I do not see any ssl options listed in the pt-heartbeat --help. Please advise as i’m unable to get it to connect to my slaves.
Hello, Please check https://jira.percona.com/browse/PT-191. It has info about using SSL with Toolkit.
Thanks. I have tried 6 ways to sunday to ge this to work but seeing unauthroized user hung up in connection control plugin on the slave and seeing ssl connection error on the master. See below
bash$ pt-heartbeat F=/var/lib/mysql/my1.cnf -D test --master-server-id 1 --checkDBI connect(‘test;mysql_read_default_file=/var/lib/mysql/my1.cnf;mysql_read_default_group=client’,’’,…) failed: SSL connection error: error:00000001:lib(0):func(0):reason(1) at /bin/pt-heartbeat line 2908.
my1.cnf looks like this[client]user=myuserpassword=mypasshost=xx.xx.xx.xxport=3306ssl-mode=REQUIRED
@grosenthal For now, here is a work-around:
bash$ pt-heartbeat -A=’;mysql_ssl=1;mysql_optional=1’
And if you want to be extra super secure, you can still add “ssl-cert=” into your my1.cnf to ensure it actually matches with the MySQL server you are connecting with.
But you can also delete the my1.cnf and don’t even bother with the “F=” commandline option. Just know that without this “F=” option, pt-heartbeat will connect to any MySQL server with any SSL Certificate and no verification matching, which may or may not be acceptable for your situation.