diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-08-14 23:03:35 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-08-14 23:03:35 +0000 |
| commit | 6976b8f6502394b09fb502666a47c0b2fcbc5304 (patch) | |
| tree | 423361f4a2a57de0e64c46fac2ce1a470efae48e | |
| parent | 84362d3385f72ec1a1a0d5b792f091c5af6e4afd (diff) | |
| parent | ac79bf92d05bf63a7e5a1075f7533c3b62f8e9e3 (diff) | |
Merge "Enable TLS configuration for containerized Galera"
| -rw-r--r-- | docker/services/pacemaker/database/mysql.yaml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 3fb38349..a9e49b28 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -43,6 +43,14 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -59,6 +67,10 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + outputs: role_data: description: Containerized service MySQL using composable services. @@ -79,6 +91,13 @@ outputs: - 4567 - 4568 - 9200 + - + if: + - internal_tls_enabled + - + tripleo::profile::pacemaker::database::mysql_bundle::ca_file: + get_param: InternalTLSCAFile + - {} step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -103,6 +122,20 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + perm: '0600' + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + perm: '0600' + optional: true docker_config: step_1: mysql_data_ownership: @@ -195,6 +228,8 @@ outputs: file: path: /var/lib/mysql state: directory + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common |