Merge "Adding tls flag to db group"

2017-02-20 15:26:19 +00:00 · 2017-02-20 15:26:19 +00:00 · 9c5d6a52d1
parent 3bb9d71a95 dda80232a0
commit 9c5d6a52d1
3 changed files with 8 additions and 6 deletions
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@ -4,6 +4,8 @@ configs:
  db:
    root_password: "password"
    max_timeout: 60
+    tls:
+      enabled: true
  percona:
    cluster_name: "k8scluster"
    xtrabackup_password: "password"
--- a/service/files/my.cnf.j2
+++ b/service/files/my.cnf.j2
@ -35,9 +35,9 @@ wsrep_provider = /usr/lib/galera3/libgalera_smm.so
 wsrep_cluster_name = {{ percona.cluster_name }}
 wsrep_sst_method = xtrabackup-v2
 wsrep_sst_auth = "xtrabackup:{{ percona.xtrabackup_password }}"
-wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if percona.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}
+wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if db.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}

-{% if percona.tls.enabled %}
+{% if db.tls.enabled %}
 ssl-ca = /opt/ccp/etc/tls/ca.pem
 ssl-cert = /opt/ccp/etc/tls/server-cert.pem
 ssl-key = /opt/ccp/etc/tls/server-key.pem
--- a/service/galera.yaml
+++ b/service/galera.yaml
@ -15,7 +15,7 @@ service:
      daemon:
        files:
          - galera-checker
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
          - ca.pem
          - server-key.pem
          - server-cert.pem
@ -36,7 +36,7 @@ service:
        files:
          - haproxy-conf
          - haproxy_entrypoint
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
          - ca.pem
          - server-key.pem
          - server-cert.pem
@ -79,7 +79,7 @@ service:
          - entrypoint
          - mycnf
          - galera-checker
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
          - ca.pem
          - server-key.pem
          - server-cert.pem
@ -107,7 +107,7 @@ files:
    path: /opt/ccp/bin/haproxy_entrypoint.py
    content: haproxy_entrypoint.py
    perm: "0755"
-# {% if percona.tls.enabled %}
+# {% if db.tls.enabled %}
  ca.pem:
    path: /opt/ccp/etc/tls/ca.pem
    content: ca.pem.j2