diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-11-01 18:12:57 +0200 |
---|---|---|
committer | Emilien Macchi <emilien@redhat.com> | 2017-11-04 05:23:07 +0000 |
commit | ce4bce420272d1f6331b171ea467825e1878f50f (patch) | |
tree | 8c95f84228e48ebe45d20dfbe11e727801abc5e1 /puppet/services | |
parent | 97ef5a574d3df23b68dd2a9eaa66a7923fce8d39 (diff) |
mysql: Only set certificate specs if TLS everywhere is enabled
The conditional was missing.
Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/database/mysql.yaml | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index abbe7a22..02c51fe6 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -113,30 +113,34 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::generate_dropin_file_limit: {get_param: MysqlIncreaseFileLimit} - - generate_service_certificates: true - tripleo::profile::base::database::mysql::certificate_specs: - service_certificate: '/etc/pki/tls/certs/mysql.crt' - service_key: '/etc/pki/tls/private/mysql.key' - hostname: - str_replace: - template: "%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - dnsnames: - - str_replace: + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - principal: - str_replace: - template: "mysql/%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: |