Page MenuHomePhabricator

Use tls for dump backup generation
Open, MediumPublic

Description

Some database hosts have already enabled and require TLS by default, others don't. That creates difficulties when running mysqldump, as it can sometimes fail. I have deployed https://gerrit.wikimedia.org/r/323420 as a temporary workaround, but a proper fix is needed for the client creating the backups to adopt TLS so it doesn't fail AND it is secure.

This is probably something that can be done at the same time that dbstore1001 gets its new disks (T143874).

Related Objects

Event Timeline

1978Gage2001 moved this task from Triage to In progress on the DBA board.

This needs more work, probably recompile mydumper to support modern standards (TLS1.2+).