Details
-
Improvement
-
Status: Done
-
Medium
-
Resolution: Fixed
-
1.17.1
-
0
-
28W2017Y (07/10-07/16 ) R
Description
For now,
The problem:
If you try to add mysql instance with MySQL's SSL user:
[[email protected] ~]$ sudo pmm-admin add mysql --defaults-file=/home/shahriyar.rzaev/sandboxes/rsandbox_Percona-Server-5_6_35/master/my.sandbox.cnf --user=jeffrey --password=msandbox --socket=/tmp/mysql_sandbox23700.sock msb_5_6_35 [linux:metrics] OK, already monitoring this system. [mysql:metrics] Cannot connect to MySQL: Error 1045: Access denied for user 'jeffrey'@'localhost' (using password: YES) Verify that MySQL user exists and has the correct privileges. Use additional flags --user, --password, --host, --port, --socket if needed.
The possible ways to connect to MySQL using ssl user are:
1. Putting ssl things under [client] in my.cnf
[client] user = jeffrey password = msandbox port = 23700 socket = /tmp/mysql_sandbox23700.sock ssl-ca=/home/shahriyar.rzaev/newcerts/ca.pem ssl-cert=/home/shahriyar.rzaev/newcerts/client-cert.pem ssl-key=/home/shahriyar.rzaev/newcerts/client-key.pem
2. Connecting directly by specifying with --ssl-ca --ssl-cert and --ssl-key options.
Full option list:
[[email protected] Percona_Servers]$ ./5.7.17/bin/mysql --help | grep ssl --ssl-mode=name SSL connection mode. --ssl Deprecated. Use --ssl-mode instead. (Defaults to on; use --skip-ssl to disable.) --ssl-verify-server-cert Deprecated. Use --ssl-mode=VERIFY_IDENTITY instead. --ssl-ca=name CA file in PEM format. --ssl-capath=name CA directory. --ssl-cert=name X509 cert in PEM format. --ssl-cipher=name SSL cipher to use. --ssl-key=name X509 key in PEM format. --ssl-crl=name Certificate revocation list. --ssl-crlpath=name Certificate revocation list path.
The result:
pmm-admin should act as much similar as mysql client, with supporting both available options.
Attachments
Issue Links
- blocks
-
SFR-220 Loading...
