opendev
/
puppet-openstackid
Code Issues Proposed changes

Fix on mysql ssl certs 

* added code to ensure that directory /etc/mysql-client-ssl exists
  before to create the certs
* fixed typo on .env

Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d
This commit is contained in:
Sebastian Marcet 2019-02-14 22:50:00 -03:00
parent 7b6fd76dd1
commit 6336b6cdc7
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifests/init.pp
View File

@ -336,35 +336,49 @@ class openstackid (
# mysql ssl connection configuration # mysql ssl connection configuration
if($mysql_ssl_enabled) { if($mysql_ssl_enabled) {
file { '/etc/mysql-client-ssl':
ensure => 'directory',
owner => 'root',
group => 'www-data',
mode => '0775',
}
if $mysql_ssl_ca_file_contents != '' { if $mysql_ssl_ca_file_contents != '' {
file { $mysql_ssl_ca_file: file { $mysql_ssl_ca_file:
ensure => file,
owner => 'root', owner => 'root',
group => 'www-data', group => 'www-data',
mode => '0640', mode => '0640',
content => $mysql_ssl_ca_file_contents, content => $mysql_ssl_ca_file_contents,
notify => Class['::apache::service'], notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name], before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
} }
} }
if $mysql_ssl_client_key_file_contents != '' { if $mysql_ssl_client_key_file_contents != '' {
file { $mysql_ssl_client_key_file: file { $mysql_ssl_client_key_file:
ensure => file,
owner => 'root', owner => 'root',
group => 'www-data', group => 'www-data',
mode => '0640', mode => '0640',
content => $mysql_ssl_client_key_file_contents, content => $mysql_ssl_client_key_file_contents,
notify => Class['::apache::service'], notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name], before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
} }
} }
if $mysql_ssl_client_cert_file_contents != '' { if $mysql_ssl_client_cert_file_contents != '' {
file { $mysql_ssl_client_cert_file: file { $mysql_ssl_client_cert_file:
ensure => file,
owner => 'root', owner => 'root',
group => 'www-data', group => 'www-data',
mode => '0640', mode => '0640',
content => $mysql_ssl_client_cert_file_contents, content => $mysql_ssl_client_cert_file_contents,
notify => Class['::apache::service'], notify => Class['::apache::service'],
before => Apache::Vhost::Custom[$vhost_name], before => Apache::Vhost::Custom[$vhost_name],
require => File['/etc/mysql-client-ssl'],
} }
} }
} }

2
templates/.env.erb
View File

@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>"
DB_USE_SSL=<%= @mysql_ssl_enabled %> DB_USE_SSL=<%= @mysql_ssl_enabled %>
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>" DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>" DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>" DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>"
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>" DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
REDIS_HOST="<%= @redis_host %>" REDIS_HOST="<%= @redis_host %>"