Sync docs from Discourse (#610)

Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

docs/explanation/e-audit-logs.md

@@ -1,9 +1,9 @@
 # Audit Logs
 
-The Audit Log plugin allows all login/logout records to be stored in a log file. It is enabled in Charmed MySQL by default.
+The Audit Log plugin allows fine grained configuration for all login/logout, queries or both records to be stored in a log file. It is enabled in Charmed MySQL by default.
 
 ## Overview
-The following is a sample of the audit logs, with format json with login/logout records:
+The following is a sample of the audit logs, with format json with only logins records (default configuration):
 
 ```json
 {"audit_record":{"name":"Quit","record":"6_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"992","status":0,"user":"clusteradmin","priv_user":"clusteradmin","os_login":"","proxy_user":"","host":"localhost","ip":"","db":""}}
@@ -24,6 +24,13 @@ It's recommended to integrate the charm with [COS](/t/9900), from where the logs
     ```
     Valid value are `false` and `true`. By setting it to false, existing logs are still kept in the `archive_audit` directory.
 
+1. `logs_audit_policy` - Audit log policy:
+
+    ```bash
+    juju config mysql logs_audit_policy=queries
+    ```
+    Valid values are: "all", "logins" (default), "queries"
+
 1. `plugin-audit-strategy` - By default the audit plugin writes logs in asynchronous mode for better performance.
     To ensure logs are written to disk on more timely fashion, this configuration can be set to semi-synchronous mode:
 

docs/explanation/e-cryptography.md

@@ -0,0 +1,61 @@
+# Cryptography
+
+This document describes the cryptography used by Charmed MySQL.
+
+## Resource checksums
+
+Charmed MySQL and Charmed MySQL Router operators use pinned revisions of the [Charmed MySQL snap](https://github.com/canonical/charmed-mysql-snap) to provide reproducible and secure environments.
+
+The Charmed MySQL snap packages the MySQL workload along with the necessary dependencies and utilities required for the operators’ lifecycle. For more details, see the snap contents in the [snapcraft.yaml file](https://github.com/canonical/charmed-mysql-snap/blob/8.0/edge/snap/snapcraft.yaml).
+
+Every artifact bundled into the Charmed MySQL snap is verified against its MD5, SHA256, or SHA512 checksum after download. The installation of certified snap into the rock is ensured by snap primitives that verify their squashfs filesystems images GPG signature. For more information on the snap verification process, refer to the [snapcraft.io documentation](https://snapcraft.io/docs/assertions).
+
+## Sources verification
+
+MySQL and its extra components (mysql-shell, xtrabackup, mysqld-exporter, mysqlrouter-exporter, percona-server-plugins, mysql-pitr-helper, etc.) are built by Canonical from upstream source codes into PPAs and stored on [Launchpad](https://launchpad.net/mysql).
+
+Charmed MySQL snap is published using a GitHub repository workflow.
+
+All repositories in GitHub are set up with branch protection rules, requiring:
+
+* new commits to be merged to main branches via pull request with at least 2 approvals from repository maintainers
+* new commits to be signed (e.g. using GPG keys)
+* developers to sign the [Canonical Contributor License Agreement (CLA)](https://ubuntu.com/legal/contributors)
+
+## Encryption
+
+Charmed MySQL can be used to deploy a secure MySQL cluster that provides encryption-in-transit capabilities out of the box for:
+
+* Cluster communications
+* MySQL Router connection
+* External client connection
+
+To set up a secure connection Charmed MySQL and Charmed MySQL Router need to be integrated with TLS Certificate Provider charms, e.g. `self-signed-certificates` operator. Certificate Singing Requests (CSRs) are generated for every unit using the `tls_certificates_interface` library that uses the `cryptography` Python library to create X.509 compatible certificates. The CSR is signed by the TLS Certificate Provider, returned to the units, and stored in Juju secret. The relation also provides the CA certificate, which is loaded into Juju secret.
+
+Encryption at rest is currently not supported, although it can be provided by the substrate (cloud or on-premises).
+
+## Authentication
+
+In Charmed MySQL, authentication layers can be enabled for:
+
+1. MySQL Router connections
+2. MySQL cluster communication
+3. MySQL clients connections
+
+### MySQL Router authentication to MySQL
+
+Authentication to MySQL Router is based on the [caching_sha2_password auth plugin](https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html).
+
+Credentials are exchanged via [Juju secrets](https://canonical-juju.readthedocs-hosted.com/en/latest/user/howto/manage-secrets/).
+
+### MySQL cluster authentication
+
+Authentication among members of a MySQL cluster is based on the [caching_sha2_password auth plugin](https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html).
+
+An internal user is used for this authentication with its hashed password stored in a system metadata database.
+
+### Client authentication to MySQL
+
+Authentication to MySQL Router is based on the [caching_sha2_password auth plugin](https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html).
+
+Credentials are exchanged via [Juju secrets](https://canonical-juju.readthedocs-hosted.com/en/latest/user/howto/manage-secrets/).

docs/explanation/e-logs.md

@@ -1,62 +1,59 @@
 # Logs
 
-This explanation goes over the types of logging in MySQL and the configuration parameters for log rotation.
-
-The charm currently has audit, error and general logs enabled by default, while slow query logs are disabled by default. All of these files are rotated if present into a separate dedicated archive folder under the logs directory.
+This explanation goes over the types of logging in MySQL and the configuration parameters for log
+rotation.
 
+The charm currently has audit and error logs enabled by default. All of these files are rotated if
+present into a separate dedicated archive folder under the logs directory.
 We do not yet support the rotation of binary logs (binlog, relay log, undo log, redo log, etc).
 
 ## Summary
+
 * [Log types](#log-types)
-  * [Audit logs](#audit-logs)
-  * [Error logs](#error-logs)
-  * [General logs](#general-logs)
-  * [Slowquery logs](#slowquery-logs)
+* [Audit logs](#audit-logs)
+* [Error logs](#error-logs)
 * [Log rotation configuration](#log-rotation-configuration)
 * [High Level Design](#high-level-design)
 
 ---
 
 ## Log types
 
-The charm stores its logs in `/var/snap/charmed-mysql/common/var/log/mysql`. 
+The charm stores its logs in `/var/snap/charmed-mysql/common/var/log/mysql`.
 
 ```shell
+
 $ ls -lahR /var/snap/charmed-mysql/common/var/log/mysql
 
 /var/log/mysql:
 drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_audit
 drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_error
-drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:46 archive_general
-drwxrwx--- 2 mysql mysql 4.0K Oct 23 20:45 archive_slowquery
 -rw-r----- 1 mysql mysql 1.1K Oct 23 20:46 audit.log
 -rw-r----- 1 mysql mysql 1.1K Oct 23 20:46 error.log
--rw-r----- 1 mysql mysql 1.7K Oct 23 20:46 general.log
 
 /var/snap/charmed-mysql/common/var/log/mysql/archive_audit:
--rw-r----- 1 snap_daemon root         43K Sep  3 01:24 audit.log-20240903_0124
--rw-r----- 1 snap_daemon root        109K Sep  3 01:25 audit.log-20240903_0125
+-rw-r----- 1 snap_daemon root 43K Sep 3 01:24 audit.log-20240903_0124.gz
+-rw-r----- 1 snap_daemon root 109K Sep 3 01:25 audit.log-20240903_0125.gz
 
 /var/snap/charmed-mysql/common/var/log/mysql/archive_error:
--rw-r----- 1 mysql mysql 8.7K Oct 23 20:44 error.log-43_2045
--rw-r----- 1 mysql mysql 2.3K Oct 23 20:45 error.log-43_2046
 
-/var/snap/charmed-mysql/common/var/log/mysql/archive_general:
--rw-r----- 1 mysql mysql 8.0M Oct 23 20:45 general.log-43_2045
--rw-r----- 1 mysql mysql 4.6K Oct 23 20:46 general.log-43_2046
-
-/var/snap/charmed-mysql/common/var/log/mysql/archive_slowquery:
+-rw-r----- 1 mysql mysql 8.7K Oct 23 20:44 error.log-43_2045.gz
+-rw-r----- 1 mysql mysql 2.3K Oct 23 20:45 error.log-43_2046.gz
 ```
 
-It is recommended to set up a [COS integration] so that these log files can be streamed to Loki. This leads to better persistence and security of the logs.
+It is recommended to set up a [COS integration] so that these log files can be streamed to Loki.
+This leads to better persistence and security of the logs.
 
 ### Audit logs
+
 The Audit Log plugin allows all login/logout records to be stored in a log file.
 
 <details>
+
 <summary>Example of audit logs in JSON format with login/logout records</summary>
 
 ```json
+
 {"audit_record":{"name":"Connect","record":"17_2024-09-03T01:52:14","timestamp":"2024-09-03T01:53:14Z","connection_id":"988","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
 {"audit_record":{"name":"Connect","record":"18_2024-09-03T01:52:14","timestamp":"2024-09-03T01:53:14Z","connection_id":"989","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
 {"audit_record":{"name":"Quit","record":"1_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:14Z","connection_id":"989","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
@@ -68,14 +65,17 @@ The Audit Log plugin allows all login/logout records to be stored in a log file.
 {"audit_record":{"name":"Connect","record":"7_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"993","status":1156,"user":"","priv_user":"","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
 {"audit_record":{"name":"Connect","record":"8_2024-09-03T01:53:14","timestamp":"2024-09-03T01:53:33Z","connection_id":"994","status":0,"user":"serverconfig","priv_user":"serverconfig","os_login":"","proxy_user":"","host":"juju-da2225-8","ip":"10.207.85.214","db":""}}
 ```
+
 </details>
 
-For more details, see the [Audit Logs explanation].
+The audit log allows for more configuration. For details, see the [Audit Logs explanation].
 
 ### Error logs
 
 <details>
+
 <summary>Example of error logs with format <code>time thread [label] [err_code] [subsystem] msg</code></summary>
+
 ```shell
 2023-10-24T23:28:07.048728Z mysqld_safe Number of processes running now: 0
 2023-10-24T23:28:07.063027Z mysqld_safe mysqld restarted
@@ -86,7 +86,7 @@ For more details, see the [Audit Logs explanation].
 2023-10-24T23:28:11.486308Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed.
 2023-10-24T23:28:11.487473Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel.
 2023-10-24T23:28:11.538807Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '0.0.0.0' port: 33060, socket: /var/snap/charmed-mysql/common/var/run/mysqld/mysqlx.sock
-2023-10-24T23:28:11.538957Z 0 [System] [MY-010931] [Server] /snap/charmed-mysql/69/usr/sbin/mysqld: ready for connections. Version: '8.0.34-0ubuntu0.22.04.1'  socket: '/var/snap/charmed-mysql/common/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu).
+2023-10-24T23:28:11.538957Z 0 [System] [MY-010931] [Server] /snap/charmed-mysql/69/usr/sbin/mysqld: ready for connections. Version: '8.0.34-0ubuntu0.22.04.1' socket: '/var/snap/charmed-mysql/common/var/run/mysqld/mysqld.sock' port: 3306 (Ubuntu).
 2023-10-24T23:28:17.983851Z 12 [Warning] [MY-010604] [Repl] Neither --relay-log nor --relay-log-index were used; so replication may break when this MySQL server acts as a replica and has his hostname changed!! Please use '--relay-log=juju-9860bb-0-relay-bin' to avoid this problem.
 2023-10-24T23:28:17.999093Z 12 [System] [MY-010597] [Repl] 'CHANGE REPLICATION SOURCE TO FOR CHANNEL 'mysqlsh.test' executed'. Previous state source_host='', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''. New state source_host='juju-9860bb-0.lxd', source_port= 3306, source_log_file='', source_log_pos= 4, source_bind=''.
 2023-10-24T23:28:18.025941Z 15 [Warning] [MY-010897] [Repl] Storing MySQL user name or password information in the connection metadata repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START REPLICA; see the 'START REPLICA Syntax' in the MySQL Manual for more information.
@@ -108,55 +108,36 @@ For more details, see the [Audit Logs explanation].
 2023-10-24T23:28:19.179289Z 28 [System] [MY-011566] [Repl] Plugin group_replication reported: 'Setting super_read_only=OFF.'
 2023-10-24T23:28:19.179408Z 28 [System] [MY-013731] [Repl] Plugin group_replication reported: 'The member action "mysql_start_failover_channels_if_primary" for event "AFTER_PRIMARY_ELECTION" with priority "10" will be run.'
 2023-10-24T23:28:19.179600Z 31 [System] [MY-011510] [Repl] Plugin group_replication reported: 'This server is working as primary member.'
-2023-10-24T23:28:19.875216Z 12 [System] [MY-014010] [Repl] Plugin group_replication reported: 'Plugin 'group_replication' has been started.'                            
+2023-10-24T23:28:19.875216Z 12 [System] [MY-014010] [Repl] Plugin group_replication reported: 'Plugin 'group_replication' has been started.'
 ```
-</details>
-
-### General logs
 
-<details>
-<summary>Example of general logs, with format <code>time thread_id command_type query_body</code></summary>
-```shell
-Time                 Id Command    Argument                                                          
-2023-10-23T20:50:02.023329Z        94 Quit                                                        
-2023-10-23T20:50:02.667063Z        95 Connect                                                       
-2023-10-23T20:50:02.667436Z        95 Query     /* xplugin authentication */ SELECT /*+ SET_VAR(SQL_MODE = 'TRADITIONAL') */ @@require_secure_transport, `authentication_string`, `plugin`, (`account_locked
-`='Y') as is_account_locked, (`password_expired`!='N') as `is_password_expired`, @@disconnect_on_expired_password as `disconnect_on_expired_password`, @@offline_mode and (`Super_priv`='N') as `is_offline_
-mode_and_not_super_user`, `ssl_type`, `ssl_cipher`, `x509_issuer`, `x509_subject` FROM mysql.user WHERE 'serverconfig' = `user` AND '%' = `host`                                                            
-2023-10-23T20:50:02.668277Z        95 Query     /* xplugin authentication */ SELECT /*+ SET_VAR(SQL_MODE = 'TRADITIONAL') */ @@require_secure_transport, `authentication_string`, `plugin`, (`account_locked
-`='Y') as is_account_locked, (`password_expired`!='N') as `is_password_expired`, @@disconnect_on_expired_password as `disconnect_on_expired_password`, @@offline_mode and (`Super_priv`='N') as `is_offline_
-mode_and_not_super_user`, `ssl_type`, `ssl_cipher`, `x509_issuer`, `x509_subject` FROM mysql.user WHERE 'serverconfig' = `user` AND '%' = `host`                                                            
-2023-10-23T20:50:02.668778Z        95 Query     select @@lower_case_table_names, @@version, connection_id(), variable_value from performance_schema.session_status where variable_name = 'mysqlx_ssl_cipher'
-2023-10-23T20:50:02.669991Z        95 Query     SET sql_log_bin = 0                       
-2023-10-23T20:50:02.670389Z        95 Query     FLUSH SLOW LOGS                              
-2023-10-23T20:50:02.670924Z        95 Quit  
-```
 </details>
 
-### Slowquery logs
+### Other logs
 
-<details>
-<summary>Example of a slowquery log</summary>
-```shell
-Time                 Id Command    Argument
-# Time: 2023-10-23T22:22:47.564327Z
-# User@Host: serverconfig[serverconfig] @ localhost [127.0.0.1]  Id:    21
-# Query_time: 15.000332  Lock_time: 0.000000 Rows_sent: 0  Rows_examined: 1
-SET timestamp=1698099752;
-do sleep(15);
-```
-</details>
+Other logs (slow queries, general query) are currently disabled.
 
 ## Log rotation configuration
 
-For each log (audit, error, general and slow query):
+Following the configuration options exposed by the charm:
+
+| Configuration option | Description | Default value |
+| --- | --- | --- |
+| `plugin-audit-enabled` | Enable or disable the audit log | `true` |
+| `logs_audit_policy` | The audit log policy ("all", "logins", "queries") | `logins` |
+| `logs_retention_period` | The number of days to keep the rotated logs | `auto` |
+
+The `logs_retention_period` option accepts an integer value of 3 or greater, or the special value
+`auto`. When set to "auto" (default), the retention period is 3 days, except when COS-related,
+where it is 1 day
+
+For each log (audit, error):
 
 - The log file is rotated every minute (even if the log files are empty)
 - The rotated log file is formatted with a date suffix of `-%V-%H%M` (-weeknumber-hourminute)
-- The rotated log files are not compressed or mailed
+- The rotated log files are compressed but not mailed
 - The rotated log files are owned by the `snap_daemon` user and group
-- The rotated log files are retained for a maximum of 7 days before being deleted
-- The most recent 10080 rotated log files are retained before older rotated log files are deleted
+- By default the rotated log files are retained for 3 days before being deleted, but this can be configured.
 
 The following are logrotate config values used for log rotation:
 
@@ -171,18 +152,26 @@ The following are logrotate config values used for log rotation:
 | `dateformat` | -%V-%H%M |
 | `ifempty` | true |
 | `missingok` | true |
-| `nocompress` | true |
+| `compress` | true |
 | `nomail` | true |
 | `nosharedscripts` | true |
 | `nocopytruncate` | true |
-| `olddir` | archive_error / archive_general / archive_slowquery |
+| `olddir` | archive_<log_name> |
 
 ## High Level Design
 
-There is a cron job on the machine where the charm exists that is triggered every minute and runs `logrotate`. The logrotate utility does *not* use `copytruncate`. Instead, the existing log file is moved into the archive directory by logrotate, and then the logrotate's postrotate script invokes `juju-run` (or `juju-exec` depending on the juju version) to dispatch a custom event. This custom event's handler flushes the MySQL log with the [FLUSH](https://dev.mysql.com/doc/refman/8.0/en/flush.html) statement that will result in a new and empty log file being created under `/var/snap/charmed-mysql/common/var/log/mysql` and the rotated file's descriptor being closed.
-
-We use a custom event in juju to execute the FLUSH statement in order to avoid storing any credentials on the disk. The charm code has a mechanism that will retrieve credentials from the peer relation databag or juju secrets backend, if available, and keep these credentials in memory for the duration of the event handler.
-
+There is a cron job on the machine where the charm exists that is triggered every minute and runs
+`logrotate`. The logrotate utility does *not* use `copytruncate`. Instead, the existing log file is
+moved into the archive directory by logrotate, and then the logrotate's postrotate script invokes
+`juju-run` (or `juju-exec` depending on the juju version) to dispatch a custom event. This custom
+event's handler flushes the MySQL log with the
+[FLUSH](https://dev.mysql.com/doc/refman/8.0/en/flush.html) statement that will result in a new and
+empty log file being created under `/var/snap/charmed-mysql/common/var/log/mysql` and the rotated
+file's descriptor being closed.
+We use a custom event in juju to execute the FLUSH statement in order to avoid storing any
+credentials on the disk. The charm code has a mechanism that will retrieve credentials from the
+peer relation databag or juju secrets backend, if available, and keep these credentials in memory
+for the duration of the event handler.
 
 <!-- LINKS -->