the issue us that in tls-everywhere scenario we don't have a mysql.cnf, which has a [client] section which tells the mysql client triggered in /usr/share/placement/mysql-migrate-db.sh [1] to use ssl.
After initial discussion, seems we should add a [client] section to either triplo.cnf or another mysql config file to let the client know ssl needs to be used.
the issue us that in tls-everywhere scenario we don't have a mysql.cnf, which has a [client] section which tells the mysql client triggered in /usr/share/ placement/ mysql-migrate- db.sh [1] to use ssl.
After initial discussion, seems we should add a [client] section to either triplo.cnf or another mysql config file to let the client know ssl needs to be used.
[1] https:/ /github. com/openstack/ tripleo- heat-templates/ blob/master/ deployment/ placement/ placement- api-container- puppet. yaml#L247