Skip to content

Commit

Permalink
MySQL: add Support for local SSL connection (ClusterLabs#1682)
Browse files Browse the repository at this point in the history 
* Support for MySQL local SSL connection

Co-authored-by: Ivan Golman <ivan.golman@dkd.de>
  • Loading branch information
@igolman
igolman and Ivan Golman authored Aug 11, 2021
1 parent 8c3c972 commit 201240b
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
9 changes: 9 additions & 0 deletions heartbeat/mysql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,15 @@ The port on which the Master MySQL instance is listening.
<content type="string" default="${OCF_RESKEY_replication_port_default}" />
</parameter>
<parameter name="replication_require_ssl" unique="0" required="0">
<longdesc lang="en">
Enables SSL connection to local MySQL service for replication user.
i.e. if REQUIRE SSL for replication user in MySQL set, this should be set to "true".
</longdesc>
<shortdesc lang="en">MySQL replication require ssl</shortdesc>
<content type="string" default="${OCF_RESKEY_replication_require_ssl_default}" />
</parameter>
<parameter name="replication_master_ssl_ca" unique="0" required="0">
<longdesc lang="en">
The SSL CA certificate to be used for replication over SSL.
Expand Down
9 changes: 8 additions & 1 deletion heartbeat/mysql-common.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ OCF_RESKEY_additional_parameters_default=""
OCF_RESKEY_replication_user_default="root"
OCF_RESKEY_replication_passwd_default=""
OCF_RESKEY_replication_port_default="3306"
OCF_RESKEY_replication_require_ssl_default="false"
OCF_RESKEY_replication_master_ssl_ca_default=""
OCF_RESKEY_replication_master_ssl_cert_default=""
OCF_RESKEY_replication_master_ssl_key_default=""
Expand Down Expand Up @@ -81,6 +82,7 @@ MYSQL_BINDIR=`dirname ${OCF_RESKEY_binary}`
: ${OCF_RESKEY_replication_user=${OCF_RESKEY_replication_user_default}}
: ${OCF_RESKEY_replication_passwd=${OCF_RESKEY_replication_passwd_default}}
: ${OCF_RESKEY_replication_port=${OCF_RESKEY_replication_port_default}}
: ${OCF_RESKEY_replication_require_ssl=${OCF_RESKEY_replication_require_ssl_default}}
: ${OCF_RESKEY_replication_master_ssl_ca=${OCF_RESKEY_replication_master_ssl_ca_default}}
: ${OCF_RESKEY_replication_master_ssl_cert=${OCF_RESKEY_replication_master_ssl_cert_default}}
: ${OCF_RESKEY_replication_master_ssl_key=${OCF_RESKEY_replication_master_ssl_key_default}}
Expand All @@ -94,8 +96,13 @@ MYSQL_BINDIR=`dirname ${OCF_RESKEY_binary}`
# Convenience variables

MYSQL=$OCF_RESKEY_client_binary
if ocf_is_true "$OCF_RESKEY_replication_require_ssl"; then
MYSQL_OPTIONS_LOCAL_SSL_OPTIONS="--ssl"
else
MYSQL_OPTIONS_LOCAL_SSL_OPTIONS=""
fi
MYSQL_OPTIONS_LOCAL="-S $OCF_RESKEY_socket"
MYSQL_OPTIONS_REPL="$MYSQL_OPTIONS_LOCAL --user=$OCF_RESKEY_replication_user --password=$OCF_RESKEY_replication_passwd"
MYSQL_OPTIONS_REPL="$MYSQL_OPTIONS_LOCAL_SSL_OPTIONS $MYSQL_OPTIONS_LOCAL --user=$OCF_RESKEY_replication_user --password=$OCF_RESKEY_replication_passwd"
MYSQL_OPTIONS_TEST="$MYSQL_OPTIONS_LOCAL --user=$OCF_RESKEY_test_user --password=$OCF_RESKEY_test_passwd"
MYSQL_TOO_MANY_CONN_ERR=1040

Expand Down

0 comments on commit 201240b

Please sign in to comment.