Mysql Router

  • MySQL Charm Maintainers
  • Cloud
Channel Revision Published Runs on
latest/edge 256 16 Oct 2024
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 255 16 Oct 2024
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 254 16 Oct 2024
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 253 16 Oct 2024
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 201 19 Jun 2024
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 108 12 Sep 2023
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge 62 10 Feb 2023
Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
8.0/stable 257 17 Oct 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/candidate 225 28 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/candidate 224 28 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/candidate 223 28 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/beta 225 23 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/beta 224 23 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/beta 223 23 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/edge 260 25 Oct 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/edge 259 25 Oct 2024
Ubuntu 22.04 Ubuntu 20.04
dpe/edge 258 25 Oct 2024
Ubuntu 22.04 Ubuntu 20.04
8.0.19/stable 26 05 May 2022
Ubuntu 22.04 Ubuntu 20.04
8.0.19/edge 26 05 May 2022
Ubuntu 22.04 Ubuntu 21.10 Ubuntu 21.04 Ubuntu 20.10 Ubuntu 20.04
8.0.19/edge 15 26 Apr 2022
Ubuntu 22.04 Ubuntu 21.10 Ubuntu 21.04 Ubuntu 20.10 Ubuntu 20.04
juju deploy mysql-router --channel dpe/candidate
Show information

Platform:

Ubuntu
24.04 23.10 23.04 22.10 22.04 21.10 21.04 20.10 20.04

This is part of the Charmed MySQLRouter Tutorial. Please refer to this page for more information and the overview of the content

Enable encryption with TLS

Transport Layer Security (TLS) is a protocol used to encrypt data exchanged between two applications. Essentially, it secures data transmitted over a network.

Typically, enabling TLS internally within a highly available database or between a highly available database and client/server applications requires a high level of expertise. This has all been encoded into Charmed MySQLRouter so that configuring TLS requires minimal effort on your end.

TLS is enabled by integrating Charmed MySQLRouter with the Self Signed Certificates Charm. This charm centralises TLS certificate management consistently and handles operations like providing, requesting, and renewing TLS certificates.

In this section, you will learn how to enable security in your MySQLRouter deployment using TLS encryption.

Self-signed certificates are not recommended for a production environment.

Check this guide for an overview of the TLS certificates charms available.


Enable TLS

Before enabling TLS on Charmed MySQLRouter, we must first deploy the self-signed-certificates charm:

juju deploy self-signed-certificates --config ca-common-name="Tutorial CA"

Wait until the self-signed-certificates is up and active, then use juju status –watch 1s to monitor the progress:

Model 	Controller  Cloud/Region     	Version  SLA      	Timestamp
database  lxd     	localhost/localhost  3.1.8	unsupported  18:47:51Z

App                   	Version      	Status  Scale  Charm                 	Channel 	Rev  Exposed  Message
mysql                 	8.0.34-0ubun...  active  	1  mysql                 	8.0/stable  196  no  	 
mysql-router          	8.0.36-0ubun...  active  	1  mysql-router                        	103  no  	 
mysql-test-app        	0.0.2        	active  	1  mysql-test-app        	stable   	36  no  	 
self-signed-certificates               	active  	1  self-signed-certificates  stable   	72  no  	 

Unit                     	Workload  Agent  Machine  Public address  Ports       	Message
mysql-test-app/0*        	active	idle   1    	10.205.193.227             	 
  mysql-router/0*        	active	idle        	10.205.193.227             	 
mysql/0*                 	active	idle   0    	10.205.193.171  3306,33060/tcp  Primary
self-signed-certificates/0*  active	idle   2    	10.205.193.175             	 

Machine  State	Address     	Inst id    	Base      	AZ  Message
0    	started  10.205.193.171  juju-3c2f36-0  ubuntu@22.04  	Running
1    	started  10.205.193.227  juju-3c2f36-1  ubuntu@22.04  	Running
2    	started  10.205.193.175  juju-3c2f36-2  ubuntu@22.04  	Running

To enable TLS on Charmed MySQLRouter, integrate the two applications:

juju integrate mysql-router self-signed-certificates

Check the TLS certificate in use:

Use openssl to connect to MySQLRouter in the juju machine, and check the TLS certificate in use:

ubuntu@localhost:~$ juju ssh mysql-router/0 "openssl s_client -showcerts -starttls mysql -unix /var/snap/charmed-mysql/common/run/mysqlrouter/mysql.sock < /dev/null  | openssl x509 -text | grep Issuer"
...
    	Issuer: C = US, CN = Tutorial CA
...

Congratulations! MySQLRouter is now using a TLS certificate generated by the external application self-signed-certificates.

Disable TLS

To remove the external TLS and return to the locally generated one, unrelate the applications:

juju remove-relation mysql-router self-signed-certificatese

Check the TLS certificate in use:

ubuntu@localhost:~$ juju ssh mysql-router/0 "openssl s_client -showcerts -starttls mysql -unix /var/snap/charmed-mysql/common/run/mysqlrouter/mysql.sock < /dev/null  | openssl x509 -text | grep Issuer"

The output should be similar to:

...
    	Issuer: CN = MySQL_Router_Auto_Generated_CA_Certificate
...

The Charmed MySQLRouter application reverted to the placeholder certificate that was created locally during the MySQLRouter installation.


Help improve this document in the forum (guidelines). Last updated 6 months ago.