Added configuration for MYSQL SSL connection
added config params to set up client certs for PDO SSL connections ( mysql ) Change-Id: Idb04a5a97e5e461bc91508567ad27c1ded60049a
This commit is contained in:
parent
3a1fd8b9be
commit
9a044f8e00
|
@ -85,6 +85,14 @@ class openstackid (
|
|||
$session_cookie_domain = $::fqdn,
|
||||
$session_cookie_secure = true,
|
||||
$session_cookie_http_only = true,
|
||||
$mysql_ssl_enabled = false,
|
||||
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
|
||||
$mysql_ssl_ca_file_contents = '',
|
||||
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
|
||||
$mysql_ssl_client_key_file_contents = '',
|
||||
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
|
||||
$mysql_ssl_client_cert_file_contents = '',
|
||||
$mysql_ssl_cypher = 'DHE-RSA-AES256-SHA',
|
||||
) {
|
||||
|
||||
# php packages needed for openid server
|
||||
|
@ -292,6 +300,42 @@ class openstackid (
|
|||
}
|
||||
}
|
||||
|
||||
# mysql ssl connection configuration
|
||||
if($mysql_ssl_enabled) {
|
||||
|
||||
if $mysql_ssl_ca_file_contents != '' {
|
||||
file { $mysql_ssl_ca_file:
|
||||
owner => 'root',
|
||||
group => 'www-data',
|
||||
mode => '0640',
|
||||
content => $mysql_ssl_ca_file_contents,
|
||||
notify => Class['::apache::service'],
|
||||
before => Apache::Vhost::Custom[$vhost_name],
|
||||
}
|
||||
}
|
||||
|
||||
if $mysql_ssl_client_key_file_contents != '' {
|
||||
file { $mysql_ssl_client_key_file:
|
||||
owner => 'root',
|
||||
group => 'www-data',
|
||||
mode => '0640',
|
||||
content => $mysql_ssl_client_key_file_contents,
|
||||
notify => Class['::apache::service'],
|
||||
before => Apache::Vhost::Custom[$vhost_name],
|
||||
}
|
||||
}
|
||||
if $mysql_ssl_client_cert_file_contents != '' {
|
||||
file { $mysql_ssl_client_cert_file:
|
||||
owner => 'root',
|
||||
group => 'www-data',
|
||||
mode => '0640',
|
||||
content => $mysql_ssl_client_cert_file_contents,
|
||||
notify => Class['::apache::service'],
|
||||
before => Apache::Vhost::Custom[$vhost_name],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$docroot_dirs = [ '/srv/openstackid' ]
|
||||
|
||||
file { $docroot_dirs:
|
||||
|
|
|
@ -18,6 +18,12 @@ SS_DATABASE="<%= @ss_db_name %>"
|
|||
SS_DB_USERNAME="<%= @ss_mysql_user %>"
|
||||
SS_DB_PASSWORD="<%= @ss_mysql_password %>"
|
||||
|
||||
DB_USE_SSL=<%= @mysql_ssl_enabled %>
|
||||
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
|
||||
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
|
||||
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
|
||||
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
|
||||
|
||||
REDIS_HOST="<%= @redis_host %>"
|
||||
REDIS_PORT=<%= @redis_port %>
|
||||
REDIS_DB=<%= @redis_db %>
|
||||
|
|
Loading…
Reference in New Issue