A.3. Tungsten Clustering 7.0.1 GA (13 June 2022)

Version End of Life. Not Yet Set

Release 7.0.1 is the first minor release for the v7 release. This release contains a number of new features, minor bug fixes and a few key behavior changes, but importantly contains a critical bug fix for environments that use mixed-case table and database names, that could cause replication failures.

Customers already running v7.0.0 in production enviornments should upgrade to this release as soon as possible

Behavior Changes

The following changes have been made to Tungsten Cluster and may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

  • Installation and Deployment

    • A better error message is now provided when keystore password and enclosed private key password don't match.

      Issues: CT-1853

  • Command-line Tools

    • The cctrl output now displays the SSL status of the group communication and the connection to the database.

      $ cctrl 
      Tungsten Clustering 7.0.0 
      nyc: session established, encryption=true, authentication=true 
      jgroups: [un]encrypted, database: [un]encrypted

      Issues: CT-1785, CT-1832

    • The tpm ask summary command is now sorted by key when the Perl Tie::IxHash module is installed.

      Issues: CT-1820

    • The following commands which call cctrl now support the pass-through -t seconds timeout argument which specifies how long cctrl will wait for a connection to the Manager process before aborting:

      • check_tungsten_latency

      • check_tungsten_online

      • check_tungsten_policy

      • check_tungsten_services

      • tungsten_show_processlist

      • zabbix_tungsten_latency

      • zabbix_tungsten_online

      • zabbix_tungsten_progress

      • zabbix_tungsten_services

      Issues: CT-1822

    • The tpm diag command now gathers the output of the tpm ask summary command

      Issues: CT-1827

    • The tmonitor command now calls sudo internally as needed, removing the need for the tmonitor command to be run with sudo for the install and remove sub-commands.

      Issues: CT-1846

    • The tpm generate-haproxy-for-api default starting port is now 8091.

      Issues: CT-1865

    • The tungsten_find_orphaned command now places the log file in $CONTINUENT_ROOT/service_logs/, not /tmp/

      Issues: CT-1866

  • Core Replicator

    • The default value for the tpm property repl-svc-fail-on-zero-row-update has been changed from warn to stop

      Warning

      This is a significant change in behavior and could cause replicators, specifically cross-site replicators, in an Active/Active environment to stop and error more frequently.

      To maintain original behavior you will need to add this property with the value of warn to your configuration, providing you fully understand the inherent risk of ignoring such warnings.

      Issues: CT-1856

  • API

    • The manager REST API /api/v2/manager/status call now returns information regarding to security.

      Issues: CT-1830

Known Issue

The following issues are known within this release but not considered critical, nor impact the operation of Tungsten Cluster. They will be addressed in a subsequent patch release.

  • Installation and Deployment

    • After starting up Tungsten components, a defunct process for each running component can be found in the process listing.

      Whilst this does not cause any issues, it could generate unnecessary alerts for customers monitoring.

      The cause has been identified and affects version 7.0.0 and 7.0.1. This will be fixed in the next 7.0.2 release.

      Issues: CT-1876

Improvements, new features and functionality

  • Command-line Tools

    • Added the ability to turn auto recovery on or off dynamically, removing the need to run tpm update.

      This is done by running the following command:

      shell> trepctl -service servicename setdynamic -property replicator.autoRecoveryMaxAttempts -value <number>

      Note

      The service must be offline before changing the property

      Issues: CT-1088

    • The new command tungsten_upgrade_manager will help clear specific cached SSL values, to be used only when specified by Continuent Support.

      Issues: CT-1788

    • A new tpm report sub-command has been added. By default, tpm report will generate a security report for all available communication channels on a per-node basis. The purpose of tpm report is to provide easy access to all of the settings that pertain to a specific topic. The default (and only) topic at this time is the security stance. More topics will be added over time.

      Issues: CT-1793, CT-1857

    • The tapi command now supports the creation and modification of multiple APIv2 admin users. Two new cli args have been added: --create-user and --create-pass.

      Issues: CT-1801

    • The tapi command now auto-detects the protocol, either http or https

      Issues: CT-1803

    • Added connector<->manager link encryption status in the output of router * status command in cctrl

      Issues: CT-1811

    • Added JMX encryption and authentication status to trepctl -verbose and connector command outputs

      Issues: CT-1813

    • The tapi command will now output service names with the new option --includeServiceName, or if there is more than one service name found.

      Issues: CT-1860

  • Core Replicator

    • The thl list command now displays an approximative field size in bytes for row-based replication.

      Issues: CT-1847

  • Tungsten Connector

    • Added a connector mode command to print which mode the connector is running in, either "bridge" or "proxy"

      Issues: CT-1799

  • Security

    • Replaced official log4j library with a secured version in which all vulnerable classes have been removed. This prevents exposing the software following a (user) misconfiguration of the log4j properties

      Issues: CT-1810

  • API

    • Added a way to retrieve service properties through the API, for example, to check a specific service parameter, run the following API call :

      shell> curl https://127.0.0.1:8097/api/v2/replicator/service/alpha/properties?filter=replicator.global.db.sslEnabled
      { 
       "payloadType": "PropertiesListPayload", 
       "payloadVersion": "1", 
       "payload": { 
       "replicator.global.db.sslEnabled": "false" 
       } 
      }

      Issues: CT-1802

    • Added new top level REST API call to display RMI SSL status, run the following API call :

      shell> curl https://127.0.0.1:8097/api/v2/rmiSecurity

      Issues: CT-1812

Bug Fixes

  • Installation and Deployment

    • The tpm update command now properly handles v7 -> v7 upgrades.

      Issues: CT-1815

    • deployall script now properly displays the executable prefix for restarting services, typically mm_treplicator in Multi-Site/Active-Active replicator-only installs, as well as the full path to component binaries

      Issues: CT-1835

    • tpm would fail on keystores containing special characters in alias names.

      Issues: CT-1852

  • Command-line Tools

    • Worked around a ruby issue where DNS name resolution was sometimes preferred to file-based resolution in TPM. The following logic now applies: first trying file-based host name resolution, upon failure try DNS, then through ping command

      Issues: CT-1653

    • The tpm update command now returns clusters to the proper mode (i.e. maintenance or automatic) for staging-method upgrades (INI not affected).

      Issues: CT-1784

    • The tpm policy command now returns the proper policy in a composite cluster. There is also a new cli argument, --all, to show the policy for all cluster services.

      Issues: CT-1787

    • The tpm update command no longer aborts during a staging deployment when the actual hostname does not match what is configured for the node names in tpm

      Issues: CT-1791

    • Improves the tpm diag command so that it waits 2 seconds for replicator thread dump to complete.

      Issues: CT-1792

    • Fixed an `Undefined subroutine` call error in tapi --create

      Issues: CT-1798

    • The tpm connector command now properly passes the -e arguments to the mysql command.

      Issues: CT-1816

    • tpm now properly reports errors upon timeout executing commands. Typically, when a host is down, when upgrading or installing, tpm will now properly report that pinging this host failed.

      Issues: CT-1819

    • The tpm update command now properly determines services to be deleted.

      Issues: CT-1825

    • TPM would fail to validate data sources when using ssl-capath [directory] rather than ssl-ca [file] in my.cnf.

      This fixes only the validation part, automated truststore creation by TPM will not be possible at this point, a full tungsten-truststore.ts will have to be passed through --java-truststore-path

      Issues: CT-1826

    • The tapi command now auto-switches protocol (http or https) properly.

      Issues: CT-1829

    • replicator start offline would not properly pass the offline argument to systemd scripts when installed through deployall.

      Issues: CT-1836

    • undeployall script would not properly uninstall systemd services on some distributions including amazon linux.

      Issues: CT-1845

  • Backup and Restore

    • Fixed an issue with latest xtrabackup 8.0.28

      Issues: CT-1838

    • During the backup/restore process the MySQL certificates are kept intact.

      Issues: CT-1841

    • Restore will now succeed even if only one incremental backup has been created.

      Issues: CT-1842

    • Incremental backups can now be restored more then once.

      Issues: CT-1850

  • Core Replicator

    • Fixed the EnumToString and pkey filters to renew their database connections (every hour by default). This can be changed with the following properties:

      property=replicator.filter.enumtostring.reconnectTimeout=3600
      property=replicator.filter.pkey.reconnectTimeout=3600

      Issues: CT-1786

    • tpm update would fail with message "The host is configured to be '' but it is currently operating as a 'master'" when a dynamic replicator configuration file is found

      Issues: CT-1848

    • Fixes issues with PrimaryKeyFilter:

      • It could fail from correctly fetching primary key columns for tables with mixed upper and lower case letters in table names

      • Alter user statements could make it fail

      Issues: CT-1861

    • Fixed a NullPointerException that could happen if a replicator was put offline during startup. This had mostly no consequence except the exception being logged.

      Issues: CT-1863

  • Tungsten Connector

    • Fixed the output of connector cluster-status by adjusting log4 appender.

      Issues: CT-1778

    • An exception could occur while forcing shutdown of router gateways.

      Issues: CT-1779

  • Tungsten Manager

    • Fixed an issue where the command system summary issued in cctrl would hang the managers in the cluster.

      Issues: CT-1849