Uploaded image for project: 'Percona Toolkit'
  1. Percona Toolkit
  2. PT-1730

Provide a Percona-maintained version of perl-DBD-MySQL

    XMLWordPrintable

    Details

    • Type: Admin & Maintenance Task
    • Status: In QA
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 3.0.13
    • Fix Version/s: None
    • Component/s: Packaging
    • Labels:
    • Needs QA:
      Yes

      Description

      The toolkit is dependent on perl-DBD-MySQL, which means that the libraries are installed by default; the current latest version for CentOS 7 is perl-DBD-MySQL-4.023

      This is built against mysql-devel, which is provided by MariaDB and is thus 5.5-based, so as a result it is not possible to force TLSv1.2 on 5.6->8.0 versions of MySQL and maintain use of the toolkit with secured connections.

      Here is a clear example of an issue that arises as a result of this:

      $ mysql -Bse "select @@version, @@version_comment, @@tls_version" 2>/dev/null
      5.6.42-84.2-56  Percona XtraDB Cluster (GPL), Release rel84.2, Revision e942874, WSREP version 28.30, wsrep_28.30       TLSv1.2
      
      $ mysql -Bse "select ssl_type from mysql.user where user = substring_index(replace(current_user(), \"'\", ''), '@', 1) limit 1" 2>/dev/null
      ANY
      
      $ pt-heartbeat --check --database=percona h=xxx.xxx.xxx.xxx
      DBI connect('percona;host=xxx.xxx.xxx.xxx;mysql_read_default_group=client','',...) failed: SSL connection error: error:00000001:lib(0):func(0):reason(1) at /bin/pt-heartbeat line 2888.
      
      $ mysql -Bse "select @@version, @@version_comment, @@tls_version" 2>/dev/null
      5.6.42-84.2-56  Percona XtraDB Cluster (GPL), Release rel84.2, Revision e942874, WSREP version 28.30, wsrep_28.30       TLSv1.1,TLSv1.2
      
      $ pt-heartbeat --check --database=percona h=xxx.xxx.xxx.xxx
      DBD::mysql::db selectrow_arrayref failed: Table 'percona.heartbeat' doesn't exist [for Statement "SHOW CREATE TABLE `percona`.`heartbeat`"] at /bin/pt-heartbeat line 5993.

      N.B. the last error is to be expected - display purposes only

      As noted in PT-1724, simply rebuilding against 5.7 from the source RPM is not possible due to net_buffer_length and against 8.0 will fail with even more issues. Additionally, as noted in PT-191 and also perl5-dbi#issue264 TLS is not on by default.

      Suggested fix is to build a suitable version of perl-DBD-MySQL against a recent 5.7 with OpenSSL, as that should be less work than against 8.0 and still allows TLSv1.2 plus authentication with the caching_sha2_password plugin.

        Smart Checklist

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                hrvoje.matijakovic Hrvoje Matijakovic
                Reporter:
                ceri.williams Ceri Williams
                Votes:
                3 Vote for this issue
                Watchers:
                8 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    Time Tracking

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - Not Specified
                    Not Specified
                    Logged:
                    Time Spent - 1 week, 2 days, 20 minutes
                    1w 2d 20m