Charmed MySQL

  • By Canonical Data Platform
  • Cloud
Channel Revision Published Runs on
8.0/stable 196 29 Sep 2023
Ubuntu 22.04
8.0/candidate 196 27 Sep 2023
Ubuntu 22.04
8.0/beta 196 25 Sep 2023
Ubuntu 22.04
8.0/edge 203 01 Dec 2023
Ubuntu 22.04
juju deploy mysql --channel 8.0/stable
Show information

Platform:

Ubuntu
22.04

How to enable encryption

:information_source: Hint: Use Juju 3. Otherwise replace juju run ... with juju run-action --wait ... and juju integrate with juju relate for Juju 2.9.

:warning: Warning: The document uses ‘self-signed-certificates’ which is NOT recommended for production clusters, the ‘tls-certificates-operator’ should be considered for production!

Enable TLS

# deploy the TLS charm
juju deploy self-signed-certificates --channel edge

# to enable TLS relate the two applications
juju integrate self-signed-certificates mysql

Manage keys

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note: passing the key should only be done with base64 -w0 not cat. With three units this schema should be followed:

  • Generate a shared internal (private) key
openssl genrsa -out internal-key.pem 3072
  • apply newly generated internal key on each juju unit:
juju run mysql/0 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/1 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/2 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
  • updates can also be done with auto-generated keys with
juju run mysql/0 set-tls-private-key
juju run mysql/1 set-tls-private-key
juju run mysql/2 set-tls-private-key

Disable TLS remove the relation

juju remove-relation self-signed-certificates mysql

Help improve this document in the forum (guidelines). Last updated 2 months ago.