As far as i can tell, it currently tries to use ssl but fails with cert verification issues, and then falls back to plain-text.
MySQLTopologyUseMixedTLS to true, but i suspect we need to also set MySQLTopologySSLCAFile.
As far as i can tell, it currently tries to use ssl but fails with cert verification issues, and then falls back to plain-text.
MySQLTopologyUseMixedTLS to true, but i suspect we need to also set MySQLTopologySSLCAFile.
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
orchestrator: Require ssl connections to db servers | operations/puppet | production | +2 -0 |
Looking at the code, it looks like this is what happens:
Change 639765 had a related patch set uploaded (by Kormat; owner: Kormat):
[operations/puppet@production] orchestrator: Require ssl connections to db servers
Change 639765 merged by Kormat:
[operations/puppet@production] orchestrator: Require ssl connections to db servers
Fixed by https://gerrit.wikimedia.org/r/639765. From the commit description:
The orchestrator docs are a bit misleading here; If you set
MySQLTopologyUseMutualTLS it means ssl is required; if you _don't_ set
MySQLTopologySSLCertFile then it doesn't try to do TLS client
authentication.