diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-06-21 15:06:38 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-06-21 15:06:38 +0000 |
commit | 4ccce0e36bae905cf998f4c9a147833f6305142a (patch) | |
tree | 167ecd00b0f2149af22db7906a62f9ac3bb01c98 /puppet/services | |
parent | dfd4e12b22e09bb95272541461f10578a511ee90 (diff) | |
parent | 53407bd8b782235ff954b07ce632a7b33275a9ce (diff) |
Merge "Add node's FQDN to mysql certificate request and CA file"
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/database/mysql.yaml | 13 | ||||
-rw-r--r-- | puppet/services/pacemaker/database/mysql.yaml | 7 |
2 files changed, 20 insertions, 0 deletions
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 2bde9033..882ba299 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -118,6 +118,16 @@ outputs: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} principal: str_replace: template: "mysql/%{hiera('cloud_name_NETWORK')}" @@ -132,6 +142,9 @@ outputs: - service: mysql network: {get_param: [ServiceNetMap, MysqlNetwork]} type: vip + - service: mysql + network: {get_param: [ServiceNetMap, MysqlNetwork]} + type: node - null upgrade_tasks: - name: Check for galera root password diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d8e942d0..0a7659e0 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -27,6 +27,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. resources: @@ -61,6 +66,8 @@ outputs: # internal_api_subnet - > IP/CIDR tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: get_param: [ServiceNetMap, MysqlNetwork] + tripleo::profile::pacemaker::database::mysql::ca_file: + get_param: InternalTLSCAFile step_config: | include ::tripleo::profile::pacemaker::database::mysql metadata_settings: |