aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-01-27 17:42:18 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-26 11:27:21 +0000
commitd5ac6b70f2f6048b4846fa539aa4e870bed6c201 (patch)
tree799fb5aa9b2ad10ea8417661d26672373170c43c
parent0aad4142bea287265c22ea252c4adeff5ff69721 (diff)
Force MySQL users to use SSL if internal TLS is enabled
This forces the MySQL users to use SSL when connecting to MySQL. bp tls-via-certmonger Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0 Change-Id: I98856955132b680a159144204da1d5b400fe9794
-rw-r--r--manifests/profile/base/database/mysql.pp3
1 files changed, 3 insertions, 0 deletions
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..ef5f05d 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef