When TLS hostname validation used for the MySQL connection, the
ServerName property needs to be set so that it knows which name to
validate on the certificate.
Without this option and with InsecureSkipVerify set to false, validation
will error here with a fatal error otherwise:
```
FATAL tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config
```
Related issue: https://github.com/github/gh-ost/issues/521
- Add --ssl-cert and --ssl-key options to specify SSL public/private
key files
- Allow combining --ssl-allow-insecure with other --ssl* flags.
`mysql.RegisterTLSConfig` allows combining the corresponding
parameters in the `tls.Config` it receives, so gh-ost should
allow this. I found being able to pass --ssl-allow-insecure along
with --ssl-ca, --ssl-cert, and --ssl-key useful in testing.
- Use the same TLS config everywhere. Since the CLI only supports
a single set of --ssl* configuration parameters, this should be
fine -- `mysql.RegisterTLSConfig` documentation indicates the
TLS config given will not be modified, so it can safely be used
in many goroutines provided we also do not modify it. The previous
implementation did not work when the TLS config was duplicated,
which happens when gh-ost walks up the replication chain trying
to find the master. This is because, when the config is duplicated,
we must call `RegisterTLSConfig` again with the new config. This
config is exactly the same, so it's easiest to side-step the issue
by registering the TLS config once and using it everywhere.
- Adding a command line option for users to enforce tls/ssl connections
for the applier, inspector, and binlog reader.
- The user can optionally request server certificate verification through
a command line option to specify the ca cert via a file path.
- Fixes an existing bug appending the timeout option to the singleton
applier connection.
- Identifying textual characters sets; converting into specific type when applying dml events
- Refactored `ColumnsList`: introducing `Column` type
- Refactored `unsigned` handling, as part of `Column`
- `Column` type supports `convertArg()`: converting value of argument according to column data type
- DB URI attempts `utf8mb4,utf8,latin1` charsets in that order (first one to be recognized wins)
- Local tests filter by pattern
- Local tests append table schema on failure
- Local tests do not have postpone flag file
- Added character set local tests: `utf8`, `utf8mb4`, `latin1`
- Rowcopy time is bounded by copy end-time
- Retries are configurable via `--default-retries` (default: `60`)
- `migrator` notes the hostname
- `applier` and `inspector` note `impliedKey` (`@@hostname` and `@@port`)
- Added lots of code comments
- Adding documentation for "triggerless design"
lukelewang
Tim Vaillancourt
Dirkjan Bussink
Shlomi Noach
Rafe Kettler
Brandon Bodnar
Matt Belisle
ceshihao
James Brown