aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/database/mysql
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-03 12:54:38 +0300
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-05-03 11:53:21 +0000
commit3b3d43e00ae4f0a44a35aee6a1fc451c1c6e1b33 (patch)
treeda7e752434eaea9d90e205e24498af1824ed62c9 /manifests/profile/base/database/mysql
parent28f478444015902265acce52bb18e080713d5780 (diff)
MySQL client: Make CA file configurable
It used to be hardcoded to use the OpenSSL default CA Bundle, however, this will be changed in t-h-t. Change-Id: I75bdaf71d88d169e64687a180cb13c1f63418a0f
Diffstat (limited to 'manifests/profile/base/database/mysql')
-rw-r--r--manifests/profile/base/database/mysql/client.pp7
1 files changed, 6 insertions, 1 deletions
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
index 014ef35..3de1e97 100644
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -35,6 +35,10 @@
# (Optional) Client IP address of the host that will be written in the mysql_read_default_file
# Defaults to undef
#
+# [*ssl_ca*]
+# (Optional) The SSL CA file to use to verify the MySQL server's certificate.
+# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -45,6 +49,7 @@ class tripleo::profile::base::database::mysql::client (
$mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf',
$mysql_read_default_group = 'tripleo',
$mysql_client_bind_address = undef,
+ $ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
$step = hiera('step'),
) {
if $step >= 1 {
@@ -68,7 +73,7 @@ class tripleo::profile::base::database::mysql::client (
if $enable_ssl {
$changes_ssl = [
"set ${mysql_read_default_group}/ssl '1'",
- "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+ "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'"
]
} else {
$changes_ssl = [