Enable database TLS on 2025.1#2245
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enables internal and backend database TLS by upgrading ProxySQL to version 3.0.x and adding the necessary certificate generation tasks. A review comment identifies a hardcoded path in the root CA copy task that should be parameterized with the stackhpc_ca_secret_store variable to support different secret store backends.
seunghun1ee
force-pushed
the
enable-database-tls
branch
2 times, most recently
from
b34e018 to
6a816f6
Compare
seunghun1ee
force-pushed
the
enable-database-tls
branch
from
012fcf4 to
80b714f
Compare
seunghun1ee
force-pushed
the
enable-database-tls
branch
2 times, most recently
from
984f1bb to
217e3a1
Compare
|
@seunghun1ee what's the intention here? This PR has been stuck in draft for a while. Is it waiting for something else to merge? |
|
This is currently actively worked on and dependent on https://review.opendev.org/c/openstack/kolla-ansible/+/986381 |
This tag includes ProxySQL 3.0
|
Should we just include this in 2026.1? |
|
Happy Friday @seunghun1ee, this is a friendly reminder that this PR is waiting for your changes or response. Please take a look when you have a moment! Note: Once your changes are ready, remove the |
2 participants
Upstream Kolla-Ansible backported ProxySQL 3.0.x to 2025.1 release.
https://review.opendev.org/c/openstack/kolla-ansible/+/974712
https://review.opendev.org/c/openstack/kolla/+/974429
ProxySQL 3.0.x has a fix for the bug sysown/proxysql#4877 which prevented using TLS between database and ProxySQL.
Re-enable Database TLS and add tasks for creating certificates for ProxySQL.
Note: Two variables
database_enable_tls_internalanddatabase_enable_tls_backendhave default valuetruebut these are still explicitly set totrueto ensure existing systems can also get effect.