Charmed MySQL

  • By Canonical Data Platform
  • Cloud
Channel Revision Published Runs on
8.0/stable 196 29 Sep 2023
Ubuntu 22.04
8.0/candidate 196 27 Sep 2023
Ubuntu 22.04
8.0/beta 196 25 Sep 2023
Ubuntu 22.04
8.0/edge 196 08 Sep 2023
Ubuntu 22.04
juju deploy mysql --channel 8.0/stable
Show information



How to enable encryption

:information_source: Hint: Use Juju 3. Otherwise replace juju run ... with juju run-action --wait ... and juju integrate with juju relate for Juju 2.9.

:warning: Warning: The document uses ‘self-signed-certificates’ which is NOT recommended for production clusters, the ‘tls-certificates-operator’ should be considered for production!

Enable TLS

# deploy the TLS charm
juju deploy self-signed-certificates --channel edge

# to enable TLS relate the two applications
juju integrate self-signed-certificates mysql

Manage keys

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note: passing the key should only be done with base64 -w0 not cat. With three units this schema should be followed:

  • Generate a shared internal (private) key
openssl genrsa -out internal-key.pem 3072
  • apply newly generated internal key on each juju unit:
juju run mysql/0 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/1 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/2 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
  • updates can also be done with auto-generated keys with
juju run mysql/0 set-tls-private-key
juju run mysql/1 set-tls-private-key
juju run mysql/2 set-tls-private-key

Disable TLS remove the relation

juju remove-relation self-signed-certificates mysql

Help us improve this documentation

Most of this documentation can be collaboratively discussed and changed on the respective topic in the doc category of the Charmhub forum. See the documentation guidelines if you’d like to contribute.

Last updated 26 days ago. Help improve this document in the forum.