summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base/database
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-02-23 15:03:56 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-02-28 06:56:59 +0000
commitfb40fb82f4f98d563af12737a1c433ee4260a43c (patch)
tree43c2af07c2c6326955ac2a9470230964300e1910 /manifests/profile/base/database
parent8250ec96114b6b617ac55b7966dc8581d9c8618a (diff)
Configure MySQL client SSL connections via the config file
This does the actual configuration for the mysql client to use SSL if the parameter is set via t-h-t. Change-Id: I24e4c195a31109835739e78a6b53d36f661f9fd0 Depends-On: Ifd1a06e0749a05a65f6314255843f572d2209067
Diffstat (limited to 'manifests/profile/base/database')
-rw-r--r--manifests/profile/base/database/mysql/client.pp31
1 files changed, 26 insertions, 5 deletions
diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
index f23b97d..a58b7ad 100644
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -18,6 +18,11 @@
#
# === Parameters
#
+# [*enable_ssl*]
+# (Optional) Whether SSL should be used for the connection to the server or
+# not.
+# Defaults to false
+#
# [*mysql_read_default_file*]
# (Optional) Name of the file that will be passed to pymysql connection strings
# Defaults to hiera('tripleo::profile::base:database::mysql::read_default_file', '/etc/my.cnf.d/tripleo.cnf')
@@ -36,10 +41,11 @@
# Defaults to hiera('step')
#
class tripleo::profile::base::database::mysql::client (
+ $enable_ssl = false,
$mysql_read_default_file = hiera('tripleo::profile::base:database::mysql::read_default_file', '/etc/my.cnf.d/tripleo.cnf'),
$mysql_read_default_group = hiera('tripleo::profile::base:database::mysql::read_default_group', 'tripleo'),
$mysql_client_bind_address = hiera('tripleo::profile::base:database::mysql::client_bind_address', undef),
- $step = hiera('step'),
+ $step = hiera('step'),
) {
if $step >= 1 {
# If the folder /etc/my.cnf.d does not exist (e.g. if mariadb is not
@@ -50,23 +56,38 @@ class tripleo::profile::base::database::mysql::client (
# included on this node as well (we'd get duplicate declaration in such a
# situation when using file)
if $mysql_client_bind_address {
- $changes = [
+ $client_bind_changes = [
"set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'"
]
} else {
- $changes = [
+ $client_bind_changes = [
"rm ${mysql_read_default_group}/bind-address"
]
}
+
+ if $enable_ssl {
+ $changes_ssl = [
+ "set ${mysql_read_default_group}/ssl '1'",
+ "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+ ]
+ } else {
+ $changes_ssl = [
+ "rm ${mysql_read_default_group}/ssl",
+ "rm ${mysql_read_default_group}/ssl-ca"
+ ]
+ }
+
+ $conf_changes = union($client_bind_changes, $changes_ssl)
+
exec { 'directory-create-etc-my.cnf.d':
command => 'mkdir -p /etc/my.cnf.d',
path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
} ->
# Create /etc/my.cnf.d/tripleo.cnf with the [tripleo]bind-address=<IP of the node in the mysql network>
- augeas { 'mysql-bind-address':
+ augeas { 'tripleo-mysql-client-conf':
incl => $mysql_read_default_file,
lens => 'Puppet.lns',
- changes => $changes,
+ changes => $conf_changes,
}
}
}