maria-discuss team mailing list archive

Thread
Date

Galera with stunnel for rsync sst method

To: maria-discuss@xxxxxxxxxxxxxxxxxxx
From: John Fawcett <john@xxxxxxxxxxxxxx>
Date: Sat, 15 Oct 2022 13:00:53 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1

Hi

Can someone point out or help with a step by step guide to setting upGalera to use stunnel for rsync sst?


I was following the instructions here:

https://mariadb.com/kb/en/introduction-to-state-snapshot-transfers-ssts/

and my main doubts are:

1. Does stunnel itself have to be configured and if so is it the sameconfiguration on all galera nodes?


2. Does stunnel have to be running as a service on any of the galera nodes?

3. Does the configuration shown in the galera documentation

[sst]
tkey = /etc/my.cnf.d/certificates/client-key.pem
tcert = /etc/my.cnf.d/certificates/client-cert.pem

have to be done on all the galera nodes?

4. Do the above key and cert have to be the same (or have to bedifferent) on all galera nodes?

5. more of a stunnel question, but following the link from the galeradocumentation to the stunnel documentation for certificate generation,


https://www.stunnel.org/howto.html

I got stuck on this command which no longer works on openssl 3.0.5.5:

openssl gendh 2048 >> stunnel.pem

Any idea on what has replaced it?

Thanks for any help.

John