summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorProskurin Kirill <kproskurin@mirantis.com>2017-02-08 16:17:46 +0000
committerProskurin Kirill <kproskurin@mirantis.com>2017-02-13 12:07:28 +0000
commitf5127808a9b215440837b0eb2c23f904c0a7c929 (patch)
treece528c94ff88e383c4b0c84a07c0b8a335701217
parent80c1725a2f46c7b5fd4a6c40d77effa0fa3034e1 (diff)
Add DB SSL support
Notes
Notes (review): Code-Review+1: Dmitry Klenov <dklenov@mirantis.com> Verified+1: Mirantis CCP CI <mirantis-fuel-ccp-ci@mirantis.com> Code-Review+2: Sergey Reshetnyak <sreshetniak@mirantis.com> Code-Review+2: Artur Zarzycki <azarzycki@mirantis.com> Workflow+1: Artur Zarzycki <azarzycki@mirantis.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 15 Feb 2017 15:58:54 +0000 Reviewed-on: https://review.openstack.org/431035 Project: openstack/fuel-ccp-keystone Branch: refs/heads/master
-rw-r--r--service/files/backup.sh.j22
-rw-r--r--service/files/keystone.conf.j22
-rw-r--r--service/keystone.yaml8
3 files changed, 8 insertions, 4 deletions
diff --git a/service/files/backup.sh.j2 b/service/files/backup.sh.j2
index 88f2020..e425325 100644
--- a/service/files/backup.sh.j2
+++ b/service/files/backup.sh.j2
@@ -1,6 +1,6 @@
1#!/bin/bash -ex 1#!/bin/bash -ex
2set -o pipefail 2set -o pipefail
3BACKUP_FILE="/var/ccp/backup/keystone/backup-$(date "+%Y%m%d%H%M%S").sql" 3BACKUP_FILE="/var/ccp/backup/keystone/backup-$(date "+%Y%m%d%H%M%S").sql"
4mysqldump -h {{ address(service.database) }} \ 4mysqldump {% if percona.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address(service.database) }} \
5 -u {{ keystone.db.username }} -p{{ keystone.db.password }} \ 5 -u {{ keystone.db.username }} -p{{ keystone.db.password }} \
6 --single-transaction {{ keystone.db.name }} > "${BACKUP_FILE}" 6 --single-transaction {{ keystone.db.name }} > "${BACKUP_FILE}"
diff --git a/service/files/keystone.conf.j2 b/service/files/keystone.conf.j2
index afed78b..d64aaf6 100644
--- a/service/files/keystone.conf.j2
+++ b/service/files/keystone.conf.j2
@@ -8,7 +8,7 @@ notification_format = {{ keystone.notifications.format }}
8{% endif %} 8{% endif %}
9 9
10[database] 10[database]
11connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }} 11connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
12max_retries = -1 12max_retries = -1
13max_overflow = 60 13max_overflow = 60
14 14
diff --git a/service/keystone.yaml b/service/keystone.yaml
index e96451a..cc161a7 100644
--- a/service/keystone.yaml
+++ b/service/keystone.yaml
@@ -30,8 +30,12 @@ service:
30 type: single 30 type: single
31 command: 31 command:
32 mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ keystone.db.name }}; 32 mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ keystone.db.name }};
33 grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'; 33 create user '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
34 grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}';" 34 {% if percona.tls.enabled %} require ssl {% endif %};
35 grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
36 {% if percona.tls.enabled %} require ssl {% endif %};
37 grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
38 {% if percona.tls.enabled %} require ssl {% endif %};"
35 - name: keystone-db-sync 39 - name: keystone-db-sync
36 files: 40 files:
37 - keystone-conf 41 - keystone-conf