Fix on mysql ssl certs

* added code to ensure that directory /etc/mysql-client-ssl exists
  before to create the certs
* fixed typo on .env

Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d
This commit is contained in:
Sebastian Marcet 2019-02-14 22:50:00 -03:00
parent 7b6fd76dd1
commit 6336b6cdc7
2 changed files with 15 additions and 1 deletions

View File

@ -336,35 +336,49 @@ class openstackid (
# mysql ssl connection configuration
if($mysql_ssl_enabled) {
file { '/etc/mysql-client-ssl':
ensure => 'directory',
owner => 'root',
group => 'www-data',
mode => '0775',
}
if $mysql_ssl_ca_file_contents != '' {
file { $mysql_ssl_ca_file:
ensure => file,
owner => 'root',
group => 'www-data',
mode => '0640',
content => $mysql_ssl_ca_file_contents,
notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
}
}
if $mysql_ssl_client_key_file_contents != '' {
file { $mysql_ssl_client_key_file:
ensure => file,
owner => 'root',
group => 'www-data',
mode => '0640',
content => $mysql_ssl_client_key_file_contents,
notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
}
}
if $mysql_ssl_client_cert_file_contents != '' {
file { $mysql_ssl_client_cert_file:
ensure => file,
owner => 'root',
group => 'www-data',
mode => '0640',
content => $mysql_ssl_client_cert_file_contents,
notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
}
}
}

View File

@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>"
DB_USE_SSL=<%= @mysql_ssl_enabled %>
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>"
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
REDIS_HOST="<%= @redis_host %>"