MySQL Forums
Forum List  »  Security

GROUP_REPLICATION and SSL Configuring Issues
Posted by: Dev Dewboy
Date: January 31, 2023 09:56AM

Hello!
Hopefully it's just not me but getting TLS/SSL to work with GROUP_REPLICATION is not easy and would like some assistance. I have a 3 node group_replication with single-primary, v8.0.32 mysql.
With require_secure_transport parameter off, TLS works and replication is fine. I can connect clients using TLS with the require ssl option. Using the MySQL self signed/generated certs.
I then slowly "require" TLS by enabling require_secure_transport on the Primary node and bootstrapping it, using:

SET GLOBAL group_replication_bootstrap_group=ON;
START GROUP_REPLICATION user='rpl_user_ssl', password='';
SET GLOBAL group_replication_bootstrap_group=OFF;

It comes up just fine. I then proceed to node 2 secondary and when I attempt to start the group-replication, I get this error using the commands below:

change replication source to source_user='rpl_user_ssl', source_password=<PASSWORD>'' for channel 'group_replication_recovery';

START GROUP_REPLICATION user='rpl_user_ssl', password='PASSWORD';

[ERROR] [MY-010584] [Repl] Slave I/O for channel 'group_replication_recovery': error connecting to master 'rpl_user_ssl@ia-se-vudb1-121:3306' - retry-time: 60 retries: 1 message: Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection. Error_code: MY-002061
A little research I found a post says I should do this:

CHANGE MASTER TO GET_MASTER_PUBLIC_KEY=1;

So I did the following and got an error below, tried doing various other things but it's just going in circles.

change replication source to GET_SOURCE_PUBLIC_KEY=1, source_user='rpl_user_ssl', source_password='PASSWORD' for channel 'group_replication_recovery';

ERROR 3139 (HY000): CHANGE MASTER with the given parameters cannot be performed on channel 'group_replication_recovery'.

I don't even have group_replication_ssl_mode= REQUIRED enabled yet, which hopefully won't give me additional errors to debug after this first one.
Any suggestions or simple how to? Attempting to use the MySQL docs not very clear on exact steps to take.



Thanks!
DD

Options: ReplyQuote


Subject
Views
Written By
Posted
GROUP_REPLICATION and SSL Configuring Issues
475
January 31, 2023 09:56AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.