Tungsten Clustering 7.2.1

Build: 40

Release Date: 3 Feb 2026

Release 7.2.1 contains a number of key bug fixes and improvements.

Behavior Changes (4)

The following changes may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

Installation and Deployment (1)

• tpm now only reads /etc/tungsten/tungsten.ini (no longer looking in $HOME directory and /etc/tungsten.ini) For a different path, different filename or multiple files, use the --ini supplying a comma-separated list
  Issue: CT-2612

Command-line Tools (3)

• The tprovision command now deletes only binary log files listed in the index if the binary log directory is not the same as the mysql data directory.
  Issue: CT-2631
• The tpm ini check command now checks for two new rules:

  • There MUST be a witnesses entry in EVERY stanza if enable-active-witnesses=true exists in [defaults]

  • There MUST be a witnesses entry in a stanza that contains enable-active-witnesses=true

  Issue: CT-2625
• The tprovision command no longer requires the external tool tungsten_get_mysql_datadir. Additionally, the tool has been significantly re-factored for greater stability, performance and functionality.
  Issue: CT-2597

Improvements, new features and functionality (7)

Installation and Deployment (1)

• New feature: tungsten.ini backup and history. When enabled with the tpm flag tungsten-ini-backup (false by default), the tpm update command will create a copy of the current INI file (default: /etc/tungsten/tungsten.ini) as$CONTINUENT_ROOT/history/ini/tungsten.ini.YYYYMMDDhhmmssWhen enabled with the tpm flag tungsten-ini-backup, the tpm install command will create the first history file and the history subdir, if needed. A new sub-command, tpm ini diff has been added to compare the current INI file (default: /etc/tungsten/tungsten.ini) and a history file (default: latest history file found), and can also accept --stamp [YYMMDDhhmmss] to specify which file to diff by timestamp. A new sub-command, tpm ini backup has been added to manually invoke the same copy that the tpm update command does. Added two new tpm configuration flags:

  • tungsten-ini-backup (default: false) : Enable the tungsten.ini automatic backup feature duringtpm install and tpm update
  tungsten-ini-history-dir (default: $CONTINUENT_ROOT/history/ini) : Define the location fortungsten.ini backup/history files
  Issue: CT-2635

Command-line Tools (5)

• New feature tpm copy --example will show the manual steps taken by tpm copy --initto copy the cluster certificate files to other nodes.
  Issue: CT-2636
• A new subcommand tpm ini defaults has been added to list any tpm option that actually has a default value defined in the tools/tpm_options_db.txt file, along with the default value. Additionally, documentation has been updated to show defaults and options for all properties where applicable.
  Issue: CT-2634
• New tpm flag --add-ssl now allows to force generate certificates when doing an upgrade. This allows configurations with security disabled to be upgraded to 8.0.1 AND switched to using SSL/TLS communications at the same time. Example:

  shell> tools/tpm update --replace-release --add-ssl

  Issue: CT-2619
• The tpm ini check command now validates composite topologies.
  Issue: CT-2066
• New Feature: tpm ini upgrade --ini [fullpath] will display all changes to the specified INI file that would be performed by the tpm update commands during a version upgrade. Adding the --write argument would apply the changes to the specified file as well.
  Issue: CT-2601

Core Replicator (1)

• The replicator now includes real-time performance monitoring to track and identify slow database operations during replication. The feature provides visibility into transaction, event, and statement execution times with configurable thresholds for alerting. For more information on configuring and using this feature, see "The trepctl perflog Command"
  Issue: CT-2629

Bug Fixes (16)

Installation and Deployment (1)

• Fixed an installation issue when using MariaDB 10.6 with SSL. Previously, this would have failed to install showing an error message like :

  Unable to connect to the MySQL server using tungsten@db1:13306 (WITH PASSWORD) (MySQLLoginCheck)

  Issue: CT-2624

Command-line Tools (3)

• The tprovision command now correctly honors the mountpoint override flag when not using method rsync.
  Issue: CT-2651
• The tpm cert gen command now works during version upgrades when a security configuration file may not have existed before (passwords.store).
  Issue: CT-2618
• The tungsten_send_diag now uses AWS Signature Version 4 to upload files.
  Issue: CT-2589

Backup and Restore (1)

• Fixed an edge case issue with xtrabackup running against the primary node and MySQL 8+.

  Note

  Generally we do not recommend taking backups from primary nodes, and instead backups should be taken from replicas.
  Issue: CT-2602

Core Replicator (2)

• With recent SELinux changes, MySQL might be unable to read from /tmp. This directory is used when applying a LOAD DATA INFILE command that was logged using Statement Based Replication (warning : this is considered as unsafe by MySQL). In order to avoid any issues, a new setting has been added to indicate a directory to use : svc-applier-ldi-temp-dir=/tmp/mysqltmpIn this case, mysqltmp is a new subdirectory that should be set with the following permissions and SELinux context

  mkdir -p /tmp/mysqltmp 
  sudo chown -R mysql: /tmp/mysqltmp 
  sudo chmod -R g+r /tmp/mysqltmp 
  sudo semanage fcontext -a -t mysqld_db_t '/tmp/mysqltmp(/.*)?' 
  sudo restorecon -Rv /tmp/mysqltmp

  Another improvement was also added to force the use of LOCAL when applying a LOAD DATA INFILEcommand that was logged using SBR. This is useful when applying to a remote MySQL host. To enable, set the value of the svc-applier-ldi-use-local=true (default : false)
  Issue: CT-2603
• Fixed an issue where timestamp columns would not match between source and target when using theprivileged-slave=false property to replicate from a source database using MIXED binlog mode.
  Issue: CT-2594

Connector (6)

• Fixed a null pointer exception error showing up in rare cases at startup time.
  Issue: CT-2656
• Fixed issue introduced by CT-2511 (dual certificate support) where the keystore was reloaded at every new connection.
  Issue: CT-2652
• Connector configuration files to execute Tungsten-specific show slave status request now get the right schema to select from.
  Issue: CT-2639
• In rare cases, a synchronization issue would prevent the connector from recovering from a site outage.
  Issue: CT-2633
• Fixed an issue in the Drizzle driver that could cause memory errors when handling large string parameters.
  Issue: CT-2627
• No longer printing broken pipe errors (typically generated by haproxy or hardware loadbalancer checks) whenprintConnectionWarnings=false (the default)
  Issue: CT-2576

Core Clustering (1)

• Recent Java versions changed a default that now enable endpoint identification in secured RMI calls. As a quick turnaround, this release restores the default of disabling identification in various Tungsten scripts.
  Issue: CT-2666

Security (1)

• Upgraded jackson libraries to latest version to plug potential security holes.
  Issue: CT-2655

Manager (1)

• If a cluster was idle for more than 15 minutes and a failure occurred, the failover would fail to complete
  Issue: CT-2637