New feature: tungsten.ini backup and history.

When enabled with the tpm flag tungsten-ini-backup (false by default), the tpm update command will create a copy of the current INI file (default: /etc/tungsten/tungsten.ini) as $CONTINUENT_ROOT/history/ini/tungsten.ini.YYYYMMDDhhmmss

When enabled with the tpm flag tungsten-ini-backup , the tpm install command will create the first history file and the history subdir, if needed.

A new sub-command, tpm ini diff has been added to compare the current INI file (default: /etc/tungsten/tungsten.ini) and a history file (default: latest history file found), and can also accept --stamp {YYMMDDhhmmss} to specify which file to diff by timestamp.

A new sub-command, tpm ini backup has been added to manually invoke the same copy that the tpm update command does.

Added two new tpm configuration flags:

Issues: CT-2635

New Feature: tpm ini upgrade --ini {fullpath} will display all changes to the specified INI file that would be performed by the tpm update commands during a version upgrade. Adding the --write argument would apply the changes to the specified file as well.

Issues: CT-2601

New tpm flag --add-ssl now allows to force generate certificates when doing an upgrade. This allows configurations with security disabled to be upgraded to 8.0.1 AND switched to using SSL/TLS communications at the same time. Example:

shell> tools/tpm update --replace-release --add-ssl

Issues: CT-2619

A new subcommand tpm ini defaults has been added to list any tpm option that actually has a default value defined in the tools/tpm_options_db.txt file, along with the default value.

Additionally, documentation has been updated to show defaults and options for all properties where applicable.

Issues: CT-2634

New feature tpm copy --example will show the manual steps taken by tpm copy --init to copy the certificate files to other nodes.

Issues: CT-2636

The tungsten_send_diag now uses AWS Signature Version 4 to upload files.

Issues: CT-2589

The tpm cert gen command now works during version upgrades when a security configuration file may not have existed before (passwords.store).

Issues: CT-2618

The tprovision command now correctly honors the mountpoint override flag when not using method rsync.

Issues: CT-2651

Fixed an issue where timestamp columns would not match between source and target when using the privileged-slave=false property to replicate from a source database using MIXED binlog mode.

Issues: CT-2594

With recent SELinux changes, MySQL might be unable to read from /tmp.

This directory is used when applying a LOAD DATA INFILE command that was logged using Statement Based Replication (warning : this is considered as unsafe by MySQL).

In order to avoid any issues, a new setting has been added to indicate a directory to use : svc-applier-ldi-temp-dir=/tmp/mysqltmp

In this case, mysqltmp is a new subdirectory that should be set with the following permissions and SELinux context

mkdir -p /tmp/mysqltmp 
sudo chown -R mysql: /tmp/mysqltmp 
sudo chmod -R g+r /tmp/mysqltmp 
sudo semanage fcontext -a -t mysqld_db_t '/tmp/mysqltmp(/.*)?' 
sudo restorecon -Rv /tmp/mysqltmp

Another improvement was also added to force the use of LOCAL when applying a LOAD DATA INFILE command that was logged using SBR. This is useful when applying to a remote MySQL host. To enable, set the value of the svc-applier-ldi-use-local=true (default : false)

Issues: CT-2603