Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2344

Support MASTER_SSL in mariadbmon for encrypting replication traffic

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.4
    • Fix Version/s: 2.3.6
    • Component/s: mariadbmon
    • Labels:
      None
    • Environment:
      VM and container linux 7.6-centos
    • Sprint:
      MXS-SPRINT-79, MXS-SPRINT-80

      Description

      Need MaxScale to support encryption of replication traffic between database nodes of the local cluster being monitored as well as between the local master and the master of a remote data center.

      We have been able to provide most of the SSL configuration (certificates, keys, etc) by configuring a /etc/my.cnf.d/client.cnf file on each local node. This way I believe MaxScale needs only support the MASTER_SSL=1 option on the CHANGE MASTER TO command during failover.

      Nokia has a mandatory security requirement that states that all replication traffic must be encrypted.

        Attachments

          Activity

            People

            Assignee:
            esa.korhonen Esa Korhonen
            Reporter:
            rvlane Richard Lane
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration