Write TLS config under section [client] in tripleo.cnf

the SQL shell 'mysql' currently cannot parse config under section [tripleo] as option bind-address is not supported in mariadb (only supported in mysql and PyMySQL). Generate a proper TLS config under section [client] so that the mysql shell can connect to the mysql server with the proper TLS settings. Change-Id: Icaaee64b6f491bf80fde2a8a44c6b28727493e13 Closes-Bug: #1829758 (cherry picked from commit 1d3ef8bcb7)
2019-05-20 16:53:02 +02:00 · 2019-05-20 16:53:02 +02:00 · 61a73d129e
parent 4b596a53ae
commit 61a73d129e
2 changed files with 21 additions and 7 deletions
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@ -66,12 +66,16 @@ class tripleo::profile::base::database::mysql::client (
    if $enable_ssl {
      $changes_ssl = [
        "set ${mysql_read_default_group}/ssl '1'",
-        "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'"
+        "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'",
+        'set client/ssl \'1\'',
+        "set client/ssl-ca '${ssl_ca}'"
      ]
    } else {
      $changes_ssl = [
        "rm ${mysql_read_default_group}/ssl",
-        "rm ${mysql_read_default_group}/ssl-ca"
+        "rm ${mysql_read_default_group}/ssl-ca",
+        'rm client/ssl',
+        'rm client/ssl-ca'
      ]
    }

--- a/spec/classes/tripleo_profile_base_database_mysql_client_spec.rb
+++ b/spec/classes/tripleo_profile_base_database_mysql_client_spec.rb
@ -38,7 +38,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
          :changes => [
            'rm tripleo/bind-address',
            'rm tripleo/ssl',
-            'rm tripleo/ssl-ca'
+            'rm tripleo/ssl-ca',
+            'rm client/ssl',
+            'rm client/ssl-ca'
          ]
        )
      }
@ -60,7 +62,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
          :changes => [
            'rm tripleo/bind-address',
            'rm tripleo/ssl',
-            'rm tripleo/ssl-ca'
+            'rm tripleo/ssl-ca',
+            'rm client/ssl',
+            'rm client/ssl-ca'
          ]
        )
      }
@ -82,7 +86,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
          :changes => [
            'rm tripleo/bind-address',
            'rm tripleo/ssl',
-            'rm tripleo/ssl-ca'
+            'rm tripleo/ssl-ca',
+            'rm client/ssl',
+            'rm client/ssl-ca'
          ]
        )
      }
@ -106,7 +112,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
          :changes => [
            'rm tripleo/bind-address',
            'rm tripleo/ssl',
-            'rm tripleo/ssl-ca'
+            'rm tripleo/ssl-ca',
+            'rm client/ssl',
+            'rm client/ssl-ca'
          ]
        )
      }
@ -131,7 +139,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
          :changes => [
            "set tripleo/bind-address '#{params[:mysql_client_bind_address]}'",
            "set tripleo/ssl '1'",
-            "set tripleo/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+            "set tripleo/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'",
+            "set client/ssl '1'",
+            "set client/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
          ]
        )
      }