Browse Source

Fix on mysql ssl certs

* added code to ensure that directory /etc/mysql-client-ssl exists
  before to create the certs
* fixed typo on .env

Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d
Sebastian Marcet 2 months ago
parent
commit
6336b6cdc7
2 changed files with 15 additions and 1 deletions
  1. 14
    0
      manifests/init.pp
  2. 1
    1
      templates/.env.erb

+ 14
- 0
manifests/init.pp View File

@@ -336,35 +336,49 @@ class openstackid (
336 336
   # mysql ssl connection configuration
337 337
   if($mysql_ssl_enabled) {
338 338
 
339
+    file { '/etc/mysql-client-ssl':
340
+      ensure => 'directory',
341
+      owner  => 'root',
342
+      group  => 'www-data',
343
+      mode   => '0775',
344
+    }
345
+
339 346
     if $mysql_ssl_ca_file_contents != '' {
340 347
       file { $mysql_ssl_ca_file:
348
+        ensure  =>  file,
341 349
         owner   => 'root',
342 350
         group   => 'www-data',
343 351
         mode    => '0640',
344 352
         content => $mysql_ssl_ca_file_contents,
345 353
         notify  => Class['::apache::service'],
346 354
         before  => Apache::Vhost::Custom[$vhost_name],
355
+        require => File['/etc/mysql-client-ssl'],
347 356
       }
348 357
     }
349 358
 
350 359
     if $mysql_ssl_client_key_file_contents != '' {
351 360
       file { $mysql_ssl_client_key_file:
361
+        ensure  =>  file,
352 362
         owner   => 'root',
353 363
         group   => 'www-data',
354 364
         mode    => '0640',
355 365
         content => $mysql_ssl_client_key_file_contents,
356 366
         notify  => Class['::apache::service'],
357 367
         before  => Apache::Vhost::Custom[$vhost_name],
368
+        require => File['/etc/mysql-client-ssl'],
358 369
       }
359 370
     }
371
+
360 372
     if $mysql_ssl_client_cert_file_contents != '' {
361 373
       file { $mysql_ssl_client_cert_file:
374
+        ensure  =>  file,
362 375
         owner   => 'root',
363 376
         group   => 'www-data',
364 377
         mode    => '0640',
365 378
         content => $mysql_ssl_client_cert_file_contents,
366 379
         notify  => Class['::apache::service'],
367 380
         before  => Apache::Vhost::Custom[$vhost_name],
381
+        require => File['/etc/mysql-client-ssl'],
368 382
       }
369 383
     }
370 384
   }

+ 1
- 1
templates/.env.erb View File

@@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>"
21 21
 DB_USE_SSL=<%= @mysql_ssl_enabled %>
22 22
 DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
23 23
 DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
24
-DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
24
+DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>"
25 25
 DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
26 26
 
27 27
 REDIS_HOST="<%= @redis_host %>"

Loading…
Cancel
Save