Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Print warning about certificate expiration if the X509 certificate used for wsrep connections is about to expire in hours given as an argument. If the value is 0, warnings are not printed.
The wsrep_certificate_expiration_hours_warning system variable can be set in a configuration file:
The global value of the wsrep_certificate_expiration_hours_warning system variable can also be set dynamically at runtime by executing :
When the wsrep_certificate_expiration_hours_warning system variable is set dynamically at runtime, its value will be reset the next time the server restarts. To make the value persist on restart, set it in a configuration file too.
The wsrep_certificate_expiration_hours_warning system variable can be used to configure certificate expiration warnings for MariaDB Enterprise Cluster, powered by Galera:
When the wsrep_certificate_expiration_hours_warning system variable is set to 0, certificate expiration warnings are not printed to the .
When the wsrep_certificate_expiration_hours_warning system variable is set to a value N, which is greater than 0, certificate expiration warnings are printed to the MariaDB Error Log when the node's certificate expires in N hours or less.
0
Command-line
--wsrep_certificate_expiration_hours_warning=#
Configuration file
Supported
Dynamic
Yes
Scope
Global
Data Type
BIGINT UNSIGNED
Minimum Value
0
Maximum Value
18446744073709551615
Product Default Value
Command-line
--wsrep_cluster_name=arg
Configuration file
Supported
Dynamic
Yes
Scope
Global
Data Type
VARCHAR
Product Default Value
my_wsrep_cluster
Set the cluster name using an options file:
To view the current cluster name, use the statement:
[mariadb]
...
# warn 3 days before certificate expiration
wsrep_certificate_expiration_hours_warning=72SET GLOBAL wsrep_certificate_expiration_hours_warning=72;[mariadb]
wsrep_provider = /usr/lib/galera/libgalera_smm.so
wsrep_cluster_name = example_cluster
wsrep_cluster_address = gcomm://192.0.2.1,192.0.2.2,192.0.2.3SHOW VARIABLES LIKE "wsrep_cluster_name";+--------------------+-----------------+
| Variable_name | Value |
+--------------------+-----------------+
| wsrep_cluster_name | example_cluster |
+--------------------+-----------------+wsrep_sst_common VariablesThe wsrep_sst_common script provides shared functionality used by various State Snapshot Transfer (SST) methods in Galera Cluster. It centralizes the handling of common configurations such as authentication credentials, SSL/TLS encryption parameters, and other security-related settings. This ensures consistent and secure communication between cluster nodes during the SST process.
The wsrep_sst_common script parses the following options:
WSREP_SST_OPT_AUTH (wsrep-sst-auth)
Description: Defines the authentication credentials used by the State Snapshot Transfer (SST) process, typically formatted as user:password. These credentials are essential for authenticating the SST user on the donor node, ensuring that only authorized joiner nodes can initiate and receive data during the SST operation. Proper configuration of this variable is critical to maintain the security and integrity of the replication process between Galera cluster nodes.
tcert (tca)
Description: Specifies the Certificate Authority (CA) certificate file used for SSL/TLS encryption during State Snapshot Transfers (SSTs). When encryption is enabled, this certificate allows the joining node (client) to authenticate the identity of the donor node, ensuring secure and trusted communication between them.
tcap (tcapath)
Description: Specifies the path to a directory that contains a collection of trusted Certificate Authority (CA) certificates. Instead of providing a single CA certificate file, this option allows the use of multiple CA certificates stored in separate files within the specified directory. It is useful in environments where trust needs to be established with multiple certificate authorities.
tpem (tcert)
Description: This variable stores the path to the TLS/SSL certificate file for the specific node. The certificate, typically in PEM format, is used by the node to authenticate itself to other nodes during secure SST operations. It is derived from the tcert option in the [sst] section.
tkey (tkey)
Description: Represents the private key file that corresponds to the public key certificate specified by tpem. This private key is essential for decrypting data and establishing a secure connection during State Snapshot Transfer (SST). It enables the receiving node to authenticate encrypted information and participate in secure replication within the cluster.
Command-line
--ssl_ca=arg
Configuration file
Supported
Dynamic
No
Scope
Global
Data Type
VARCHAR
Product Default Value
"" (an empty string)
Command-line
--wsrep_sst_method=arg
Configuration file
Supported
Dynamic
Yes
Scope
Global
Data Type
VARCHAR
Product Default Value
rsync
Command-line
--ssl_key=arg
Configuration file
Supported
Dynamic
No
Scope
Global
Data Type
VARCHAR
Product Default Value
"" (an empty string)
Command-line
--ssl_capath=arg
Configuration file
Supported
Dynamic
No
Scope
Global
Data Type
VARCHAR
Product Default Value
"" (an empty string)
Defines the path to the SSL certificate.
The wsrep_provider_options system variable applies to MariaDB Enterprise Cluster, powered by Galera and to Galera Cluster available with MariaDB Community Server. This page relates specifically to the socket.ssl_cert wsrep_provider_options.
The node uses the certificate as a self-signed public key in encrypting replication traffic over SSL. You can use either an absolute path or one relative to the working directory. The file must use PEM format.
wsrep_provider_options define optional settings the node passes to the wsrep provider.
To display current wsrep_provider_options values:
The expected output will display the option and the value. Options with no default value, for example SSL options, will not be displayed in the output.
When changing a setting for a wsrep_provider_options in the config file, you must list EVERY option that is to have a value other than the default value. Options that are not explicitly listed are reset to the default value.
Options are set in the my.cnf configuration file. Use the ; delimiter to set multiple options.
The configuration file must be updated on each node. A restart to each node is needed for changes to take effect.
Use a quoted string that includes every option where you want to override the default value. Options that are not in the list will reset to their default value.
To set the option in the configuration file:
The socket.ssl_cert option cannot be set dynamically. It can only be set in the configuration file.
Trying to change a non-dynamic option with SET results in an error:
Controls whether the node performs application-level protocol version checks when joining a cluster.
The wsrep_provider_options system variable applies to MariaDB Enterprise Cluster, powered by Galera and to Galera Cluster available with MariaDB Community Server. This page relates specifically to the gcs.check_appl_proto wsrep_provider_options.
Galera Cluster automatically uses the highest protocol version supported by all nodes. This prevents older nodes, which lack support for newer features, from joining or disrupting the cluster until an upgrade solution is available.
However, MySQL and MariaDB have evolved differently, and their internal protocol versions are incomparable. This incompatibility prevents a mixed-node cluster (MySQL nodes and MariaDB nodes) from forming, which blocks rolling migrations.
Migration Usage: When (e.g., Percona XtraDB Cluster) to MariaDB Galera Cluster, this parameter must be set to FALSE (OFF) on all nodes to disable the protocol check. Once the cluster is fully migrated to MariaDB, it should be set back to TRUE.
Known reporting issue in early versions
The variable may appear as OFF in plugins even though the default behavior is TRUE. Explicitly configure it to ensure the desired state during migration.
wsrep_provider_options define optional settings the node passes to the wsrep provider.
To display current wsrep_provider_options values:
The expected output will display the option and the value. Options with no default value will not be displayed in the output.
When changing a setting for a wsrep_provider_options in the config file, you must list EVERY option that is to have a value other than the default value. Options that are not explicitly listed are reset to the default value.
Options are set in the my.cnf configuration file. Use the ; delimiter to set multiple options.
The configuration file must be updated on each node. A restart to each node is needed for changes to take effect.
Use a quoted string that includes every option where you want to override the default value. Options that are not in the list will reset to their default value.
To set the option in the configuration file (example for migration):
The gcs.check_appl_proto option cannot be set dynamically. It can only be set in the configuration file.
Trying to change a non-dynamic option with SET results in an error:
Explicitly enables TLS usage by the wsrep provider.
The wsrep_provider_options system variable applies to MariaDB Enterprise Cluster, powered by Galera and to Galera Cluster available with MariaDB Community Server. This page relates specifically to the socket.ssl wsrep_provider_options.
The socket.ssl option is used to specify if SSL encryption should be used.
wsrep_provider_options define optional settings the node passes to the wsrep provider.
To display current wsrep_provider_options values:
The expected output will display the option and the value. Options with no default value, for example SSL options, will not be displayed in the output.
When changing a setting for a wsrep_provider_options in the config file, you must list EVERY option that is to have a value other than the default value. Options that are not explicitly listed are reset to the default value.
Options are set in the my.cnf configuration file. Use the ; delimiter to set multiple options.
The configuration file must be updated on each node. A restart to each node is needed for changes to take effect.
Use a quoted string that includes every option where you want to override the default value. Options that are not in the list will reset to their default value.
To set the option in the configuration file:
The socket.ssl option cannot be set dynamically. It can only be set in the configuration file.
Trying to change a non-dynamic option with SET results in an error:
Defines the path to the SSL Certificate Authority (CA) file.
The wsrep_provider_options system variable applies to MariaDB Enterprise Cluster, powered by Galera and to Galera Cluster available with MariaDB Community Server. This page relates specifically to the socket.ssl_ca wsrep_provider_options.
The node uses the CA file to verify the signature on the certificate. You can use either an absolute path or one relative to the working directory. The file must use PEM format.
wsrep_provider_options define optional settings the node passes to the wsrep provider.
To display current wsrep_provider_options values:
The expected output will display the option and the value. Options with no default value, for example SSL options, will not be displayed in the output.
When changing a setting for a wsrep_provider_options in the config file, you must list EVERY option that is to have a value other than the default value. Options that are not explicitly listed are reset to the default value.
Options are set in the my.cnf configuration file. Use the ; delimiter to set multiple options.
The configuration file must be updated on each node. A restart to each node is needed for changes to take effect.
Use a quoted string that includes every option where you want to override the default value. Options that are not in the list will reset to their default value.
To set the option in the configuration file:
The socket.ssl_ca option cannot be set dynamically. It can only be set in the configuration file.
Trying to change a non-dynamic option with SET results in an error:
wsrep_sst_mariabackup VariablesThe wsrep_sst_mariabackup script handles the actual data transfer and processing during an SST. The variables it reads from the [sst] group control aspects of the backup format, compression, transfer mechanism, and logging.
The wsrep_sst_mariadbbackup script parses the following options:
sfmt (streamfmt)
Default: mbstream
Description: Defines the streaming format used by mariabackup for the SST. mbstream indicates that mariabackup will output a continuous stream of data. Other potential values (though not explicitly shown as defaults) might be related to different backup methods or tools.
tfmt (transferfmt)
Default: socat
Description: Specifies the transfer format or utility used to move the data stream from the donor to the joiner node. socat is a common command-line tool for data transfer, often used for setting up various network connections.
sockopt (socket options)
Description: Allows additional socket options to be passed to the underlying network communication. This could include settings for TCP buffers, keep-alives, or other network-related tunables to optimize the transfer performance.
progress
Description: Likely controls whether progress information about the SST is displayed or logged. Setting this could enable visual indicators or detailed log entries about the transfer's advancement.
ttime (time)
Default: 0
Description: Possibly a timeout value in seconds for certain operations during the SST, or a flag related to timing the transfer. A value of 0 might indicate no timeout or that timing is handled elsewhere.
cpat
Description: Appears to be related to a "copy pattern" or specific path handling during the SST. Its exact function would depend on how the wsrep_sst_mariabackup script uses this pattern for file or directory management.
scomp (compressor)
Description: Specifies the compression utility to be used on the data stream before transfer. Common values could include gzip, pigz, lz4, or qpress, which reduce the data size for faster transmission over the network.
sdecomp (decompressor)
Description: Specifies the decompression utility to be used on the receiving end (joiner node) to decompress the data stream that was compressed by scomp. It should correspond to the scomp setting.
rlimit (resource limit)
Description: Potentially sets resource limits for the mariabackup process during the SST. This could include limits on CPU usage, memory, or file descriptors, preventing the SST from consuming excessive resources and impacting the server's performance.
uextra (use-extra)
Default: 0
Description: A boolean flag (0 or 1) that likely indicates whether to use extra or advanced features/parameters during the SST. The specific "extra" features would be determined by the mariabackup implementation.
speciald (sst-special-dirs)
Default: 1
Description: A boolean flag (0 or 1) that likely controls whether mariabackup should handle special directories (e.g., innodb_log_group_home_dir, datadir) in a specific way during the SST, rather than just copying them as regular files. This is important for maintaining data consistency.
stimeout (sst-initial-timeout)
Default: 300
Description: Sets an initial timeout in seconds for the SST process. If the SST doesn't make progress or complete within this initial period, it might be aborted.
ssyslog (sst-syslog)
Default: 0
Description: A boolean flag (0 or 1) that likely controls whether SST-related messages should be logged to syslog. This can be useful for centralized logging and monitoring of Galera cluster events.
sstlogarchive (sst-log-archive)
Default: 1
Description: A boolean flag (0 or 1) that likely determines whether SST logs should be archived. Archiving logs helps in post-mortem analysis and troubleshooting of SST failures.
sstlogarchivedir (sst-log-archive-dir)
Description: Specifies the directory where SST logs should be archived if sstlogarchive is enabled.
Option Name
socket.ssl_cert
Default Value
"" (an empty string)
Dynamic
NO
Debug
NO
Option Name
socket.ssl
Default Value
NO
Dynamic
NO
Debug
NO
Option Name
socket.ssl_ca
Default Value
"" (an empty string)
Dynamic
NO
Debug
NO
The node uses the certificate key, a self-signed private key, in encrypting replication traffic over SSL. You can use either an absolute path or one relative to the working directory. The file must use PEM format.
Option Name
socket.ssl_key
Maximum Value
"" (an empty string)
Dynamic
NO
Debug
NO
wsrep_provider_options define optional settings the node passes to the wsrep provider.
To display current wsrep_provider_options values:
The expected output will display the option and the value. Options with no default value, for example SSL options, will not be displayed in the output.
When changing a setting for a wsrep_provider_options in the config file, you must list EVERY option that is to have a value other than the default value. Options that are not explicitly listed are reset to the default value.
Options are set in the my.cnf configuration file. Use the ; delimiter to set multiple options.
The configuration file must be updated on each node. A restart to each node is needed for changes to take effect.
Use a quoted string that includes every option where you want to override the default value. Options that are not in the list will reset to their default value.
To set the option in the configuration file:
The socket.ssl_key option cannot be set dynamically. It can only be set in the configuration file.
Trying to change a non-dynamic option with SET results in an error:
SHOW GLOBAL VARIABLES LIKE 'wsrep_provider_options';wsrep_provider_options='socket.ssl_cert=/path/to/server-cert.pem;gcache.debug=YES;gcs.fc_limit=NO;socket.send_buf_size=NO;evs.keepalive_period=PT3S'ERROR 1210 (HY000): Incorrect arguments to SETSHOW GLOBAL VARIABLES LIKE 'wsrep_provider_options';wsrep_provider_options='socket.ssl=YES;gcache.debug=YES;gcs.fc_limit=NO;socket.send_buf_size=NO;evs.keepalive_period=PT3S'ERROR 1210 (HY000): Incorrect arguments to SETSHOW GLOBAL VARIABLES LIKE 'wsrep_provider_options';wsrep_provider_options='socket.ssl_ca=/path/to/ca-cert.pem;gcache.debug=YES;gcs.fc_limit=NO;socket.send_buf_size=NO;evs.keepalive_period=PT3S'ERROR 1210 (HY000): Incorrect arguments to SETSHOW GLOBAL VARIABLES LIKE 'wsrep_provider_options';wsrep_provider_options='socket.ssl_key=/path/to/server-key.pem;gcache.debug=YES;gcs.fc_limit=NO;socket.send_buf_size=NO;evs.keepalive_period=PT3S'ERROR 1210 (HY000): Incorrect arguments to SETDefault Value
TRUE
Dynamic
NO
Debug
NO
SHOW GLOBAL VARIABLES LIKE 'wsrep_provider_options';wsrep_provider_options='gcs.check_appl_proto=FALSE;gcache.size=512M;gcs.fc_limit=32'ERROR 1210 (HY000): Incorrect arguments to SETCommand-line
--ssl_cert=arg
Configuration file
Supported
Dynamic
No
Scope
Global
Data Type
VARCHAR
Product Default Value
"" (an empty string)
Select which SSL implementation is used for wsrep provider communications: PROVIDER - wsrep provider internal SSL implementation; SERVER - use server side SSL implementation; SERVER_X509 - as SERVER and require valid X509 certificate.
The wsrep_ssl_mode system variable is used to configure the WSREP TLS Mode used by MariaDB Enterprise Cluster, powered by Galera.
When set to SERVER or SERVER_X509, MariaDB Enterprise Cluster uses the TLS configuration for MariaDB Enterprise Server:
When set to PROVIDER, MariaDB Enterprise Cluster obtains its TLS configuration from the system variable:
The wsrep_ssl_mode system variable configures the WSREP TLS Mode. The following WSREP TLS Modes are supported:
When the wsrep_ssl_mode system variable is set to PROVIDER, each node obtains its TLS configuration from the system variable. The following options are used:
When the wsrep_ssl_mode system variable is set to SERVER or SERVER_X509, each node obtains its TLS configuration from the node's MariaDB Enterprise Server configuration. The following system variables are used:
WSREP TLS Mode
Values
Description
Provider
PROVIDER
TLS is optional for Enterprise Cluster replication traffic.
Each node obtains its TLS configuration from the wsrep_provider_options system variable. When the provider is not configured to use TLS on a node, the node will connect to the cluster without TLS.
The Provider WSREP TLS Mode is backward compatible with ES 10.5 and earlier. When performing a rolling upgrade from ES 10.5 and earlier, the Provider WSREP TLS Mode can be configured on the upgraded nodes.
Server
SERVER
TLS is mandatory for Enterprise Cluster replication traffic, but X509 certificate verification is not performed.
Each node obtains its TLS configuration from the node's MariaDB Enterprise Server configuration. When MariaDB Enterprise Server is not configured to use TLS on a node, the node will fail to connect to the cluster.
The Server WSREP TLS Mode is the default in ES 10.6.
Server X509
SERVER_X509
TLS and X509 certificate verification are mandatory for Enterprise Cluster replication traffic.
Each node obtains its TLS configuration from the node's MariaDB Enterprise Server configuration. When MariaDB Enterprise Server is not configured to use TLS on a node, the node will fail to connect to the cluster.
WSREP Provider Option
Description
Set this option to true to enable TLS.
Set this option to the path of the CA chain file.
Set this option to the path of the node's X509 certificate file.
Set this option to the path of the node's private key file.
System Variable
Description
Set this system variables to the path of the CA chain file.
Optionally set this system variables to the path of the CA chain directory. The directory must have been processed by openssl rehash. When your CA chain is stored in a single file, use the ssl_ca system variable instead.
Set this system variable to the path of the node's X509 certificate file.
Set this system variable to the path of the node's private key file.
Command-line
--wsrep_ssl_mode={PROVIDER|SERVER|SERVER_X509}
Configuration file
Supported
Dynamic
No
Scope
Global
Data Type
ENUM (PROVIDER, SERVER, SERVER_X509)
Product Default Value
SERVER
[mariadb]
...
wsrep_ssl_mode = SERVER_X509
ssl_ca = /certs/ca-cert.pem
ssl_cert = /certs/server-cert.pem
ssl_key = /certs/server-key.pem[mariadb]
...
wsrep_ssl_mode = PROVIDER
wsrep_provider_options = "socket.ssl=true;socket.ssl_cert=/certs/server-cert.pem;socket.ssl_ca=/certs/ca-cert.pem;socket.ssl_key=/certs/server-key.pem"The following options can be set as part of the Galera wsrep_provider_options variable. Dynamic options can be changed while the server is running.
Options need to be provided as a semicolon (;) separated list on a single line. Options that are not explicitly set are set to their default value.
Note that before Galera 3, the repl tag was named replicator.
base_dirDescription: Specifies the data directory
base_hostDescription: For internal use. Should not be manually set.
Default: 127.0.0.1 (detected network address)
base_portDescription: For internal use. Should not be manually set.
Default: 4567
cert.log_conflictsDescription: Certification failure log details.
Dynamic: Yes
Default: no
cert.optimistic_paDescription: Controls parallel application of actions on the replica. If set, the full range of parallelization as determined by the certification algorithm is permitted. If not set, the parallel applying window will not exceed that seen on the primary, and applying will start no sooner than after all actions it has seen on the master are committed.
Dynamic: Yes
Default: yes
debugDescription: Enable debugging.
Dynamic: Yes
Default: no
evs.auto_evictDescription: Number of entries the node permits for a given delayed node before triggering the Auto Eviction protocol. An entry is added to a delayed list for each delayed response from a node. If set to 0, the default, the Auto Eviction protocol is disabled for this node. See for more.
Dynamic: No
Default: 0
evs.causal_keepalive_periodDescription: Used by the developers only, and not manually serviceable.
Dynamic: No
Default: The .
evs.debug_log_maskDescription: Controls EVS debug logging. Only effective when is on.
Dynamic: Yes
Default: 0x1
evs.delay_marginDescription: Time that response times can be delayed before this node adds an entry to the delayed list. See . Must be set to a higher value than the round-trip delay time between nodes.
Dynamic: No
Default: PT1S
evs.delayed_keep_periodDescription: Time that this node requires a previously delayed node to remain responsive before being removed from the delayed list. See .
Dynamic: No
Default: PT30S
evs.evictDescription: When set to the gcomm UUID of a node, that node is evicted from the cluster. When set to an empty string, the eviction list is cleared on the node where it is set. See .
Dynamic: No
Default: Empty string
evs.inactive_check_periodDescription: Frequency of checks for peer inactivity (looking for nodes with delayed responses), after which nodes may be added to the delayed list, and later evicted.
Dynamic: No
Default: PT0.5S
evs.inactive_timeoutDescription: Time limit that a node can be inactive before being pronounced as dead.
Dynamic: No
Default: PT15S
evs.info_log_maskDescription: Controls extra EVS info logging. Bits:
0x1 – extra view change information
0x2 – extra state change information
0x4 – statistics
evs.install_timeoutDescription: Timeout on waits for install message acknowledgments. Replaces evs.consensus_timeout.
Dynamic: Yes
Default: PT7.5S
evs.join_retrans_periodDescription: Time period for how often retransmission of EVS join messages when forming cluster membership should occur.
Dynamic: Yes
Default: PT1S
evs.keepalive_periodDescription: How often keepalive signals should be transmitted when there's no other traffic.
Dynamic: Yes
Default: PT1S
evs.max_install_timeoutsDescription: Number of membership install rounds to attempt before timing out. The total rounds will be this value plus two.
Dynamic: No
Default: 3
evs.send_windowDescription: Maximum number of packets that can be replicated at a time, Must be more than , which applies to data packets only (double is recommended). In WAN environments can be set much higher than the default, for example 512.
Dynamic: Yes
Default: 4
evs.stats_report_periodDescription: Reporting period for EVS statistics.
Dynamic: No
Default: PT1M
evs.suspect_timeoutDescription: A node will be suspected to be dead after this period of inactivity. If all nodes agree, the node is dropped from the cluster before is reached.
Dynamic: No
Default: PT5S
evs.use_aggregateDescription: If set to true (the default), small packets will be aggregated into one where possible.
Dynamic: No
Default: true
evs.user_send_windowDescription: Maximum number of data packets that can be replicated at a time. Must be smaller than (half is recommended). In WAN environments can be set much higher than the default, for example 512.
Dynamic: Yes
Default: 2
evs.versionDescription: EVS protocol version. Defaults to 0 for backward compatibility. Certain EVS features (e.g. auto eviction) require more recent versions.
Dynamic: No
Default: 0
evs.view_forget_timeoutDescription: Time after which past views will be dropped from the view history.
Dynamic: No
Default: P1D
gcache.dirDescription: Directory where GCache files are placed.
Dynamic: No
Default: The working directory
gcache.keep_pages_sizeDescription: Total size of the page storage pages for caching. One page is always present if only page storage is enabled.
Dynamic: No
Default: 0
gcache.mem_sizeDescription: Maximum size of size of the malloc() store for setups that have spare RAM.
Dynamic: No
Default: 0
gcache.nameDescription: Gcache ring buffer storage file name. By default placed in the working directory, changing to another location or partition can reduce disk IO.
Dynamic: No
Default: ./galera.cache
gcache.page_sizeDescription: Size of the page storage page files. These are prefixed by gcache.page. Can be set to as large as the disk can handle.
Dynamic: No
Default: 128M
gcache.recoverDescription: Whether or not gcache recovery takes place when the node starts up. If it is possible to recover gcache, the node can then provide IST to other joining nodes, which assists when the whole cluster is restarted.
Dynamic: No
Default: no
Introduced: , ,
gcache.sizeDescription: Gcache ring buffer storage size (the space the node uses for caching write sets), preallocated on startup.
Dynamic: No
Default: 128M
gcomm.thread_prioDescription: Gcomm thread policy and priority (in the format policy:priority. Priority is an integer, while policy can be one of:
fifo: First-in, first-out scheduling. Always preempt other, batch or idle threads and can only be preempted by other fifo threads of a higher priority or blocked by an I/O request.
rr
gcs.fc_debugDescription: If set to a value greater than zero (the default), debug statistics about SST flow control will be posted each timegcs.fc_master_slave after the specified number of writesets.
Dynamic: No
Default: 0
gcs.fc_factorDescription:Fraction below which if the recv queue drops below, replication resumes.
Dynamic: Yes
Default: 1.0
gcs.fc_limitDescription: If the recv queue exceeds this many writesets, replication is paused. Can increase greatly in master-slave setups. Replication will resume again according to the setting.
Dynamic: Yes
Default: 16
gcs.fc_master_slaveDescription: Whether to assume that the cluster only contains one master. Deprecated since Galera 4.10 (, , , , ) - see
Dynamic: No
Default: no
gcs.fc_single_primaryDescription: Defines whether there is more than one source of replication. As the number of nodes in the cluster grows, the larger the calculated gcs.fc_limit gets. At the same time, the number of writes from the nodes increases. When this parameter value is set to NO (multi-primary), the gcs.fc_limit parameter is dynamically modified to give more margin for each node to be a bit further behind applying writes. The gcs.fc_limit parameter is modified by the square root of the cluster size, that is, in a four-node cluster it is two times higher than the base value. This is done to compensate for the increasing replication rate noise.
Dynamic: No
Default: no
gcs.max_packet_sizeDescription: Maximum packet size, after which writesets become fragmented.
Dynamic: No
Default: 64500
gcs.max_throttleDescription: How much we can throttle replication rate during state transfer (to avoid running out of memory). Set it to 0.0 if stopping replication is acceptable for the sake of completing state transfer.
Dynamic: No
Default: 0.25
gcs.recv_q_hard_limitDescription: Maximum size of the recv queue. If exceeded, the server aborts. Half of available RAM plus swap is a recommended size.
Dynamic: No
Default: LLONG_MAX
gcs.recv_q_soft_limitDescription: Fraction of after which replication rate is throttled. The rate of throttling increases linearly from zero (the regular, varying rate of replication) at and below csrecv_q_soft_limit to one (full throttling) at
Dynamic: No
Default: 0.25
gcs.sync_donorDescription: Whether or not the rest of the cluster should stay in sync with the donor. If set to YES (NO is default), if the donor is blocked by state transfer, the whole cluster is also blocked.
Dynamic: No
Default: no
gmcast.listen_addrDescription: Address Galera listens for connections from other nodes. Can be used to override the default port to listen, which is obtained from the connection address.
Specifying a hostname isn't supported. Use an IP number instead.
Note that supports TCP, SSL, and hostnames.
gmcast.mcast_addrDescription: Not set by default, but if set, UDP multicast will be used for replication. Must be identical on all nodes.For example, gmcast.mcast_addr=239.192.0.11
Dynamic: No
Default: None
gmcast.mcast_ttlDescription: Multicast packet TTL (time to live) value.
Dynamic: No
Default: 1
gmcast.peer_timeoutDescription: Connection timeout for initiating message relaying.
Dynamic: No
Default: PT3S
gmcast.segmentDescription: Defines the segment to which the node belongs. By default, all nodes are placed in the same segment (0). Usually, you would place all nodes in the same datacenter in the same segment. Galera protocol traffic is only redirected to one node in each segment, and then relayed to other nodes in that same segment, which saves cross-datacenter network traffic at the expense of some extra latency. State transfers are also, preferably but not exclusively, taken from the same segment. If there are no nodes available in the same segment, state transfer will be taken from a node in another segment.
Dynamic: No
Default: 0
gmcast.time_waitDescription: Waiting time before allowing a peer that was declared outside of the stable view to reconnect.
Dynamic: No
Default: PT5S
gmcast.versionDescription: Deprecated option. Gmcast version.
Dynamic: No
Default: 0
ist.recv_addrDescription: Address for listening for Incremental State Transfer.
Dynamic: No
Default::<port+1> from
ist.recv_bindDescription:
Dynamic: No
Default: Empty string
Introduced: , ,
pc.announce_timeoutDescription: Period of time for which cluster joining announcements are sent every 1/2 second.
Dynamic: No
Default: PT3S
pc.checksumDescription: For debug purposes, by default false (true in earlier releases), indicates whether to checksum replicated messages on PC level. Safe to turn off.
Dynamic: No
Default: false
pc.ignore_quorumDescription: Whether to ignore quorum calculations, for example when a master splits from several slaves, it will remain in operation if set to true (false is default). Use with care however, as in master-slave setups, slaves will not automatically reconnect to the master if set.
Dynamic: Yes
Default: false
pc.ignore_sbDescription: Whether to permit updates to be processed even in the case of split brain (when a node is disconnected from its remaining peers). Safe in master-slave setups, but could lead to data inconsistency in a multi-master setup.
Dynamic: Yes
Default: false
pc.lingerDescription: Time that the PC protocol waits for EVS termination.
Dynamic: No
Default: PT20S
pc.npvoDescription: If set to true (false is default), when there are primary component conficts, the most recent component will override the older.
Dynamic: No
Default: false
pc.recoveryDescription: If set to true (the default), the Primary Component state is stored on disk and in the case of a full cluster crash (e.g power outages), automatic recovery is then possible. Subsequent graceful full cluster restarts will require explicit bootstrapping for a new Primary Component.
Dynamic: No
Default: true
pc.versionDescription: Deprecated option. PC protocol version.
Dynamic: No
Default: 0
pc.wait_primDescription: When set to true, the default, the node will wait for a primary component for the period of time specified by . Used to bring up non-primary components and make them primary using .
Dynamic: No
Default: true
pc.wait_prim_timeoutDescription: Ttime to wait for a primary component. See .
Dynamic: No
Default: PT30S
pc.weightDescription: Node weight, used for quorum calculation. See the Codership article .
Dynamic: Yes
Default: 1
protonet.backendDescription: Deprecated option. Transport backend to use. Only ASIO is supported currently.
Dynamic: No
Default: asio
protonet.versionDescription: Deprecated option. Protonet version.
Dynamic: No
Default: 0
repl.causal_read_timeoutDescription: Timeout period for causal reads.
Dynamic: Yes
Default: PT30S
repl.commit_orderDescription: Whether or not out-of-order committing is permitted, and under what conditions. By default it is not permitted, but setting this can improve parallel performance.
0 BYPASS: No commit order monitoring is done (useful for measuring the performance penalty).
1 OOOC: Out-of-order committing is permitted for all transactions.
repl.key_formatDescription: Format for key replication. Can be one of:
FLAT8 - shorter key with a higher probability of false positives when matching
FLAT16 - longer key with a lower probability of false positives when matching
repl.max_ws_sizeDescription:
Dynamic:
Default: 2147483647
repl.proto_maxDescription:
Dynamic:
Default: 9
socket.checksumDescription: Method used for generating checksum. Note: If Galera 25.2.x and 25.3.x are both being used in the cluster, MariaDB with Galera 25.3.x must be started with wsrep_provider_options='socket.checksum=1' in order to make it backward compatible with Galera v2. Galera wsrep providers other than 25.3.x or 25.2.x are not supported.
Dynamic: No
Default: 2
socket.dynamicDescription: Allow both encrypted and unencrypted connections between nodes. Typically this should be set to false (the default), when set to true encrypted connections will still be preferred, but will fall back to unencrypted connections when encryption is not possible, e.g. not enabled on all nodes yet. Needs to be true on all nodes when wanting to enable or disable encryption via a rolling restart. As this can't be changed at runtime a rolling restart to enable or disable encryption may need three restarts per node in total: one to enable socket.dynamic on each node, one to change the actual encryption settings on each node, and a final round to change socket.dynamic back to false.
socket.recv_buf_sizeDescription: Size in bytes of the receive buffer used on the network sockets between nodes, passed on to the kernel via the SO_RCVBUF socket option.
Dynamic: No
Default:
= , ,
socket.send_buf_sizeDescription: Size in bytes of the send buffer used on the network sockets between nodes, passed on to the kernel via the SO_SNDBUF socket option.
Dynamic: No
Default:: Auto
Introduced: , ,
socket.sslDescription: Explicitly enables TLS usage by the wsrep Provider.
Dynamic: No
Default: NO
socket.ssl_caDescription: Path to Certificate Authority (CA) file. Implicitly enables the option.
Dynamic: No
socket.ssl_certDescription: Path to TLS certificate. Implicitly enables the option.
Dynamic: No
socket.ssl_cipherDescription: TLS cipher to use. Implicitly enables the option. Since defaults to the value of the system variable.
Dynamic: No
Default: system default, before defaults to AES128-SHA.
socket.ssl_compressionDescription: Compression to use on TLS connections. Implicitly enables the option.
Dynamic: No
socket.ssl_keyDescription: Path to TLS key file. Implicitly enables the option.
Dynamic: No
socket.ssl_password_fileDescription: Path to password file to use in TLS connections. Implicitly enables the option.
Dynamic: No
This page is licensed: CC BY-SA / Gnu FDL
0x8 – profiling (only available in builds with profiling enabled)
Dynamic: No
Default: 0
rrother: Default scheduling on Linux. Threads run until preempted by a thread of a higher priority or a superior scheduling designation, or blocked by an I/O request.
Permissions: Using the fifo or rr real-time scheduling policies requires granting the mariadb service the necessary permissions at the OS level. On systemd-based distributions, this is done by adjusting the resource limits for the service.
The recommended method is to create a systemd override file:
Open the MariaDB service unit for editing:
Add the following content to the file. This grants the service the ability to set real-time priorities:
Save the file and exit the editor.
Reload the systemd daemon and restart the MariaDB service to apply the changes:
Dynamic: No
Default: Empty string
gmcast.listen_addr=tcp://192.168.8.111:4567
gmcast.listen_addr=ssl://192.168.8.111:4567
If your system supports IPv6, you can also specify it like this:
gmcast.listen_addr=tcp://[::]:@mysqld.1.#4567
Here, @mysqld.1 is an environment variable, and 4567 is the Galera port.
Dynamic: No
Default: tcp://0.0.0.0:4567
Range: 0 to 255
2 LOCAL_OOOC: Out-of-order committing is permitted for local transactions only.
3 NO_OOOC: Out-of-order committing is not permitted at all.
Dynamic: No
Default: 3
FLAT8A - shorter key with a higher probability of false positives when matching, includes annotations for debug purposesFLAT16A - longer key with a lower probability of false positives when matching, includes annotations for debug purposes
Dynamic: Yes
Default: FLAT8
Default: false
Introduced: , ,
< : , : 212992
sudo systemctl edit mariadb[Service]
LimitRTPRIO=infinitysudo systemctl daemon-reload
sudo systemctl restart mariadb