Add DB SSL support

Change-Id: I6e5855fba2d8e23d04667328a7d277c44f9b24db
Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
This commit is contained in:
Proskurin Kirill 2017-02-09 11:22:45 +00:00
parent c7518fc787
commit eac07b11fa
2 changed files with 6 additions and 3 deletions

View File

@ -13,7 +13,10 @@ service:
type: single
command:
mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ cinder.db.name }};
grant all privileges on {{ cinder.db.name }}.* to '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}';"
create user '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}'
{% if percona.tls.enabled %} require ssl {% endif %};
grant all privileges on {{ cinder.db.name }}.* to '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}'
{% if percona.tls.enabled %} require ssl {% endif %};"
- name: cinder-db-sync
files:
- cinder-conf

View File

@ -24,7 +24,7 @@ glance_catalog_info = image:glance:internalURL
auth_strategy = keystone
[database]
connection = mysql+pymysql://{{ cinder.db.username }}:{{ cinder.db.password }}@{{ address(service.database) }}/{{ cinder.db.name }}
connection = mysql+pymysql://{{ cinder.db.username }}:{{ cinder.db.password }}@{{ address(service.database) }}/{{ cinder.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
max_retries = -1
[keystone_authtoken]
@ -61,4 +61,4 @@ driver = {{ searchlight.notification_driver }}
{# messaging macros template #}
{{ oslo_messaging[messaging.backend.rpc]('rpc_config') }}
{{ oslo_messaging[messaging.backend.notifications]('notifications_config') }}
{{ oslo_messaging[messaging.backend.notifications]('notifications_config') }}