Unable to set mysql SSL certificates

[euqen]

I have mysql server running with SSL enabled, therefore I need to specify ssl certificate, CA and key. I haven't found any parameters in telegraf.conf to pass them inside. As I understand now it is not possible to specify them, right? Thanks.

[danielnelson]

Looks like we don't have support for these settings in this plugin yet. However, I think if all you want is a basic setup you can add tls=true to the server string. The cert and key settings in other plugins are only for client authentication, and the CA setting is only needed if the remote server is not accepted by the system certificates.

[euqen]

@danielnelson thanks for your answer.
When I use just tls=true it says tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config. When I use skip-verify, server reject the connection because of authorization failure. I assume this happens because I've granted REQUIRE X509 for my user. Also I can't skip verifying SSL CA because of security requirements of my application.

And about system certificate, did you mean updating /usr/local/share/ca-certificates with my CA certificate?

[danielnelson]

I think with REQUIRE X509 you would need the client cert options, the best you could do with the current settings is REQUIRE SSL.

It won't help here, but in general if you did to update your system ca certs for telegraf, I think it needs to be one of these: https://github.com/golang/go/blob/master/src/crypto/x509/root_linux.go

[euqen]

@danielnelson got it, thank you. Then I'm thinking about creating pull request with all changes what I need

[danielnelson]

That would be great, I merged something similar today for graphite so maybe it will be helpful to look at #2602. This is the current style for these options.

[euqen]

great, thank you