MySQL has InnoDB data encryption, and Galera Cluster has supported it since it appeared in the main server. The one thing that was not covered was the encryption of the Galera Cache (the galera.cache file).

Here is a simple extract from the binlog.000001 files.

strings binlog.* |grep Custom |wc -l
10000
strings galera.cache |grep Custom |wc -l
10000

strings galera.cache|tail -10
Customer9100
Customer9099
Customer9098
Customer9097
Customer9096
Customer9095
Customer9094
Customer9093
Customer9092
Customer9091

You need to edit your /etc/my.cnf to include:

early-plugin-load=keyring_file.so
keyring_file_data=/var/lib/mysql-keyring/keyring

Note that in this example we are using the keyring_file plugin, which stores keyring data in a file on the local server host. This is not intended for regulatory compliance. You need to use a key management server that protects encryption keys in key vaults or hardware …

A common question we get is: can I add a node to my Galera Cluster without restarting the entire cluster? The simple answer is YES.

A lot worry about the fact that you do list servers that are part of the cluster within your my.cnf, and this file is not reloadable in a dynamic fashion. Fret not, though, because as long as your my.cnf has one active cluster member (the DONOR), you can have it be the JOINER.

If for example, you have 3 nodes: galera1: 159.223.105.21 galera2: 137.184.78.182 galera3: 137.184.65.171

The my.cnf line for wsrep_address should read as follows:

wsrep_cluster_address="gcomm://159.223.105.21,137.184.78.182,137.184.65.171"

It is then trivial for you to have your fourth server (say, galera4: 161.35.120.111), have a my.cnf that reads as follows:

wsrep_cluster_address="gcomm://159.223.105.21,137.184.78.182,137.184.65.171,161.35.120.111"

Now, …

Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 5.7, consisting of MySQL-wsrep 5.7.41 (release notes, download) and MySQL-wsrep 8.0.32 (release notes, download). This release incorporates all changes to MySQL 5.7.41 and MySQL 8.0.32 respectively, adding a …

Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 5.7, consisting of MySQL-wsrep 5.7.40 (release notes, download) and MySQL-wsrep 8.0.31 (release notes, download) with Galera replication library 4.14 (release notes, download) implementing wsrep API version 26. …

Mobile World Congress (MWC), the world’s leading event is all set to unite the global mobile and telecoms industry in Barcelona, Spain from 27 February – 2 March 2023. In this framework, Codership is glad to announce that it has been selected by the European Innovation Council to join the EIC Pavilion. The 20 most promising EIC-funded SMEs, startups and scale ups have an unprecedented opportunity to impress the international audience with their game-changing innovations and establish business partnerships with like-minded counterparts.

The EIC Pavilion will feature a wide variety of extraordinary innovations in crucial sectors, such as Artificial Intelligence, Robotics, Machine Learning and IoT, among others. From interactive sessions and expert panel …

We recently covered Upgrading your Galera Cluster from MySQL 5.7 to MySQL 8.0. We’ve also had questions on how the upgrade path from our usual Galera Cluster “community” edition to the Galera Cluster Enterprise Edition (EE), which includes many new features, like XA transaction support, arm64 support or GCache encryption.

First off, let’s start by installing a Galera Cluster on CentOS 7. The reason we have picked this distribution? Let’s edit the /etc/yum.repos.d/galera.repo and add:

[galera4]
name = Galera
baseurl = https://releases.galeracluster.com/galera-4/centos/7/x86_64
gpgkey = https://releases.galeracluster.com/GPG-KEY-galeracluster.com
gpgcheck = 1

[mysql-wsrep8]
name = MySQL-wsrep
baseurl = https://releases.galeracluster.com/mysql-wsrep-8.0/centos/7/x86_64
gpgkey = …

Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 8.0, consisting of MySQL-wsrep 8.0.30 (release notes, download) with Galera replication library 4.13 (release notes, download) implementing wsrep API version 26. This release incorporates all changes to MySQL 8.0.30, adding a synchronous option for your MySQL High Availability solutions.

For the Galera replication library 4.13, we now complete the I/O for the client handshake before starting an asynchronous read to fix …

Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 5.7, consisting of MySQL-wsrep 5.7.38 (release notes, download). This release incorporates all changes to MySQL 5.7.39, adding a synchronous option for your MySQL High Availability solutions.

We have backported the InnoDB wsrep applier lock wait timeout from 8.0 which introduces the variable innodb-wsrep-applier-lock-wait-timeout to improve the reliability in resolving …

Codership is pleased to announce a new Generally Available (GA) release of the multi-master Galera Cluster for MySQL 5.7, consisting of MySQL-wsrep 5.7.38 (release notes, download). This release incorporates all changes to MySQL 5.7.38, adding a synchronous option for your MySQL High Availability solutions.

In MySQL 5.7.38, we now distinguish between unset ssl_mode and ssl_mode explicitly set to “DISABLED”, because previously ssl_mode=DISABLED was ignored in the xtrabackup-v2 script.

This is a rare release where you are also meant to continue using the Galera replication library 3.37 implementing the wsrep API version 25, from the previous release, as there was no changes made to the Galera replication …

A few weeks ago, we did a Galera Cluster webinar on Managed Galera Clusters on DigitalOcean.

Some of you may notice that the current version of Galera Manager is 1.6.4, and one of the major fixes we have in there is to support the new API token format of DigitalOcean. DigitalOcean has documented this here: Updated API Tokens new management features: in partnership with GitHub –Secret Scanning, Prefixes, and more! and as a consequence we needed to update to accept new API tokens, or it would fail in deployment. If you’re wondering how to create a …