Hi,
I have a 3 node Percona MySQL cluster under high load:
mysql> SHOW VARIABLES LIKE '%version%';
+--------------------------+---------------------------------------------------------------------------------------+
| Variable_name | Value |
+--------------------------+---------------------------------------------------------------------------------------+
| admin_tls_version | TLSv1.2,TLSv1.3 |
| immediate_server_version | 999999 |
| innodb_version | 8.0.32-24 |
| original_server_version | 999999 |
| protocol_version | 10 |
| replica_type_conversions | |
| slave_type_conversions | |
| tls_version | TLSv1.2,TLSv1.3 |
| version | 8.0.32-24.2 |
| version_comment | Percona XtraDB Cluster (GPL), Release rel24, Revision 2119e75, WSREP version 26.1.4.3 |
| version_compile_machine | x86_64 |
| version_compile_os | Linux |
| version_compile_zlib | 1.2.13 |
| version_suffix | .2 |
+--------------------------+---------------------------------------------------------------------------------------+
14 rows in set (0.00 sec)
Nodes communicate with each other via an encrypted SSL connection.
mysql> SHOW VARIABLES LIKE '%ssl%';
+-------------------------------------+--------------------------+
| Variable_name | Value |
+-------------------------------------+--------------------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | /etc/mysql/ssl/chain.pem |
| ssl_capath | |
| ssl_cert | /etc/mysql/ssl/nc.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | /etc/mysql/ssl/key.pem |
| ssl_session_cache_mode | ON |
| ssl_session_cache_timeout | 300 |
+-------------------------------------+--------------------------+
27 rows in set (0.01 sec)
And now it’s time to update the SSL certificate on all nodes. I tried to find a step-by-step procedure on how to do this without downtime, but didn’t find anything suitable.
Can someone share step-by-step instructions on how he updated SSL certificates on all nodes in the cluster or give a link where it can be found in the documentation?