hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.3' into develop

Browse Source
This commit is contained in:
Esa Korhonen
2019-04-16 11:23:49 +03:00
parent b1e7e34ed0 f8a22d0ac0
commit 3c188bf421
7 changed files with 39 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Documentation/Monitors/MariaDB-Monitor.md
View File

@ -651,7 +651,7 @@ executed.
Both `replication_user` and `replication_password` parameters must be defined if Both `replication_user` and `replication_password` parameters must be defined if
a custom replication user is used. If neither of the parameters is defined, the a custom replication user is used. If neither of the parameters is defined, the
`CHANGE MASTER TO` command will use the monitor credentials for the replication `CHANGE MASTER TO`-command will use the monitor credentials for the replication
user. user.
The credentials used for replication must have the `REPLICATION SLAVE` The credentials used for replication must have the `REPLICATION SLAVE`
@ -661,6 +661,19 @@ privilege.
parameters. If password encryption is in use, `replication_password` must be parameters. If password encryption is in use, `replication_password` must be
encrypted with the same key to avoid erroneous decryption. encrypted with the same key to avoid erroneous decryption.
#### `replication_master_ssl`
Type: bool Default: off
If set to ON, any `CHANGE MASTER TO`-command generated will set `MASTER_SSL=1` to enable
encryption for the replication stream. This setting should only be enabled if the backend
servers are configured for ssl. This typically means setting *ssl_ca*, *ssl_cert* and
*ssl_key* in the server configuration file. Additionally, credentials for the replication
user should require an encrypted connection (`e.g. ALTER USER repl@'%' REQUIRE SSL;`).
If the setting is left OFF, `MASTER_SSL` is not set at all, which will preserve existing
settings when redirecting a slave connection.
#### `failover_timeout` and `switchover_timeout` #### `failover_timeout` and `switchover_timeout`
Time limit for failover and switchover operations, in seconds. The default Time limit for failover and switchover operations, in seconds. The default

13
server/modules/monitor/mariadbmon/cluster_manipulation.cc
View File

@ -411,6 +411,10 @@ string MariaDBMonitor::generate_change_master_cmd(const string& master_host, int
change_cmd << "CHANGE MASTER TO MASTER_HOST = '" << master_host << "', "; change_cmd << "CHANGE MASTER TO MASTER_HOST = '" << master_host << "', ";
change_cmd << "MASTER_PORT = " << master_port << ", "; change_cmd << "MASTER_PORT = " << master_port << ", ";
change_cmd << "MASTER_USE_GTID = current_pos, "; change_cmd << "MASTER_USE_GTID = current_pos, ";
if (m_replication_ssl)
{
change_cmd << "MASTER_SSL = 1, ";
}
change_cmd << "MASTER_USER = '" << m_replication_user << "', "; change_cmd << "MASTER_USER = '" << m_replication_user << "', ";
const char MASTER_PW[] = "MASTER_PASSWORD = '"; const char MASTER_PW[] = "MASTER_PASSWORD = '";
const char END[] = "';"; const char END[] = "';";
@ -630,7 +634,8 @@ uint32_t MariaDBMonitor::do_rejoin(const ServerArray& joinable_servers, json_t**
// Rejoin doesn't have its own time limit setting. Use switchover time limit for now since // Rejoin doesn't have its own time limit setting. Use switchover time limit for now since
// the first phase of standalone rejoin is similar to switchover. // the first phase of standalone rejoin is similar to switchover.
maxbase::Duration time_limit((double)m_switchover_timeout); maxbase::Duration time_limit((double)m_switchover_timeout);
GeneralOpData general(m_replication_user, m_replication_password, output, time_limit); GeneralOpData general(m_replication_user, m_replication_password, m_replication_ssl,
output, time_limit);
if (joinable->m_slave_status.empty()) if (joinable->m_slave_status.empty())
{ {
@ -1410,7 +1415,8 @@ unique_ptr<MariaDBMonitor::FailoverParams> MariaDBMonitor::failover_prepare(Log
ServerOperation promotion(promotion_target, promoting_to_master, ServerOperation promotion(promotion_target, promoting_to_master,
m_handle_event_scheduler, m_promote_sql_file, m_handle_event_scheduler, m_promote_sql_file,
demotion_target->m_slave_status, demotion_target->m_enabled_events); demotion_target->m_slave_status, demotion_target->m_enabled_events);
GeneralOpData general(m_replication_user, m_replication_password, error_out, time_limit); GeneralOpData general(m_replication_user, m_replication_password, m_replication_ssl,
error_out, time_limit);
rval.reset(new FailoverParams(promotion, demotion_target, general)); rval.reset(new FailoverParams(promotion, demotion_target, general));
} }
} }
@ -1703,7 +1709,8 @@ MariaDBMonitor::switchover_prepare(SERVER* promotion_server, SERVER* demotion_se
ServerOperation demotion(demotion_target, master_swap, m_handle_event_scheduler, ServerOperation demotion(demotion_target, master_swap, m_handle_event_scheduler,
m_demote_sql_file, promotion_target->m_slave_status, m_demote_sql_file, promotion_target->m_slave_status,
EventNameSet() /* unused */); EventNameSet() /* unused */);
GeneralOpData general(m_replication_user, m_replication_password, error_out, time_limit); GeneralOpData general(m_replication_user, m_replication_password, m_replication_ssl,
error_out, time_limit);
rval.reset(new SwitchoverParams(promotion, demotion, general)); rval.reset(new SwitchoverParams(promotion, demotion, general));
} }
return rval; return rval;

8
server/modules/monitor/mariadbmon/mariadbmon.cc
View File

@ -58,9 +58,7 @@ static const char CN_MASTER_FAILURE_TIMEOUT[] = "master_failure_timeout";
// Replication credentials parameters for failover/switchover/join // Replication credentials parameters for failover/switchover/join
static const char CN_REPLICATION_USER[] = "replication_user"; static const char CN_REPLICATION_USER[] = "replication_user";
static const char CN_REPLICATION_PASSWORD[] = "replication_password"; static const char CN_REPLICATION_PASSWORD[] = "replication_password";
static const char CN_REPLICATION_MASTER_SSL[] = "replication_master_ssl";
static const char DIAG_ERROR[] = "Internal error, could not print diagnostics. "
"Check log for more information.";
MariaDBMonitor::MariaDBMonitor(const string& name, const string& module) MariaDBMonitor::MariaDBMonitor(const string& name, const string& module)
: MonitorWorker(name, module) : MonitorWorker(name, module)
@ -235,6 +233,7 @@ bool MariaDBMonitor::configure(const MXS_CONFIG_PARAMETER* params)
m_switchover_on_low_disk_space = params->get_bool(CN_SWITCHOVER_ON_LOW_DISK_SPACE); m_switchover_on_low_disk_space = params->get_bool(CN_SWITCHOVER_ON_LOW_DISK_SPACE);
m_maintenance_on_low_disk_space = params->get_bool(CN_MAINTENANCE_ON_LOW_DISK_SPACE); m_maintenance_on_low_disk_space = params->get_bool(CN_MAINTENANCE_ON_LOW_DISK_SPACE);
m_handle_event_scheduler = params->get_bool(CN_HANDLE_EVENTS); m_handle_event_scheduler = params->get_bool(CN_HANDLE_EVENTS);
m_replication_ssl = params->get_bool(CN_REPLICATION_MASTER_SSL);
/* Reset all monitored state info. The server dependent values must be reset as servers could have been /* Reset all monitored state info. The server dependent values must be reset as servers could have been
* added, removed and modified. */ * added, removed and modified. */
@ -1024,6 +1023,9 @@ extern "C" MXS_MODULE* MXS_CREATE_MODULE()
{ {
CN_REPLICATION_PASSWORD, MXS_MODULE_PARAM_STRING CN_REPLICATION_PASSWORD, MXS_MODULE_PARAM_STRING
}, },
{
CN_REPLICATION_MASTER_SSL, MXS_MODULE_PARAM_BOOL, "false"
},
{ {
CN_VERIFY_MASTER_FAILURE, MXS_MODULE_PARAM_BOOL, "true" CN_VERIFY_MASTER_FAILURE, MXS_MODULE_PARAM_BOOL, "true"
}, },

1
server/modules/monitor/mariadbmon/mariadbmon.hh
View File

@ -213,6 +213,7 @@ private:
// Cluster operations additional settings // Cluster operations additional settings
std::string m_replication_user; /* Replication user for CHANGE MASTER TO-commands */ std::string m_replication_user; /* Replication user for CHANGE MASTER TO-commands */
std::string m_replication_password; /* Replication password for CHANGE MASTER TO-commands */ std::string m_replication_password; /* Replication password for CHANGE MASTER TO-commands */
bool m_replication_ssl = false; /* Set MASTER_SSL = 1 in CHANGE MASTER TO-commands */
bool m_handle_event_scheduler = true;/* Should failover/switchover enable/disable any scheduled bool m_handle_event_scheduler = true;/* Should failover/switchover enable/disable any scheduled
* events on the servers during promote/demote? */ * events on the servers during promote/demote? */
uint32_t m_failover_timeout = 10; /* Time limit in seconds for failover */ uint32_t m_failover_timeout = 10; /* Time limit in seconds for failover */

4
server/modules/monitor/mariadbmon/mariadbserver.cc
View File

@ -2088,6 +2088,10 @@ string MariaDBServer::generate_change_master_cmd(GeneralOpData& op, const SlaveS
slave_conn.name.c_str(), slave_conn.name.c_str(),
slave_conn.master_host.c_str(), slave_conn.master_port); slave_conn.master_host.c_str(), slave_conn.master_port);
change_cmd += "MASTER_USE_GTID = current_pos, "; change_cmd += "MASTER_USE_GTID = current_pos, ";
if (op.replication_ssl)
{
change_cmd += "MASTER_SSL = 1, ";
}
change_cmd += string_printf("MASTER_USER = '%s', ", op.replication_user.c_str()); change_cmd += string_printf("MASTER_USER = '%s', ", op.replication_user.c_str());
const char MASTER_PW[] = "MASTER_PASSWORD = '%s';"; const char MASTER_PW[] = "MASTER_PASSWORD = '%s';";
#if defined (SS_DEBUG) #if defined (SS_DEBUG)

5
server/modules/monitor/mariadbmon/server_utils.cc
View File

@ -174,10 +174,11 @@ ServerOperation::ServerOperation(MariaDBServer* target, bool was_is_master, bool
{ {
} }
GeneralOpData::GeneralOpData(const string& replication_user, const string& replication_password, GeneralOpData::GeneralOpData(const std::string& replication_user, const std::string& replication_password,
json_t** error, maxbase::Duration time_remaining) bool replication_ssl, json_t** error, maxbase::Duration time_remaining)
: replication_user(replication_user) : replication_user(replication_user)
, replication_password(replication_password) , replication_password(replication_password)
, replication_ssl(replication_ssl)
, error_out(error) , error_out(error)
, time_remaining(time_remaining) , time_remaining(time_remaining)
{ {

3
server/modules/monitor/mariadbmon/server_utils.hh
View File

@ -222,11 +222,12 @@ class GeneralOpData
public: public:
const std::string replication_user; // User for CHANGE MASTER TO ... const std::string replication_user; // User for CHANGE MASTER TO ...
const std::string replication_password; // Password for CHANGE MASTER TO ... const std::string replication_password; // Password for CHANGE MASTER TO ...
const bool replication_ssl; // MASTER_SSL=1 in CHANGE MASTER TO ...
json_t** const error_out; // Json error output json_t** const error_out; // Json error output
maxbase::Duration time_remaining; // How much time remains to complete the operation maxbase::Duration time_remaining; // How much time remains to complete the operation
GeneralOpData(const std::string& replication_user, const std::string& replication_password, GeneralOpData(const std::string& replication_user, const std::string& replication_password,
json_t** error, maxbase::Duration time_remaining); bool replication_ssl, json_t** error, maxbase::Duration time_remaining);
}; };
// Operation data which concerns a single server // Operation data which concerns a single server