Uploaded image for project: 'Percona XtraDB Cluster'
  1. Percona XtraDB Cluster
  2. PXC-2269

pxc_encrypt_cluster_traffic is not dynamic, but it allows set global

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.7.24-31.33
    • Component/s: Documentation
    • Labels:
      None

      Description

      The pxc_encrypt_cluster_traffic variable is not dynamic, but set global does not return an error and changes the online state, which is misleading. 

      How to reproduce

      In a 1-node cluster without the encryption settings in place (no ssl settings set in wsrep_provider_options nor the said variable set), execute:

       

      node1 > SHOW GLOBAL VARIABLES LIKE 'pxc_encrypt_cluster_traffic';
      +-----------------------------+-------+
      | Variable_name               | Value |
      +-----------------------------+-------+
      | pxc_encrypt_cluster_traffic | OFF   |
      +-----------------------------+-------+
      1 row in set (0.02 sec)
      
      node1 > set global pxc_encrypt_cluster_traffic=1;
      Query OK, 0 rows affected (0.00 sec)
      
      node1 > SHOW GLOBAL VARIABLES LIKE 'pxc_encrypt_cluster_traffic';
      +-----------------------------+-------+
      | Variable_name               | Value |
      +-----------------------------+-------+
      | pxc_encrypt_cluster_traffic | ON    |
      +-----------------------------+-------+
      1 row in set (0.01 sec)
      

      Later, try to start another node, with proper encryption settings in place, but it won't join anyway, with error:

      2018-10-23T08:50:10.335845Z 0 [ERROR] WSREP: handshake with remote endpoint ssl://172.28.128.6:4567 failed: asio.ssl:336031996: 'unknown protocol' ( 336031996: 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO
      :unknown protocol')

      This is because this variable, as documented, is not dynamic, and rolling enabling encrypted cluster communication is not possible. 

      Therefore, the set global should return an error instead.

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                kenn.takara Kenn Takara
                Reporter:
                przemyslaw.malkowski@percona.com Przemyslaw Malkowski
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 7 hours
                  7h