I wanted to activate encrypted SST using mariabackup. SST was working fine without encryption. I switched it on with the following config changes:
encrypt=3 (i also tried encrypt 4)
tkey=/var/lib/mysql/pki/sst/privkey.pem
tcert=/var/lib/mysql/pki/sst/fullchain.pem
syslog contains "Both the certificate file and the key file must be readable"
I think they are :
-rwxr-x--- 1 mysql mysql 2338 Feb 25 15:43 fullchain.pem
-rwxr-x--- 1 mysql mysql 3243 Feb 25 15:43 privkey.key
Errors are found in the mysql error log:
WSREP: Failed to read 'ready <addr>' from: wsrep_sst_mariabackup --role 'joiner' --address '20.0.0.40' --datadir '/var/lib/mysql/' --parent '123214' --mysqld-args --wsrep_start_position=e3ae9a28-94bb-11ec-ad06-471ad9aca501:110
WSREP: Process completed with error: wsrep_sst_mariabackup --role 'joiner' --address '20.0.0.40' --datadir '/var/lib/mysql/' --parent '123214' --mysqld-args --wsrep_start_position=e3ae9a28-94bb-11ec-ad06-471ad9aca501:110: 22 (Invalid argument)