Hello all, I'm trying to convert my percona cluster over to require ssl connections from clients and I'm having trouble getting the openstack services to connect. When I set ssl_type to 'ANY' for one of the openstack service users (e.g. keystone), the service fails to connect:
2016-12-28 02:34:58.303 8389 ERROR keystone.common.wsgi OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'<hostname>' (using password: YES)") I can use the mysql client with the --ssl-mode REQUIRED using the keystone user's credentials. If I set ssl_type to '' for the keystone user, keystone can once again connect. My keystone.conf connection setting is: connection = mysql+pymysql://keystone:<password>@<mysql host>/keystone Is there something else I need to add to the configuration to enable ssl for the mysql client driver? I don't need client certificates (but I'll configure them if necessary)--just encryption verification of the server's certificate against our CA. Thanks, -Matt _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
