x
/
fuel-ccp-keystone
Code Issues Proposed changes

Merge "Add DB SSL support"

This commit is contained in:
Jenkins 2017-02-15 15:58:54 +00:00 committed by Gerrit Code Review
parent 8e43e6445b f5127808a9
commit 0fa07c72fa
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
service/files/backup.sh.j2
View File

@ -1,6 +1,6 @@
#!/bin/bash -ex
set -o pipefail
BACKUP_FILE="/var/ccp/backup/keystone/backup-$(date "+%Y%m%d%H%M%S").sql"
mysqldump -h {{ address(service.database) }} \
mysqldump {% if percona.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address(service.database) }} \
-u {{ keystone.db.username }} -p{{ keystone.db.password }} \
--single-transaction {{ keystone.db.name }} > "${BACKUP_FILE}"

2
service/files/keystone.conf.j2
View File

@ -8,7 +8,7 @@ notification_format = {{ keystone.notifications.format }}
{% endif %}
[database]
connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }}
connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
max_retries = -1
max_overflow = 60

8
service/keystone.yaml
View File

@ -40,8 +40,12 @@ service:
type: single
command:
mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ keystone.db.name }};
grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}';
grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}';"
create user '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
{% if percona.tls.enabled %} require ssl {% endif %};
grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
{% if percona.tls.enabled %} require ssl {% endif %};
grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
{% if percona.tls.enabled %} require ssl {% endif %};"
- name: keystone-db-sync
files:
- keystone-conf