diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/wsrep_sst_common.sh | 264 | ||||
| -rw-r--r-- | scripts/wsrep_sst_mariabackup.sh | 357 | ||||
| -rw-r--r-- | scripts/wsrep_sst_mysqldump.sh | 11 | ||||
| -rw-r--r-- | scripts/wsrep_sst_rsync.sh | 250 |
4 files changed, 479 insertions, 403 deletions
diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh index f043b56da90..983f44768aa 100644 --- a/scripts/wsrep_sst_common.sh +++ b/scripts/wsrep_sst_common.sh @@ -17,7 +17,10 @@ # This is a common command line parser to be sourced by other SST scripts -set -u +set -ue + +# Setting the path for some utilities on CentOS +export PATH="$PATH:/usr/sbin:/usr/bin:/sbin:/bin" WSREP_SST_OPT_BYPASS=0 WSREP_SST_OPT_BINLOG="" @@ -384,10 +387,8 @@ case "$1" in skip_mysqld_arg=1 ;; '--innodb-force-recovery') - if [ -n "$value" ]; then - if [ "$value" -ne 0 ]; then - INNODB_FORCE_RECOVERY="$value" - fi + if [ -n "$value" -a "$value" != "0" ]; then + INNODB_FORCE_RECOVERY="$value" fi skip_mysqld_arg=1 ;; @@ -584,7 +585,8 @@ get_binlog() if [ -n "$WSREP_SST_OPT_ADDR_PORT" ]; then if [ -n "$WSREP_SST_OPT_PORT" ]; then if [ "$WSREP_SST_OPT_PORT" != "$WSREP_SST_OPT_ADDR_PORT" ]; then - echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT differs from port in --address=$WSREP_SST_OPT_ADDR" >&2 + echo "WSREP_SST: [ERROR] port in --port=$WSREP_SST_OPT_PORT" \ + "differs from port in --address=$WSREP_SST_OPT_ADDR" >&2 exit 2 fi else @@ -616,8 +618,19 @@ fi readonly WSREP_SST_OPT_ADDR readonly WSREP_SST_OPT_ADDR_PORT -# try to use my_print_defaults, mysql and mysqldump that come with the sources -# (for MTR suite) +commandex() +{ + if [ -n "$BASH_VERSION" ]; then + command -v "$1" || : + elif [ -x "$1" ]; then + echo "$1" + else + which "$1" || : + fi +} + +# try to use my_print_defaults, mysql and mysqldump that come +# with the sources (for MTR suite): script_binary=$(dirname "$0") SCRIPTS_DIR=$(cd "$script_binary"; pwd -P) EXTRA_DIR="$SCRIPTS_DIR/../extra" @@ -626,13 +639,13 @@ CLIENT_DIR="$SCRIPTS_DIR/../client" if [ -x "$CLIENT_DIR/mariadb" ]; then MYSQL_CLIENT="$CLIENT_DIR/mariadb" else - MYSQL_CLIENT="$(command -v mariadb)" + MYSQL_CLIENT=$(commandex 'mariadb') fi if [ -x "$CLIENT_DIR/mariadb-dump" ]; then MYSQLDUMP="$CLIENT_DIR/mariadb-dump" else - MYSQLDUMP="$(command -v mariadb-dump)" + MYSQLDUMP=$(commandex 'mariadb-dump') fi wsrep_log() @@ -663,7 +676,7 @@ if [ -x "$SCRIPTS_DIR/my_print_defaults" ]; then elif [ -x "$EXTRA_DIR/my_print_defaults" ]; then MY_PRINT_DEFAULTS="$EXTRA_DIR/my_print_defaults" else - MY_PRINT_DEFAULTS="$(command -v my_print_defaults)" + MY_PRINT_DEFAULTS=$(commandex 'my_print_defaults') if [ -z "$MY_PRINT_DEFAULTS" ]; then wsrep_log_error "my_print_defaults not found in path" exit 2 @@ -673,16 +686,16 @@ fi readonly MY_PRINT_DEFAULTS wsrep_defaults="$WSREP_SST_OPT_DEFAULTS" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULTS:+ }$WSREP_SST_OPT_EXTRA_DEFAULTS" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" -readonly WSREP_SST_OPT_CONF="$wsrep_defaults" +readonly WSREP_SST_OPT_CONF="${wsrep_defaults:+ }$wsrep_defaults" wsrep_defaults="$WSREP_SST_OPT_DEFAULT" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_EXTRA_DEFAULT" -wsrep_defaults="$wsrep_defaults${wsrep_defaults:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_EXTRA_DEFAULT:+ }$WSREP_SST_OPT_EXTRA_DEFAULT" +wsrep_defaults="$wsrep_defaults${WSREP_SST_OPT_SUFFIX_DEFAULT:+ }$WSREP_SST_OPT_SUFFIX_DEFAULT" -readonly WSREP_SST_OPT_CONF_UNQUOTED="$wsrep_defaults" +readonly WSREP_SST_OPT_CONF_UNQUOTED="${wsrep_defaults:+ }$wsrep_defaults" # # User can specify mariabackup specific settings that will be used during sst @@ -819,8 +832,7 @@ if wsrep_auth_not_set; then fi # Splitting WSREP_SST_OPT_AUTH as "user:password" pair: -if ! wsrep_auth_not_set -then +if ! wsrep_auth_not_set; then # Extract username as shortest prefix up to first ':' character: WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}" if [ -z "$WSREP_SST_OPT_USER" ]; then @@ -848,8 +860,7 @@ readonly WSREP_SST_OPT_USER readonly WSREP_SST_OPT_PSWD readonly WSREP_SST_OPT_AUTH -if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ] -then +if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ]; then # Split auth string at the last ':' readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}" readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}" @@ -860,8 +871,7 @@ fi readonly WSREP_SST_OPT_REMOTE_AUTH -if [ -n "$WSREP_SST_OPT_DATA" ] -then +if [ -n "$WSREP_SST_OPT_DATA" ]; then SST_PROGRESS_FILE="$WSREP_SST_OPT_DATA/sst_in_progress" else SST_PROGRESS_FILE="" @@ -869,14 +879,15 @@ fi wsrep_cleanup_progress_file() { - [ -n "$SST_PROGRESS_FILE" -a \ - -f "$SST_PROGRESS_FILE" ] && rm -f "$SST_PROGRESS_FILE" 2>/dev/null || true + if [ -n "$SST_PROGRESS_FILE" -a -f "$SST_PROGRESS_FILE" ]; then + rm -f "$SST_PROGRESS_FILE" 2>/dev/null || : + fi } wsrep_check_program() { local prog="$1" - local cmd=$(command -v "$prog") + local cmd=$(commandex "$prog") if [ -z "$cmd" ]; then echo "'$prog' not found in PATH" return 2 # no such file or directory @@ -886,21 +897,18 @@ wsrep_check_program() wsrep_check_programs() { local ret=0 - - while [ $# -gt 0 ] - do + while [ $# -gt 0 ]; do wsrep_check_program "$1" || ret=$? shift done - return $ret } wsrep_check_datadir() { - if [ -z "$WSREP_SST_OPT_DATA" ] - then - wsrep_log_error "The '--datadir' parameter must be passed to the SST script" + if [ -z "$WSREP_SST_OPT_DATA" ]; then + wsrep_log_error \ + "The '--datadir' parameter must be passed to the SST script" exit 2 fi } @@ -912,10 +920,10 @@ get_openssl() return fi # Let's look for openssl: - OPENSSL_BINARY="$(command -v openssl)" + OPENSSL_BINARY=$(commandex 'openssl') if [ -z "$OPENSSL_BINARY" ]; then OPENSSL_BINARY='/usr/bin/openssl' - if [ -z "$OPENSSL_BINARY" ]; then + if [ ! -x "$OPENSSL_BINARY" ]; then OPENSSL_BINARY="" fi fi @@ -928,13 +936,12 @@ get_openssl() wsrep_gen_secret() { get_openssl - if [ -n "$OPENSSL_BINARY" ] - then + if [ -n "$OPENSSL_BINARY" ]; then echo $("$OPENSSL_BINARY" rand -hex 16) else printf "%04x%04x%04x%04x%04x%04x%04x%04x" \ - $RANDOM $RANDOM $RANDOM $RANDOM \ - $RANDOM $RANDOM $RANDOM $RANDOM + $RANDOM $RANDOM $RANDOM $RANDOM \ + $RANDOM $RANDOM $RANDOM $RANDOM fi } @@ -968,14 +975,14 @@ is_local_ip() fi # Now let's check if the given address is assigned to # one of the network cards: - local ip_util="$(command -v ip)" + local ip_util=$(commandex 'ip') if [ -n "$ip_util" ]; then # ip address show ouput format is " inet[6] <address>/<mask>": "$ip_util" address show \ | grep -E "^[[:space:]]*inet.? [^[:space:]]+/" -o \ | grep -F " $1/" >/dev/null && return 0 else - local ifconfig_util="$(command -v ifconfig)" + local ifconfig_util=$(commandex 'ifconfig') if [ -n "$ifconfig_util" ]; then # ifconfig output format is " inet[6] <address> ...": "$ifconfig_util" \ @@ -992,15 +999,15 @@ check_sockets_utils() sockstat_available=0 ss_available=0 - [ -n "$(command -v lsof)" ] && lsof_available=1 - [ -n "$(command -v sockstat)" ] && sockstat_available=1 - [ -n "$(command -v ss)" ] && ss_available=1 + [ -n "$(commandex lsof)" ] && lsof_available=1 + [ -n "$(commandex sockstat)" ] && sockstat_available=1 + [ -n "$(commandex ss)" ] && ss_available=1 if [ $lsof_available -eq 0 -a \ $sockstat_available -eq 0 -a \ $ss_available -eq 0 ] then - wsrep_log_error "Neither lsof, nor sockstat or ss tool was found in " \ + wsrep_log_error "Neither lsof, nor sockstat or ss tool was found in" \ "the PATH. Make sure you have it installed." exit 2 # ENOENT fi @@ -1018,11 +1025,11 @@ check_sockets_utils() # check_port() { - local pid="$1" + local pid="${1:-0}" local port="$2" local utils="$3" - [ -z "$pid" ] || [ $pid -eq 0 ] && pid='[0-9]+' + [ $pid -le 0 ] && pid='[0-9]+' local rc=1 @@ -1060,14 +1067,20 @@ check_for_dhparams() if [ ! -r "$ssl_dhparams" ]; then get_openssl if [ -n "$OPENSSL_BINARY" ]; then - wsrep_log_info "Could not find dhparams file, creating $ssl_dhparams" - if ! "$OPENSSL_BINARY" dhparam -out "$ssl_dhparams" 2048 >/dev/null 2>&1 - then + wsrep_log_info \ + "Could not find dhparams file, creating $ssl_dhparams" + local bug=0 + local errmsg + errmsg=$("$OPENSSL_BINARY" \ + dhparam -out "$ssl_dhparams" 2048 2>&1) || bug=1 + if [ $bug -ne 0 ]; then + wsrep_log_info "run: \"$OPENSSL_BINARY\" dhparam -out \"$ssl_dhparams\" 2048" + wsrep_log_info "output: $errmsg" wsrep_log_error "******** ERROR *****************************************" wsrep_log_error "* Could not create the dhparams.pem file with OpenSSL. *" wsrep_log_error "********************************************************" ssl_dhparams="" - fi + fi else # Rollback: if openssl is not installed, then use # the default parameters: @@ -1085,26 +1098,48 @@ check_for_dhparams() # verify_ca_matches_cert() { - local ca="$1" - local cert="$2" - local path=${3:-0} + local cert="$1" + local ca="$2" + local cap="$3" + + local readable=1; [ ! -r "$cert" ] && readable=0 + [ -n "$ca" -a ! -r "$ca" ] && readable=0 + [ -n "$cap" -a ! -r "$cap" ] && readable=0 + + if [ $readable -eq 0 ]; then + wsrep_log_error \ + "Both PEM file and CA file (or path) must be readable" + exit 22 + fi # If the openssl utility is not installed, then # we will not do this certificate check: get_openssl if [ -z "$OPENSSL_BINARY" ]; then + wsrep_log_info "openssl utility not found" return fi - local not_match=0 + local readable=1; [ ! -r "$cert" ] && readable=0 + [ -n "$ca" ] && [ ! -r "$ca" ] && readable=0 + [ -n "$cap" ] && [ ! -r "$cap" ] && readable=0 - if [ $path -eq 0 ]; then - "$OPENSSL_BINARY" verify -verbose -CAfile "$ca" "$cert" >/dev/null 2>&1 || not_match=1 - else - "$OPENSSL_BINARY" verify -verbose -CApath "$ca" "$cert" >/dev/null 2>&1 || not_match=1 + if [ readable -eq 0 ]; then + wsrep_log_error \ + "Both PEM file and CA file (or path) must be readable" + exit 22 fi + local not_match=0 + local errmsg + errmsg=$("$OPENSSL_BINARY" verify -verbose \ + ${ca:+ -CAfile} ${ca:+ "$ca"} \ + ${cap:+ -CApath} ${cap:+ "$cap"} \ + "$cert" 2>&1) || not_match=1 + if [ $not_match -eq 1 ]; then + wsrep_log_info "run: \"$OPENSSL_BINARY\" verify -verbose${ca:+ -CAfile \"$ca\"}${cap:+ -CApath \"$cap\"} \"$cert\"" + wsrep_log_info "output: $errmsg" wsrep_log_error "******** FATAL ERROR ********************************************" wsrep_log_error "* The certifcate and CA (certificate authority) do not match. *" wsrep_log_error "* It does not appear that the certificate was issued by the CA. *" @@ -1124,12 +1159,19 @@ verify_ca_matches_cert() # verify_cert_matches_key() { - local cert_path="$1" - local key_path="$2" + local cert="$1" + local key="$2" + + if [ ! -r "$key" -o ! -r "$cert" ]; then + wsrep_log_error "Both the certificate file and the key file" \ + "must be readable" + exit 22 + fi # If the diff utility is not installed, then # we will not do this certificate check: - if [ -z "$(command -v diff)" ]; then + if [ -z "$(commandex diff)" ]; then + wsrep_log_info "diff utility not found" return fi @@ -1137,18 +1179,19 @@ verify_cert_matches_key() # we will not do this certificate check: get_openssl if [ -z "$OPENSSL_BINARY" ]; then + wsrep_log_info "openssl utility not found" return fi # Generate the public key from the cert and the key. # They should match (otherwise we can't create an SSL connection). - if ! diff <("$OPENSSL_BINARY" x509 -in "$cert_path" -pubkey -noout 2>/dev/null) \ - <("$OPENSSL_BINARY" pkey -in "$key_path" -pubout 2>/dev/null) >/dev/null 2>&1 + if ! diff <("$OPENSSL_BINARY" x509 -in "$cert" -pubkey -noout 2>/dev/null) \ + <("$OPENSSL_BINARY" pkey -in "$key" -pubout 2>/dev/null) >/dev/null 2>&1 then - wsrep_log_error "******************* FATAL ERROR ****************" - wsrep_log_error "* The certifcate and private key do not match. *" - wsrep_log_error "* Please check your certificate and key files. *" - wsrep_log_error "************************************************" + wsrep_log_error "******************* FATAL ERROR *****************" + wsrep_log_error "* The certificate and private key do not match. *" + wsrep_log_error "* Please check your certificate and key files. *" + wsrep_log_error "*************************************************" exit 22 fi } @@ -1225,18 +1268,18 @@ check_pid() { local pid_file="$1" if [ -r "$pid_file" ]; then - local pid=$(cat "$pid_file" 2>/dev/null) + local pid=$(cat "$pid_file" 2>/dev/null || :) if [ -n "$pid" ]; then - if [ $pid -ne 0 ]; then - if ps -p "$pid" >/dev/null 2>&1; then + if [ $pid -gt 0 ]; then + if ps -p $pid >/dev/null 2>&1; then CHECK_PID=$pid return 0 fi fi fi local remove=${2:-0} - if [ $remove -eq 1 ]; then - rm -f "$pid_file" + if [ $remove -ne 0 ]; then + rm -f "$pid_file" || : fi fi CHECK_PID=0 @@ -1261,25 +1304,25 @@ cleanup_pid() local pid_file="${2:-}" local config="${3:-}" - if [ $pid -ne 0 ]; then + if [ $pid -gt 0 ]; then if ps -p $pid >/dev/null 2>&1; then if kill $pid >/dev/null 2>&1; then sleep 0.5 local round=0 local force=0 while ps -p $pid >/dev/null 2>&1; do - sleep 1 - round=$(( round+1 )) - if [ $round -eq 16 ]; then - if [ $force -eq 0 ]; then - round=8 - force=1 - kill -9 $pid >/dev/null 2>&1 - sleep 0.5 - else - return 1 - fi - fi + sleep 1 + round=$(( round+1 )) + if [ $round -eq 16 ]; then + if [ $force -eq 0 ]; then + round=8 + force=1 + kill -9 $pid >/dev/null 2>&1 || : + sleep 0.5 + else + return 1 + fi + fi done elif ps -p $pid >/dev/null 2>&1; then wsrep_log_warning "Unable to kill PID=$pid ($pid_file)" @@ -1288,8 +1331,8 @@ cleanup_pid() fi fi - [ -n "$pid_file" ] && [ -f "$pid_file" ] && rm -f "$pid_file" - [ -n "$config" ] && [ -f "$config" ] && rm -f "$config" + [ -n "$pid_file" -a -f "$pid_file" ] && rm -f "$pid_file" || : + [ -n "$config" -a -f "$config" ] && rm -f "$config" || : return 0 } @@ -1305,9 +1348,52 @@ get_proc() elif [ "$OS" = 'Darwin' -o "$OS" = 'FreeBSD' ]; then nproc=$(sysctl -n hw.ncpu) fi + set -e if [ -z "$nproc" ] || [ $nproc -eq 0 ]; then nproc=1 fi - set -e + fi +} + +check_server_ssl_config() +{ + # backward-compatible behavior: + tcert=$(parse_cnf 'sst' 'tca') + tcap=$(parse_cnf 'sst' 'tcapath') + tpem=$(parse_cnf 'sst' 'tcert') + tkey=$(parse_cnf 'sst' 'tkey') + # reading new ssl configuration options: + local tcert2=$(parse_cnf "$encgroups" 'ssl-ca') + local tcap2=$(parse_cnf "$encgroups" 'ssl-capath') + local tpem2=$(parse_cnf "$encgroups" 'ssl-cert') + local tkey2=$(parse_cnf "$encgroups" 'ssl-key') + # if there are no old options, then we take new ones: + if [ -z "$tcert" -a -z "$tcap" -a -z "$tpem" -a -z "$tkey" ]; then + tcert="$tcert2" + tcap="$tcap2" + tpem="$tpem2" + tkey="$tkey2" + # checking for presence of the new-style SSL configuration: + elif [ -n "$tcert2" -o -n "$tcap2" -o -n "$tpem2" -o -n "$tkey2" ]; then + if [ "$tcert" != "$tcert2" -o \ + "$tcap" != "$tcap2" -o \ + "$tpem" != "$tpem2" -o \ + "$tkey" != "$tkey2" ] + then + wsrep_log_info \ + "new ssl configuration options (ssl-ca[path], ssl-cert" \ + "and ssl-key) are ignored by SST due to presence" \ + "of the tca[path], tcert and/or tkey in the [sst] section" + fi + fi + if [ -n "$tcert" ]; then + tcert=$(trim_string "$tcert") + if [ "${tcert%/}" != "$tcert" -o -d "$tcert" ]; then + tcap="$tcert" + tcert="" + fi + fi + if [ -n "$tcap" ]; then + tcap=$(trim_string "$tcap") fi } diff --git a/scripts/wsrep_sst_mariabackup.sh b/scripts/wsrep_sst_mariabackup.sh index b429a9effd5..aa9442b0601 100644 --- a/scripts/wsrep_sst_mariabackup.sh +++ b/scripts/wsrep_sst_mariabackup.sh @@ -20,21 +20,21 @@ # https://mariadb.com/kb/en/mariabackup-overview/ # Make sure to read that before proceeding! +OS="$(uname)" + . $(dirname "$0")/wsrep_sst_common wsrep_check_datadir -OS="$(uname)" ealgo="" eformat="" ekey="" ekeyfile="" encrypt=0 -ecode=0 ssyslog="" ssystag="" BACKUP_PID="" tcert="" -tpath=0 +tcap="" tpem="" tkey="" tmode="DISABLED" @@ -88,14 +88,14 @@ readonly SECRET_TAG="secret" # For backup locks it is 1 sent by joiner sst_ver=1 -if [ -n "$(command -v pv)" ] && pv --help | grep -qw -- '-F'; then +if [ -n "$(commandex pv)" ] && pv --help | grep -qw -- '-F'; then pvopts="$pvopts $pvformat" fi pcmd="pv $pvopts" declare -a RC -BACKUP_BIN="$(command -v mariabackup)" -if [ ! -x "$BACKUP_BIN" ]; then +BACKUP_BIN=$(commandex 'mariabackup') +if [ -z "$BACKUP_BIN" ]; then wsrep_log_error 'mariabackup binary not found in path' exit 42 fi @@ -145,14 +145,14 @@ get_keys() if [ $encrypt -eq 0 ]; then if [ -n "$ealgo" -o -n "$ekey" -o -n "$ekeyfile" ]; then - wsrep_log_error "Options for encryption are specified, " \ + wsrep_log_error "Options for encryption are specified," \ "but encryption itself is disabled. SST may fail." fi return fi if [ $sfmt = 'tar' ]; then - wsrep_log_info "NOTE: key-based encryption (encrypt=1) " \ + wsrep_log_info "NOTE: key-based encryption (encrypt=1)" \ "cannot be enabled with tar format" encrypt=-1 return @@ -165,16 +165,18 @@ get_keys() exit 3 fi - if [ -z "$ekey" -a ! -r "$ekeyfile" ]; then - wsrep_log_error "FATAL: Either key must be specified " \ - "or keyfile must be readable" - exit 3 + if [ -z "$ekey" ]; then + if [ ! -r "$ekeyfile" ]; then + wsrep_log_error "FATAL: Either key must be specified" \ + "or keyfile must be readable" + exit 3 + fi fi if [ "$eformat" = 'openssl' ]; then get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error "If encryption using the openssl is enabled, " \ + wsrep_log_error "If encryption using the openssl is enabled," \ "then you need to install openssl" exit 2 fi @@ -192,12 +194,12 @@ get_keys() ecmd="$ecmd -k '$ekey'" fi elif [ "$eformat" = 'xbcrypt' ]; then - if [ -z "$(command -v xbcrypt)" ]; then - wsrep_log_error "If encryption using the xbcrypt is enabled, " \ + if [ -z "$(commandex xbcrypt)" ]; then + wsrep_log_error "If encryption using the xbcrypt is enabled," \ "then you need to install xbcrypt" exit 2 fi - wsrep_log_info "NOTE: xbcrypt-based encryption, " \ + wsrep_log_info "NOTE: xbcrypt-based encryption," \ "supported only from Xtrabackup 2.1.4" if [ -z "$ekey" ]; then ecmd="xbcrypt --encrypt-algo='$ealgo' --encrypt-key-file='$ekeyfile'" @@ -342,40 +344,34 @@ get_transfer() CN_option=",commonname=''" if [ $encrypt -eq 2 ]; then - wsrep_log_info "Using openssl based encryption with socat: with crt and pem" - if [ -z "$tpem" -o -z "$tcert" ]; then + wsrep_log_info \ + "Using openssl based encryption with socat: with crt and pem" + if [ -z "$tpem" -o -z "$tcert$tcap" ]; then wsrep_log_error \ "Both PEM file and CRT file (or path) are required" exit 22 fi - if [ ! -r "$tpem" -o ! -r "$tcert" ]; then - wsrep_log_error \ - "Both PEM file and CRT file (or path) must be readable" - exit 22 + verify_ca_matches_cert "$tpem" "$tcert" "$tcap" + tcmd="$tcmd,cert='$tpem'" + if [ -n "$tcert" ]; then + tcmd="$tcmd,cafile='$tcert'" fi - verify_ca_matches_cert "$tcert" "$tpem" $tpath - if [ $tpath -eq 0 ]; then - tcmd="$tcmd,cert='$tpem',cafile='$tcert'" - else - tcmd="$tcmd,cert='$tpem',capath='$tcert'" + if [ -n "$tcap" ]; then + tcmd="$tcmd,capath='$tcap'" fi stagemsg="$stagemsg-OpenSSL-Encrypted-2" - wsrep_log_info "$action with cert=$tpem, ca=$tcert" + wsrep_log_info "$action with cert='$tpem', ca='$tcert', capath='$tcap'" elif [ $encrypt -eq 3 -o $encrypt -eq 4 ]; then - wsrep_log_info "Using openssl based encryption with socat: with key and crt" + wsrep_log_info \ + "Using openssl based encryption with socat: with key and crt" if [ -z "$tpem" -o -z "$tkey" ]; then - wsrep_log_error "Both certificate file (or path) " \ - "and key file are required" - exit 22 - fi - if [ ! -r "$tpem" -o ! -r "$tkey" ]; then - wsrep_log_error "Both certificate file (or path) " \ - "and key file must be readable" + wsrep_log_error "Both the certificate file (or path) and" \ + "the key file are required" exit 22 fi verify_cert_matches_key "$tpem" "$tkey" stagemsg="$stagemsg-OpenSSL-Encrypted-3" - if [ -z "$tcert" ]; then + if [ -z "$tcert$tcap" ]; then if [ $encrypt -eq 4 ]; then wsrep_log_error \ "Peer certificate file (or path) required if encrypt=4" @@ -384,14 +380,11 @@ get_transfer() # no verification CN_option="" tcmd="$tcmd,cert='$tpem',key='$tkey',verify=0" - wsrep_log_info "$action with cert=$tpem, key=$tkey, verify=0" + wsrep_log_info \ + "$action with cert='$tpem', key='$tkey', verify=0" else # CA verification - if [ ! -r "$tcert" ]; then - wsrep_log_error "Certificate file or path must be readable" - exit 22 - fi - verify_ca_matches_cert "$tcert" "$tpem" $tpath + verify_ca_matches_cert "$tpem" "$tcert" "$tcap" if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'" elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ] @@ -402,12 +395,15 @@ get_transfer() else CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'" fi - if [ $tpath -eq 0 ]; then - tcmd="$tcmd,cert='$tpem',key='$tkey',cafile='$tcert'" - else - tcmd="$tcmd,cert='$tpem',key='$tkey',capath='$tcert'" + tcmd="$tcmd,cert='$tpem',key='$tkey'" + if [ -n "$tcert" ]; then + tcmd="$tcmd,cafile='$tcert'" + fi + if [ -n "$tcap" ]; then + tcmd="$tcmd,capath='$tcap'" fi - wsrep_log_info "$action with cert=$tpem, key=$tkey, ca=$tcert" + wsrep_log_info "$action with cert='$tpem', key='$tkey'," \ + "ca='$tcert', capath='$tcap'" fi else wsrep_log_info "Unknown encryption mode: encrypt=$encrypt" @@ -425,7 +421,9 @@ get_transfer() get_footprint() { pushd "$WSREP_SST_OPT_DATA" 1>/dev/null - payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' -type f -print0 | du --files0-from=- --block-size=1 -c -s | awk 'END { print $1 }') + payload=$(find . -regex '.*\.ibd$\|.*\.MYI$\|.*\.MYD$\|.*ibdata1$' \ + -type f -print0 | du --files0-from=- --block-size=1 -c -s | \ + awk 'END { print $1 }') if [ "$compress" != 'none' ]; then # QuickLZ has around 50% compression ratio # When compression/compaction used, the progress is only an approximate. @@ -438,7 +436,7 @@ get_footprint() adjust_progress() { - if [ -z "$(command -v pv)" ]; then + if [ -z "$(commandex pv)" ]; then wsrep_log_error "pv not found in path: $PATH" wsrep_log_error "Disabling all progress/rate-limiting" pcmd="" @@ -466,50 +464,16 @@ adjust_progress() encgroups='--mysqld|sst|xtrabackup' -check_server_ssl_config() -{ - # backward-compatible behavior: - tcert=$(parse_cnf 'sst' 'tca') - tpem=$(parse_cnf 'sst' 'tcert') - tkey=$(parse_cnf 'sst' 'tkey') - # reading new ssl configuration options: - local tcert2=$(parse_cnf "$encgroups" 'ssl-ca') - local tpem2=$(parse_cnf "$encgroups" 'ssl-cert') - local tkey2=$(parse_cnf "$encgroups" 'ssl-key') - # if there are no old options, then we take new ones: - if [ -z "$tcert" -a -z "$tpem" -a -z "$tkey" ]; then - tcert="$tcert2" - tpem="$tpem2" - tkey="$tkey2" - # checking for presence of the new-style SSL configuration: - elif [ -n "$tcert2" -o -n "$tpem2" -o -n "$tkey2" ]; then - if [ "$tcert" != "$tcert2" -o \ - "$tpem" != "$tpem2" -o \ - "$tkey" != "$tkey2" ] - then - wsrep_log_info "new ssl configuration options (ssl-ca, ssl-cert " \ - "and ssl-key) are ignored by SST due to presence " \ - "of the tca, tcert and/or tkey in the [sst] section" - fi - fi - if [ -n "$tcert" ]; then - tcert=$(trim_string "$tcert") - if [ "${tcert%/}" != "$tcert" ]; then - tpath=1 - fi - fi -} - read_cnf() { sfmt=$(parse_cnf sst streamfmt 'mbstream') tfmt=$(parse_cnf sst transferfmt 'socat') encrypt=$(parse_cnf "$encgroups" 'encrypt' 0) - tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | tr [:lower:] [:upper:]) + tmode=$(parse_cnf "$encgroups" 'ssl-mode' 'DISABLED' | \ + tr [:lower:] [:upper:]) - if [ $encrypt -eq 0 -o $encrypt -ge 2 ] - then + if [ $encrypt -eq 0 -o $encrypt -ge 2 ]; then if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]; then check_server_ssl_config fi @@ -517,11 +481,13 @@ read_cnf() if [ 0 -eq $encrypt -a -n "$tpem" -a -n "$tkey" ] then encrypt=3 # enable cert/key SSL encyption - # avoid CA verification if not set explicitly: - # nodes may happen to have different CA if self-generated - # zeroing up tcert does the trick - [ "${tmode#VERIFY}" != "$tmode" ] || tcert="" + # nodes may happen to have different CA if self-generated, + # zeroing up tcert and tcap does the trick: + if [ "${tmode#VERIFY}" = "$tmode" ]; then + tcert="" + tcap="" + fi fi fi elif [ $encrypt -eq 1 ]; then @@ -535,8 +501,9 @@ read_cnf() fi fi - wsrep_log_info "SSL configuration: CA='$tcert', CERT='$tpem'," \ - "KEY='$tkey', MODE='$tmode', encrypt='$encrypt'" + wsrep_log_info "SSL configuration: CA='$tcert', CAPATH='$tcap'," \ + "CERT='$tpem', KEY='$tkey', MODE='$tmode'," \ + "encrypt='$encrypt'" sockopt=$(parse_cnf sst sockopt "") progress=$(parse_cnf sst progress "") @@ -561,7 +528,8 @@ read_cnf() sstlogarchivedir=$(parse_cnf sst sst-log-archive-dir '/tmp/sst_log_archive') if [ $speciald -eq 0 ]; then - wsrep_log_error "sst-special-dirs equal to 0 is not supported, falling back to 1" + wsrep_log_error \ + "sst-special-dirs equal to 0 is not supported, falling back to 1" speciald=1 fi @@ -589,7 +557,7 @@ get_stream() { if [ "$sfmt" = 'mbstream' -o "$sfmt" = 'xbstream' ]; then sfmt='mbstream' - STREAM_BIN="$(command -v mbstream)" + local STREAM_BIN=$(commandex "$sfmt") if [ -z "$STREAM_BIN" ]; then wsrep_log_error "Streaming with $sfmt, but $sfmt not found in path" exit 42 @@ -621,7 +589,7 @@ cleanup_at_exit() # Since this is invoked just after exit NNN local estatus=$? if [ $estatus -ne 0 ]; then - wsrep_log_error "Cleanup after exit with status:$estatus" + wsrep_log_error "Cleanup after exit with status: $estatus" fi if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then @@ -630,42 +598,47 @@ cleanup_at_exit() else if [ -n "$BACKUP_PID" ]; then if check_pid "$BACKUP_PID" 1; then - wsrep_log_error "mariabackup process is still running. Killing..." + wsrep_log_error \ + "mariabackup process is still running. Killing..." cleanup_pid $CHECK_PID "$BACKUP_PID" fi fi - [ -f "$DATA/$IST_FILE" ] && rm -f "$DATA/$IST_FILE" + [ -f "$DATA/$IST_FILE" ] && rm -f "$DATA/$IST_FILE" || : fi if [ -n "$progress" -a -p "$progress" ]; then - wsrep_log_info "Cleaning up fifo file $progress" - rm -f "$progress" || true + wsrep_log_info "Cleaning up fifo file: $progress" + rm -f "$progress" || : fi wsrep_log_info "Cleaning up temporary directories" if [ "$WSREP_SST_OPT_ROLE" = 'joiner' ]; then - if [ -n "$STATDIR" ]; then - [ -d "$STATDIR" ] && rm -rf "$STATDIR" - fi + [ -n "$STATDIR" -a -d "$STATDIR" ] && rm -rf "$STATDIR" || : else - [ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || true - [ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || true + [ -n "$xtmpdir" -a -d "$xtmpdir" ] && rm -rf "$xtmpdir" || : + [ -n "$itmpdir" -a -d "$itmpdir" ] && rm -rf "$itmpdir" || : fi # Final cleanup - pgid=$(ps -o pgid= $$ | grep -o '[0-9]*') + pgid=$(ps -o pgid= $$ 2>/dev/null | grep -o '[0-9]*' || :) # This means no setsid done in mysqld. # We don't want to kill mysqld here otherwise. - if [ $$ -eq $pgid ]; then - # This means a signal was delivered to the process. - # So, more cleanup. - if [ $estatus -ge 128 ]; then - kill -KILL -- -$$ || true + if [ -n "$pgid" ]; then + if [ $$ -eq $pgid ]; then + # This means a signal was delivered to the process. + # So, more cleanup. + if [ $estatus -ge 128 ]; then + kill -KILL -- -$$ || : + fi fi fi + if [ -n "${SST_PID:-}" ]; then + [ -f "$SST_PID" ] && rm -f "$SST_PID" || : + fi + exit $estatus } @@ -738,7 +711,7 @@ recv_joiner() local ltcmd="$tcmd" if [ $tmt -gt 0 ]; then - if [ -n "$(command -v timeout)" ]; then + if [ -n "$(commandex timeout)" ]; then if timeout --help | grep -qw -- '-k'; then ltcmd="timeout -k $(( tmt+10 )) $tmt $tcmd" else @@ -760,14 +733,14 @@ recv_joiner() popd 1>/dev/null if [ ${RC[0]} -eq 124 ]; then - wsrep_log_error "Possible timeout in receiving first data from " \ + wsrep_log_error "Possible timeout in receiving first data from" \ "donor in gtid stage: exit codes: ${RC[@]}" exit 32 fi for ecode in "${RC[@]}"; do if [ $ecode -ne 0 ]; then - wsrep_log_error "Error while getting data from donor node: " \ + wsrep_log_error "Error while getting data from donor node:" \ "exit codes: ${RC[@]}" exit 32 fi @@ -776,7 +749,7 @@ recv_joiner() if [ $checkf -eq 1 ]; then if [ ! -r "$MAGIC_FILE" ]; then # this message should cause joiner to abort - wsrep_log_error "receiving process ended without creating " \ + wsrep_log_error "receiving process ended without creating" \ "'$MAGIC_FILE'" wsrep_log_info "Contents of datadir" wsrep_log_info $(ls -l "$dir/"*) @@ -784,10 +757,11 @@ recv_joiner() fi # check donor supplied secret - SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) + SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \ + cut -d ' ' -f 2) if [ "$SECRET" != "$MY_SECRET" ]; then wsrep_log_error "Donor does not know my secret!" - wsrep_log_info "Donor:'$SECRET', my:'$MY_SECRET'" + wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" exit 32 fi @@ -810,7 +784,7 @@ send_donor() for ecode in "${RC[@]}"; do if [ $ecode -ne 0 ]; then - wsrep_log_error "Error while sending data to joiner node: " \ + wsrep_log_error "Error while sending data to joiner node:" \ "exit codes: ${RC[@]}" exit 32 fi @@ -823,7 +797,9 @@ monitor_process() while true ; do if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1; then - wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." + wsrep_log_error \ + "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \ + "terminated unexpectedly." kill -- -"$WSREP_SST_OPT_PARENT" exit 32 fi @@ -845,7 +821,7 @@ read_cnf setup_ports if "$BACKUP_BIN" --help 2>/dev/null | grep -qw -- '--version-check'; then - disver='--no-version-check' + disver=' --no-version-check' fi # if no command line argument and INNODB_DATA_HOME_DIR environment variable @@ -867,7 +843,7 @@ INNODB_DATA_HOME_DIR=$(pwd -P) cd "$OLD_PWD" if [ $ssyslog -eq 1 ]; then - if [ -n "$(command -v logger)" ]; then + if [ -n "$(commandex logger)" ]; then wsrep_log_info "Logging all stderr of SST/mariabackup to syslog" exec 2> >(logger -p daemon.err -t ${ssystag}wsrep-sst-$WSREP_SST_OPT_ROLE) @@ -898,10 +874,8 @@ else fi fi - if [ -e "$INNOAPPLYLOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOAPPLYLOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOAPPLYLOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -912,10 +886,8 @@ else gzip "$newfile" fi - if [ -e "$INNOMOVELOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOMOVELOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOMOVELOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -926,10 +898,8 @@ else gzip "$newfile" fi - if [ -e "$INNOBACKUPLOG" ] - then - if [ -n "$sstlogarchivedir" ] - then + if [ -e "$INNOBACKUPLOG" ]; then + if [ -n "$sstlogarchivedir" ]; then newfile=$(basename "$INNOBACKUPLOG") newfile="$sstlogarchivedir/$newfile.$ARCHIVETIMESTAMP" else @@ -949,15 +919,15 @@ setup_commands() { local mysqld_args="" if [ -n "$WSREP_SST_OPT_MYSQLD" ]; then - mysqld_args="--mysqld-args $WSREP_SST_OPT_MYSQLD" + mysqld_args=" --mysqld-args $WSREP_SST_OPT_MYSQLD" fi - if [ -z "$INNODB_FORCE_RECOVERY" ]; then - INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY" - else - INNOAPPLY="$BACKUP_BIN --prepare $disver $iapts $INNOEXTRA --innodb-force-recovery=$INNODB_FORCE_RECOVERY --target-dir='$DATA' --datadir='$DATA' $mysqld_args $INNOAPPLY" + local recovery="" + if [ -n "$INNODB_FORCE_RECOVERY" ]; then + recovery=" --innodb-force-recovery=$INNODB_FORCE_RECOVERY" fi - INNOMOVE="$BACKUP_BIN $WSREP_SST_OPT_CONF --move-back $disver $impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE" - INNOBACKUP="$BACKUP_BIN $WSREP_SST_OPT_CONF --backup $disver $iopts $tmpopts $INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA' $mysqld_args $INNOBACKUP" + INNOAPPLY="$BACKUP_BIN --prepare$disver$recovery${iapts:+ }$iapts$INNOEXTRA --target-dir='$DATA' --datadir='$DATA'$mysqld_args $INNOAPPLY" + INNOMOVE="$BACKUP_BIN$WSREP_SST_OPT_CONF --move-back$disver${impts:+ }$impts --force-non-empty-directories --target-dir='$DATA' --datadir='${TDATA:-$DATA}' $INNOMOVE" + INNOBACKUP="$BACKUP_BIN$WSREP_SST_OPT_CONF --backup$disver${iopts:+ }$iopts$tmpopts$INNOEXTRA --galera-info --stream=$sfmt --target-dir='$itmpdir' --datadir='$DATA'$mysqld_args $INNOBACKUP" } get_stream @@ -985,7 +955,7 @@ then fi wsrep_log_info "Using '$xtmpdir' as mariabackup temporary directory" - tmpopts="--tmpdir='$xtmpdir'" + tmpopts=" --tmpdir='$xtmpdir'" itmpdir="$(mktemp -d)" wsrep_log_info "Using '$itmpdir' as mariabackup working directory" @@ -1055,27 +1025,28 @@ then tcmd="$ecmd | $tcmd" fi - iopts="--databases-exclude='lost+found' $iopts" + iopts="--databases-exclude='lost+found'${iopts:+ }$iopts" if [ ${FORCE_FTWRL:-0} -eq 1 ]; then - wsrep_log_info "Forcing FTWRL due to environment variable FORCE_FTWRL equal to $FORCE_FTWRL" - iopts="--no-backup-locks $iopts" + wsrep_log_info "Forcing FTWRL due to environment variable" \ + "FORCE_FTWRL equal to $FORCE_FTWRL" + iopts="--no-backup-locks${iopts:+ }$iopts" fi # if compression is enabled for backup files, then add the # appropriate options to the mariabackup command line: if [ "$compress" != 'none' ]; then - iopts="--compress${compress:+=$compress} $iopts" + iopts="--compress${compress:+=$compress}${iopts:+ }$iopts" if [ -n "$compress_threads" ]; then - iopts="--compress-threads=$compress_threads $iopts" + iopts="--compress-threads=$compress_threads${iopts:+ }$iopts" fi if [ -n "$compress_chunk" ]; then - iopts="--compress-chunk-size=$compress_chunk $iopts" + iopts="--compress-chunk-size=$compress_chunk${iopts:+ }$iopts" fi fi if [ -n "$backup_threads" ]; then - iopts="--parallel=$backup_threads $iopts" + iopts="--parallel=$backup_threads${iopts:+ }$iopts" fi setup_commands @@ -1084,7 +1055,7 @@ then set -e if [ ${RC[0]} -ne 0 ]; then - wsrep_log_error "mariabackup finished with error: ${RC[0]}. " \ + wsrep_log_error "mariabackup finished with error: ${RC[0]}." \ "Check syslog or '$INNOBACKUPLOG' for details" exit 22 elif [ ${RC[$(( ${#RC[@]}-1 ))]} -eq 1 ]; then @@ -1125,7 +1096,8 @@ then elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ] then - [ -e "$SST_PROGRESS_FILE" ] && wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE" + [ -e "$SST_PROGRESS_FILE" ] && \ + wsrep_log_info "Stale sst_in_progress file: $SST_PROGRESS_FILE" [ -n "$SST_PROGRESS_FILE" ] && touch "$SST_PROGRESS_FILE" ib_home_dir="$INNODB_DATA_HOME_DIR" @@ -1146,13 +1118,26 @@ then ib_undo_dir="$INNODB_UNDO_DIR" if [ -n "$backup_threads" ]; then - impts="--parallel=$backup_threads $impts" + impts="--parallel=$backup_threads${impts:+ }$impts" fi - stagemsg='Joiner-Recv' + SST_PID="$WSREP_SST_OPT_DATA/wsrep_sst.pid" - sencrypted=1 - nthreads=1 + # give some time for previous SST to complete: + check_round=0 + while check_pid "$SST_PID" 0; do + wsrep_log_info "previous SST is not completed, waiting for it to exit" + check_round=$(( check_round + 1 )) + if [ $check_round -eq 10 ]; then + wsrep_log_error "previous SST script still running." + exit 114 # EALREADY + fi + sleep 1 + done + + echo $$ > "$SST_PID" + + stagemsg='Joiner-Recv' MODULE="xtrabackup_sst" @@ -1165,15 +1150,15 @@ then ADDR="$WSREP_SST_OPT_ADDR" - if [ "${tmode#VERIFY}" != "$tmode" ] - then # backward-incompatible behavior + if [ "${tmode#VERIFY}" != "$tmode" ]; then + # backward-incompatible behavior: CN="" - if [ -n "$tpem" ] - then + if [ -n "$tpem" ]; then # find out my Common Name get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error 'openssl not found but it is required for authentication' + wsrep_log_error \ + 'openssl not found but it is required for authentication' exit 42 fi CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$tpem" | \ @@ -1196,7 +1181,7 @@ then fi get_keys - if [ $encrypt -eq 1 -a $sencrypted -eq 1 ]; then + if [ $encrypt -eq 1 ]; then strmcmd="$ecmd | $strmcmd" fi @@ -1213,15 +1198,17 @@ then if ! ps -p "$WSREP_SST_OPT_PARENT" >/dev/null 2>&1 then - wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT) terminated unexpectedly." + wsrep_log_error "Parent mysqld process (PID: $WSREP_SST_OPT_PARENT)" \ + "terminated unexpectedly." exit 32 fi - if [ ! -r "$STATDIR/$IST_FILE" ] - then + if [ ! -r "$STATDIR/$IST_FILE" ]; then if [ -d "$DATA/.sst" ]; then - wsrep_log_info "WARNING: Stale temporary SST directory: '$DATA/.sst' from previous state transfer. Removing" + wsrep_log_info \ + "WARNING: Stale temporary SST directory:" \ + "'$DATA/.sst' from previous state transfer, removing..." rm -rf "$DATA/.sst" fi mkdir -p "$DATA/.sst" @@ -1229,29 +1216,34 @@ then jpid=$! wsrep_log_info "Proceeding with SST" - wsrep_log_info "Cleaning the existing datadir and innodb-data/log directories" + wsrep_log_info \ + "Cleaning the existing datadir and innodb-data/log directories" if [ "$OS" = 'FreeBSD' ]; then find -E ${ib_home_dir:+"$ib_home_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \ - "$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ + "$DATA" -mindepth 1 -prune -regex "$cpat" \ + -o -exec rm -rfv {} 1>&2 \+ else find ${ib_home_dir:+"$ib_home_dir"} \ ${ib_undo_dir:+"$ib_undo_dir"} \ ${ib_log_dir:+"$ib_log_dir"} \ - "$DATA" -mindepth 1 -prune -regex "$cpat" -o -exec rm -rfv {} 1>&2 \+ + "$DATA" -mindepth 1 -prune -regex "$cpat" \ + -o -exec rm -rfv {} 1>&2 \+ fi get_binlog if [ -n "$WSREP_SST_OPT_BINLOG" ]; then binlog_dir=$(dirname "$WSREP_SST_OPT_BINLOG") - cd "$binlog_dir" - wsrep_log_info "Cleaning the binlog directory $binlog_dir as well" - rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || true - [ -f "$WSREP_SST_OPT_BINLOG_INDEX" ] && \ - rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ || true - cd "$OLD_PWD" + if [ -d "$binlog_dir" ]; then + cd "$binlog_dir" + wsrep_log_info "Cleaning the binlog directory $binlog_dir as well" + rm -fv "$WSREP_SST_OPT_BINLOG".[0-9]* 1>&2 \+ || : + [ -f "$WSREP_SST_OPT_BINLOG_INDEX" ] && \ + rm -fv "$WSREP_SST_OPT_BINLOG_INDEX" 1>&2 \+ + cd "$OLD_PWD" + fi fi TDATA="$DATA" @@ -1262,12 +1254,13 @@ then monitor_process $jpid if [ ! -s "$DATA/xtrabackup_checkpoints" ]; then - wsrep_log_error "xtrabackup_checkpoints missing, failed mariabackup/SST on donor" + wsrep_log_error "xtrabackup_checkpoints missing," \ + "failed mariabackup/SST on donor" exit 2 fi # Compact backups are not supported by mariabackup - if grep -q -F 'compact = 1' "$DATA/xtrabackup_checkpoints"; then + if grep -qw -F 'compact = 1' "$DATA/xtrabackup_checkpoints"; then wsrep_log_info "Index compaction detected" wsrel_log_error "Compact backups are not supported by mariabackup" exit 2 @@ -1277,7 +1270,7 @@ then if [ -n "$qpfiles" ]; then wsrep_log_info "Compressed qpress files found" - if [ -z "$(command -v qpress)" ]; then + if [ -z "$(commandex qpress)" ]; then wsrep_log_error "qpress utility not found in the path" exit 22 fi @@ -1300,14 +1293,17 @@ then # Decompress the qpress files wsrep_log_info "Decompression with $nproc threads" - timeit "Joiner-Decompression" "find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd" + timeit "Joiner-Decompression" \ + "find '$DATA' -type f -name '*.qp' -printf '%p\n%h\n' | $dcmd" extcode=$? if [ $extcode -eq 0 ]; then wsrep_log_info "Removing qpress files after decompression" find "$DATA" -type f -name '*.qp' -delete if [ $? -ne 0 ]; then - wsrep_log_error "Something went wrong with deletion of qpress files. Investigate" + wsrep_log_error \ + "Something went wrong with deletion of qpress files." \ + "Investigate" fi else wsrep_log_error "Decompression failed. Exit code: $extcode" @@ -1321,7 +1317,7 @@ then BINLOG_FILENAME=$(basename "$WSREP_SST_OPT_BINLOG") # To avoid comparing data directory and BINLOG_DIRNAME - mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || true + mv "$DATA/$BINLOG_FILENAME".* "$BINLOG_DIRNAME/" 2>/dev/null || : cd "$BINLOG_DIRNAME" for bfile in $(ls -1 "$BINLOG_FILENAME".[0-9]*); do @@ -1336,7 +1332,8 @@ then timeit "mariabackup prepare stage" "$INNOAPPLY" if [ $? -ne 0 ]; then - wsrep_log_error "mariabackup apply finished with errors. Check syslog or '$INNOAPPLYLOG' for details" + wsrep_log_error "mariabackup apply finished with errors." \ + "Check syslog or '$INNOAPPLYLOG' for details." exit 22 fi diff --git a/scripts/wsrep_sst_mysqldump.sh b/scripts/wsrep_sst_mysqldump.sh index 798bee1ac10..bed2cac0a9a 100644 --- a/scripts/wsrep_sst_mysqldump.sh +++ b/scripts/wsrep_sst_mysqldump.sh @@ -19,7 +19,6 @@ # This is a reference script for mysqldump-based state snapshot tansfer . $(dirname "$0")/wsrep_sst_common -PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin EINVAL=22 @@ -93,8 +92,7 @@ DROP PREPARE stmt;" SET_START_POSITION="SET GLOBAL wsrep_start_position='$WSREP_SST_OPT_GTID';" SET_WSREP_GTID_DOMAIN_ID="" -if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ] -then +if [ -n $WSREP_SST_OPT_GTID_DOMAIN_ID ]; then SET_WSREP_GTID_DOMAIN_ID=" SET @val = (SELECT GLOBAL_VALUE FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES WHERE VARIABLE_NAME = 'WSREP_GTID_STRICT_MODE' AND GLOBAL_VALUE > 0); SET @stmt = IF (@val IS NOT NULL, 'SET GLOBAL WSREP_GTID_DOMAIN_ID=$WSREP_SST_OPT_GTID_DOMAIN_ID', 'SET @dummy = 0'); @@ -103,7 +101,7 @@ then DROP PREPARE stmt;" fi -MYSQL="$MYSQL_CLIENT $WSREP_SST_OPT_CONF_UNQUOTED "\ +MYSQL="$MYSQL_CLIENT$WSREP_SST_OPT_CONF_UNQUOTED "\ "$AUTH -h$WSREP_SST_OPT_HOST_UNESCAPED "\ "-P$WSREP_SST_OPT_PORT --disable-reconnect --connect_timeout=10" @@ -125,8 +123,7 @@ SET_GTID_BINLOG_STATE="" SQL_LOG_BIN_OFF="" # Safety check -if [ ${SERVER_VERSION%%.*} -gt 5 ] -then +if [ ${SERVER_VERSION%%.*} -gt 5 ]; then # If binary logging is enabled on the joiner node, we need to copy donor's # gtid_binlog_state to joiner. In order to do that, a RESET MASTER must be # executed to erase binary logs (if any). Binary logging should also be @@ -140,7 +137,7 @@ then fi # NOTE: we don't use --routines here because we're dumping mysql.proc table -MYSQLDUMP="$MYSQLDUMP $WSREP_SST_OPT_CONF_UNQUOTED $AUTH -S$WSREP_SST_OPT_SOCKET \ +MYSQLDUMP="$MYSQLDUMP$WSREP_SST_OPT_CONF_UNQUOTED $AUTH -S$WSREP_SST_OPT_SOCKET \ --add-drop-database --add-drop-table --skip-add-locks --create-options \ --disable-keys --extended-insert --skip-lock-tables --quick --set-charset \ --skip-comments --flush-privileges --all-databases --events" diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh index 29c9cd43470..28dfed18218 100644 --- a/scripts/wsrep_sst_rsync.sh +++ b/scripts/wsrep_sst_rsync.sh @@ -17,7 +17,7 @@ # Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston # MA 02110-1335 USA. -# This is a reference script for rsync-based state snapshot tansfer +# This is a reference script for rsync-based state snapshot transfer RSYNC_REAL_PID=0 # rsync process id STUNNEL_REAL_PID=0 # stunnel process id @@ -25,9 +25,6 @@ STUNNEL_REAL_PID=0 # stunnel process id OS="$(uname)" [ "$OS" = 'Darwin' ] && export -n LD_LIBRARY_PATH -# Setting the path for lsof on CentOS -export PATH="/usr/sbin:/sbin:$PATH" - . $(dirname "$0")/wsrep_sst_common wsrep_check_datadir @@ -37,13 +34,14 @@ cleanup_joiner() { local failure=0 - wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID, stunnel PID=$STUNNEL_REAL_PID" + wsrep_log_info "Joiner cleanup: rsync PID=$RSYNC_REAL_PID," \ + "stunnel PID=$STUNNEL_REAL_PID" if [ -n "$STUNNEL" ]; then if cleanup_pid $STUNNEL_REAL_PID "$STUNNEL_PID" "$STUNNEL_CONF"; then if [ $RSYNC_REAL_PID -eq 0 ]; then if [ -r "$RSYNC_PID" ]; then - RSYNC_REAL_PID=$(cat "$RSYNC_PID" 2>/dev/null) + RSYNC_REAL_PID=$(cat "$RSYNC_PID" 2>/dev/null || :) if [ -z "$RSYNC_REAL_PID" ]; then RSYNC_REAL_PID=0 fi @@ -81,18 +79,18 @@ check_pid_and_port() local utils='rsync|stunnel' - if ! check_port "$pid" "$port" "$utils"; then + if ! check_port $pid "$port" "$utils"; then local port_info local busy=0 if [ $lsof_available -ne 0 ]; then port_info=$(lsof -Pnl -i ":$port" 2>/dev/null | \ - grep -F '(LISTEN)') + grep -F '(LISTEN)') echo "$port_info" | \ grep -q -E "[[:space:]](\\*|\\[?::\\]?):$port[[:space:]]" && busy=1 else local filter='([^[:space:]]+[[:space:]]+){4}[^[:space:]]+' - if [ $sockstat_available -eq 1 ]; then + if [ $sockstat_available -ne 0 ]; then local opts='-p' if [ "$OS" = 'FreeBSD' ]; then # sockstat on FreeBSD requires the "-s" option @@ -112,19 +110,21 @@ check_pid_and_port() fi if [ $busy -eq 0 ]; then - if echo "$port_info" | grep -qw -F "[$addr]:$port" || \ - echo "$port_info" | grep -qw -F -- "$addr:$port" + if ! echo "$port_info" | grep -qw -F "[$addr]:$port" && \ + ! echo "$port_info" | grep -qw -F -- "$addr:$port" then - busy=1 + if ! ps -p $pid >/dev/null 2>&1; then + wsrep_log_error \ + "rsync or stunnel daemon (PID: $pid)" \ + "terminated unexpectedly." + exit 16 # EBUSY + fi + return 1 fi fi - if [ $busy -eq 0 ]; then - return 1 - fi - - if ! check_port "$pid" "$port" "$utils"; then - wsrep_log_error "rsync or stunnel daemon port '$port' " \ + if ! check_port $pid "$port" "$utils"; then + wsrep_log_error "rsync or stunnel daemon port '$port'" \ "has been taken by another program" exit 16 # EBUSY fi @@ -199,60 +199,23 @@ INNODB_UNDO_DIR=$(pwd -P) cd "$OLD_PWD" -# Old filter - include everything except selected -# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \ -# --exclude '*.conf' --exclude core --exclude 'galera.*' \ -# --exclude grastate.txt --exclude '*.pem' \ -# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index') +encgroups='--mysqld|sst' -# New filter - exclude everything except dirs (schemas) and innodb files -FILTER="-f '- /lost+found' - -f '- /.zfs' - -f '- /.fseventsd' - -f '- /.Trashes' - -f '- /.pid' - -f '- /.conf' - -f '+ /wsrep_sst_binlog.tar' - -f '- $INNODB_DATA_HOME_DIR/ib_lru_dump' - -f '- $INNODB_DATA_HOME_DIR/ibdata*' - -f '+ $INNODB_UNDO_DIR/undo*' - -f '+ /*/' - -f '- /*'" - -# old-style SSL config -SSTKEY=$(parse_cnf 'sst' 'tkey') -SSTCERT=$(parse_cnf 'sst' 'tcert') -SSTCA=$(parse_cnf 'sst' 'tca') - -SST_SECTIONS="--mysqld|sst" +check_server_ssl_config -check_server_ssl_config() -{ - SSTKEY=$(parse_cnf "$SST_SECTIONS" 'ssl-key') - SSTCERT=$(parse_cnf "$SST_SECTIONS" 'ssl-cert') - SSTCA=$(parse_cnf "$SST_SECTIONS" 'ssl-ca') -} +SSTKEY="$tkey" +SSTCERT="$tpem" +SSTCA="$tcert" +SSTCAP="$tcap" -SSLMODE=$(parse_cnf "$SST_SECTIONS" 'ssl-mode' | tr [:lower:] [:upper:]) - -# no old-style SSL config in [sst], check for new one: -if [ -z "$SSTKEY" -a -z "$SSTCERT" -a -z "$SSTCA" ]; then - check_server_ssl_config -fi - -SSTPATH=0 -if [ -n "$SSTCA" ]; then - SSTCA=$(trim_string "$SSTCA") - if [ "${SSTCA%/}" != "$SSTCA" ]; then - SSTPATH=1 - fi -fi +SSLMODE=$(parse_cnf "$encgroups" 'ssl-mode' | tr [:lower:] [:upper:]) if [ -z "$SSLMODE" ]; then # Implicit verification if CA is set and the SSL mode # is not specified by user: - if [ -n "$SSTCA" ]; then - if [ -n "$(command -v stunnel)" ]; then + if [ -n "$SSTCA$SSTCAP" ]; then + STUNNEL_BIN=$(commandex 'stunnel') + if [ -n "$STUNNEL_BIN" ]; then SSLMODE='VERIFY_CA' fi # Require SSL by default if SSL key and cert are present: @@ -261,28 +224,28 @@ if [ -z "$SSLMODE" ]; then fi fi -if [ -n "$SSTCERT" -a -n "$SSTKEY" ]; then +if [ -n "$SSTKEY" -a -n "$SSTCERT" ]; then verify_cert_matches_key "$SSTCERT" "$SSTKEY" fi -if [ -n "$SSTCA" ]; then - if [ $SSTPATH -eq 0 ]; then +CAFILE_OPT="" +CAPATH_OPT="" +if [ -n "$SSTCA$SSTCAP" ]; then + if [ -n "$SSTCA" ]; then CAFILE_OPT="CAfile = $SSTCA" - else - CAFILE_OPT="CApath = $SSTCA" + fi + if [ -n "$SSTCAP" ]; then + CAPATH_OPT="CApath = $SSTCAP" fi if [ -n "$SSTCERT" ]; then - verify_ca_matches_cert "$SSTCA" "$SSTCERT" $SSTPATH + verify_ca_matches_cert "$SSTCERT" "$SSTCA" "$SSTCAP" fi -else - CAFILE_OPT="" fi VERIFY_OPT="" CHECK_OPT="" CHECK_OPT_LOCAL="" -if [ "${SSLMODE#VERIFY}" != "$SSLMODE" ] -then +if [ "${SSLMODE#VERIFY}" != "$SSLMODE" ]; then case "$SSLMODE" in 'VERIFY_IDENTITY') VERIFY_OPT='verifyPeer = yes' @@ -295,7 +258,7 @@ then exit 22 # EINVAL ;; esac - if [ -z "$SSTCA" ]; then + if [ -z "$SSTCA$SSTCAP" ]; then wsrep_log_error "Can't have ssl-mode='$SSLMODE' without CA file or path" exit 22 # EINVAL fi @@ -318,9 +281,12 @@ fi STUNNEL="" if [ -n "$SSLMODE" -a "$SSLMODE" != 'DISABLED' ]; then - STUNNEL_BIN="$(command -v stunnel)" + if [ -z "${STUNNEL_BIN+x}" ]; then + STUNNEL_BIN=$(commandex 'stunnel') + fi if [ -n "$STUNNEL_BIN" ]; then - wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA', ssl-mode='$SSLMODE'" + wsrep_log_info "Using stunnel for SSL encryption: CA: '$SSTCA'," \ + "CAPATH='$SSTCAP', ssl-mode='$SSLMODE'" STUNNEL="$STUNNEL_BIN $STUNNEL_CONF" fi fi @@ -340,6 +306,7 @@ then key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -354,8 +321,9 @@ EOF [ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF" fi - if [ $WSREP_SST_OPT_BYPASS -eq 0 ] - then + RC=0 + + if [ $WSREP_SST_OPT_BYPASS -eq 0 ]; then FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed" ERROR="$WSREP_SST_OPT_DATA/sst_error" @@ -370,11 +338,11 @@ EOF # (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR # (c) ERROR file, in case flush tables operation failed. - while [ ! -r "$FLUSHED" ] && ! grep -q -F ':' "$FLUSHED" >/dev/null 2>&1 + while [ ! -r "$FLUSHED" ] && \ + ! grep -q -F ':' '--' "$FLUSHED" >/dev/null 2>&1 do # Check whether ERROR file exists. - if [ -f "$ERROR" ] - then + if [ -f "$ERROR" ]; then # Flush tables operation failed. rm -f "$ERROR" exit 255 @@ -387,24 +355,22 @@ EOF sync - if [ -n "$WSREP_SST_OPT_BINLOG" ] + if [ -n "$WSREP_SST_OPT_BINLOG" -a -d "${BINLOG_DIRNAME:-}" ] then # Prepare binlog files cd "$BINLOG_DIRNAME" - binlog_files_full=$(tail -n $BINLOG_N_FILES "$WSREP_SST_OPT_BINLOG_INDEX") - + binlog_files_full=$(tail -n $BINLOG_N_FILES \ + "$WSREP_SST_OPT_BINLOG_INDEX") binlog_files="" - for ii in $binlog_files_full - do - binlog_file=$(basename "$ii") - binlog_files="$binlog_files $binlog_file" + for file in $binlog_files_full; do + binlog_file=$(basename "$file") + binlog_files="$binlog_files${binlog_files:+ }'$binlog_file'" done - if [ -n "$binlog_files" ] - then + if [ -n "$binlog_files" ]; then wsrep_log_info "Preparing binlog files for transfer:" - tar -cvf "$BINLOG_TAR_FILE" $binlog_files >&2 + eval tar -cvf "'$BINLOG_TAR_FILE'" $binlog_files >&2 fi cd "$OLD_PWD" @@ -417,9 +383,29 @@ EOF WHOLE_FILE_OPT="--whole-file" fi - # first, the normal directories, so that we can detect incompatible protocol - RC=0 - eval rsync ${STUNNEL:+"'--rsh=$STUNNEL'"} \ +# Old filter - include everything except selected +# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \ +# --exclude '*.conf' --exclude core --exclude 'galera.*' \ +# --exclude grastate.txt --exclude '*.pem' \ +# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index') + +# New filter - exclude everything except dirs (schemas) and innodb files +FILTER="-f '- /lost+found' + -f '- /.zfs' + -f '- /.fseventsd' + -f '- /.Trashes' + -f '- /.pid' + -f '- /.conf' + -f '+ /wsrep_sst_binlog.tar' + -f '- $INNODB_DATA_HOME_DIR/ib_lru_dump' + -f '- $INNODB_DATA_HOME_DIR/ibdata*' + -f '+ $INNODB_UNDO_DIR/undo*' + -f '+ /*/' + -f '- /*'" + + # first, the normal directories, so that we can detect + # incompatible protocol: + eval rsync ${STUNNEL:+"--rsh='$STUNNEL'"} \ --owner --group --perms --links --specials \ --ignore-times --inplace --dirs --delete --quiet \ $WHOLE_FILE_OPT $FILTER "'$WSREP_SST_OPT_DATA/'" \ @@ -430,8 +416,9 @@ EOF case $RC in 12) RC=71 # EPROTO wsrep_log_error \ - "rsync server on the other end has incompatible protocol. " \ - "Make sure you have the same version of rsync on all nodes." + "rsync server on the other end has incompatible" \ + "protocol. Make sure you have the same version of" \ + "rsync on all nodes." ;; 22) RC=12 # ENOMEM ;; @@ -472,7 +459,7 @@ EOF cd "$WSREP_SST_OPT_DATA" - backup_threads=$(parse_cnf "--mysqld|sst" 'backup-threads') + backup_threads=$(parse_cnf '--mysqld|sst' 'backup-threads') if [ -z "$backup_threads" ]; then get_proc backup_threads=$nproc @@ -481,9 +468,9 @@ EOF find . -maxdepth 1 -mindepth 1 -type d -not -name 'lost+found' \ -not -name '.zfs' -print0 | xargs -I{} -0 -P $backup_threads \ rsync ${STUNNEL:+--rsh="$STUNNEL"} \ - --owner --group --perms --links --specials \ - --ignore-times --inplace --recursive --delete --quiet \ - $WHOLE_FILE_OPT --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \ + --owner --group --perms --links --specials --ignore-times \ + --inplace --recursive --delete --quiet $WHOLE_FILE_OPT \ + --exclude '*/ib_logfile*' --exclude '*/aria_log.*' \ --exclude '*/aria_log_control' "$WSREP_SST_OPT_DATA/{}/" \ "rsync://$WSREP_SST_OPT_ADDR/{}" >&2 || RC=$? @@ -514,7 +501,13 @@ EOF fi rsync ${STUNNEL:+--rsh="$STUNNEL"} \ - --archive --quiet --checksum "$MAGIC_FILE" "rsync://$WSREP_SST_OPT_ADDR" + --archive --quiet --checksum "$MAGIC_FILE" \ + "rsync://$WSREP_SST_OPT_ADDR" >&2 || RC=$? + + if [ $RC -ne 0 ]; then + wsrep_log_error "rsync $MAGIC_FILE returned code $RC:" + exit 255 # unknown error + fi echo "done $STATE" @@ -527,12 +520,11 @@ elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' ] then check_sockets_utils - SST_PID="$WSREP_SST_OPT_DATA/wsrep_rsync_sst.pid" + SST_PID="$WSREP_SST_OPT_DATA/wsrep_sst.pid" # give some time for previous SST to complete: check_round=0 - while check_pid "$SST_PID" 0 - do + while check_pid "$SST_PID" 0 'wsrep_sst_'; do wsrep_log_info "previous SST is not completed, waiting for it to exit" check_round=$(( check_round + 1 )) if [ $check_round -eq 10 ]; then @@ -542,11 +534,13 @@ then sleep 1 done + echo $$ > "$SST_PID" + # give some time for stunnel from the previous SST to complete: check_round=0 - while check_pid "$STUNNEL_PID" 1 - do - wsrep_log_info "lingering stunnel daemon found at startup, waiting for it to exit" + while check_pid "$STUNNEL_PID" 1; do + wsrep_log_info "Lingering stunnel daemon found at startup," \ + "waiting for it to exit" check_round=$(( check_round + 1 )) if [ $check_round -eq 10 ]; then wsrep_log_error "stunnel daemon already running." @@ -561,9 +555,9 @@ then # give some time for rsync from the previous SST to complete: check_round=0 - while check_pid "$RSYNC_PID" 1 - do - wsrep_log_info "lingering rsync daemon found at startup, waiting for it to exit" + while check_pid "$RSYNC_PID" 1; do + wsrep_log_info "Lingering rsync daemon found at startup," \ + "waiting for it to exit" check_round=$(( check_round + 1 )) if [ $check_round -eq 10 ]; then wsrep_log_error "rsync daemon already running." @@ -575,9 +569,7 @@ then [ -f "$MAGIC_FILE" ] && rm -f "$MAGIC_FILE" [ -f "$BINLOG_TAR_FILE" ] && rm -f "$BINLOG_TAR_FILE" - if [ -z "$STUNNEL" ]; then - [ -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF" - fi + [ -z "$STUNNEL" -a -f "$STUNNEL_CONF" ] && rm -f "$STUNNEL_CONF" ADDR="$WSREP_SST_OPT_ADDR" RSYNC_PORT="$WSREP_SST_OPT_PORT" @@ -626,21 +618,21 @@ EOF RSYNC_ADDR="*" fi - echo $$ > "$SST_PID" - - if [ -z "$STUNNEL" ] - then - rsync --daemon --no-detach --port "$RSYNC_PORT" --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS & + if [ -z "$STUNNEL" ]; then + rsync --daemon --no-detach --port "$RSYNC_PORT" \ + --config "$RSYNC_CONF" $RSYNC_EXTRA_ARGS & RSYNC_REAL_PID=$! TRANSFER_REAL_PID=$RSYNC_REAL_PID TRANSFER_PID="$RSYNC_PID" else # Let's check if the path to the config file contains a space? + RSYNC_BIN=$(commandex 'rsync') if [ "${RSYNC_CONF#* }" = "$RSYNC_CONF" ]; then cat << EOF > "$STUNNEL_CONF" key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -650,17 +642,18 @@ ${CHECK_OPT} ${CHECK_OPT_LOCAL} [rsync] accept = $STUNNEL_ACCEPT -exec = $(command -v rsync) +exec = $RSYNC_BIN execargs = rsync --server --daemon --config=$RSYNC_CONF . EOF else # The path contains a space, so we will run it via # shell with "eval" command: - export RSYNC_CMD="eval $(command -v rsync) --server --daemon --config='$RSYNC_CONF' ." + export RSYNC_CMD="eval '$RSYNC_BIN' --server --daemon --config='$RSYNC_CONF' ." cat << EOF > "$STUNNEL_CONF" key = $SSTKEY cert = $SSTCERT ${CAFILE_OPT} +${CAPATH_OPT} foreground = yes pid = $STUNNEL_PID debug = warning @@ -688,7 +681,8 @@ EOF # find out my Common Name get_openssl if [ -z "$OPENSSL_BINARY" ]; then - wsrep_log_error 'openssl not found but it is required for authentication' + wsrep_log_error \ + 'openssl not found but it is required for authentication' exit 42 fi CN=$("$OPENSSL_BINARY" x509 -noout -subject -in "$SSTCERT" | \ @@ -703,7 +697,8 @@ EOF ADDR="$WSREP_SST_OPT_HOST" fi - until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT" + until check_pid_and_port "$TRANSFER_PID" $TRANSFER_REAL_PID \ + "$RSYNC_ADDR_UNESCAPED" "$RSYNC_PORT" do sleep 0.2 done @@ -722,7 +717,7 @@ EOF if ! ps -p $MYSQLD_PID >/dev/null 2>&1 then wsrep_log_error \ - "Parent mysqld process (PID: $MYSQLD_PID) terminated unexpectedly." + "Parent mysqld process (PID: $MYSQLD_PID) terminated unexpectedly." kill -- -$MYSQLD_PID sleep 1 exit 32 @@ -768,10 +763,11 @@ EOF if [ -r "$MAGIC_FILE" ]; then if [ -n "$MY_SECRET" ]; then # check donor supplied secret - SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | cut -d ' ' -f 2) + SECRET=$(grep -F -- "$SECRET_TAG " "$MAGIC_FILE" 2>/dev/null | \ + cut -d ' ' -f 2) if [ "$SECRET" != "$MY_SECRET" ]; then wsrep_log_error "Donor does not know my secret!" - wsrep_log_info "Donor:'$SECRET', my:'$MY_SECRET'" + wsrep_log_info "Donor: '$SECRET', my: '$MY_SECRET'" exit 32 fi # remove secret from the magic file, and output |