From 6b81883170e8d54d8c2efdb1a6b5b37df43e4b6d Mon Sep 17 00:00:00 2001 From: Alexey Yurchenko Date: Fri, 14 Dec 2018 21:29:17 +0200 Subject: Remove provider defaults check from 'galera_defaults' MTR test From time to time Galera adds new parameters or changes defaults to existing ones. Every time this happens galera_defaults test needs a fix (and a commit) because it insists on checking these defaults. This is making life hard because any Galera update may require a fix to MariaDB code even though it is totally unrelated and defeats the whole idea of a provider living its own life. This commit removes checking for provider defaults to avoid false positive failures on MariaDB side. --- mysql-test/suite/galera/r/galera_defaults.result | 1 - mysql-test/suite/galera/t/galera_defaults.test | 23 ----------------------- 2 files changed, 24 deletions(-) (limited to 'mysql-test') diff --git a/mysql-test/suite/galera/r/galera_defaults.result b/mysql-test/suite/galera/r/galera_defaults.result index 8083784bb01..6871ec6d56b 100644 --- a/mysql-test/suite/galera/r/galera_defaults.result +++ b/mysql-test/suite/galera/r/galera_defaults.result @@ -52,4 +52,3 @@ WSREP_SST_DONOR WSREP_SST_DONOR_REJECTS_QUERIES OFF WSREP_SST_METHOD rsync WSREP_SYNC_WAIT 15 -; ; ; cert.log_conflicts = no; debug = no; evs.auto_evict = 0; evs.causal_keepalive_period = PT1S; evs.debug_log_mask = 0x1; evs.delay_margin = PT1S; evs.delayed_keep_period = PT30S; evs.inactive_check_period = PT0.5S; evs.inactive_timeout = PT30S; evs.info_log_mask = 0; evs.install_timeout = PT15S; evs.join_retrans_period = PT1S; evs.keepalive_period = PT1S; evs.max_install_timeouts = 3; evs.send_window = 4; evs.stats_report_period = PT1M; evs.suspect_timeout = PT10S; evs.use_aggregate = true; evs.user_send_window = 2; evs.version = 0; evs.view_forget_timeout = P1D; ; gcache.keep_pages_size = 0; gcache.mem_size = 0; ; gcache.page_size = 128M; gcache.recover = no; gcache.size = 10M; gcomm.thread_prio = ; gcs.fc_debug = 0; gcs.fc_factor = 1.0; gcs.fc_limit = 16; gcs.fc_master_slave = no; gcs.max_packet_size = 64500; gcs.max_throttle = 0.25; ; gcs.recv_q_soft_limit = 0.25; gcs.sync_donor = no; ; gmcast.mcast_addr = ; gmcast.mcast_ttl = 1; gmcast.peer_timeout = PT3S; gmcast.segment = 0; gmcast.time_wait = PT5S; gmcast.version = 0; ; pc.announce_timeout = PT3S; pc.checksum = false; pc.ignore_quorum = false; pc.ignore_sb = false; pc.linger = PT20S; pc.npvo = false; pc.recovery = true; pc.version = 0; pc.wait_prim = true; pc.wait_prim_timeout = PT30S; pc.weight = 1; protonet.backend = asio; protonet.version = 0; repl.causal_read_timeout = PT90S; repl.commit_order = 3; repl.key_format = FLAT8; repl.max_ws_size = 2147483647; ;socket.checksum = 2; socket.recv_buf_size = 212992; diff --git a/mysql-test/suite/galera/t/galera_defaults.test b/mysql-test/suite/galera/t/galera_defaults.test index 0ad97916302..3d4a7da7b54 100644 --- a/mysql-test/suite/galera/t/galera_defaults.test +++ b/mysql-test/suite/galera/t/galera_defaults.test @@ -36,26 +36,3 @@ AND VARIABLE_NAME NOT IN ( 'WSREP_PATCH_VERSION' ) ORDER BY VARIABLE_NAME; - -# wsrep_provider_options -# -# We replace the ones that vary from run to run with placeholders - ---let _WSREP_PROVIDER_OPTIONS = `SELECT @@wsrep_provider_options` ---perl - use strict; - my $wsrep_provider_options = $ENV{'_WSREP_PROVIDER_OPTIONS'}; - $wsrep_provider_options =~ s/base_dir = .*?;/;/sgio; - $wsrep_provider_options =~ s/base_host = .*?;/;/sgio; - $wsrep_provider_options =~ s/base_port = .*?;/;/sgio; - $wsrep_provider_options =~ s/gcache\.dir = .*?;/;/sgio; - $wsrep_provider_options =~ s/gcache\.name = .*?;/;/sgio; - $wsrep_provider_options =~ s/gmcast\.listen_addr = .*?;/;/sgio; - $wsrep_provider_options =~ s/gcs\.recv_q_hard_limit = .*?;/;/sgio; - $wsrep_provider_options =~ s/ist\.recv_addr = .*?;/;/sgio; - $wsrep_provider_options =~ s/evs\.evict = .*?;/;/sgio; - $wsrep_provider_options =~ s/signal = .*?;\s*//sgio; - $wsrep_provider_options =~ s/dbug = .*?;\s*//sgio; - $wsrep_provider_options =~ s/repl.proto_max = .*?;\s*/;/sgio; - print $wsrep_provider_options."\n"; -EOF -- cgit v1.2.1 From 8a46b9fe3bb9034d3559cf81505e61d07b1765a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Tue, 27 Nov 2018 15:26:18 +0200 Subject: MDEV-17771: Add Galera ist and sst tests using mariabackup Add check that file key management plugin is found. --- mysql-test/suite/galera/include/have_filekeymanagement.inc | 3 +++ mysql-test/suite/galera/suite.pm | 2 ++ mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test | 1 + 3 files changed, 6 insertions(+) create mode 100644 mysql-test/suite/galera/include/have_filekeymanagement.inc (limited to 'mysql-test') diff --git a/mysql-test/suite/galera/include/have_filekeymanagement.inc b/mysql-test/suite/galera/include/have_filekeymanagement.inc new file mode 100644 index 00000000000..f5507ca4548 --- /dev/null +++ b/mysql-test/suite/galera/include/have_filekeymanagement.inc @@ -0,0 +1,3 @@ +# +# Used in galera/suite.pm to check file key management plugin +# diff --git a/mysql-test/suite/galera/suite.pm b/mysql-test/suite/galera/suite.pm index 57615e5e94a..8b7b7034fac 100644 --- a/mysql-test/suite/galera/suite.pm +++ b/mysql-test/suite/galera/suite.pm @@ -96,6 +96,8 @@ if (which(socat)) { sub skip_combinations { my %skip = (); + $skip{'include/have_filekeymanagement.inc'} = 'needs file_key_management plugin' + unless $ENV{FILE_KEY_MANAGEMENT_SO}; $skip{'include/have_xtrabackup.inc'} = 'Need innobackupex' unless which(innobackupex); $skip{'include/have_xtrabackup.inc'} = 'Need socat or nc' diff --git a/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test b/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test index 03eef64facc..02407547083 100644 --- a/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test +++ b/mysql-test/suite/galera/t/galera_sst_mariabackup_table_options.test @@ -1,5 +1,6 @@ --source include/big_test.inc --source include/galera_cluster.inc +--source include/have_filekeymanagement.inc --source include/innodb_encrypt_tables.inc --source include/have_mariabackup.inc -- cgit v1.2.1 From ee543beabf01c1eff15fc8e888ef62fc99efbaed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Mon, 17 Dec 2018 07:05:27 +0200 Subject: MDEV-18021: Galera test galera_sst_mariabackup_table_options fails if AES_CTR is not available Problem is that if you use bundled yassl AES_CTR is not supported. There is a way to detect that but as we really want to keep this test enabled did not add skip for missing support. Changed method to AES_CBC as there is no need to use AES_CTR. --- mysql-test/include/innodb_encrypt_tables.combinations | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mysql-test') diff --git a/mysql-test/include/innodb_encrypt_tables.combinations b/mysql-test/include/innodb_encrypt_tables.combinations index cb32fea998a..4ca9b672119 100644 --- a/mysql-test/include/innodb_encrypt_tables.combinations +++ b/mysql-test/include/innodb_encrypt_tables.combinations @@ -3,12 +3,12 @@ innodb_encrypt_tables=ON plugin-load-add=$FILE_KEY_MANAGEMENT_SO loose-file-key-management loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt -file-key-management-encryption-algorithm=aes_ctr +file-key-management-encryption-algorithm=aes_cbc [clear] innodb_encrypt_tables=OFF plugin-load-add=$FILE_KEY_MANAGEMENT_SO loose-file-key-management loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt -file-key-management-encryption-algorithm=aes_ctr +file-key-management-encryption-algorithm=aes_cbc -- cgit v1.2.1 From 8c43f963882a9d5ac4e4289c8dd3dbcaeb40a0ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 17 Dec 2018 19:00:35 +0200 Subject: Follow-up to MDEV-12112: corruption in encrypted table may be overlooked The initial fix only covered a part of Mariabackup. This fix hardens InnoDB and XtraDB in a similar way, in order to reduce the probability of mistaking a corrupted encrypted page for a valid unencrypted one. This is based on work by Thirunarayanan Balathandayuthapani. fil_space_verify_crypt_checksum(): Assert that key_version!=0. Let the callers guarantee that. Now that we have this assertion, we also know that buf_page_is_zeroes() cannot hold. Also, remove all diagnostic output and related parameters, and let the relevant callers emit such messages. Last but not least, validate the post-encryption checksum according to the innodb_checksum_algorithm (only accepting one checksum for the strict variants), and no longer try to validate the page as if it was unencrypted. buf_page_is_zeroes(): Move to the compilation unit of the only callers, and declare static. xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before calling fil_space_verify_crypt_checksum(). This is a non-functional change. buf_dblwr_process(): Validate the page only as encrypted or unencrypted, but not both. --- mysql-test/suite/encryption/r/innodb-force-corrupt.result | 3 +-- mysql-test/suite/encryption/t/innodb-force-corrupt.test | 9 ++++----- 2 files changed, 5 insertions(+), 7 deletions(-) (limited to 'mysql-test') diff --git a/mysql-test/suite/encryption/r/innodb-force-corrupt.result b/mysql-test/suite/encryption/r/innodb-force-corrupt.result index 7d63f47d17e..3b1a2d8300f 100644 --- a/mysql-test/suite/encryption/r/innodb-force-corrupt.result +++ b/mysql-test/suite/encryption/r/innodb-force-corrupt.result @@ -1,5 +1,4 @@ -call mtr.add_suppression("InnoDB: The page \\[page id: space=[1-9][0-9]*, page number=[1-9][0-9]*\\] in file '.*test.t[123]\\.ibd' cannot be decrypted\\."); -call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed file read of tablespace test/t[0-9]+ page \[page id: space=[0-9]+, page number=[0-9]+\]. You may have to recover from a backup."); +call mtr.add_suppression("InnoDB: Encrypted page \\d+:[36] in file .*test.t[123]\\.ibd looks corrupted; key_version=3221342974"); SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; diff --git a/mysql-test/suite/encryption/t/innodb-force-corrupt.test b/mysql-test/suite/encryption/t/innodb-force-corrupt.test index cb6440127cc..07f79c6b378 100644 --- a/mysql-test/suite/encryption/t/innodb-force-corrupt.test +++ b/mysql-test/suite/encryption/t/innodb-force-corrupt.test @@ -7,8 +7,7 @@ # Don't test under embedded -- source include/not_embedded.inc -call mtr.add_suppression("InnoDB: The page \\[page id: space=[1-9][0-9]*, page number=[1-9][0-9]*\\] in file '.*test.t[123]\\.ibd' cannot be decrypted\\."); -call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed file read of tablespace test/t[0-9]+ page \[page id: space=[0-9]+, page number=[0-9]+\]. You may have to recover from a backup."); +call mtr.add_suppression("InnoDB: Encrypted page \\d+:[36] in file .*test.t[123]\\.ibd looks corrupted; key_version=3221342974"); --disable_warnings SET GLOBAL innodb_file_format = `Barracuda`; @@ -53,17 +52,17 @@ perl; open(FILE, "+<", "$ENV{MYSQLD_DATADIR}/test/t1.ibd") or die "open"; binmode FILE; seek(FILE, $ENV{'INNODB_PAGE_SIZE'} * 3 + 26, SEEK_SET) or die "seek"; -print FILE pack("H*", "c00lcafedeadb017"); +print FILE pack("H*", "c001cafedeadb017"); close FILE or die "close"; open(FILE, "+<", "$ENV{MYSQLD_DATADIR}/test/t2.ibd") or die "open"; binmode FILE; seek(FILE, $ENV{'INNODB_PAGE_SIZE'} * 3 + 26, SEEK_SET) or die "seek"; -print FILE pack("H*", "c00lcafedeadb017"); +print FILE pack("H*", "c001cafedeadb017"); close FILE or die "close"; open(FILE, "+<", "$ENV{MYSQLD_DATADIR}/test/t3.ibd") or die "open"; binmode FILE; seek(FILE, $ENV{'INNODB_PAGE_SIZE'} * 3 + 26, SEEK_SET) or die "seek"; -print FILE pack("H*", "c00lcafedeadb017"); +print FILE pack("H*", "c001cafedeadb017"); close FILE or die "close"; EOF -- cgit v1.2.1