Merge "Internal TLS: Use specific CA file for mysql-client"

author: Jenkins <jenkins@review.openstack.org> 2017-05-04 12:28:48 +0000
committer: Gerrit Code Review <review@openstack.org> 2017-05-04 12:28:48 +0000
commit: a5e7dfaceb6e0de661f0d0693486304d74473839 (patch)
tree: a2f7e4a6ce45ab032d41c66a6402b1e41f05c54d /puppet
parent: cc6663a5b7b524dd26962909fa93eb173380678e (diff)
parent: be4bc8f3f243b3282010848cc00f31d31c9f9ab8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml
index 78456e28..b6bd060e 100644
--- a/puppet/services/database/mysql-client.yaml
+++ b/puppet/services/database/mysql-client.yaml
@@ -21,6 +21,11 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
 
 outputs:
   role_data:
@@ -30,5 +35,6 @@ outputs:
       config_settings:
         tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
         tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
+        tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
       step_config: |
         include ::tripleo::profile::base::database::mysql::client
author	Jenkins <jenkins@review.openstack.org>	2017-05-04 12:28:48 +0000
committer	Gerrit Code Review <review@openstack.org>	2017-05-04 12:28:48 +0000
commit	a5e7dfaceb6e0de661f0d0693486304d74473839 (patch)
tree	a2f7e4a6ce45ab032d41c66a6402b1e41f05c54d /puppet
parent	cc6663a5b7b524dd26962909fa93eb173380678e (diff)
parent	be4bc8f3f243b3282010848cc00f31d31c9f9ab8 (diff)