Added Galera SSL support
MySQL SSL connections allowed. Self-signed SSL CA cert or user-provided CA certificate delivered from the deployment host. Change-Id: Iaa07435357139133e325d85808b419e8c55b5e50 Partial-Bug: #1667789
This commit is contained in:
parent
1a4c83af1c
commit
c093c13e01
|
@ -42,3 +42,11 @@ galera_client_fatal_deprecations: false
|
|||
galera_client_my_cnf_overrides: {}
|
||||
|
||||
mariadb_repo_filename: "MariaDB"
|
||||
|
||||
# SSL support
|
||||
galera_use_ssl: false
|
||||
# The path where to store the database server CA certificate
|
||||
galera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem
|
||||
# The path to Galera CA certificate file on the deployment host
|
||||
galera_user_ssl_ca_cert: /etc/openstack_deploy/self_signed_certs/galera-ca.pem
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- Allows SSL connection to Galera with SSL support. ``galera_use_ssl`` option has to
|
||||
be set to ``true``, in this case self-signed CA cert or user-provided CA cert will
|
||||
be delivered to the container/host.
|
|
@ -25,3 +25,15 @@
|
|||
when: galera_client_drop_config_file
|
||||
tags:
|
||||
- galera-client-user-config
|
||||
|
||||
- name: Distribute Galera ssl CA cert
|
||||
copy:
|
||||
dest: "{{ galera_ssl_ca_cert }}"
|
||||
src: "{{ galera_user_ssl_ca_cert }}"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0644"
|
||||
when:
|
||||
- galera_use_ssl | bool
|
||||
tags:
|
||||
- galera-client-user-config
|
||||
|
|
Loading…
Reference in New Issue