diff --git a/defaults/main.yml b/defaults/main.yml index 3b8bcbb6..98f4c35d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -75,16 +75,16 @@ nova_lock_path: "/var/lock/nova" # nova_system_user_uid = # nova_system_group_gid = -## DB +## Database info nova_galera_user: nova nova_galera_database: nova nova_db_max_overflow: 10 nova_db_max_pool_size: 120 nova_db_pool_timeout: 30 # Toggle whether nova connects via an encrypted connection -nova_galera_use_ssl: False +nova_galera_use_ssl: "{{ galera_use_ssl | default(False) }}" # The path where to store the database server CA certificate -nova_galera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem +nova_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}" ## DB API nova_api_galera_user: nova_api diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2 index 1a318b91..0f392fcb 100644 --- a/templates/nova.conf.j2 +++ b/templates/nova.conf.j2 @@ -214,25 +214,24 @@ memcache_secret_key = {{ memcached_encryption_key }} {% if inventory_hostname in (groups['nova_conductor'] + groups['nova_scheduler'] + groups['nova_api_os_compute'] + groups['nova_api_metadata'] + groups['nova_console'] + groups['nova_api_placement'])%} [database] -{% if nova_galera_use_ssl | bool %} -connection = mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}/{{ nova_galera_database }}?charset=utf8&ssl_ca={{ nova_galera_ssl_ca_cert }} -{% else %} -connection = mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}/{{ nova_galera_database }}?charset=utf8 -{% endif %} +connection = mysql+pymysql://{{ nova_galera_user }}:{{ nova_container_mysql_password }}@{{ nova_galera_address }}/{{ nova_galera_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %} + max_overflow = {{ nova_db_max_overflow }} max_pool_size = {{ nova_db_max_pool_size }} pool_timeout = {{ nova_db_pool_timeout }} [api_database] -connection = mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_api_galera_database }}?charset=utf8 +connection = mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_api_galera_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %} + max_overflow = {{ nova_api_db_max_overflow }} max_pool_size = {{ nova_api_db_max_pool_size }} pool_timeout = {{ nova_api_db_pool_timeout }} {% if nova_placement_service_enabled | bool %} [placement_database] -connection = mysql+pymysql://{{ nova_placement_galera_user }}:{{ nova_placement_container_mysql_password }}@{{ nova_placement_galera_address }}/{{ nova_placement_galera_database }}?charset=utf8 +connection = mysql+pymysql://{{ nova_placement_galera_user }}:{{ nova_placement_container_mysql_password }}@{{ nova_placement_galera_address }}/{{ nova_placement_galera_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %} + max_overflow = {{ nova_placement_db_max_overflow }} max_pool_size = {{ nova_placement_db_max_pool_size }} pool_timeout = {{ nova_placement_db_pool_timeout }} diff --git a/tox.ini b/tox.ini index fbcb2514..9160121e 100644 --- a/tox.ini +++ b/tox.ini @@ -126,6 +126,17 @@ commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:ssl] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + ANSIBLE_PARAMETERS=-vvv -e galera_use_ssl=True +commands = + bash -c "{toxinidir}/tests/tests-repo-clone.sh" + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" + + [testenv:linters] deps = {[testenv:ansible]deps} diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index df206449..a0504334 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -19,3 +19,9 @@ vars: tox_env: func_lxd +- job: + name: openstack-ansible-nova-ssl-nv + parent: openstack-ansible-functional-ubuntu-xenial + voting: false + vars: + tox_env: ssl diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index bc6b9a57..8e325c83 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -23,6 +23,7 @@ - openstack-ansible-functional-ubuntu-xenial - openstack-ansible-upgrade-ubuntu-xenial - openstack-ansible-lxd-ubuntu-xenial + - openstack-ansible-nova-ssl-nv experimental: jobs: - openstack-ansible-integrated-deploy-aio @@ -34,3 +35,4 @@ - openstack-ansible-functional-ubuntu-xenial - openstack-ansible-upgrade-ubuntu-xenial - openstack-ansible-lxd-ubuntu-xenial + - openstack-ansible-nova-ssl-nv