Add TLS handling for the retrieval of MariaDB grants

In this patchset, when TLS is enabled, command line options
are added to provide the needed certificates for the invocation
of pt-show-grants during the MariaDB backup process.

Change-Id: I38eacb27ee0051e96c9fb2ba62773e84725ee868
This commit is contained in:
Huang, Sophie (sh879n) 2020-08-17 16:49:17 +00:00
parent 1851b47fdf
commit ba601e0cba
2 changed files with 8 additions and 1 deletions

View File

@ -51,7 +51,15 @@ dump_databases_to_directory() {
printf "%s\n" "${MYSQL_DBNAMES[@]}" > $TMP_DIR/db.list
#Retrieve and create the GRANT file for all the users
{{- if .Values.manifests.certificates }}
SSL_DSN=";mysql_ssl=1"
SSL_DSN="$SSL_DSN;mysql_ssl_client_key=/etc/mysql/certs/tls.key"
SSL_DSN="$SSL_DSN;mysql_ssl_client_cert=/etc/mysql/certs/tls.crt"
SSL_DSN="$SSL_DSN;mysql_ssl_ca_file=/etc/mysql/certs/ca.crt"
if ! pt-show-grants --defaults-file=/etc/mysql/admin_user.cnf $SSL_DSN \
{{- else }}
if ! pt-show-grants --defaults-file=/etc/mysql/admin_user.cnf \
{{- end }}
2>>"$LOG_FILE" > "$TMP_DIR"/grants.sql; then
log ERROR "Failed to create GRANT for all the users"
return 1

View File

@ -47,7 +47,6 @@ RESTORE_CMD="mysql \
--password=${RESTORE_PW} \
--host=$MARIADB_SERVER_SERVICE_HOST \
{{- if .Values.manifests.certificates }}
--ssl-verify-server-cert=false \
--ssl-ca=/etc/mysql/certs/ca.crt \
--ssl-key=/etc/mysql/certs/tls.key \
--ssl-cert=/etc/mysql/certs/tls.crt \