A.2. Tungsten Clustering 5.0.0 GA (7 December 2015)

VMware Continuent for Clustering 5.0.0 is a major release that incorporates the following changes:

  • The software release has been renamed. The filename now starts with vmware-continuent-clustering.

    The documentation has not been updated to reflect this change. While reading these examples you will see references to tungsten-replicator which will apply to your software release.

  • The connector now uses bridge-mode by default for all new installations and upgrades that do not have read-write splitting configured.

  • Security, including file permissions and TLS/SSL is now enabled by default. For more information, see Section 2.9, “Deployment Security”.

  • TLS/SSL is supported as the default encrypted communication channel. TLS uses either the v1.1, or v1.2 depending on the available Java environment used for execution. For TLS v1.2, use Java 8 or higher.

  • License keys are now required during installation. For more information, see Section 2.4, “Deploy License Keys”.

  • Support for RHEL 7 and CentOS 7.

  • Basic support for MySQL 5.7.

  • Cleaner and simpler directory layout for the replicator.

Upgrading from previous versions should be fully tested before attempted in a production environment. The changes listed below affect tpm output and the requirements for operation.

Behavior Changes

The following changes have been made to Tungsten Clustering and may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

  • Tungsten Clustering now enables security by default. Security includes:

    • Authentication between command-line tools (cctrl) and background services.

    • SSL/TLS between command-line tools and background services.

    • SSL/TLS between Tungsten Replicator and datasources.

    • SSL/TLS between Tungsten Connector and datasources.

    • File permissions and access by all components.

    The security changes require certificate files to be generated prior to operation. The tpm command can do that during upgrade if you are using a staging directory. Alternatively, you can create the certificates and update your configuration with the corresponding argument. This is required if you are installing from an INI file. See Section 2.9.4, “Installing from a Staging Host with Manually Generated Certificates” or Section 2.9.5, “Installing via INI File with Manually Generated Certificates” for more information. This functionality may be disabled by adding --disable-security-controls to your configuration.

    If you would like tpm to generate the necessary certificates from the staging directory. Run tpm update with the --replace-tls-certificate and --replace-jgroups-certificate options.

    staging-shell> ./tools/tpm update --replace-tls-certificate --replace-jgroups-certificate

    For more information, see Section 2.9, “Deployment Security”.

  • Tungsten Clustering now requires license keys in order to operate.

    License keys are provided to all customers with an active support contract. Login to my.vmware.com to identify your support contract and the associated license keys. After collecting the license keys, they should be placed into /etc/tungsten/continuent.licenses or /opt/continuent/share/continuent.licenses. The /opt/continuent path should be replaced with your value for --install-directory. Place each license on a new line in the file and make sure it is readable by the tungsten system user.

    If you are testing VMware Continuent or don't have your license key, talk with your sales contact for assistance. You may enable a trial-mode by using the license key TRIAL. This will not affect the runtime operation of VMware Continuent but may impact your ability to get rapid support.

    The tpm script will display a warning if license keys are not provided or if the provided license keys are not valid.

  • The connector will now use bridge-mode by default. This change will improve transparency and performance of the connector. The bridge-mode does not use the user.map file which reflects other changes to take a more secure default deployment. A warning will be displayed during the validation process to tell you if bridge-mode is being enabled. It will not be enabled in the following cases:

    This change may be disabled by adding --connector-bridge-mode=false to your configuration.

    Issues: CONT-1033

    For more information, see Section 6.4, “Using Bridge Mode”.

  • Tungsten Clustering now includes RELEASE_NOTES in the package and displays a warning if they have not been reviewed.

    During some tpm commands, the script will check to see if the release notes have been reviewed and accepted. This may be done by running tools/accept_release_notes from the staging directory. The script will display the information and prompt the user for acceptance. A hidden file will be created on the staging server to mark the release notes have been accepted and the warning will not be displayed.

    This process may be automated by calling tools/accept_release_notes -y prior to installation. The script will mark the release notes as accepted and the warning will not be displayed.

    Issues: CONT-1122

Known Issue

The following issues may affect the operation of Tungsten Clustering and should be taken into account when deploying or updating to this release.

  • Under certain circumstances, the rsyncprocess can randomly fail during the installation/ deployment process when using the staging method of deployment. The error code returned by rsync may be 12 or 23.

    The error is transient and non-specific and deployment should be retried.

    Issues: CONT-1343

Improvements, new features and functionality

  • Tungsten Connector

    • The SSL support within the Connector has been improved to support multiple aliases, enabling different certificates to be used for different components of the communication, for example, allowing a different certificate between MySQL and the Connector against the certificate for Connector to Client communication.

      Issues: CONT-1126

      For more information, see Section 2.9, “Deployment Security”.

Bug Fixes

  • Core Replicator

    • During installation, a replicator source ID could be misconfigured causing problems during switch and failover operations.

      Issues: CONT-1002

  • Tungsten Connector

    • Following an automatic reconnection, the connector could retry a pending statement if it was a read or write.

      The connector will now detect between reads and writes and only retry the statement if it is a read. Any writes will raise an error to be handled by the application.

      Issues: CONT-1461

  • Tungsten Manager

    • The manager fails to read security.properties during startup. If this occurs, the manager will print a warning in tmsvc.log.

      A race condition was resolved to ensure the manager reads configuration files in the correct order.

      Issues: CONT-1070

Tungsten Clustering 5.0.0 Includes the following changes made in Tungsten Replicator 5.0.0

VMware Continuent for Replication 5.0.0 is a major release that incorporates the following changes:

  • The software release has been renamed. For most users of VMware Continuent for Replication, the filename will start with vmware-continuent-replication. If you are using an Oracle DBMS as the source and have purchased support for the latest version, the filename will start with vmware-continuent-replication-oracle-source.

    The documentation has not been updated to reflect this change. While reading these examples you will see references to tungsten-replicator which will apply to your software release.

  • New Oracle Extraction module that reads the Oracle Redo logs provided faster, more compatible, and more efficient method for extracting data from Oracle databases. For more information, see Oracle Replication using Redo Reader.

  • Security, including file permissions and TLS/SSL is now enabled by default. For more information, see Section 2.9, “Deployment Security”.

  • License keys are now required during installation. For more information, see Section 2.4, “Deploy License Keys”.

  • Support for RHEL 7 and CentOS 7.

  • Basic support for MySQL 5.7.

  • Cleaner and simpler directory layout.

Upgrading from previous versions should be fully tested before attempted in a production environment. The changes listed below affect tpm output and the requirements for operation.

Improvements, new features and functionality

  • Installation and Deployment

    • During installation, tpm writes the configuration log to /tmp/tungsten-configure.log. If the file exists, but is owned by a separate user the operation will fail with a Permission Denied error. The operation has now been updated to create a directory within /tmp with the name of the current user where the configuration log will be stored. For example, if the user is tungsten, the log will be written to /tmp/tungsten/tungsten-configure.log.

      Issues: CONT-1402

Bug Fixes

  • Installation and Deployment

    • During installation, a failed installation by tpm, running tpm uninstall could also fail. The command now correctly uninstalls even a partial installation.

      Issues: CONT-1359

Tungsten Replicator 5.0.0 Includes the following changes made in Tungsten Replicator 5.0.0

Behavior Changes

The following changes have been made to Tungsten Clustering for MySQL and may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

  • The Bristlecone load generator toolkit is no longer included with Tungsten Clustering for MySQL by default.

    Issues: CONT-903

  • The scripts previously located within the scripts directory have now been relocated to the standard bin directory. This does not affect their availability if the env.sh script has been used to update your path. This includes, but is not limited to, the following commands:

    • ebs_snapshot.sh

    • file_copy_snapshot.sh

    • multi_trepctl

    • tungsten_get_position

    • tungsten_provision_slave

    • tungsten_provision_thl

    • tungsten_read_master_events

    • tungsten_set_position

    • xtrabackup.sh

    • xtrabackup_to_slave

    Issues: CONT-904

  • The backup and restore functionality in trepctl has been deprecated and will be removed in a future release.

    Issues: CONT-906

  • The location of the JavaScript filters has been moved to new location in keeping with the rest of the configuration:

    • samples/extensions/javascript has moved to support/filters-javascript

    • samples/scripts/javascript-advanced has moved to support/filters-javascript

    The use of these filters has not changed but the default location for some filter configuration files has moved to support/filters-config. Check your current configuration before upgrading.

    Issues: CONT-908

  • The ddlscan templates have been moved to the support/ddlscan directory.

    Issues: CONT-909

  • The Vertica applier should write exceptions to a temporary file during replication.

    The applier statements will include the EXCEPTIONS attribute in each statement to assist in debugging. Review the replicator log or trepctl status output for more details.

    Issues: CONT-1169

Known Issues

The following issues may affect the operation of Tungsten Clustering and should be taken into account when deploying or updating to this release.

  • Core Replicator

    • The replicator can hit a MySQL lock wait timeout when processing large transactions.

      Issues: CONT-1106

    • The replicator can run into OutOfMemory when handling very large Row-Based replication events. This can be avoided by setting --optimize-row-events=false.

      Issues: CONT-1115

    • The replicator can fail during LOAD DATA commands or Vertica loading if the system permissions are not set correctly. If this is encountered, make sure the MySQL or Vertica system users are a member of the Tungsten system group. The issue may also be avoided by removing system file protections with --file-protection-level=none.

      Issues: CONT-1460

Improvements, new features and functionality

Bug Fixes

  • Core Replicator

    • A master replicator could fail to finish extracting a fragmented transaction if disconnected during processing.

      Issues: CONT-1163

    • A slave replicator could fail to come ONLINE if the last THL file is empty.

      Issues: CONT-1164

    • The replicator applier and filters may fail with ORA-955 because the replicator did not check for metadata tables using uppercase table names.

      Issues: CONT-1375