624056be02
This patch removes `proxysql_project_database_internal_tls_enable` variable and also 'use_ssl: 1' option from ProxySQL's user configuration. The reason for this removal is that when 'use_ssl: 1' option is enabled on the ProxySQL frontend side, ProxySQL does not allow non-TLS connections. This, of course, breaks upgrades or reconfigurations when an operator enables TLS, as it blocks all non-TLS service connections at the moment of switching. Simply said, we do not need to, nor can we, strictly enforce user connections over TLS because it disrupts reconfiguration and upgrades. Instead, it is sufficient to reconfigure the service to connect over TLS - which is already implemented. It also corrects the `database_enable_tls_internal` variable, ensuring it is enabled only when `kolla_enable_tls_internal` is enabled, rather than `kolla_enable_tls_backend`. Closes-Bug: #2086466 Change-Id: I6c56b144a81f800e062d6670733ca606733c9e1b
6 lines
124 B
YAML
6 lines
124 B
YAML
---
|
|
fixes:
|
|
- |
|
|
Fixes proxysql-config's TLS DB configuration.
|
|
`LP#2086466 <https://launchpad.net/bugs/#2086466>`__
|