Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into stable/pike

author: Zuul <zuul@review.openstack.org> 2017-11-07 05:05:06 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-11-07 05:05:06 +0000
commit: 5ee398bd0145fbc3e7584c3a9fd8b6c6cf5f61ad (patch)
tree: 5a6ce5dd317529a37404454d9d74a4351cce1fa9
parent: 833224a3098944e0a2df4a24e69261e6681f0c9e (diff)
parent: ce4bce420272d1f6331b171ea467825e1878f50f (diff)
1 files changed, 24 insertions, 20 deletions
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 7cc8fd39..c1f54bb6 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -119,30 +119,34 @@ outputs:
               {get_param: [ServiceNetMap, MysqlNetwork]}
             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
               {get_param: MysqlIncreaseFileLimit}
-          - generate_service_certificates: true
-            tripleo::profile::base::database::mysql::certificate_specs:
-              service_certificate: '/etc/pki/tls/certs/mysql.crt'
-              service_key: '/etc/pki/tls/private/mysql.key'
-              hostname:
-                str_replace:
-                  template: "%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              dnsnames:
-                - str_replace:
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              tripleo::profile::base::database::mysql::certificate_specs:
+                service_certificate: '/etc/pki/tls/certs/mysql.crt'
+                service_key: '/etc/pki/tls/private/mysql.key'
+                hostname:
+                  str_replace:
                     template: "%{hiera('cloud_name_NETWORK')}"
                     params:
                       NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-                - str_replace:
-                    template:
-                      "%{hiera('fqdn_$NETWORK')}"
+                dnsnames:
+                  - str_replace:
+                      template: "%{hiera('cloud_name_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                  - str_replace:
+                      template:
+                        "%{hiera('fqdn_$NETWORK')}"
+                      params:
+                        $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                principal:
+                  str_replace:
+                    template: "mysql/%{hiera('cloud_name_NETWORK')}"
                     params:
-                      $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              principal:
-                str_replace:
-                  template: "mysql/%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                      NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+            - {}
       step_config: |
         include ::tripleo::profile::base::database::mysql
       metadata_settings:
author	Zuul <zuul@review.openstack.org>	2017-11-07 05:05:06 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-11-07 05:05:06 +0000
commit	5ee398bd0145fbc3e7584c3a9fd8b6c6cf5f61ad (patch)
tree	5a6ce5dd317529a37404454d9d74a4351cce1fa9
parent	833224a3098944e0a2df4a24e69261e6681f0c9e (diff)
parent	ce4bce420272d1f6331b171ea467825e1878f50f (diff)