Charmed MySQL

  • By Canonical Data Platform
  • Cloud
Channel Revision Published Runs on
8.0/stable 196 29 Sep 2023
Ubuntu 22.04
8.0/candidate 239 10 Jun 2024
Ubuntu 22.04
8.0/beta 239 10 Jun 2024
Ubuntu 22.04
8.0/edge 239 10 Jun 2024
Ubuntu 22.04
juju deploy mysql --channel 8.0/stable
Show information

Platform:

Ubuntu
22.04

Note: All commands are written for juju >= v.3.1

If you’re using juju 2.9, check the juju 3.0 Release Notes.

How to enable TLS encryption

This guide will show how to enable TLS using the self-signed-certificates operator as an example.

Self-signed certificates are not recommended for a production environment.

Check this guide for an overview of the TLS certificates charms available.


Enable TLS

First, deploy the TLS charm:

juju deploy self-signed-certificates

To enable TLS, integrate the two applications:

juju integrate self-signed-certificates mysql

Manage keys

Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note that passing keys to external/internal keys should only be done with base64 -w0, not cat.

With three replicas, this schema should be followed:

Generate a shared internal (private) key

openssl genrsa -out internal-key.pem 3072

Apply the newly generated internal key on each juju unit:

juju run mysql/0 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/1 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"
juju run mysql/2 set-tls-private-key "internal-key=$(base64 -w0 internal-key.pem)"

Updates can also be done with auto-generated keys:

juju run mysql/0 set-tls-private-key
juju run mysql/1 set-tls-private-key
juju run mysql/2 set-tls-private-key

Disable TLS

Disable TLS by removing the integration:

juju remove-relation self-signed-certificates mysql

Help improve this document in the forum (guidelines). Last updated 2 months ago.