MDEV-27682: bundled wsrep_notify.sh causes mariadbd to freeze during start

This commit adds automation that will reduce the possibility
of user errors when customizing wsrep_notify.sh (in particular
caused by user-specified parameters). Now all leading and trailing
spaces are removed from the user-specified parameters and automatic
port and host address substitution has been added to scripts, as
well as automatic password substitution to the client command line,
only if it is specified in the wsrep_notify.sh and not as empty
strings. Also added support for automatic substitution of the all
SSL-related parameters and improved parsing for ipv6 addresses
(to allow "[...]" notation for ipv6 addresses). Also added a
test to check if the wsrep notify script will works with SSL.

Author: sysprg

mysql-test/include/ipv6.inc

@@ -22,4 +22,3 @@ eval SET PASSWORD FOR testuser1@'$IPv6' = PASSWORD ('9876');
 --replace_result ::1 localhost
 SELECT USER();
 eval DROP USER testuser1@'$IPv6';
-

mysql-test/std_data/wsrep_notify.sh

@@ -4,11 +4,31 @@
 # It will create 'wsrep' schema and two tables in it: 'membeship' and 'status'
 # and fill them on every membership or node status change.
 #
-# Edit parameters below to specify the address and login to server.
-
+# Edit parameters below to specify the address and login to server:
+#
 USER=root
+PSWD=
+#
+# If these parameters are not set, then the values
+# passed by the server are taken:
+#
 HOST=127.0.0.1
 PORT=$NODE_MYPORT_1
+#
+# Edit parameters below to specify SSL parameters:
+#
+ssl_key=
+ssl_cert=
+ssl_ca=
+ssl_capath=
+ssl_cipher=
+ssl_crl=
+ssl_crlpath=
+ssl_verify_server_cert=0
+#
+# Client executable path:
+#
+CLIENT="$EXE_MYSQL"
 
 SCHEMA="mtr_wsrep_notify"
 MEMB_TABLE="$SCHEMA.membership"
@@ -19,7 +39,7 @@ SET wsrep_on=0;
 CREATE SCHEMA IF NOT EXISTS $SCHEMA;
 CREATE TABLE IF NOT EXISTS $MEMB_TABLE (
     idx  INT,
-    uuid CHAR(40), /* node UUID */
+    uuid CHAR(40),        /* node UUID */
     name VARCHAR(32),     /* node name */
     addr VARCHAR(256)     /* node address */
 ) ENGINE=MEMORY;
@@ -40,7 +60,7 @@ configuration_change()
 
     local idx=0
 
-    for NODE in $(echo $MEMBERS | sed s/,/\ /g)
+    for NODE in $(echo "$MEMBERS" | sed s/,/\ /g)
     do
         echo "INSERT INTO $MEMB_TABLE VALUES ( $idx, "
         # Don't forget to properly quote string values
@@ -59,17 +79,44 @@ status_update()
     echo "SET wsrep_on=0; BEGIN; UPDATE $STATUS_TABLE SET status='$STATUS'; COMMIT;"
 }
 
+trim_string()
+{
+    if [ -n "${BASH_VERSION:-}" ]; then
+        local pattern="[![:space:]${2:-}]"
+        local x="${1#*$pattern}"
+        local z=${#1}
+        x=${#x}
+        if [ $x -ne $z ]; then
+            local y="${1%$pattern*}"
+            y=${#y}
+            x=$(( z-x-1 ))
+            y=$(( y-x+1 ))
+            printf '%s' "${1:$x:$y}"
+        else
+            printf ''
+        fi
+    else
+        local pattern="[[:space:]${2:-}]"
+        echo "$1" | sed -E "s/^$pattern+|$pattern+\$//g"
+    fi
+}
+
 COM=status_update # not a configuration change by default
 
-while [ $# -gt 0 ]
-do
+STATUS=""
+CLUSTER_UUID=""
+PRIMARY="0"
+INDEX=""
+MEMBERS=""
+
+while [ $# -gt 0 ]; do
     case $1 in
     --status)
-        STATUS=$2
+        STATUS=$(trim_string "$2")
         shift
         ;;
     --uuid)
-        CLUSTER_UUID=$2
+        CLUSTER_UUID=$(trim_string "$2")
         shift
         ;;
     --primary)
@@ -78,22 +125,71 @@ do
         shift
         ;;
     --index)
-        INDEX=$2
+        INDEX=$(trim_string "$2")
         shift
         ;;
     --members)
-        MEMBERS=$2
+        MEMBERS=$(trim_string "$2")
         shift
         ;;
     esac
     shift
 done
 
-# Undefined means node is shutting down
-if [ "$STATUS" != "Undefined" ]
+USER=$(trim_string "$USER")
+PSWD=$(trim_string "$PSWD")
+
+HOST=$(trim_string "$HOST")
+PORT=$(trim_string "$PORT")
+
+case "$HOST" in
+\[*)
+    HOST="${HOST##\[}"
+    HOST=$(trim_string "${HOST%%\]}")
+    ;;
+esac
+
+if [ -z "$HOST" ]; then
+    HOST="${NOTIFY_HOST:-}"
+fi
+if [ -z "$PORT" ]; then
+    PORT="${NOTIFY_PORT:-}"
+fi
+
+ssl_key=$(trim_string "$ssl_key");
+ssl_cert=$(trim_string "$ssl_cert");
+ssl_ca=$(trim_string "$ssl_ca");
+ssl_capath=$(trim_string "$ssl_capath");
+ssl_cipher=$(trim_string "$ssl_cipher");
+ssl_crl=$(trim_string "$ssl_crl");
+ssl_crlpath=$(trim_string "$ssl_crlpath");
+ssl_verify_server_cert=$(trim_string "$ssl_verify_server_cert");
+
+SSL_PARAM=""
+
+if [ -n "$ssl_key" -o -n "$ssl_cert" -o \
+     -n "$ssl_ca"  -o -n "$ssl_capath" -o \
+     -n "$ssl_cipher" ]
 then
-    $COM | mysql -B -u$USER -h$HOST -P$PORT
+    SSL_PARAM=' --ssl'
+    [ -n "$ssl_key" ]     && SSL_PARAM="$SSL_PARAM --ssl-key='$ssl_key'"
+    [ -n "$ssl_cert" ]    && SSL_PARAM="$SSL_PARAM --ssl-cert='$ssl_cert'"
+    [ -n "$ssl_ca" ]      && SSL_PARAM="$SSL_PARAM --ssl-ca='$ssl_ca'"
+    [ -n "$ssl_capath" ]  && SSL_PARAM="$SSL_PARAM --ssl-capath='$ssl_capath'"
+    [ -n "$ssl_cipher" ]  && SSL_PARAM="$SSL_PARAM --ssl-cipher='$ssl_cipher'"
+    [ -n "$ssl_crl" ]     && SSL_PARAM="$SSL_PARAM --ssl-crl='$ssl_crl'"
+    [ -n "$ssl_crlpath" ] && SSL_PARAM="$SSL_PARAM --ssl-crlpath='$ssl_crlpath'"
+    if [ -n "$ssl_verify_server_cert" ]; then
+        if [ $ssl_verify_server_cert -ne 0 ]; then
+            SSL_PARAM+=' --ssl-verify-server-cert'
+        fi
+    fi
+fi
+
+# Undefined means node is shutting down
+if [ "$STATUS" != 'Undefined' ]; then
+    "$COM" | eval "$CLIENT" -B "-u'$USER'"${PSWD:+" -p'$PSWD'"}\
+                               "-h'$HOST'" "-P$PORT"$SSL_PARAM
 fi
 
 exit 0
-#

mysql-test/std_data/wsrep_notify_ssl.sh

@@ -0,0 +1,195 @@
+#!/bin/sh -eu
+
+# This is a simple example of wsrep notification script (wsrep_notify_cmd).
+# It will create 'wsrep' schema and two tables in it: 'membeship' and 'status'
+# and fill them on every membership or node status change.
+#
+# Edit parameters below to specify the address and login to server:
+#
+USER=root
+PSWD=
+#
+# If these parameters are not set, then the values
+# passed by the server are taken:
+#
+HOST=127.0.0.1
+PORT=$NODE_MYPORT_1
+#
+# Edit parameters below to specify SSL parameters:
+#
+ssl_cert="$MYSQL_TEST_DIR/std_data/client-cert.pem"
+ssl_key="$MYSQL_TEST_DIR/std_data/client-key.pem"
+ssl_ca="$MYSQL_TEST_DIR/std_data/cacert.pem"
+ssl_capath=
+ssl_cipher=
+ssl_crl=
+ssl_crlpath=
+ssl_verify_server_cert=0
+#
+# Client executable path:
+#
+CLIENT="$EXE_MYSQL"
+
+SCHEMA="mtr_wsrep_notify"
+MEMB_TABLE="$SCHEMA.membership"
+STATUS_TABLE="$SCHEMA.status"
+
+BEGIN="
+SET wsrep_on=0;
+CREATE SCHEMA IF NOT EXISTS $SCHEMA;
+CREATE TABLE IF NOT EXISTS $MEMB_TABLE (
+    idx  INT,
+    uuid CHAR(40),        /* node UUID */
+    name VARCHAR(32),     /* node name */
+    addr VARCHAR(256)     /* node address */
+) ENGINE=MEMORY;
+CREATE TABLE IF NOT EXISTS $STATUS_TABLE (
+    size   INT,      /* component size   */
+    idx    INT,      /* this node index  */
+    status CHAR(16), /* this node status */
+    uuid   CHAR(40), /* cluster UUID */
+    prim   BOOLEAN   /* if component is primary */
+) ENGINE=MEMORY;
+BEGIN;
+"
+END="COMMIT;"
+
+configuration_change()
+{
+    echo "$BEGIN;"
+
+    local idx=0
+
+    for NODE in $(echo "$MEMBERS" | sed s/,/\ /g)
+    do
+        echo "INSERT INTO $MEMB_TABLE VALUES ( $idx, "
+        # Don't forget to properly quote string values
+        echo "'$NODE'" | sed  s/\\//\',\'/g
+        echo ");"
+        idx=$(( $idx + 1 ))
+    done
+
+    echo "INSERT INTO $STATUS_TABLE VALUES($idx, $INDEX, '$STATUS', '$CLUSTER_UUID', $PRIMARY);"
+
+    echo "$END"
+}
+
+status_update()
+{
+    echo "SET wsrep_on=0; BEGIN; UPDATE $STATUS_TABLE SET status='$STATUS'; COMMIT;"
+}
+
+trim_string()
+{
+    if [ -n "${BASH_VERSION:-}" ]; then
+        local pattern="[![:space:]${2:-}]"
+        local x="${1#*$pattern}"
+        local z=${#1}
+        x=${#x}
+        if [ $x -ne $z ]; then
+            local y="${1%$pattern*}"
+            y=${#y}
+            x=$(( z-x-1 ))
+            y=$(( y-x+1 ))
+            printf '%s' "${1:$x:$y}"
+        else
+            printf ''
+        fi
+    else
+        local pattern="[[:space:]${2:-}]"
+        echo "$1" | sed -E "s/^$pattern+|$pattern+\$//g"
+    fi
+}
+
+COM=status_update # not a configuration change by default
+
+STATUS=""
+CLUSTER_UUID=""
+PRIMARY="0"
+INDEX=""
+MEMBERS=""
+
+while [ $# -gt 0 ]; do
+    case $1 in
+    --status)
+        STATUS=$(trim_string "$2")
+        shift
+        ;;
+    --uuid)
+        CLUSTER_UUID=$(trim_string "$2")
+        shift
+        ;;
+    --primary)
+        [ "$2" = "yes" ] && PRIMARY="1" || PRIMARY="0"
+        COM=configuration_change
+        shift
+        ;;
+    --index)
+        INDEX=$(trim_string "$2")
+        shift
+        ;;
+    --members)
+        MEMBERS=$(trim_string "$2")
+        shift
+        ;;
+    esac
+    shift
+done
+
+USER=$(trim_string "$USER")
+PSWD=$(trim_string "$PSWD")
+
+HOST=$(trim_string "$HOST")
+PORT=$(trim_string "$PORT")
+
+case "$HOST" in
+\[*)
+    HOST="${HOST##\[}"
+    HOST=$(trim_string "${HOST%%\]}")
+    ;;
+esac
+
+if [ -z "$HOST" ]; then
+    HOST="${NOTIFY_HOST:-}"
+fi
+if [ -z "$PORT" ]; then
+    PORT="${NOTIFY_PORT:-}"
+fi
+
+ssl_key=$(trim_string "$ssl_key");
+ssl_cert=$(trim_string "$ssl_cert");
+ssl_ca=$(trim_string "$ssl_ca");
+ssl_capath=$(trim_string "$ssl_capath");
+ssl_cipher=$(trim_string "$ssl_cipher");
+ssl_crl=$(trim_string "$ssl_crl");
+ssl_crlpath=$(trim_string "$ssl_crlpath");
+ssl_verify_server_cert=$(trim_string "$ssl_verify_server_cert");
+
+SSL_PARAM=""
+
+if [ -n "$ssl_key" -o -n "$ssl_cert" -o \
+     -n "$ssl_ca"  -o -n "$ssl_capath" -o \
+     -n "$ssl_cipher" ]
+then
+    SSL_PARAM=' --ssl'
+    [ -n "$ssl_key" ]     && SSL_PARAM="$SSL_PARAM --ssl-key='$ssl_key'"
+    [ -n "$ssl_cert" ]    && SSL_PARAM="$SSL_PARAM --ssl-cert='$ssl_cert'"
+    [ -n "$ssl_ca" ]      && SSL_PARAM="$SSL_PARAM --ssl-ca='$ssl_ca'"
+    [ -n "$ssl_capath" ]  && SSL_PARAM="$SSL_PARAM --ssl-capath='$ssl_capath'"
+    [ -n "$ssl_cipher" ]  && SSL_PARAM="$SSL_PARAM --ssl-cipher='$ssl_cipher'"
+    [ -n "$ssl_crl" ]     && SSL_PARAM="$SSL_PARAM --ssl-crl='$ssl_crl'"
+    [ -n "$ssl_crlpath" ] && SSL_PARAM="$SSL_PARAM --ssl-crlpath='$ssl_crlpath'"
+    if [ -n "$ssl_verify_server_cert" ]; then
+        if [ $ssl_verify_server_cert -ne 0 ]; then
+            SSL_PARAM+=' --ssl-verify-server-cert'
+        fi
+    fi
+fi
+
+# Undefined means node is shutting down
+if [ "$STATUS" != 'Undefined' ]; then
+    "$COM" | eval "$CLIENT" -B "-u'$USER'"${PSWD:+" -p'$PSWD'"}\
+                               "-h'$HOST'" "-P$PORT"$SSL_PARAM
+fi
+
+exit 0

mysql-test/suite/galera/r/galera_var_notify_ssl_ipv6.result

@@ -0,0 +1,11 @@
+connection node_1;
+SELECT COUNT(DISTINCT uuid) AS EXPECT_2 FROM mtr_wsrep_notify.membership;
+EXPECT_2
+2
+SELECT MAX(size) AS EXPECT_2 FROM mtr_wsrep_notify.status;
+EXPECT_2
+2
+SELECT COUNT(DISTINCT idx) AS EXPECT_2 FROM mtr_wsrep_notify.status;
+EXPECT_2
+2
+DROP SCHEMA mtr_wsrep_notify;

mysql-test/suite/galera/t/galera_var_notify_ssl_ipv6-master.opt

@@ -0,0 +1 @@
+--wsrep_notify_cmd=$MYSQL_TEST_DIR/std_data/wsrep_notify_ssl.sh --wsrep-sync-wait=0