MDEV-31809 addendum: corrections for SST scripts and for test failures

Author: sysprg

mysql-test/suite/galera/t/galera_defaults.cnf

@@ -1,5 +1,8 @@
 !include ../galera_2nodes.cnf
 
+[mysqld]
+wsrep_sst_auth="root:"
+
 [mysqld.1]
 wsrep_provider_options='base_port=@mysqld.1.#galera_port;gmcast.segment=1'
 

scripts/wsrep_sst_common.sh

@@ -152,7 +152,6 @@ WSREP_SST_OPT_DATA=""
 WSREP_SST_OPT_AUTH="${WSREP_SST_OPT_AUTH:-}"
 WSREP_SST_OPT_USER="${WSREP_SST_OPT_USER:-}"
 WSREP_SST_OPT_PSWD="${WSREP_SST_OPT_PSWD:-}"
-WSREP_SST_OPT_REMOTE_AUTH="${WSREP_SST_OPT_REMOTE_AUTH:-}"
 WSREP_SST_OPT_DEFAULT=""
 WSREP_SST_OPT_DEFAULTS=""
 WSREP_SST_OPT_EXTRA_DEFAULT=""
@@ -1008,11 +1007,6 @@ in_config()
  echo $found
 }
 
-wsrep_auth_not_set()
-{
- [ -z "$WSREP_SST_OPT_AUTH" ]
-}
-
 # Get rid of incorrect values resulting from substitution
 # in programs external to the script:
 if [ "$WSREP_SST_OPT_USER" = '(null)' ]; then
@@ -1028,12 +1022,12 @@ fi
 # Let's read the value of the authentication string from the
 # configuration file so that it does not go to the command line
 # and does not appear in the ps output:
-if wsrep_auth_not_set; then
+if [ -z "$WSREP_SST_OPT_AUTH" ]; then
  WSREP_SST_OPT_AUTH=$(parse_cnf 'sst' 'wsrep-sst-auth')
 fi
 
 # Splitting WSREP_SST_OPT_AUTH as "user:password" pair:
-if ! wsrep_auth_not_set; then
+if [ -n "$WSREP_SST_OPT_AUTH" ]; then
  # Extract username as shortest prefix up to first ':' character:
  WSREP_SST_OPT_AUTH_USER="${WSREP_SST_OPT_AUTH%%:*}"
  if [ -z "$WSREP_SST_OPT_USER" ]; then
@@ -1057,12 +1051,13 @@ if ! wsrep_auth_not_set; then
  fi
 fi
 
+WSREP_SST_OPT_REMOTE_AUTH="${WSREP_SST_OPT_REMOTE_AUTH:-}"
 WSREP_SST_OPT_REMOTE_USER=
 WSREP_SST_OPT_REMOTE_PSWD=
 if [ -n "$WSREP_SST_OPT_REMOTE_AUTH" ]; then
  # Split auth string at the last ':'
- readonly WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}"
- readonly WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}"
+ WSREP_SST_OPT_REMOTE_USER="${WSREP_SST_OPT_REMOTE_AUTH%%:*}"
+ WSREP_SST_OPT_REMOTE_PSWD="${WSREP_SST_OPT_REMOTE_AUTH#*:}"
 fi
 
 # Reads incoming data from STDIN and sets the variables
@@ -1077,8 +1072,9 @@ fi
 read_variables_from_stdin()
 {
  while read line; do
- key=${line%%=*}
- value=${line#*=}
+ local key="${line%%=*}"
+ local value=""
+ [ "$key" != "$line" ] && value="${line#*=}"
  case "$key" in
  'sst_user')
  WSREP_SST_OPT_USER="$value"

scripts/wsrep_sst_mariabackup.sh

@@ -1098,15 +1098,13 @@ if [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then
  itmpdir="$(mktemp -d)"
  wsrep_log_info "Using '$itmpdir' as mariadb-abackup working directory"
 
- usrst=0
  if [ -n "$WSREP_SST_OPT_USER" ]; then
  INNOEXTRA="$INNOEXTRA --user='$WSREP_SST_OPT_USER'"
- usrst=1
  fi
 
  if [ -n "$WSREP_SST_OPT_PSWD" ]; then
  export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
- elif [ $usrst -eq 1 ]; then
+ elif [ -n "$WSREP_SST_OPT_USER" ]; then
  # Empty password, used for testing, debugging etc.
  unset MYSQL_PWD
  fi

scripts/wsrep_sst_mysqldump.sh

@@ -47,10 +47,19 @@ if ! $MYSQL_CLIENT --version | grep -q -E '(Distrib 10\.[1-9])|( from 1[1-9]\.)'
 fi
 
 AUTH=""
-usrst=0
 if [ -n "$WSREP_SST_OPT_USER" ]; then
  AUTH="-u$WSREP_SST_OPT_USER"
- usrst=1
+fi
+
+# Both donor and joiner must have the same wsrep_sst_auth
+# configuration and different (and thus automatically generated)
+# authentication credentials can't be used for this type of SST.
+# In this case the SST will fail if joiner does not provide
+# correct authentication.
+REMOTE_AUTH="$AUTH"
+if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
+ REMOTE_AUTH="-u$WSREP_SST_OPT_REMOTE_USER"
+ [ -z "$AUTH" ] && AUTH="$REMOTE_AUTH"
 fi
 
 # Refs https://github.com/codership/mysql-wsrep/issues/141
@@ -64,19 +73,16 @@ fi
 # word, it is arguably more secure than passing password on the command line.
 if [ -n "$WSREP_SST_OPT_REMOTE_PSWD" ]; then
  export MYSQL_PWD="$WSREP_SST_OPT_REMOTE_PSWD"
-elif [ $usrst -eq 1 ]; then
+elif [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then
+ # Empty password, used for testing, debugging etc.
+ unset MYSQL_PWD
+elif [ -n "$WSREP_SST_OPT_PSWD" ]; then
+ export MYSQL_PWD="$WSREP_SST_OPT_PSWD"
+elif [ -n "$WSREP_SST_OPT_USER" ]; then
  # Empty password, used for testing, debugging etc.
  unset MYSQL_PWD
 fi
 
-# The above also means that both donor and joiner must have the same
-# wsrep_sst_auth configuration and and different (and thus automatically
-# generated) authentication credentials can't be used for this type of SST
-# In this case the SST will fail if joiner does not provide correct
-# authentication.
-[ -n "$WSREP_SST_OPT_REMOTE_USER" ] && REMOTE_AUTH="-u$WSREP_SST_OPT_REMOTE_USER" || REMOTE_AUTH=
-[ -n "$REMOTE_AUTH" ] && AUTH="$REMOTE_AUTH" || AUTH=
-
 STOP_WSREP='SET wsrep_on=OFF;'
 
 # mysqldump cannot restore CSV tables, fix this issue

sql/wsrep_sst.cc

@@ -1576,7 +1576,9 @@ wsrep_sst_cleanup_user(THD* const thd)
  if ((err = mysql.errnum()) ||
  (err = mysql.disable_replication()) ||
  ((err = mysql.execute("DELETE FROM mysql.user WHERE user LIKE '" SST_USER_PREFIX "%';")) &&
- err != ER_NO_SUCH_TABLE)) {
+ err != ER_NO_SUCH_TABLE &&
+ err != ER_UPDATE_WITHOUT_KEY_IN_SAFE_MODE))
+ {
  WSREP_WARN("Failed to clean up SST user(s): %d (%s)", err, mysql.errstr());
  }
 }