Server instances can be configured to use secure connections. For general information on using SSL with MySQL see Section 7.4, “Using Secure Connections”. This section explains how to configure a cluster to use SSL.
createCluster() to set up a cluster,
if the server instance provides SSL encryption then it is
automatically enabled on the seed instance. Pass the
memberSslMode option to the
createCluster() method to specify a different
SSL mode. The
memberSslMode option is a string
that configures the SSL mode to be used, it defaults to
AUTO. The permitted values are
AUTO. These modes are defined as:
createCluster(memberSslMode=DISABLED)ensures SSL encryption is disabled for the seed instance in the cluster.
createCluster(memberSslMode=REQUIRED)then SSL encryption is enabled for the seed instance in the cluster. If it cannot be enabled an error is raised.
createCluster(memberSslMode=AUTO)(the default) then SSL encryption is automatically enabled if the server instance supports it, or disabled if the server does not support it.
When you issue the
rejoinInstance() commands, SSL encryption on
the instance is enabled or disabled based on the setting found for
the seed instance. For more control, the
rejoinInstance() commands accept the
memberSslMode option. The behavior of the
commands in this case is:
memberSslMode=DISABLEDensures SSL encryption is disabled for the instance in the cluster.
memberSslMode=REQUIREDforces SSL encryption to be enabled for the instance in the cluster.
memberSslMode=AUTO(the default) then SSL encryption is automatically enabled or disabled based on the setting used by the seed instance (other members of the cluster) and the available SSL support provided by the instance itself.
createCluster() with the
adoptFromGR option to adopt an existing Group
Replication group, no SSL settings are changed on the adopted
memberSslModecannot be used with
If the SSL settings of the adopted cluster are different from the ones supported by the MySQL Shell, in other words SSL for Group Replication recovery and Group Communication, both settings are not modified. This means you are not be able to add new instances to the cluster, unless you change the settings manually for the adopted cluster.
MySQL Shell always enables or disables SSL for the cluster for
both Group Replication recovery and Group Communication. A
verification is performed and an error issued in case those
settings are different for the seed instance (for example as the
result of a
adoptFromGR) when adding a new instance to the
cluster. SSL encryption must be enabled or disabled for all
instances in the cluster. Verifications are performed to ensure
that this invariant holds when adding a new instance to the
deploySandboxInstance() command attempts to
deploy sandbox instances with SSL encryption support by default.
If it is not possible, the server instance is deployed without SSL
support. Use the
ignoreSslError option set to
false to ensure that sandbox instances are deployed with SSL
support, issuing an error if SSL support cannot be provided. When
ignoreSslError is true, which is the default,
no error is issued during the operation if the SSL support cannot
be provided and the server instance is deployed without SSL