[Opendnssec-develop] [OpenDNSSEC] #181: Multi-master mode MySQL breaks KASP Enforcer
OpenDNSSEC
owner-dnssec-trac at kirei.se
Mon Sep 6 07:30:40 UTC 2010
#181: Multi-master mode MySQL breaks KASP Enforcer
--------------------+-------------------------------------------------------
Reporter: vanrein | Owner: sion
Type: defect | Status: new
Priority: major | Component: Enforcer
Version: trunk | Keywords:
--------------------+-------------------------------------------------------
We have setup a replicated signer on top of a multi-master-mode MySQL
database. This gave unexpected results; concretely, our
<Serial>datecounter</Serial> setting in kasp.xml was turned into
<Serial>(null)</Serial> in the .signconf files.
We found the cause to be the multi-master mode of MySQL. If you use that,
you set auto_increment such that no two nodes can generate the same IDs
automatically; in our case, one signer generated even numbers and the
other produced odd numbers. This led to IDs that were not 1, 2, 3, ...
but 1, 3, 5, ... and it appears that the KASP Enforcer has a hard-coded
assumption of the former scheme.
A work-around that worked for us: Since no two nodes will be actively
inserting records at the same time, we skipped the cautious distributed
auto-numbering scheme of MySQL. This means that KASP may now assume a 1,
2, 3, ... auto-numbering scheme as with a single node. This brought back
the usual level of reliable service.
Solutions in the KASP code could be any of:
1. Use the function that provides the last auto-generated ID;
2. Do not resort to autonumbering but write explicit IDs for such things
as configuration parameters;
3. Use strings like 'datecounter' everywhere in the database scheme, and
less numeric IDs.
We hope this is a useful report in preparation of 1.2. It is a bug in
1.1.2 that warrants a resolution or a warning to users.
--
Ticket URL: <http://trac.opendnssec.org/ticket/181>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list