Fix on mysql ssl certs
* added code to ensure that directory /etc/mysql-client-ssl exists before to create the certs * fixed typo on .env Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d
This commit is contained in:
parent
7b6fd76dd1
commit
6336b6cdc7
|
@ -336,35 +336,49 @@ class openstackid (
|
||||||
# mysql ssl connection configuration
|
# mysql ssl connection configuration
|
||||||
if($mysql_ssl_enabled) {
|
if($mysql_ssl_enabled) {
|
||||||
|
|
||||||
|
file { '/etc/mysql-client-ssl':
|
||||||
|
ensure => 'directory',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'www-data',
|
||||||
|
mode => '0775',
|
||||||
|
}
|
||||||
|
|
||||||
if $mysql_ssl_ca_file_contents != '' {
|
if $mysql_ssl_ca_file_contents != '' {
|
||||||
file { $mysql_ssl_ca_file:
|
file { $mysql_ssl_ca_file:
|
||||||
|
ensure => file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'www-data',
|
group => 'www-data',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $mysql_ssl_ca_file_contents,
|
content => $mysql_ssl_ca_file_contents,
|
||||||
notify => Class['::apache::service'],
|
notify => Class['::apache::service'],
|
||||||
before => Apache::Vhost::Custom[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
require => File['/etc/mysql-client-ssl'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $mysql_ssl_client_key_file_contents != '' {
|
if $mysql_ssl_client_key_file_contents != '' {
|
||||||
file { $mysql_ssl_client_key_file:
|
file { $mysql_ssl_client_key_file:
|
||||||
|
ensure => file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'www-data',
|
group => 'www-data',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $mysql_ssl_client_key_file_contents,
|
content => $mysql_ssl_client_key_file_contents,
|
||||||
notify => Class['::apache::service'],
|
notify => Class['::apache::service'],
|
||||||
before => Apache::Vhost::Custom[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
require => File['/etc/mysql-client-ssl'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $mysql_ssl_client_cert_file_contents != '' {
|
if $mysql_ssl_client_cert_file_contents != '' {
|
||||||
file { $mysql_ssl_client_cert_file:
|
file { $mysql_ssl_client_cert_file:
|
||||||
|
ensure => file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'www-data',
|
group => 'www-data',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $mysql_ssl_client_cert_file_contents,
|
content => $mysql_ssl_client_cert_file_contents,
|
||||||
notify => Class['::apache::service'],
|
notify => Class['::apache::service'],
|
||||||
before => Apache::Vhost::Custom[$vhost_name],
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
require => File['/etc/mysql-client-ssl'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>"
|
||||||
DB_USE_SSL=<%= @mysql_ssl_enabled %>
|
DB_USE_SSL=<%= @mysql_ssl_enabled %>
|
||||||
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
|
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
|
||||||
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
|
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
|
||||||
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
|
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>"
|
||||||
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
|
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
|
||||||
|
|
||||||
REDIS_HOST="<%= @redis_host %>"
|
REDIS_HOST="<%= @redis_host %>"
|
||||||
|
|
Loading…
Reference in New Issue