summaryrefslogtreecommitdiffstats
path: root/manifests
diff options
context:
space:
mode:
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-01-27 17:42:18 +0200
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>2017-06-26 11:27:21 +0000
commitd5ac6b70f2f6048b4846fa539aa4e870bed6c201 (patch)
tree799fb5aa9b2ad10ea8417661d26672373170c43c /manifests
parent0aad4142bea287265c22ea252c4adeff5ff69721 (diff)
Force MySQL users to use SSL if internal TLS is enabled
This forces the MySQL users to use SSL when connecting to MySQL. bp tls-via-certmonger Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0 Change-Id: I98856955132b680a159144204da1d5b400fe9794
Diffstat (limited to 'manifests')
-rw-r--r--manifests/profile/base/database/mysql.pp3
1 files changed, 3 insertions, 0 deletions
diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..ef5f05d 100644
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
if $enable_internal_tls {
$tls_certfile = $certificate_specs['service_certificate']
$tls_keyfile = $certificate_specs['service_key']
+
+ # Force users/grants created to use TLS connections
+ Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
} else {
$tls_certfile = undef
$tls_keyfile = undef