Open Stack

Hello all,

I'm trying to convert my percona cluster over to require ssl
connections from clients and I'm having trouble getting the openstack
services to connect.  When I set ssl_type to 'ANY' for one of the
openstack service users (e.g. keystone), the service fails to connect:

2016-12-28 02:34:58.303 8389 ERROR keystone.common.wsgi
OperationalError: (pymysql.err.OperationalError) (1045, u"Access
denied for user 'keystone'@'<hostname>' (using password: YES)")

I can use the mysql client with the --ssl-mode REQUIRED using the
keystone user's credentials.  If I set ssl_type to '' for the keystone
user, keystone can once again connect.

My keystone.conf connection setting is:
connection = mysql+pymysql://keystone:<password>@<mysql host>/keystone

Is there something else I need to add to the configuration to enable
ssl for the mysql client driver?  I don't need client certificates
(but I'll configure them if necessary)--just encryption verification
of the server's certificate against our CA.

Thanks,

-Matt