Uploaded image for project: 'Percona XtraDB Cluster'
  1. Percona XtraDB Cluster
  2. PXC-3513

Suppport "alter instance reload tls" for Galera connections

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 8.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      As of Mysql 8.0.16 the tls profile is dynamic and can be reloaded by issuing "alter instance reload tls": https://dev.mysql.com/doc/refman/8.0/en/using-encrypted-connections.html

      Unfortunately this does not reload the TLS profile for the synchronous galera connections so any new connections to 4567 are still presented the old certificate.

       

      If listener on port 4567 could be notified to reload the TLS profile when the command is issued that would mean zero downtime for TLS profile changes

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              eskinner Evan Jardine-Skinner
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Smart Checklist