Add DB SSL support
Change-Id: Ic13c24e32b9259cba432db0b25d7145f0614c248 Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
This commit is contained in:
parent
80c1725a2f
commit
f5127808a9
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash -ex
|
||||
set -o pipefail
|
||||
BACKUP_FILE="/var/ccp/backup/keystone/backup-$(date "+%Y%m%d%H%M%S").sql"
|
||||
mysqldump -h {{ address(service.database) }} \
|
||||
mysqldump {% if percona.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address(service.database) }} \
|
||||
-u {{ keystone.db.username }} -p{{ keystone.db.password }} \
|
||||
--single-transaction {{ keystone.db.name }} > "${BACKUP_FILE}"
|
||||
|
|
|
@ -8,7 +8,7 @@ notification_format = {{ keystone.notifications.format }}
|
|||
{% endif %}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }}
|
||||
connection = mysql+pymysql://{{ keystone.db.username }}:{{ keystone.db.password }}@{{ address(service.database) }}/{{ keystone.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
|
||||
max_retries = -1
|
||||
max_overflow = 60
|
||||
|
||||
|
|
|
@ -30,8 +30,12 @@ service:
|
|||
type: single
|
||||
command:
|
||||
mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ keystone.db.name }};
|
||||
grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}';
|
||||
grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}';"
|
||||
create user '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
|
||||
{% if percona.tls.enabled %} require ssl {% endif %};
|
||||
grant all privileges on {{ keystone.db.name }}.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
|
||||
{% if percona.tls.enabled %} require ssl {% endif %};
|
||||
grant super on *.* to '{{ keystone.db.username }}'@'%' identified by '{{ keystone.db.password }}'
|
||||
{% if percona.tls.enabled %} require ssl {% endif %};"
|
||||
- name: keystone-db-sync
|
||||
files:
|
||||
- keystone-conf
|
||||
|
|
Loading…
Reference in New Issue