I’m new to this forum and I’d like to ask a simple question.
I can’t find anything about it on google…
Do you know if we can use percola toolkit with SSL authentication on client side ?
I have a MySQL server open to the internet with SSL enable users only.
On my SQL clients I have a certificate that authenticate them.
I can log to the SQL server with a command like this (or a .cnf conf file) :
mysql -u sentybox -h IP_HERE --ssl-ca=/certs/ca-cert.pem --ssl-cert=/certs/client-cert.pem --ssl-key=/certs/client-key.pem
It work very well with mysql client command line. But as soon as I try to use for example pt-table-sync command this fails.
(I tried to specify the conf file in parameter but this doesn’t work)
Above, I posted how to make pt-show-grants works with Google Cloud Platform (GCP) CloudSQL with SSL enabled and forced on the CloudSQL side. It allows to have the host connection details in the defaults-file, including username and password. However, it is more complicated with pt-online-schema change.
I was not able to have pt-osc work with reading a defaults-file. I think it has do do with the database (D) and table (t) needing to be specified in the DSN. My understanding is that pt-osc strips this before sending it to DBD:mysql, and this, combined with the tool trying to make the right thing, breaks things at the lower layer. But my Perl and DBD:MySQL foo is not yet strong enough for fully understanding the real cause and to provide a patch.
I am posting below how I was able to make pt-osc works with SSL, I hope this can help someone. I am not happy about it because, not wanting to specify a password on the command line and needing the tool to be used interactively do not make automation possible, but it is the best I found yet.
