Completely changes the way it handles SSL certificate generation. Instead of generating and saving keys, CSRs, and certs locally, they are generated using community crypto pipes and then written directly to remote inventory. This is a much cleaner approach in my opinion, and better security posture.
In addition, this fixes an issue where the CA wasn't created correctly, and thus not signing the server certificate as I thought. We now get a valid signature on the server certificate - mysql traffic, IST, and SST is secured.
I also added gcache.size=1G and gcache.recover=yes to the wsrep_provider_options, updated README, and fixed a syntax error in the pre-check role.
Completely changes the way it handles SSL certificate generation. Instead of generating and saving keys, CSRs, and certs locally, they are generated using community crypto pipes and then written directly to remote inventory. This is a much cleaner approach in my opinion, and better security posture.
In addition, this fixes an issue where the CA wasn't created correctly, and thus not signing the server certificate as I thought. We now get a valid signature on the server certificate - mysql traffic, IST, and SST is secured.
I also added
gcache.size=1Gandgcache.recover=yesto thewsrep_provider_options, updated README, and fixed a syntax error in the pre-check role.