[MXS-3212] Server SSL configuration cannot be defined at runtime Created: 2020-09-28  Updated: 2020-10-08  Resolved: 2020-10-08

Status: Closed
Project: MariaDB MaxScale
Component/s: Core
Affects Version/s: None
Fix Version/s: 2.5.5

Type: Bug Priority: Blocker
Reporter: Filip Petrov (Inactive) Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None

Attachments: PNG File Auth Error.png     File maxscale.cnf    

 Description   

When a server is created at runtime, the SSL configuration could be defined with the alter server command in previous versions. In 2.5 this will modify the configuration but it will not create the required OpenSSL objects.

Original description:

After applying property require_secure_transport="ON" inside mariadb.cnf server not able to connect to Maxscale. Used Maxscale image: mariadb/maxscale:2.5.3-1, Mariadb Server image: mariadb/enterprise-server:10.5.5-3-1

Tested on Topologies:

  • Master/Slave
  • HTAP

When property is removed from configuration, it's working fine.



 Comments   
Comment by markus makela [ 2020-09-30 ]

Please upload the MaxScale configuration you are using.

Comment by Petko Vasilev (Inactive) [ 2020-09-30 ]

I added the maxscale configs
They are mostly dynamically generated through the API and so on, so I merged them in a single file
This is specifically the configs for a master/slave with 1 master and 1 slave.

Comment by markus makela [ 2020-09-30 ]

It seems the configuration doesn't enable SSL which explains why it won't work. Make sure you define the certificates and required configuration parameters when the servers are being created.

Comment by markus makela [ 2020-09-30 ]

I'll close this as Not a Bug for now. If you find some problems that prevent the servers from being created with SSL, please let us know and we'll reopen the issue.

Comment by Filip Petrov (Inactive) [ 2020-09-30 ]

markus makelaCan you send what are the required parameters to be added in MaxScale cnf.

Comment by markus makela [ 2020-10-01 ]

The ssl=true parameter must be defined for servers to enable SSL. If you don't use the system certificates, also define ssl_ca_cert. You can find all the TLS configuration parameters here: https://mariadb.com/kb/en/mariadb-maxscale-25-mariadb-maxscale-configuration-guide/#tlsssl-encryption

Comment by Filip Petrov (Inactive) [ 2020-10-01 ]

markus makela Those properties are defined in the maxscale.cnf and still not working.

Generated at Thu Feb 08 04:19:46 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.