Merge "Enable TLS configuration for containerized Galera"
This commit is contained in:
commit
6976b8f650
|
@ -43,6 +43,14 @@ parameters:
|
||||||
default: {}
|
default: {}
|
||||||
description: Parameters specific to the role
|
description: Parameters specific to the role
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
InternalTLSCAFile:
|
||||||
|
default: '/etc/ipa/ca.crt'
|
||||||
|
type: string
|
||||||
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
|
services in the internal network.
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -59,6 +67,10 @@ resources:
|
||||||
RoleName: {get_param: RoleName}
|
RoleName: {get_param: RoleName}
|
||||||
RoleParameters: {get_param: RoleParameters}
|
RoleParameters: {get_param: RoleParameters}
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Containerized service MySQL using composable services.
|
description: Containerized service MySQL using composable services.
|
||||||
|
@ -79,6 +91,13 @@ outputs:
|
||||||
- 4567
|
- 4567
|
||||||
- 4568
|
- 4568
|
||||||
- 9200
|
- 9200
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
-
|
||||||
|
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
|
||||||
|
get_param: InternalTLSCAFile
|
||||||
|
- {}
|
||||||
step_config: ""
|
step_config: ""
|
||||||
# BEGIN DOCKER SETTINGS #
|
# BEGIN DOCKER SETTINGS #
|
||||||
puppet_config:
|
puppet_config:
|
||||||
|
@ -103,6 +122,20 @@ outputs:
|
||||||
dest: "/"
|
dest: "/"
|
||||||
merge: true
|
merge: true
|
||||||
preserve_properties: true
|
preserve_properties: true
|
||||||
|
- source: "/var/lib/kolla/config_files/src-tls/*"
|
||||||
|
dest: "/"
|
||||||
|
merge: true
|
||||||
|
optional: true
|
||||||
|
preserve_properties: true
|
||||||
|
permissions:
|
||||||
|
- path: /etc/pki/tls/certs/mysql.crt
|
||||||
|
owner: mysql:mysql
|
||||||
|
perm: '0600'
|
||||||
|
optional: true
|
||||||
|
- path: /etc/pki/tls/private/mysql.key
|
||||||
|
owner: mysql:mysql
|
||||||
|
perm: '0600'
|
||||||
|
optional: true
|
||||||
docker_config:
|
docker_config:
|
||||||
step_1:
|
step_1:
|
||||||
mysql_data_ownership:
|
mysql_data_ownership:
|
||||||
|
@ -195,6 +228,8 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/mysql
|
path: /var/lib/mysql
|
||||||
state: directory
|
state: directory
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: get bootstrap nodeid
|
- name: get bootstrap nodeid
|
||||||
tags: common
|
tags: common
|
||||||
|
|
Loading…
Reference in New Issue