/etc/my.cnf.d/tripleo.cnf doesn't expose SSL configuration for [client] section
Bug #1829758 reported by
Damien Ciabrini
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Damien Ciabrini |
Bug Description
TripleO-specific database configuration are stored in a dedicated file /etc/my.
[tripleo]
bind-address=
ssl=1
ssl-ca=/path/to/ca
We explicitly set those configuration flag under [tripleo] because option bind-address in only known by MySQL and not MariaDB. OpenStack python client are then configured to parse options from this section (including bind-address which is supported by PyMySQL).
This has a limitation, in that the command 'mysql' (the regular command-line SQL shell) does not parse this section automatically, and thus doesn't use the proper TLS configuration to connect to the mysql server.
tags: | added: stein-backport-potential |
tags: | added: rocky-backport-potential |
tags: | added: queens-backport-potential |
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → train-1 |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/660143
Review: https:/