Add TLS handling for the retrieval of MariaDB grants
In this patchset, when TLS is enabled, command line options are added to provide the needed certificates for the invocation of pt-show-grants during the MariaDB backup process. Change-Id: I38eacb27ee0051e96c9fb2ba62773e84725ee868
This commit is contained in:
parent
1851b47fdf
commit
ba601e0cba
mariadb/templates/bin
@ -51,7 +51,15 @@ dump_databases_to_directory() {
|
||||
printf "%s\n" "${MYSQL_DBNAMES[@]}" > $TMP_DIR/db.list
|
||||
|
||||
#Retrieve and create the GRANT file for all the users
|
||||
{{- if .Values.manifests.certificates }}
|
||||
SSL_DSN=";mysql_ssl=1"
|
||||
SSL_DSN="$SSL_DSN;mysql_ssl_client_key=/etc/mysql/certs/tls.key"
|
||||
SSL_DSN="$SSL_DSN;mysql_ssl_client_cert=/etc/mysql/certs/tls.crt"
|
||||
SSL_DSN="$SSL_DSN;mysql_ssl_ca_file=/etc/mysql/certs/ca.crt"
|
||||
if ! pt-show-grants --defaults-file=/etc/mysql/admin_user.cnf $SSL_DSN \
|
||||
{{- else }}
|
||||
if ! pt-show-grants --defaults-file=/etc/mysql/admin_user.cnf \
|
||||
{{- end }}
|
||||
2>>"$LOG_FILE" > "$TMP_DIR"/grants.sql; then
|
||||
log ERROR "Failed to create GRANT for all the users"
|
||||
return 1
|
||||
|
@ -47,7 +47,6 @@ RESTORE_CMD="mysql \
|
||||
--password=${RESTORE_PW} \
|
||||
--host=$MARIADB_SERVER_SERVICE_HOST \
|
||||
{{- if .Values.manifests.certificates }}
|
||||
--ssl-verify-server-cert=false \
|
||||
--ssl-ca=/etc/mysql/certs/ca.crt \
|
||||
--ssl-key=/etc/mysql/certs/tls.key \
|
||||
--ssl-cert=/etc/mysql/certs/tls.crt \
|
||||
|
Loading…
Reference in New Issue
Block a user