From ce4bce420272d1f6331b171ea467825e1878f50f Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Wed, 1 Nov 2017 18:12:57 +0200
Subject: mysql: Only set certificate specs if TLS everywhere is enabled

The conditional was missing.

Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)
---
 puppet/services/database/mysql.yaml | 44 ++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 20 deletions(-)

(limited to 'puppet')

diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index abbe7a22..02c51fe6 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -113,30 +113,34 @@ outputs:
               {get_param: [ServiceNetMap, MysqlNetwork]}
             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
               {get_param: MysqlIncreaseFileLimit}
-          - generate_service_certificates: true
-            tripleo::profile::base::database::mysql::certificate_specs:
-              service_certificate: '/etc/pki/tls/certs/mysql.crt'
-              service_key: '/etc/pki/tls/private/mysql.key'
-              hostname:
-                str_replace:
-                  template: "%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              dnsnames:
-                - str_replace:
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              tripleo::profile::base::database::mysql::certificate_specs:
+                service_certificate: '/etc/pki/tls/certs/mysql.crt'
+                service_key: '/etc/pki/tls/private/mysql.key'
+                hostname:
+                  str_replace:
                     template: "%{hiera('cloud_name_NETWORK')}"
                     params:
                       NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-                - str_replace:
-                    template:
-                      "%{hiera('fqdn_$NETWORK')}"
+                dnsnames:
+                  - str_replace:
+                      template: "%{hiera('cloud_name_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                  - str_replace:
+                      template:
+                        "%{hiera('fqdn_$NETWORK')}"
+                      params:
+                        $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                principal:
+                  str_replace:
+                    template: "mysql/%{hiera('cloud_name_NETWORK')}"
                     params:
-                      $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              principal:
-                str_replace:
-                  template: "mysql/%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                      NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+            - {}
       step_config: |
         include ::tripleo::profile::base::database::mysql
       metadata_settings:
-- 
cgit 1.2.3-korg