diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2017-03-28 12:54:11 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2017-03-28 12:54:11 +0000 |
| commit | 3cce9cfa072ce343f6b203e4f1bb7dbd12622c92 (patch) | |
| tree | 988f842ab8b5e9ea9d42dbe1a62fb76520055c57 /puppet/services/database/mysql.yaml | |
| parent | 3e1e74d5e84af76bf4c595662dbcb77441407375 (diff) | |
| parent | 3bd4a3f94b471ec210630e85877a9eebabb69e72 (diff) | |
Merge "MySQL: Use conditional instead of nested stack for TLS-specific bits"
Diffstat (limited to 'puppet/services/database/mysql.yaml')
| -rw-r--r-- | puppet/services/database/mysql.yaml | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 7078b60f..da55da3c 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -42,13 +42,13 @@ parameters: description: The password for the nova db account type: string hidden: true + EnableInternalTLS: + type: boolean + default: false -resources: +conditions: - MySQLTLS: - type: OS::TripleO::Services::MySQLTLS - properties: - ServiceNetMap: {get_param: ServiceNetMap} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -57,7 +57,6 @@ outputs: service_name: mysql config_settings: map_merge: - - get_attr: [MySQLTLS, role_data, config_settings] - # The Galera package should work in cluster and # non-cluster modes based on the config file. @@ -102,10 +101,30 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::generate_dropin_file_limit: {get_param: MysqlIncreaseFileLimit} + - generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: - get_attr: [MySQLTLS, role_data, metadata_settings] + if: + - internal_tls_enabled + - + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: vip + - null upgrade_tasks: - name: Check for galera root password tags: step0 |