Write TLS config under section [client] in tripleo.cnf
the SQL shell 'mysql' currently cannot parse config under section
[tripleo] as option bind-address is not supported in mariadb (only
supported in mysql and PyMySQL).
Generate a proper TLS config under section [client] so that the
mysql shell can connect to the mysql server with the proper TLS
settings.
Change-Id: Icaaee64b6f491bf80fde2a8a44c6b28727493e13
Closes-Bug: #1829758
(cherry picked from commit 1d3ef8bcb7
)
This commit is contained in:
parent
4b596a53ae
commit
61a73d129e
|
@ -66,12 +66,16 @@ class tripleo::profile::base::database::mysql::client (
|
|||
if $enable_ssl {
|
||||
$changes_ssl = [
|
||||
"set ${mysql_read_default_group}/ssl '1'",
|
||||
"set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'"
|
||||
"set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'",
|
||||
'set client/ssl \'1\'',
|
||||
"set client/ssl-ca '${ssl_ca}'"
|
||||
]
|
||||
} else {
|
||||
$changes_ssl = [
|
||||
"rm ${mysql_read_default_group}/ssl",
|
||||
"rm ${mysql_read_default_group}/ssl-ca"
|
||||
"rm ${mysql_read_default_group}/ssl-ca",
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
|
|||
:changes => [
|
||||
'rm tripleo/bind-address',
|
||||
'rm tripleo/ssl',
|
||||
'rm tripleo/ssl-ca'
|
||||
'rm tripleo/ssl-ca',
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
)
|
||||
}
|
||||
|
@ -60,7 +62,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
|
|||
:changes => [
|
||||
'rm tripleo/bind-address',
|
||||
'rm tripleo/ssl',
|
||||
'rm tripleo/ssl-ca'
|
||||
'rm tripleo/ssl-ca',
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
)
|
||||
}
|
||||
|
@ -82,7 +86,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
|
|||
:changes => [
|
||||
'rm tripleo/bind-address',
|
||||
'rm tripleo/ssl',
|
||||
'rm tripleo/ssl-ca'
|
||||
'rm tripleo/ssl-ca',
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
)
|
||||
}
|
||||
|
@ -106,7 +112,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
|
|||
:changes => [
|
||||
'rm tripleo/bind-address',
|
||||
'rm tripleo/ssl',
|
||||
'rm tripleo/ssl-ca'
|
||||
'rm tripleo/ssl-ca',
|
||||
'rm client/ssl',
|
||||
'rm client/ssl-ca'
|
||||
]
|
||||
)
|
||||
}
|
||||
|
@ -131,7 +139,9 @@ describe 'tripleo::profile::base::database::mysql::client' do
|
|||
:changes => [
|
||||
"set tripleo/bind-address '#{params[:mysql_client_bind_address]}'",
|
||||
"set tripleo/ssl '1'",
|
||||
"set tripleo/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
|
||||
"set tripleo/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'",
|
||||
"set client/ssl '1'",
|
||||
"set client/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
|
||||
]
|
||||
)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue