diff options
author | Zuul <zuul@review.openstack.org> | 2017-11-07 05:05:06 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-11-07 05:05:06 +0000 |
commit | 5ee398bd0145fbc3e7584c3a9fd8b6c6cf5f61ad (patch) | |
tree | 5a6ce5dd317529a37404454d9d74a4351cce1fa9 /puppet | |
parent | 833224a3098944e0a2df4a24e69261e6681f0c9e (diff) | |
parent | ce4bce420272d1f6331b171ea467825e1878f50f (diff) |
Merge "mysql: Only set certificate specs if TLS everywhere is enabled" into stable/pike
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/services/database/mysql.yaml | 44 |
1 files changed, 24 insertions, 20 deletions
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 7cc8fd39..c1f54bb6 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -119,30 +119,34 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} tripleo::profile::base::database::mysql::generate_dropin_file_limit: {get_param: MysqlIncreaseFileLimit} - - generate_service_certificates: true - tripleo::profile::base::database::mysql::certificate_specs: - service_certificate: '/etc/pki/tls/certs/mysql.crt' - service_key: '/etc/pki/tls/private/mysql.key' - hostname: - str_replace: - template: "%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - dnsnames: - - str_replace: + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: template: "%{hiera('cloud_name_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" + dnsnames: + - str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} - principal: - str_replace: - template: "mysql/%{hiera('cloud_name_NETWORK')}" - params: - NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + - {} step_config: | include ::tripleo::profile::base::database::mysql metadata_settings: |