diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-05-04 10:50:09 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-05-04 10:50:09 +0000 |
| commit | c35ea72c29952975422e7bf6bccf8fbcc010438b (patch) | |
| tree | b9a5852fc30f2f1f5862386e596eae07227e78d1 | |
| parent | 2430ebd266320148d953d7005cc951561925d1b5 (diff) | |
| parent | 3b3d43e00ae4f0a44a35aee6a1fc451c1c6e1b33 (diff) | |
Merge "MySQL client: Make CA file configurable"
| -rw-r--r-- | manifests/profile/base/database/mysql/client.pp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp index 014ef35..3de1e97 100644 --- a/manifests/profile/base/database/mysql/client.pp +++ b/manifests/profile/base/database/mysql/client.pp @@ -35,6 +35,10 @@ # (Optional) Client IP address of the host that will be written in the mysql_read_default_file # Defaults to undef # +# [*ssl_ca*] +# (Optional) The SSL CA file to use to verify the MySQL server's certificate. +# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -45,6 +49,7 @@ class tripleo::profile::base::database::mysql::client ( $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf', $mysql_read_default_group = 'tripleo', $mysql_client_bind_address = undef, + $ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', $step = hiera('step'), ) { if $step >= 1 { @@ -68,7 +73,7 @@ class tripleo::profile::base::database::mysql::client ( if $enable_ssl { $changes_ssl = [ "set ${mysql_read_default_group}/ssl '1'", - "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'" + "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'" ] } else { $changes_ssl = [ |