Skip to content

Use consistent values for ssl-ca, ssl-cert and ssl-key #1521

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use consistent values for ssl-ca, ssl-cert and ssl-key #1521

wants to merge 1 commit into from

Conversation

smortex
Copy link
Contributor

@smortex smortex commented Dec 20, 2022
edited
Loading

The default value of the server's ssl-ca, ssl-cert and ssl-key
parameters are system-dependent:

  • Some systems set these parameters to undef;
  • Some systems set these parameters to a filename which is not managed
    by the module.

Recent versions of MariaDB insist on being able to read the files these
parameters point to even if TLS is not in use. As a consequence,
MariaDB is broken and cannot start successfully.

Always use undef as the default version of these parameters so that
users have the same experience regardless of the Operating System they
are running.

Existing PR #1511 and #1512 propose a partial fix focused on the
current breakage of MariaDB on RedHat and Debian OS families. This PR
is proposed as an alternative to bring consistent configuration across
all systems.

Fixes #1509

@smortex
Use consistent values for ssl-ca, ssl-cert and ssl-key
af03ae1 
The default value of the server's ssl-ca, ssl-cert and ssl-key
parameters are system-dependant:
  * Some systems set these parameters to `undef`;
  * Some systems set these parameters to a filename which is not managed
    by the module.

Recent versions of MariaDB insist on being able to reatd the files these
parameters point to even if TLS is not in use.  As a consequence,
MariaDB is broken and cannot start successfuly.

Always use `undef` as the default version of these parameters so that
users have the same experience regardless of the Operating System they
are runnning.
@smortex smortex requested a review from a team as a code owner December 20, 2022 18:07
@puppet-community-rangefinder
Copy link

mysql::params is a class

Breaking changes to this file WILL impact these 2 modules (exact match):
Breaking changes to this file MAY impact these 1 modules (near match):

This module is declared in 140 of 580 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@LukasAud
Copy link
Contributor

Hi @smortex, thanks for your contribution. I'm taking a look around your PR and it looks good so far but I just wanted to make sure that it is still relevant. Last week we merged the following fix for issue #1509. Did this fix not address properly the issue?

@smortex
Copy link
Contributor Author

smortex commented Dec 22, 2022

@LukasAud good catch! I missed the release that fixed the root cause and was following up on #1511 and #1512. I guess these PR can be closed too.

@smortex smortex closed this Dec 22, 2022
@smortex smortex deleted the consistent-ssl branch December 22, 2022 02:01
@LukasAud
Copy link
Contributor

No worries, thanks for taking the time to work on a solution. We always appreciate community contributions. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSL cert/key params in server.cnf break new versions of mariadb. SSL is disabled.
3 participants
@smortex @LukasAud @ia-content