Add DB SSL support

Change-Id: Ie1626a3f0c3a0630d6e732422d415f3cc01ca9fd Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
2017-02-09 11:30:28 +00:00 · 2017-02-09 11:30:28 +00:00 · 265c0e4b36
parent 320abb452b
commit 265c0e4b36
2 changed files with 5 additions and 2 deletions
--- a/service/files/murano.conf.j2
+++ b/service/files/murano.conf.j2
@ -12,7 +12,7 @@ home_region = RegionOne
 transport_url = rabbit://{{ rabbitmq.user }}:{{ rabbitmq.password }}@{{ address("rabbitmq", rabbitmq.port) }}/

 [database]
-connection = mysql+pymysql://{{ murano.db.username }}:{{ murano.db.password }}@{{ address(service.database) }}/{{ murano.db.name }}
+connection = mysql+pymysql://{{ murano.db.username }}:{{ murano.db.password }}@{{ address(service.database) }}/{{ murano.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}

 [engine]
 use_trusts = True
--- a/service/murano-api.yaml
+++ b/service/murano-api.yaml
@ -15,7 +15,10 @@ service:
        - name: murano-db-create
          type: single
          command: mysql -v -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e 'create database `{{ murano.db.name }}`;
-                   grant all privileges on `{{ murano.db.name }}`.* to "{{ murano.db.username }}"@"%" identified by "{{ murano.db.password }}";'
+                   create user '{{ murano.db.username }}'@'%' identified by '{{ murano.db.password }}'
+                   {% if percona.tls.enabled %} require ssl {% endif %};
+                   grant all privileges on `{{ murano.db.name }}`.* to "{{ murano.db.username }}"@"%" identified by "{{ murano.db.password }}"
+                   {% if percona.tls.enabled %} require ssl {% endif %};'
          dependencies:
            - {{ service.database }}
        - name: murano-db-sync