WL#15154 patch #1 config parameters

Add boolean parameter "RequireCertificate" to [DB] section.
Default is false. If true, node will fail at startup time unless
it finds a TLS key and a current valid certificate.

Add boolean parameter "RequireTls" to [DB] section. Default is
false. If true, every transporter link involving the data node
must use TLS.

Add boolean parameter "RequireTls" to [TCP] sections. This is
computed, and not user-setable. If either endpoint of a link
has RequireTls set to true, RequireTls for the link will be
set true.

Add some clarifying comments to ndbinfo_plans test.

Change-Id: I889d9b7563022e2ebb2eaae92c3b26b557180d40

Author: jdduncan

mysql-test/suite/ndb/r/ndbinfo_plans.result

@@ -45,12 +45,12 @@ Select tables optimized away
 NULL
 
 ## Information schema reveals row counts as seen by optimizer
-## (but filter out cpu-related tables where results are not predictable)
 set ndbinfo_show_hidden=1;
 SELECT table_name, table_rows, avg_row_length
   FROM information_schema.tables
   WHERE table_schema='ndbinfo' AND table_type = 'BASE TABLE'
   AND table_name not like '%cpu%'
+  AND table_name not in ('ndb$config_params', 'ndb$config_values')
   ORDER BY table_name;
 TABLE_NAME	TABLE_ROWS	AVG_ROW_LENGTH
 blobs	10	84
@@ -65,8 +65,6 @@ ndb$blocks	29	20
 ndb$certificates	34	44
 ndb$columns	535	44
 ndb$config_nodes	34	28
-ndb$config_params	167	120
-ndb$config_values	330	24
 ndb$counters	200	24
 ndb$dblqh_tcconnect_state	19	52
 ndb$dbtc_apiconnect_state	25	52
@@ -109,8 +107,17 @@ ndb$threadstat	22	144
 ndb$transactions	5	44
 ndb$transporters	32	64
 
-## List the tables where estimated size equals actual size.
 CALL populate_sizes();
+
+SELECT table_name, est_rows, actual_rows from rowcounts
+WHERE table_name = "ndb$config_values";
+table_name	est_rows	actual_rows
+ndb$config_values	334	334
+## Note:
+## the estimate for config_values relies on a constant in NdbinfoTables.cpp
+## which must be manually maintained in order for the test to pass.
+##
+## List the tables where estimated size equals actual size.
 SELECT count(*) from rowcounts WHERE est_rows = actual_rows;
 count(*)
 29

mysql-test/suite/ndb/t/ndbinfo_plans.test

@@ -39,13 +39,19 @@ let $extra= query_get_value(explain select count(*) from counters, Extra, 1);
 echo $extra;
 
 ## Information schema reveals row counts as seen by optimizer
-## (but filter out cpu-related tables where results are not predictable)
+# Filtered out:
+#   * cpu-related tables, where results are not predictable
+#   * config_params, which changes when parameters are added, but will
+#     be accurate
+#   * config_values, which is queried separately below, along with an
+#     explanatory comment that is copied to the result file
 set ndbinfo_show_hidden=1;
 --horizontal_results
 SELECT table_name, table_rows, avg_row_length
   FROM information_schema.tables
   WHERE table_schema='ndbinfo' AND table_type = 'BASE TABLE'
   AND table_name not like '%cpu%'
+  AND table_name not in ('ndb$config_params', 'ndb$config_values')
   ORDER BY table_name;
 
 --disable_query_log
@@ -85,8 +91,17 @@ END|;
 --delimiter ;
 --enable_query_log
 
-## List the tables where estimated size equals actual size.
 CALL populate_sizes();
+
+# Query config_values separately for clarity.
+SELECT table_name, est_rows, actual_rows from rowcounts
+WHERE table_name = "ndb$config_values";
+## Note:
+## the estimate for config_values relies on a constant in NdbinfoTables.cpp
+## which must be manually maintained in order for the test to pass.
+
+##
+## List the tables where estimated size equals actual size.
 SELECT count(*) from rowcounts WHERE est_rows = actual_rows;
 SELECT table_name from rowcounts WHERE est_rows = actual_rows
   ORDER BY table_name;

storage/ndb/include/mgmapi/mgmapi_config_parameters.h

@@ -38,6 +38,7 @@
 #define CFG_TOTAL_SEND_BUFFER_MEMORY  9
 #define CFG_LOCATION_DOMAIN_ID        10
 #define CFG_NODE_DEDICATED            11
+#define CFG_NODE_REQUIRE_CERT         12
 
 /**
  * DB config parameters
@@ -267,6 +268,7 @@
 
 #define CFG_DB_TRANS_ERROR_LOGLEVEL 679
 #define CFG_DB_ENCRYPTED_FILE_SYSTEM  680
+#define CFG_DB_REQUIRE_TLS            681
 
 #define CFG_NODE_ARBIT_RANK           200
 #define CFG_NODE_ARBIT_DELAY          201
@@ -323,6 +325,7 @@
 #define CFG_TCP_MAXSEG_SIZE           459
 #define CFG_TCP_BIND_INADDR_ANY       460
 #define CFG_TCP_SPINTIME              461
+#define CFG_TCP_REQUIRE_TLS           462
 
 #define CFG_SHM_SEND_SIGNAL_ID        500
 #define CFG_SHM_CHECKSUM              501

storage/ndb/src/common/debugger/NdbinfoTables.cpp

@@ -635,7 +635,7 @@ DECLARE_NDBINFO_TABLE(TC_TIME_TRACK_STATS, 15) =
 DECLARE_NDBINFO_TABLE(CONFIG_VALUES,3) =
 { { "config_values", 3, 0,
     [] (const Ndbinfo::Counts &c) {
-      return c.data_nodes * 165;  // 165 = current number of config parameters
+      return c.data_nodes * 167;  // 167 = current number of config parameters
     },
     "Configuration parameter values" },
   {

storage/ndb/src/common/mgmcommon/ConfigInfo.cpp

@@ -486,6 +486,18 @@ const ConfigInfo::ParamInfo ConfigInfo::m_ParamInfo[] = {
     "1",
     STR_VALUE(MAX_DATA_NODE_ID) },
 
+  {
+    CFG_NODE_REQUIRE_CERT,
+    "RequireCertificate",
+    DB_TOKEN,
+    "Require valid TLS key and certificate at startup time",
+    ConfigInfo::CI_USED,
+    false,
+    ConfigInfo::CI_BOOL,
+    "false",
+    "false",
+    "true" },
+
   {
     CFG_DB_SERVER_PORT,
     "ServerPort",
@@ -1898,6 +1910,19 @@ const ConfigInfo::ParamInfo ConfigInfo::m_ParamInfo[] = {
     "0",
     "1"},
 
+  {
+    CFG_DB_REQUIRE_TLS,
+    "RequireTls",
+    DB_TOKEN,
+    "Require TLS authenticated secure connections",
+    ConfigInfo::CI_USED,
+    0,
+    ConfigInfo::CI_BOOL,
+    "false",
+    "false",
+    "true"
+  },
+
   {
     CFG_EXTRA_SEND_BUFFER_MEMORY,
     "ExtraSendBufferMemory",
@@ -3486,6 +3511,19 @@ const ConfigInfo::ParamInfo ConfigInfo::m_ParamInfo[] = {
     "2000"
   },
 
+  {
+    CFG_TCP_REQUIRE_TLS,
+    "RequireTls",
+    "TCP",
+    "Use TLS authenticated secure connections for TCP transporter links",
+    ConfigInfo::CI_INTERNAL,
+    0,
+    ConfigInfo::CI_BOOL,
+    "false",
+    "false",
+    "true"
+  },
+
   {
     CFG_TCP_RECEIVE_BUFFER_SIZE,
     "ReceiveBufferMemory",
@@ -6303,6 +6341,8 @@ add_a_connection(Vector<ConfigInfo::ConfigRuleSection>&sections,
   Uint32 wan = 0;
   Uint32 location_domain1 = 0;
   Uint32 location_domain2 = 0;
+  Uint32 reqTls1 = 0;
+  Uint32 reqTls2 = 0;
   require(ctx.m_config->get("Node", nodeId1, &tmp));
   tmp->get("HostName", &hostname1);
   tmp->get("LocationDomainId", &location_domain1);
@@ -6318,6 +6358,7 @@ add_a_connection(Vector<ConfigInfo::ConfigRuleSection>&sections,
       return ret == 0 ? true : false;
     }
   }
+  tmp->get("RequireTls", &reqTls1);
 
   require(ctx.m_config->get("Node", nodeId2, &tmp));
   tmp->get("HostName", &hostname2);
@@ -6345,7 +6386,8 @@ add_a_connection(Vector<ConfigInfo::ConfigRuleSection>&sections,
       return ret == 0 ? true : false;
     }
   }
-  
+  tmp->get("RequireTls", &reqTls2);
+
   char buf[16];
   s.m_sectionData= new Properties(true);
   BaseString::snprintf(buf, sizeof(buf), "%u", nodeId1);
@@ -6372,6 +6414,8 @@ add_a_connection(Vector<ConfigInfo::ConfigRuleSection>&sections,
       s.m_sectionData->put("TCP_SND_BUF_SIZE", 4194304);
       s.m_sectionData->put("TCP_MAXSEG_SIZE", 61440);
     }
+
+    s.m_sectionData->put("RequireTls", reqTls1 | reqTls2);
   }
 
   sections.push_back(s);