Merge "Fix SSL support"
This commit is contained in:
commit
75f67afb9e
|
@ -18,6 +18,9 @@
|
|||
login_user: "{{ galera_root_user }}"
|
||||
login_password: "{{ galera_root_password }}"
|
||||
login_host: "127.0.0.1"
|
||||
ssl_ca: "{{ (galera_use_ssl | bool) | ternary(galera_ssl_ca_cert, omit) }}"
|
||||
ssl_cert: "{{ (galera_use_ssl | bool) | ternary(galera_ssl_cert, omit) }}"
|
||||
ssl_key: "{{ (galera_use_ssl | bool) | ternary(galera_ssl_key, omit) }}"
|
||||
name: "{{ item.name }}"
|
||||
host: "{{ item.host }}"
|
||||
password: "{{ item.password }}"
|
||||
|
|
|
@ -59,10 +59,21 @@
|
|||
-out {{ galera_ssl_ca_cert | dirname }}/galera-req.pem
|
||||
-extensions v3_ca
|
||||
creates={{ galera_ssl_ca_cert | dirname }}/galera-req.pem
|
||||
register: create_galera_ssl_request
|
||||
when:
|
||||
- inventory_hostname == galera_server_bootstrap_node
|
||||
notify: Restart all mysql
|
||||
|
||||
- name: Convert generated SSL key to valid format for Galera
|
||||
command: >
|
||||
openssl rsa
|
||||
-in {{ galera_ssl_key }}
|
||||
-out {{ galera_ssl_key }}
|
||||
when:
|
||||
- create_galera_ssl_request | changed
|
||||
- inventory_hostname == galera_server_bootstrap_node
|
||||
notify: Restart all mysql
|
||||
|
||||
- name: Get REQ key contents and store as var
|
||||
slurp:
|
||||
src: "{{ galera_ssl_ca_cert | dirname }}/galera-req.pem"
|
||||
|
|
|
@ -5,6 +5,11 @@ host = localhost
|
|||
user = root
|
||||
password = {{ galera_root_password }}
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
{% if galera_use_ssl | bool %}
|
||||
ssl-ca = {{ galera_ssl_ca_cert }}
|
||||
ssl-cert = {{ galera_ssl_cert }}
|
||||
ssl-key = {{ galera_ssl_key }}
|
||||
{% endif %}
|
||||
|
||||
[mysql_upgrade]
|
||||
host = localhost
|
||||
|
|
|
@ -34,10 +34,10 @@ bind-address = ::
|
|||
server-id = {{ galera_server_id }}
|
||||
{% endif %}
|
||||
{% if galera_use_ssl | bool %}
|
||||
ssl
|
||||
ssl-ca = {{ galera_ssl_ca_cert }}
|
||||
ssl-cert = {{ galera_ssl_cert }}
|
||||
ssl-key = {{ galera_ssl_key }}
|
||||
ssl-cipher = TLSv1.2
|
||||
{% endif %}
|
||||
|
||||
# LOGGING #
|
||||
|
|
2
tox.ini
2
tox.ini
|
@ -116,7 +116,7 @@ deps =
|
|||
{[testenv:ansible]deps}
|
||||
setenv =
|
||||
{[testenv]setenv}
|
||||
ANSIBLE_PARAMETERS=-vvv -e galera_use_ssl=True
|
||||
ANSIBLE_PARAMETERS=-e galera_use_ssl=True
|
||||
commands =
|
||||
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
|
||||
|
||||
|
|
|
@ -14,8 +14,25 @@
|
|||
# limitations under the License.
|
||||
|
||||
- job:
|
||||
name: openstack-ansible-ssl-ubuntu-xenial-nv
|
||||
parent: openstack-ansible-functional-ubuntu-xenial
|
||||
voting: false
|
||||
name: openstack-ansible-functional-centos-7-ssl
|
||||
parent: openstack-ansible-functional-centos-7
|
||||
vars:
|
||||
tox_env: ssl
|
||||
|
||||
- job:
|
||||
name: openstack-ansible-functional-opensuse-423-ssl
|
||||
parent: openstack-ansible-functional-opensuse-423
|
||||
vars:
|
||||
tox_env: ssl
|
||||
|
||||
- job:
|
||||
name: openstack-ansible-functional-ubuntu-bionic-ssl
|
||||
parent: openstack-ansible-functional-ubuntu-bionic
|
||||
vars:
|
||||
tox_env: ssl
|
||||
|
||||
- job:
|
||||
name: openstack-ansible-functional-ubuntu-xenial-ssl
|
||||
parent: openstack-ansible-functional-ubuntu-xenial
|
||||
vars:
|
||||
tox_env: ssl
|
||||
|
|
|
@ -17,9 +17,13 @@
|
|||
jobs:
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-centos-7-ssl
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-opensuse-423-ssl
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
- openstack-ansible-functional-ubuntu-xenial-ssl
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
- openstack-ansible-functional-ubuntu-bionic-ssl
|
||||
- openstack-ansible-upgrade-centos-7
|
||||
- openstack-ansible-upgrade-opensuse-423
|
||||
- openstack-ansible-upgrade-ubuntu-xenial
|
||||
|
@ -27,7 +31,6 @@
|
|||
# did not support Bionic in the Q cycle.
|
||||
- openstack-ansible-upgrade-ubuntu-bionic:
|
||||
voting: false
|
||||
- openstack-ansible-ssl-ubuntu-xenial-nv
|
||||
experimental:
|
||||
jobs:
|
||||
- openstack-ansible-integrated-deploy-aio
|
||||
|
@ -35,9 +38,13 @@
|
|||
jobs:
|
||||
- openstack-ansible-linters
|
||||
- openstack-ansible-functional-centos-7
|
||||
- openstack-ansible-functional-centos-7-ssl
|
||||
- openstack-ansible-functional-opensuse-423
|
||||
- openstack-ansible-functional-opensuse-423-ssl
|
||||
- openstack-ansible-functional-ubuntu-xenial
|
||||
- openstack-ansible-functional-ubuntu-xenial-ssl
|
||||
- openstack-ansible-functional-ubuntu-bionic
|
||||
- openstack-ansible-functional-ubuntu-bionic-ssl
|
||||
- openstack-ansible-upgrade-centos-7
|
||||
- openstack-ansible-upgrade-opensuse-423
|
||||
- openstack-ansible-upgrade-ubuntu-xenial
|
||||
|
|
Loading…
Reference in New Issue