diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-03 12:54:38 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-05-03 11:53:21 +0000 |
commit | 3b3d43e00ae4f0a44a35aee6a1fc451c1c6e1b33 (patch) | |
tree | da7e752434eaea9d90e205e24498af1824ed62c9 /manifests/profile/base/database/mysql | |
parent | 28f478444015902265acce52bb18e080713d5780 (diff) |
MySQL client: Make CA file configurable
It used to be hardcoded to use the OpenSSL default CA Bundle, however,
this will be changed in t-h-t.
Change-Id: I75bdaf71d88d169e64687a180cb13c1f63418a0f
Diffstat (limited to 'manifests/profile/base/database/mysql')
-rw-r--r-- | manifests/profile/base/database/mysql/client.pp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp index 014ef35..3de1e97 100644 --- a/manifests/profile/base/database/mysql/client.pp +++ b/manifests/profile/base/database/mysql/client.pp @@ -35,6 +35,10 @@ # (Optional) Client IP address of the host that will be written in the mysql_read_default_file # Defaults to undef # +# [*ssl_ca*] +# (Optional) The SSL CA file to use to verify the MySQL server's certificate. +# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -45,6 +49,7 @@ class tripleo::profile::base::database::mysql::client ( $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf', $mysql_read_default_group = 'tripleo', $mysql_client_bind_address = undef, + $ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', $step = hiera('step'), ) { if $step >= 1 { @@ -68,7 +73,7 @@ class tripleo::profile::base::database::mysql::client ( if $enable_ssl { $changes_ssl = [ "set ${mysql_read_default_group}/ssl '1'", - "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'" + "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'" ] } else { $changes_ssl = [ |