MXS_MODULE_PARAM_STRING},// Not mandatory due to RCAP_TYPE_NO_AUTH - {CN_PASSWORD, MXS_MODULE_PARAM_STRING},// Not mandatory due to RCAP_TYPE_NO_AUTH - {"passwd", MXS_MODULE_PARAM_STRING},// Not mandatory due to RCAP_TYPE_NO_AUTH + {CN_USER, MXS_MODULE_PARAM_STRING}, // Not mandatory due to RCAP_TYPE_NO_AUTH + {CN_PASSWORD, MXS_MODULE_PARAM_PASSWORD}, // Not mandatory due to RCAP_TYPE_NO_AUTH + {"passwd", MXS_MODULE_PARAM_PASSWORD}, // Not mandatory due to RCAP_TYPE_NO_AUTH {CN_ENABLE_ROOT_USER, MXS_MODULE_PARAM_BOOL, "false"}, {CN_MAX_RETRY_INTERVAL, MXS_MODULE_PARAM_COUNT, "3600"}, {CN_MAX_CONNECTIONS, MXS_MODULE_PARAM_COUNT, "0"}, @@ -348,31 +348,31 @@ const MXS_MODULE_PARAM config_listener_params[] = const MXS_MODULE_PARAM config_monitor_params[] = { - {CN_TYPE, MXS_MODULE_PARAM_STRING, NULL, + {CN_TYPE, MXS_MODULE_PARAM_STRING, NULL, MXS_MODULE_OPT_REQUIRED}, - {CN_MODULE, MXS_MODULE_PARAM_STRING, NULL, + {CN_MODULE, MXS_MODULE_PARAM_STRING, NULL, MXS_MODULE_OPT_REQUIRED}, - {CN_USER, MXS_MODULE_PARAM_STRING, NULL, + {CN_USER, MXS_MODULE_PARAM_STRING, NULL, MXS_MODULE_OPT_REQUIRED}, - {CN_PASSWORD, MXS_MODULE_PARAM_STRING, NULL,MXS_MODULE_OPT_REQUIRED }, - {"passwd", MXS_MODULE_PARAM_STRING}, + {CN_PASSWORD, MXS_MODULE_PARAM_PASSWORD, NULL,MXS_MODULE_OPT_REQUIRED }, + {"passwd", MXS_MODULE_PARAM_PASSWORD}, {CN_SERVERS, MXS_MODULE_PARAM_STRING}, - {CN_MONITOR_INTERVAL, MXS_MODULE_PARAM_COUNT, "2000"}, - {CN_BACKEND_CONNECT_TIMEOUT, MXS_MODULE_PARAM_COUNT, "3"}, - {CN_BACKEND_READ_TIMEOUT, MXS_MODULE_PARAM_COUNT, "1"}, - {CN_BACKEND_WRITE_TIMEOUT, MXS_MODULE_PARAM_COUNT, "2"}, - {CN_BACKEND_CONNECT_ATTEMPTS, MXS_MODULE_PARAM_COUNT, "1"}, + {CN_MONITOR_INTERVAL, MXS_MODULE_PARAM_COUNT, "2000"}, + {CN_BACKEND_CONNECT_TIMEOUT, MXS_MODULE_PARAM_COUNT, "3"}, + {CN_BACKEND_READ_TIMEOUT, MXS_MODULE_PARAM_COUNT, "1"}, + {CN_BACKEND_WRITE_TIMEOUT, MXS_MODULE_PARAM_COUNT, "2"}, + {CN_BACKEND_CONNECT_ATTEMPTS, MXS_MODULE_PARAM_COUNT, "1"}, - {CN_JOURNAL_MAX_AGE, MXS_MODULE_PARAM_COUNT, "28800"}, + {CN_JOURNAL_MAX_AGE, MXS_MODULE_PARAM_COUNT, "28800"}, {CN_DISK_SPACE_THRESHOLD, MXS_MODULE_PARAM_STRING}, - {CN_DISK_SPACE_CHECK_INTERVAL, MXS_MODULE_PARAM_COUNT, "0"}, + {CN_DISK_SPACE_CHECK_INTERVAL, MXS_MODULE_PARAM_COUNT, "0"}, - {CN_SCRIPT, MXS_MODULE_PARAM_STRING},// Cannot be a path type as - // the script may have - // parameters - {CN_SCRIPT_TIMEOUT, MXS_MODULE_PARAM_COUNT, "90"}, + {CN_SCRIPT, MXS_MODULE_PARAM_STRING}, // Cannot be a path type as + // the script may have + // parameters + {CN_SCRIPT_TIMEOUT, MXS_MODULE_PARAM_COUNT, "90"}, { CN_EVENTS, MXS_MODULE_PARAM_ENUM, @@ -404,7 +404,7 @@ const MXS_MODULE_PARAM config_server_params[] = {CN_EXTRA_PORT, MXS_MODULE_PARAM_COUNT, "0"}, {CN_AUTHENTICATOR, MXS_MODULE_PARAM_STRING}, {CN_MONITORUSER, MXS_MODULE_PARAM_STRING}, - {CN_MONITORPW, MXS_MODULE_PARAM_STRING}, + {CN_MONITORPW, MXS_MODULE_PARAM_PASSWORD}, {CN_PERSISTPOOLMAX, MXS_MODULE_PARAM_COUNT, "0"}, {CN_PERSISTMAXTIME, MXS_MODULE_PARAM_COUNT, "0"}, {CN_PROXY_PROTOCOL, MXS_MODULE_PARAM_BOOL, "false"}, @@ -3036,6 +3036,9 @@ const char* param_type_to_str(const MXS_MODULE_PARAM* params, const char* name) case MXS_MODULE_PARAM_STRING: return "a string"; + case MXS_MODULE_PARAM_PASSWORD: + return "a password string"; + case MXS_MODULE_PARAM_QUOTEDSTRING: return "a quoted string"; @@ -3669,6 +3672,10 @@ static json_t* param_value_to_json(const MXS_CONFIG_PARAMETER* param, const MXS_ rval = json_boolean(config_truth_value(param->value)); break; + case MXS_MODULE_PARAM_PASSWORD: + rval = json_string("*****"); + break; + default: rval = json_string(param->value); break; @@ -4341,6 +4348,7 @@ bool config_param_is_valid(const MXS_MODULE_PARAM* params, break; case MXS_MODULE_PARAM_STRING: + case MXS_MODULE_PARAM_PASSWORD: if (*value) { valid = true; diff --git a/server/modules/monitor/mariadbmon/mariadbmon.cc b/server/modules/monitor/mariadbmon/mariadbmon.cc index 4acf2051d..15fbb1467 100644 --- a/server/modules/monitor/mariadbmon/mariadbmon.cc +++ b/server/modules/monitor/mariadbmon/mariadbmon.cc @@ -1048,7 +1048,7 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE() CN_REPLICATION_USER, MXS_MODULE_PARAM_STRING }, { - CN_REPLICATION_PASSWORD, MXS_MODULE_PARAM_STRING + CN_REPLICATION_PASSWORD, MXS_MODULE_PARAM_PASSWORD }, { CN_REPLICATION_MASTER_SSL, MXS_MODULE_PARAM_BOOL, "false" @@ -1084,7 +1084,7 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE() CN_HANDLE_EVENTS, MXS_MODULE_PARAM_BOOL, "true" }, { - CN_ASSUME_UNIQUE_HOSTNAMES, MXS_MODULE_PARAM_BOOL, "true" + CN_ASSUME_UNIQUE_HOSTNAMES, MXS_MODULE_PARAM_BOOL, "true" }, {MXS_END_MODULE_PARAMS} } From b80d6c73059f85020a84e3b69f9532c27c922c3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Wed, 18 Dec 2019 14:47:25 +0200 Subject: [PATCH 3/4] MXS-2498: Document temp tables in multi-statments When a temporary table is created with a multi-statement query, it won't be detected by MaxScale. Also removed the wrong limitations section from the document. --- Documentation/Routers/ReadWriteSplit.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Documentation/Routers/ReadWriteSplit.md b/Documentation/Routers/ReadWriteSplit.md index 2f6e6f391..89a6a80ba 100644 --- a/Documentation/Routers/ReadWriteSplit.md +++ b/Documentation/Routers/ReadWriteSplit.md @@ -685,16 +685,6 @@ the session state and the actual data in the database by adding routing hints to DDL/DML statements which are then directed to slave servers. Only use routing hints when you are sure that they can cause no harm. -## Limitations - -For a list of readwritesplit limitations, please read the -[Limitations](../About/Limitations.md) document. - -## Legacy Configuration - -In older versions of MaxScale, routers were configured via the _router_options_ -parameter. This functionality was deprecated in 2.2 and was removed in 2.3. - ## Examples Examples of the readwritesplit router in use can be found in the @@ -778,6 +768,11 @@ Read queries are routed to the master server in the following situations: * if there are multiple statements inside one query e.g. `INSERT INTO ... ; SELECT LAST_INSERT_ID();` +### Legacy Configuration + +In older versions of MaxScale, routers were configured via the _router_options_ +parameter. This functionality was deprecated in 2.2 and was removed in 2.3. + ### JDBC Batched Statements Readwritesplit does not support pipelining of JDBC batched statements. This is @@ -791,6 +786,11 @@ will always be routed to the master. See [`strict_multi_stmt`](../Routers/ReadWriteSplit.md#strict_multi_stmt) for more details. +If the multi-statement query creates a temporary table, it will not be +detected and reads to this table can be routed to slave servers. To +prevent this, always execute the temporary table creation as an individual +statement. + #### Limitations in client session handling Some of the queries that a client sends are routed to all backends instead of From 8cbe886dc5e72c54e59894be30e6c09c94bd30ce Mon Sep 17 00:00:00 2001 From: Johan Wikman Date: Thu, 19 Dec 2019 10:16:15 +0200 Subject: [PATCH 4/4] Update 2.4.5 release notes --- Documentation/Release-Notes/MaxScale-2.4.5-Release-Notes.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Documentation/Release-Notes/MaxScale-2.4.5-Release-Notes.md b/Documentation/Release-Notes/MaxScale-2.4.5-Release-Notes.md index 121a07c18..6c88f409b 100644 --- a/Documentation/Release-Notes/MaxScale-2.4.5-Release-Notes.md +++ b/Documentation/Release-Notes/MaxScale-2.4.5-Release-Notes.md @@ -14,6 +14,7 @@ report on [our Jira](https://jira.mariadb.org/projects/MXS). ## Bug fixes +* [MXS-2813](https://jira.mariadb.org/browse/MXS-2813) maxctl shows password in clear text * [MXS-2809](https://jira.mariadb.org/browse/MXS-2809) 2.4 configuration still contains links to v2.3 documentation * [MXS-2803](https://jira.mariadb.org/browse/MXS-2803) Hang with readconnroute and persistent connections * [MXS-2802](https://jira.mariadb.org/browse/MXS-2802) COM_RESET_CONNECTION is treated as a write @@ -22,6 +23,7 @@ report on [our Jira](https://jira.mariadb.org/projects/MXS). * [MXS-2782](https://jira.mariadb.org/browse/MXS-2782) Wrong thread id causes MaxScale to crash. * [MXS-2776](https://jira.mariadb.org/browse/MXS-2776) Binlog filter skipping commit when writing to ColumnStore * [MXS-2775](https://jira.mariadb.org/browse/MXS-2775) Document that a crashed master can break auto_rejoin with semisynchronous replication +* [MXS-2498](https://jira.mariadb.org/browse/MXS-2498) MaxScale not routing TEMPORARY TABLE reading to MASTER ## Known Issues and Limitations