There does not currently seem to be a way to connect to a (MariaDB) database over SSL when using rmt-cli to perform repository syncing, mirroring, etc.
For example, the following command produces an error that only occurs when the database user provided in /etc/rmt.conf requires SSL:
$ bin/rmt-cli repos list
Cannot connect to database server. Ensure its credentials are correctly configured in '/etc/rmt.conf' or configure RMT with YaST ('yast2 rmt').
Checking the database logs confirms that the connection is not being attempted over SSL:
[ERROR] Authentication requires SSL encryption.
ngetahun
commented
1 year ago
There does not currently seem to be a way to connect to a (MariaDB) database over SSL when using
rmt-clito perform repository syncing, mirroring, etc.For example, the following command produces an error that only occurs when the database user provided in
/etc/rmt.confrequires SSL:Checking the database logs confirms that the connection is not being attempted over SSL:
[ERROR] Authentication requires SSL encryption.The version of the
mysql2adapter used does support SSL configuration options that would allow for connections over SSL.However, these are not able to be set under the database settings in
/etc/rmt.conf, or at least they don't seem to be used:https://github.com/SUSE/rmt/blob/fe2c583173c896d6c522c3b18fbb6b802e9559b9/lib/rmt/config.rb#L17-L28
Is this understanding correct, or is something being done wrong?
Side note from testing: The
mysql_clear_password.soplugin library may be required when connecting over SSL.