From eac07b11fab11d1d2eaa667e6a9aa71b7404b0f9 Mon Sep 17 00:00:00 2001
From: Proskurin Kirill <kproskurin@mirantis.com>
Date: Thu, 9 Feb 2017 11:22:45 +0000
Subject: [PATCH] Add DB SSL support

Change-Id: I6e5855fba2d8e23d04667328a7d277c44f9b24db
Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
---
 service/cinder-api.yaml      | 5 ++++-
 service/files/cinder.conf.j2 | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/service/cinder-api.yaml b/service/cinder-api.yaml
index 8fe4fc8..b539278 100644
--- a/service/cinder-api.yaml
+++ b/service/cinder-api.yaml
@@ -13,7 +13,10 @@ service:
           type: single
           command:
             mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ cinder.db.name }};
-            grant all privileges on {{ cinder.db.name }}.* to '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}';"
+            create user '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}'
+            {% if percona.tls.enabled %} require ssl {% endif %};
+            grant all privileges on {{ cinder.db.name }}.* to '{{ cinder.db.username }}'@'%' identified by '{{ cinder.db.password }}'
+            {% if percona.tls.enabled %} require ssl {% endif %};"
         - name: cinder-db-sync
           files:
             - cinder-conf
diff --git a/service/files/cinder.conf.j2 b/service/files/cinder.conf.j2
index 84c1b24..af368cc 100644
--- a/service/files/cinder.conf.j2
+++ b/service/files/cinder.conf.j2
@@ -24,7 +24,7 @@ glance_catalog_info = image:glance:internalURL
 auth_strategy = keystone
 
 [database]
-connection = mysql+pymysql://{{ cinder.db.username }}:{{ cinder.db.password }}@{{ address(service.database) }}/{{ cinder.db.name }}
+connection = mysql+pymysql://{{ cinder.db.username }}:{{ cinder.db.password }}@{{ address(service.database) }}/{{ cinder.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
 max_retries = -1
 
 [keystone_authtoken]
@@ -61,4 +61,4 @@ driver = {{ searchlight.notification_driver }}
 
 {# messaging macros template #}
 {{ oslo_messaging[messaging.backend.rpc]('rpc_config') }}
-{{ oslo_messaging[messaging.backend.notifications]('notifications_config') }}
\ No newline at end of file
+{{ oslo_messaging[messaging.backend.notifications]('notifications_config') }}