← Back to team overview

maria-discuss team mailing list archive

  1. maria-discuss team
  2. Mailing list archive
  3. Message #04828

MaxScale behaviour differs for TLs and non-TLS clients

  Thread PreviousDate PreviousThread Next 
Hi,

I'm (still) testing MaxScale, set up to connect only to the master node, on
Ubuntu 16.04 fronting a Galera cluster. The cluster comprises of 2 MariaDB
10.1 instances on different servers, with a Galera Arbitrator instance
running on the MaxScale server. I'm testing this using the MariaDB client
(mysql) from a fourth machine.

My test scenario is to see what the client experiences if I stop and
restart a MariaDB node part-way through a transaction. I start with the
"slave" node, to give me a baseline for comparison, before doing it with
the master node. However, the baseline case gives me different results,
depending on whether the MySQL client is connecting via TLS or not.

If I connect to MaxScale via TLS, the connection disappears when the
"slave" node comes back (but not when it goes down). Watching it via a
network packet trace, I can see that, just after the slave comes back up,
MaxScale sends the client an encrypted packet to the mysql client, then
sends a MySQL Quit command to the master node before disconnecting. The
syslog contains the line "[galeramon] There are no cluster members".

If I connect to MaxScale without TLS, the connection remains stable
regardless of the number of times the slave node goes down and up, and the
"galeramon" line doesn't appear in the syslog. (I discovered this when I
disabled the TLS in order to see what the encrypted packet being sent to
the client was...I still don't know what it is!)

Has anyone else come across this behaviour?

MaxScale is configured as follows (the commented-out configuration is
uncommented when connecting via TLS):

[dbnode1]
type=server
address=172.16.1.22
port=3306
protocol=MySQLBackend

priority=1


[dbnode2]
type=server
address=172.16.1.23
port=3306
protocol=MySQLBackend

priority=2


[Galera Monitor]
type=monitor
module=galeramon
servers=dbnode1,dbnode2
user=galeramon
passwd=galeramon
monitor_interval=1000
available_when_donor=true
use_priority=true

[Galera Service]
type=service
router=readrouteconn

router_options=master

servers=dbnode1,dbnode2
user=galeramon
passwd=galeramon

[MaxAdmin Service]
type=service
router=cli

[Galera Listener]
type=listener
service=Galera Service
protocol=MySQLClient
port=3306
#ssl=required
#ssl_version=TLSv12
#ssl_cert=/etc/mysql/ssl/server-cert.pem
#ssl_key=/etc/mysql/ssl/server-key.pem
#ssl_ca_cert=/etc/mysql/ssl/ca-cert.pem
#ssl_cert_verify_depth=1

[MaxAdmin Listener]
type=listener
service=MaxAdmin Service
protocol=maxscaled
socket=default


PC

Follow ups

  Thread PreviousDate PreviousThread Next