[GH-ISSUE #543] MySQL Cluster - Percona XtraBackup SST Issue #87

New issue

Open

opened 2026-03-03 13:59:02 +03:00 by kerem · 1 comment

kerem commented 2026-03-03 13:59:02 +03:00

Owner

Copy link

Originally created by @MichaelLove-design on GitHub (Dec 16, 2024).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/543

Originally assigned to: @konstruktoid on GitHub.

Hi,

I’m encountering issues with this hardened image when attempting to add a MySQL node to a Percona cluster. The issue appears to be related to the Percona XtraBackup SST function on the hardened template. I have replicated the same environment without the hardening and have no issue. I’ve ruled out potential problems with AppArmor, PSAD, hosts.allow, iptables, sshd_config.d (hardening), sbin, and libpam-tmpdir (adjustments were required for these settings to get to the final stage of Percona XtraBackup SST where the node attempts to sync data from the original node)

Has anyone else experienced a similar issue or have insights on resolving it?

Ports that are allowed:
22 (SSH)
ICMP (echo reply/request)
3306 (MySQL)
4444 (SST)
4567 TCP/UDP (Galera)
4568 (Galera IST)
9200 (HAProxy health check)
9101 (HAProxy Exporter)
9100 (Node Exporter)
9011 (Process Exporter)

Error:
messageid: 82957
jobid: 2374
cid: 18
message: IP:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 290 secs).
properties: {
"class_name": "CmonJobMessage",
"created": "2024-11-05T03:08:57.000Z",
"file_name": "/root/cmonsrc/src/Galera.cpp",
"job_id": 2374,
"line_number": 4909,
"message_id": -1,
"message_status": "JOB_SUCCESS",
"message_text": "IP:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 290 secs)."
}
exit_code: 0
report_ts: 2024-11-05 03:08:57
********** 439. row **********
messageid: 82956
jobid: 2374
cid: 18
message: IP:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 300 secs).
properties: {
"class_name": "CmonJobMessage",
"created": "2024-11-05T03:08:47.000Z",
"file_name": "/root/cmonsrc/src/Galera.cpp",
"job_id": 2374,
"line_number": 4909,
"message_id": -1,
"message_status": "JOB_SUCCESS",
"message_text": "IP:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 300 secs)."
}
exit_code: 0
report_ts: 2024-11-05 03:08:47

Originally created by @MichaelLove-design on GitHub (Dec 16, 2024). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/543 Originally assigned to: @konstruktoid on GitHub. Hi, I’m encountering issues with this hardened image when attempting to add a MySQL node to a Percona cluster. The issue appears to be related to the Percona XtraBackup SST function on the hardened template. I have replicated the same environment without the hardening and have no issue. I’ve ruled out potential problems with AppArmor, PSAD, hosts.allow, iptables, sshd_config.d (hardening), sbin, and libpam-tmpdir (adjustments were required for these settings to get to the final stage of Percona XtraBackup SST where the node attempts to sync data from the original node) Has anyone else experienced a similar issue or have insights on resolving it? Ports that are allowed: 22 (SSH) ICMP (echo reply/request) 3306 (MySQL) 4444 (SST) 4567 TCP/UDP (Galera) 4568 (Galera IST) 9200 (HAProxy health check) 9101 (HAProxy Exporter) 9100 (Node Exporter) 9011 (Process Exporter) Error: messageid: 82957 jobid: 2374 cid: 18 message: <em style='color: #877d0f;'>IP</em>:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 290 secs). properties: { "class_name": "CmonJobMessage", "created": "2024-11-05T03:08:57.000Z", "file_name": "/root/cmonsrc/src/Galera.cpp", "job_id": 2374, "line_number": 4909, "message_id": -1, "message_status": "JOB_SUCCESS", "message_text": "<em style='color: #877d0f;'>IP</em>:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 290 secs)." } exit_code: 0 report_ts: 2024-11-05 03:08:57 ********** 439. row ********** messageid: 82956 jobid: 2374 cid: 18 message: <em style='color: #877d0f;'>IP</em>:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 300 secs). properties: { "class_name": "CmonJobMessage", "created": "2024-11-05T03:08:47.000Z", "file_name": "/root/cmonsrc/src/Galera.cpp", "job_id": 2374, "line_number": 4909, "message_id": -1, "message_status": "JOB_SUCCESS", "message_text": "<em style='color: #877d0f;'>IP</em>:3306: node state GALERA_NODE_MYSQL_DISCONNECTED, expected state GALERA_NODE_SYNCED - waiting (timeout in 300 secs)." } exit_code: 0 report_ts: 2024-11-05 03:08:47

kerem commented 2026-03-03 13:59:03 +03:00

Author

Owner

Copy link

@konstruktoid commented on GitHub (Dec 16, 2024):

Try running sudo aa-complain <process name> and see if there's any policy changes required.
To update the profile afterwards, run sudo aa-logprof and then enforce the profile again.

<!-- gh-comment-id:2544871961 --> @konstruktoid commented on GitHub (Dec 16, 2024): Try running `sudo aa-complain <process name>` and see if there's any policy changes required. To update the profile afterwards, run `sudo aa-logprof` and then enforce the profile again.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#87

No description provided.