openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Enable TLS configuration for containerized Galera"

This commit is contained in:
Jenkins 2017-08-14 23:03:35 +00:00 committed by Gerrit Code Review
parent 84362d3385 ac79bf92d0
commit 6976b8f650
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docker/services/pacemaker/database/mysql.yaml
View File

@ -43,6 +43,14 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
resources:
@ -59,6 +67,10 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Containerized service MySQL using composable services.
@ -79,6 +91,13 @@ outputs:
- 4567
- 4568
- 9200
-
if:
- internal_tls_enabled
-
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
get_param: InternalTLSCAFile
- {}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
@ -103,6 +122,20 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
optional: true
preserve_properties: true
permissions:
- path: /etc/pki/tls/certs/mysql.crt
owner: mysql:mysql
perm: '0600'
optional: true
- path: /etc/pki/tls/private/mysql.key
owner: mysql:mysql
perm: '0600'
optional: true
docker_config:
step_1:
mysql_data_ownership:
@ -195,6 +228,8 @@ outputs:
file:
path: /var/lib/mysql
state: directory
metadata_settings:
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common