PDA

View Full Version : SSL "enabled" but not "working"..



mrigank.mishra
October 3rd, 2008, 05:03 AM
Hi!

I tried to take SSL-enabled backups. The backup went fine but when I tried to analyze the packets with a packet-grabber, they were unencrypted - I was able to see all the logical commands of the MySQL protocol.. The MySQL server is starting properly with the required SSL-options (MySQL client connects properly to the server when we do the same thing locally..).
The options I used are below:

backup-mode = logical
SSL-options= ssl-ca=CA_CERTIFICATE_PATH ssl-cert=CLIENT_CERTIFICATE_PATH ssl-key=CLIENT_KEY_PATH
user=mysql_backup_usr


Can somebody help me with this?? I have been stuck with this problem for sometime now...

I tried to connect to the mysql client, through
mysql -u root

but it threw the "can't connect through /tmp/..../.sock" error.

Also, I found that the following files are necessary for ZRM functioning but are not provided by the ZRM package. Does this mean we have to install the MySQL client on the ZRM server also??? I fixed it by installing the MySQL client on the ZRM machine. These files are:
mysqldump, mysql, mysqladmin, mysqlbinlog, mysqlhotcopy

Help needed...

paddy
October 3rd, 2008, 09:04 AM
Hi!

I tried to take SSL-enabled backups. The backup went fine but when I tried to analyze the packets with a packet-grabber, they were unencrypted - I was able to see all the logical commands of the MySQL protocol.. The MySQL server is starting properly with the required SSL-options (MySQL client connects properly to the server when we do the same thing locally..).
The options I used are below:

backup-mode = logical
SSL-options= ssl-ca=CA_CERTIFICATE_PATH ssl-cert=CLIENT_CERTIFICATE_PATH ssl-key=CLIENT_KEY_PATH
user=mysql_backup_usr




You are seeing MySQL issues. You should check if you are able to do mysqldump using ssl options in my.cnf. Check whether packets are encrypted or not.




Can somebody help me with this?? I have been stuck with this problem for sometime now...

I tried to connect to the mysql client, through
mysql -u root

but it threw the "can't connect through /tmp/..../.sock" error.

Also, I found that the following files are necessary for ZRM functioning but are not provided by the ZRM package. Does this mean we have to install the MySQL client on the ZRM server also??? I fixed it by installing the MySQL client on the ZRM machine. These files are:
mysqldump, mysql, mysqladmin, mysqlbinlog, mysqlhotcopy

Help needed...

mysqldump, mysql, mysqladmin, mysqlbinlog and mysqlhotcopy are MySQL client commands and they are part of MySQL client package.

ZRM folks do not build or maintain them. Our documentation clearly states the ZRM does depend on MySQL client package. http://mysqlbackup.zmanda.com/index.php/Pre-Installation#Pre-Installation_Checks

Paddy

mrigank.mishra
October 4th, 2008, 03:59 AM
ZRM folks do not build or maintain them. Our documentation clearly states the ZRM does depend on MySQL client package. http://mysqlbackup.zmanda.com/index....llation_Checks

Thank you very much for the information rendered, but I believe that you could "explicitly" ask the users to install the MySQL Client... anyways..

I finally got the SSL-part to work as there was some error with the certificate access which I fixed.

By the way, is it mentioned clearly in your documentation that one need to enter the certificate and key information in the my.cnf on the Zmanda server..?? It tells the MySQL Client about the SSL-options to be used...