Tungsten Clustering

Tungsten Clustering 7.0.1

Build: 96

Release Date: 13 Jun 2022

End of Life Date: 28 Jun 2026

Release 7.0.1 is the first minor release for the v7 release. This release contains a number of new features, minor bug fixes and a few key behavior changes, but importantly contains a critical bug fix for environments that use mixed-case table and database names, that could cause replication failures.

Customers already running v7.0.0 in production environments should upgrade to this release as soon as possible

Behavior Changes (10)

The following changes may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

Installation and Deployment (1)

A better error message is now provided when keystore password and enclosed private key password don't match.
Issue: CT-1853

Command-line Tools (7)

The tungsten_find_orphaned command now places the log file in$CONTINUENT_ROOT/service_logs/, not /tmp/
Issue: CT-1866
The tpm generate-haproxy-for-api default starting port is now 8091.
Issue: CT-1865
The tmonitor command now calls sudo internally as needed, removing the need for thetmonitor command to be run with sudo for the install and remove sub-commands.
Issue: CT-1846
The tpm ask summary command is now sorted by key when the Perl Tie::IxHash module is installed.
Issue: CT-1820

The cctrl output now displays the SSL status of the group communication and the connection to the database.

$ cctrl 
Tungsten Clustering 7.0.0 
nyc: session established, encryption=true, authentication=true 
jgroups: [un]encrypted, database: [un]encrypted

Issues: CT-1785, CT-1832

The tpm diag command now gathers the output of the tpm ask summary command
Issue: CT-1827
The following commands which call cctrl now support the pass-through -t secondstimeout argument which specifies how long cctrl will wait for a connection to the Manager process before aborting:
- check_tungsten_latency
- check_tungsten_online
- check_tungsten_policy
- check_tungsten_services
- tungsten_show_processlist
- zabbix_tungsten_latency
- zabbix_tungsten_online
- zabbix_tungsten_progress
- zabbix_tungsten_services
Issue: CT-1822

Core Replicator (1)

The default value for the tpm property svc-fail-on-zero-row-update has been changed from warnto stop
Warning
This is a significant change in behavior and could cause replicators, specifically cross-site replicators, in an Active/Active environment to stop and error more frequently.
To maintain original behavior you will need to add this property with the value of warn to your configuration, providing you fully understand the inherent risk of ignoring such warnings.
Issue: CT-1856

API (1)

The manager REST API /api/v2/manager/status call now returns information regarding to security.
Issue: CT-1830

Known Issue (1)

The following issues are known within this release but not considered critical, nor impact operation. They will be addressed in a subsequent patch release.

Installation and Deployment (1)

After starting up Tungsten components, a defunct process for each running component can be found in the process listing.
Whilst this does not cause any issues, it could generate unnecessary alerts for customers monitoring.
The cause has been identified and affects version 7.0.0 and 7.0.1. This will be fixed in the next 7.0.2 release.
Issue: CT-1876

Improvements, new features and functionality (13)

Command-line Tools (8)

The tapi command will now output service names with the new option --includeServiceName, or if there is more than one service name found.
Issue: CT-1860
Added JMX encryption and authentication status to trepctl -verbose and connector command outputs
Issue: CT-1813
Added connector<->manager link encryption status in the output of router * status command in cctrl
Issue: CT-1811
The tapi command now auto-detects the protocol, either http or https
Issue: CT-1803
The tapi command now supports the creation and modification of multiple APIv2 admin users. Two new cli args have been added: --create-user and --create-pass.
Issue: CT-1801
A new tpm report sub-command has been added. By default, tpm report will generate a security report for all available communication channels on a per-node basis. The purpose of tpm report is to provide easy access to all of the settings that pertain to a specific topic. The default (and only) topic at this time is the security stance. More topics will be added over time.
Issues: CT-1793, CT-1857
The new command tungsten_upgrade_manager will help clear specific cached SSL values, to be used only when specified by Continuent Support.
Issue: CT-1788
Added the ability to turn auto recovery on or off dynamically, removing the need to run tpm update.
This is done by running the following command:
```
shell> trepctl -service servicename setdynamic -property replicator.autoRecoveryMaxAttempts -value <number>
```
Note
The service must be offline before changing the property
Issue: CT-1088

Core Replicator (1)

The thl list command now displays an approximate field size in bytes for row-based replication.
Issue: CT-1847

Connector (1)

Added a connector mode command to print which mode the connector is running in, either "bridge" or "proxy"
Issue: CT-1799

Security (1)

Replaced official log4j library with a secured version in which all vulnerable classes have been removed. This prevents exposing the software following a (user) misconfiguration of the log4j properties
Issue: CT-1810

API (2)

Added new top level REST API call to display RMI SSL status, run the following API call :
```
shell> curl https://127.0.0.1:8097/api/v2/rmiSecurity
```
Issue: CT-1812

Added a way to retrieve service properties through the API, for example, to check a specific service parameter, run the following API call :

shell> curl https://127.0.0.1:8097/api/v2/replicator/service/alpha/properties?filter=replicator.global.db.sslEnabled
{ 
 "payloadType": "PropertiesListPayload", 
 "payloadVersion": "1", 
 "payload": { 
    "replicator.global.db.sslEnabled": "false" 
    } 
}

Issue: CT-1802

Bug Fixes (27)

Installation and Deployment (3)

tpm would fail on keystores containing special characters in alias names.
Issue: CT-1852
The tpm update command now properly handles v7 -> v7 upgrades.
Issue: CT-1815
deployall script now properly displays the executable prefix for restarting services, typically mm_treplicator in Multi-Site/Active-Active replicator-only installs, as well as the full path to component binaries
Issue: CT-1835

Command-line Tools (13)

undeployall script would not properly uninstall systemd services on some distributions including amazon linux.
Issue: CT-1845
replicator start offline would not properly pass the offline argument to systemd scripts when installed through deployall.
Issue: CT-1836
The tapi command now auto-switches protocol (http or https) properly.
Issue: CT-1829
TPM would fail to validate data sources when using ssl-capath [directory] rather than ssl-ca [file] in my.cnf.
This fixes only the validation part, automated truststore creation by TPM will not be possible at this point, a full tungsten-truststore.ts will have to be passed throughjava-truststore-path
Issue: CT-1826
The tpm update command now properly determines services to be deleted.
Issue: CT-1825
Fixed an `Undefined subroutine` call error in tapi --create
Issue: CT-1798
The tpm policy command now returns the proper policy in a composite cluster. There is also a new cli argument, --all, to show the policy for all cluster services.
Issue: CT-1787
The tpm update command now returns clusters to the proper mode (i.e.MAINTENANCE or AUTOMATIC) for staging-method upgrades (INI not affected).
Issue: CT-1784
Worked around a ruby issue where DNS name resolution was sometimes preferred to file-based resolution in TPM. The following logic now applies: first trying file-based host name resolution, upon failure try DNS, then through ping command
Issue: CT-1653
tpm now properly reports errors upon timeout executing commands. Typically, when a host is down, when upgrading or installing,tpm will now properly report that pinging this host failed.
Issue: CT-1819
The tpm connector command now properly passes the -e arguments to the mysql command.
Issue: CT-1816
Improves the tpm diag command so that it waits 2 seconds for replicator thread dump to complete.
Issue: CT-1792
The tpm update command no longer aborts during a staging deployment when the actual hostname does not match what is configured for the node names in tpm
Issue: CT-1791

Backup and Restore (4)

Incremental backups can now be restored more than once.
Issue: CT-1850
Restore will now succeed even if only one incremental backup has been created.
Issue: CT-1842
During the backup/restore process the MySQL certificates are kept intact.
Issue: CT-1841
Fixed an issue with latest xtrabackup 8.0.28
Issue: CT-1838

Core Replicator (4)

Fixed a NullPointerException that could happen if a replicator was put offline during startup. This had mostly no consequence except the exception being logged.
Issue: CT-1863
Fixes issues with PrimaryKeyFilter:
- It could fail from correctly fetching primary key columns for tables with mixed upper and lower case letters in table names
- Alter user statements could make it fail
Issue: CT-1861
tpm update would fail with message "The host is configured to be '' but it is currently operating as a 'master'"when a dynamic replicator configuration file is found
Issue: CT-1848
Fixed the EnumToString and pkey filters to renew their database connections (every hour by default). This can be changed with the following properties:
```
property=replicator.filter.enumtostring.reconnectTimeout=3600
property=replicator.filter.pkey.reconnectTimeout=3600
```
Issue: CT-1786

Connector (2)

An exception could occur while forcing shutdown of router gateways.
Issue: CT-1779
Fixed the output of connector cluster status by adjusting log4 appender.
Issue: CT-1778

Manager (1)

Fixed an issue where the command system summary issued in cctrl would hang the managers in the cluster.
Issue: CT-1849