From 6336b6cdc79bd83acdd5ad7dda51b947edd7a844 Mon Sep 17 00:00:00 2001 From: Sebastian Marcet Date: Thu, 14 Feb 2019 22:50:00 -0300 Subject: [PATCH] Fix on mysql ssl certs * added code to ensure that directory /etc/mysql-client-ssl exists before to create the certs * fixed typo on .env Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d --- manifests/init.pp | 14 ++++++++++++++ templates/.env.erb | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 521efbf..f7bc037 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -336,35 +336,49 @@ class openstackid ( # mysql ssl connection configuration if($mysql_ssl_enabled) { + file { '/etc/mysql-client-ssl': + ensure => 'directory', + owner => 'root', + group => 'www-data', + mode => '0775', + } + if $mysql_ssl_ca_file_contents != '' { file { $mysql_ssl_ca_file: + ensure => file, owner => 'root', group => 'www-data', mode => '0640', content => $mysql_ssl_ca_file_contents, notify => Class['::apache::service'], before => Apache::Vhost::Custom[$vhost_name], + require => File['/etc/mysql-client-ssl'], } } if $mysql_ssl_client_key_file_contents != '' { file { $mysql_ssl_client_key_file: + ensure => file, owner => 'root', group => 'www-data', mode => '0640', content => $mysql_ssl_client_key_file_contents, notify => Class['::apache::service'], before => Apache::Vhost::Custom[$vhost_name], + require => File['/etc/mysql-client-ssl'], } } + if $mysql_ssl_client_cert_file_contents != '' { file { $mysql_ssl_client_cert_file: + ensure => file, owner => 'root', group => 'www-data', mode => '0640', content => $mysql_ssl_client_cert_file_contents, notify => Class['::apache::service'], before => Apache::Vhost::Custom[$vhost_name], + require => File['/etc/mysql-client-ssl'], } } } diff --git a/templates/.env.erb b/templates/.env.erb index ebab61a..4d7e5ea 100644 --- a/templates/.env.erb +++ b/templates/.env.erb @@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>" DB_USE_SSL=<%= @mysql_ssl_enabled %> DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>" DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>" -DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>" +DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>" DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>" REDIS_HOST="<%= @redis_host %>"