Sending an error to the client allows the connector to show more
information to the user when the DCB is closed due to a reason internal to
MaxScale.
The error message states that the connection was killed by MaxScale to
distinct it from the error sent by the server. The error number and SQL
state are still the same as both errors should be treated the same way.
The new `ssl_verify_peer_certificate` parameter controls whether the peer
certificate is verified. This allows self-signed certificates to be
properly used with MaxScale.
This builds on commit 1287b0e595a5f99026f66df7eeaef091b8ffc774 and cleans
up the original code. This fixes a bug introduced in the aforementioned
commit and cleans up the code.
The authentication code assumed that the initial request only had
authentication related data. This is not true if the client library
predicts that the authentication will succeed and it sends a query right
after it sends the authentication data.
Currently binlog server doesn't send to slaves these event types:
- MARIADB10_START_ENCRYPTION_EVENT
- IGNORABLE_EVENT
It also skips events with LOG_EVENT_IGNORABLE_F flag.
This modification allows sending events with that flag.
If the authenticator option is enabled, no users are loaded and no errors
have occurred in the user loading process, the service credentials are
injected.
When the database firewall filter is used in white-list mode,
'USE <db>' should be allowed. When connecting, it is always
possible to specify the database anyway so restricting
'USE <db>' serves no purpose.
The result of the authentication should be ignored but the scramble that
is calculated as a side-effect still needs to be stored. This can be done
by altering the SQL used to get the matching row to only match on the
username, not the network address.
Also expanded the test case to cover the use of bad credentials.
The new parameter allows the session to be "locked" to the master server
after a stored procedure is called. This will keep the session state
consistent if the stored procedure call modifies the state of the session.
The removal of a server from a service is intended to affect only new
sessions.
Added a test that checks that the connections are kept open even if the
server is removed from the service.
MXS-1412: while discarding a result set don't buffer any data: this
avoids to store useless data.
Additionally the colum definitions buffer is used instead of the offset
value.
By processing each buffer individually, the need to iterate over the whole
resultset is removed. Profiling showed that most of the time was spent
navigating the linked list of buffers when an offset into the whole
resultset was used instead of an offset to the individual response buffer.
When a COM_CHANGE_USER was executed, it is possible that the server
responds with a AuthSwitchRequest packet instead of an OK packet. In this
case, the server sends a new scramble which must be used to create the 20
byte hash that is expected as the response.
The COM_CHANGE_USER that is sent as a part of the reset process for a
persistent connection did not expect a AuthSwitchRequest packet to be sent
as that implies that the server did not take the authentication fast
path. In this case, an error message needs to be logged stating that the
server requested a different authentication plugin than was expected.
The response handling logic did not always take the last packet for
inspection when a COM_CHANGE_USER was executed. The OK packet will always
be the last one since the COM_CHANGE_USER is the last command that was
sent.
When an unexpected response to a COM_CHANGE_USER is received, it is now
processes and discarded instead of treated as an error. This will allow
further analysis of the situation in addition to possibly solving some of
the problems that the persistent connections have.
Added extra info level logging to relevant parts of the code that deal
with the COM_CHANGE_USER reply processing. This information should allow
tracking of the response state for debugging purposes.
The response to the COM_CHANGE_USER should always be turned into a
contiguous buffer of complete packets. This guarantees that the code that
processes it functions properly.
As COM_QUIT would terminate the connection, there's no need to initiate
the session reset process. Also make sure all buffers are empty before
putting the DCB into the pool.
Added extra debug assertions for parts of the code that are related to the
COM_CHANGE_USER processing.
When a persistent connection is reused, a COM_CHANGE_USER command is
executed to reset the session state. If the reused connection was closed
before the response to the COM_CHANGE_USER was received and taken into use
by another connection, another COM_CHANGE_USER would be sent to, again,
reset the session state. Due to the fact that the first response is still
on its way, it will appear as if two responses are generated for a single
COM_CHANGE_USER.
The way to fix this is to avoid putting connections that haven't been
successfully reset into the connection pool.
When a session is being closed in a controlled manner, i.e. a COM_QUIT is
received from the client, it is possible to deduce from this fact that the
backend connections are very likely to be idle. This can be used as an
additional qualification that must be met by all connections before they
can be candidates for connection pooling.
This assumption will not hold with batched and asynchronous queries. In
this case it is possible that the COM_QUIT is received from the client
before even the first result from the backend is read. For this to work,
the protocol module would need to track the number and state of expected
responses.
If the binlog has binlog checksums enabled, the extra checksum bytes are
removed from the end of the event. The avrorouter assumes that whatever
caused the binlogs to appear in the first place already checked that the
checksums are OK.
Also removed one extra byte being added to the length of all query events.
A new option ‘slave_hostname’ allows the setting of hostname in
COM_REGISTER_SLAVE.
SHOW SLAVES HOSTS; in master server can show the hostname set in binlog
router:
MariaDB [(none)]> SHOW SLAVE HOSTS;
+-----------+-----------------------------+------+-----------+
| Server_id | Host | Port | Master_id |
+-----------+-----------------------------+------+-----------+
| 93 | maxscale-blr-1.mydomain.net | 8808 | 10124 |
+-----------+-----------------------------+------+-----------+
If a connection has not been fully established (i.e. authentication has
been completed) then it should not be considered as a connection pool
candidate.
Enabling the option hinders the use of maintenance mode with the root
master node in most use-cases.
This behavior occurs due to the fact that the maintenance mode causes a
server to be treted as if it was down. The Galera monitor waits for the
cluster to reorganize before assigning a new master node. This is correct
(but very unexpected) behavior for single instance use-cases.
