Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Documentation don't mention traffic encryption enabled by default

Description

In https://www.percona.com/doc/percona-xtradb-cluster/8.0/configure.html there's no mention to traffic encryption enabled by default.

Only mentioned in the upgrade configuration https://www.percona.com/doc/percona-xtradb-cluster/8.0/howtos/upgrade_guide.html 

Someone installing from scratch will face issues like the ones reported in https://jira.percona.com/browse/PXC-3105

Environment

None

Smart Checklist

Activity

Borys Belinsky May 11, 2020 at 10:10 AM

Lalit Choudhary April 6, 2020 at 8:44 AM

Having NOTE/Sample configuration settings about this change will be helpful for users referring following link for pxc installation.

https://www.percona.com/doc/percona-xtradb-cluster/8.0/configure.html

 

Daniel Guzman Burgos March 30, 2020 at 2:26 PM

The documentation is incomplete.

If you follow the configuration file in  https://www.percona.com/doc/percona-xtradb-cluster/8.0/configure.html you won't be able to add nodes to a cluster. That documentation needs to be updated either with adding:

"pxc-encrypt-cluster-traffic=OFF"

to the example or adding the variables 

[mysqld]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/server-cert.pem
ssl-key=/etc/mysql/certs/server-key.pem
[client]
ssl-ca=/etc/mysql/certs/ca.pem
ssl-cert=/etc/mysql/certs/client-cert.pem
ssl-key=/etc/mysql/certs/client-key.pem
with a link to the security basics section. 

 

 

patrick.birch March 30, 2020 at 1:44 PM

It is defined in the latest 8.0 version in teh Security Basics section:

Unencrypted traffic can potentially be viewed by anyone monitoring your network. In Percona XtraDB Cluster
8.0 traffic encryption is enabled by default.

Done

Details

Assignee

Reporter

Components

Affects versions

Priority

Smart Checklist

Created March 30, 2020 at 1:40 PM
Updated March 6, 2024 at 9:39 PM
Resolved May 11, 2020 at 10:10 AM

Flag notifications