Added configuration for MYSQL SSL connection
added config params to set up client certs for PDO SSL connections ( mysql ) Change-Id: Idb04a5a97e5e461bc91508567ad27c1ded60049a
This commit is contained in:
parent
3a1fd8b9be
commit
9a044f8e00
|
@ -85,6 +85,14 @@ class openstackid (
|
||||||
$session_cookie_domain = $::fqdn,
|
$session_cookie_domain = $::fqdn,
|
||||||
$session_cookie_secure = true,
|
$session_cookie_secure = true,
|
||||||
$session_cookie_http_only = true,
|
$session_cookie_http_only = true,
|
||||||
|
$mysql_ssl_enabled = false,
|
||||||
|
$mysql_ssl_ca_file = '/etc/mysql-client-ssl/ca-cert.pem',
|
||||||
|
$mysql_ssl_ca_file_contents = '',
|
||||||
|
$mysql_ssl_client_key_file = '/etc/mysql-client-ssl/client-key.pem',
|
||||||
|
$mysql_ssl_client_key_file_contents = '',
|
||||||
|
$mysql_ssl_client_cert_file = '/etc/mysql-client-ssl/client-cert.pem',
|
||||||
|
$mysql_ssl_client_cert_file_contents = '',
|
||||||
|
$mysql_ssl_cypher = 'DHE-RSA-AES256-SHA',
|
||||||
) {
|
) {
|
||||||
|
|
||||||
# php packages needed for openid server
|
# php packages needed for openid server
|
||||||
|
@ -292,6 +300,42 @@ class openstackid (
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# mysql ssl connection configuration
|
||||||
|
if($mysql_ssl_enabled) {
|
||||||
|
|
||||||
|
if $mysql_ssl_ca_file_contents != '' {
|
||||||
|
file { $mysql_ssl_ca_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'www-data',
|
||||||
|
mode => '0640',
|
||||||
|
content => $mysql_ssl_ca_file_contents,
|
||||||
|
notify => Class['::apache::service'],
|
||||||
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $mysql_ssl_client_key_file_contents != '' {
|
||||||
|
file { $mysql_ssl_client_key_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'www-data',
|
||||||
|
mode => '0640',
|
||||||
|
content => $mysql_ssl_client_key_file_contents,
|
||||||
|
notify => Class['::apache::service'],
|
||||||
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if $mysql_ssl_client_cert_file_contents != '' {
|
||||||
|
file { $mysql_ssl_client_cert_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'www-data',
|
||||||
|
mode => '0640',
|
||||||
|
content => $mysql_ssl_client_cert_file_contents,
|
||||||
|
notify => Class['::apache::service'],
|
||||||
|
before => Apache::Vhost::Custom[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$docroot_dirs = [ '/srv/openstackid' ]
|
$docroot_dirs = [ '/srv/openstackid' ]
|
||||||
|
|
||||||
file { $docroot_dirs:
|
file { $docroot_dirs:
|
||||||
|
|
|
@ -18,6 +18,12 @@ SS_DATABASE="<%= @ss_db_name %>"
|
||||||
SS_DB_USERNAME="<%= @ss_mysql_user %>"
|
SS_DB_USERNAME="<%= @ss_mysql_user %>"
|
||||||
SS_DB_PASSWORD="<%= @ss_mysql_password %>"
|
SS_DB_PASSWORD="<%= @ss_mysql_password %>"
|
||||||
|
|
||||||
|
DB_USE_SSL=<%= @mysql_ssl_enabled %>
|
||||||
|
DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
|
||||||
|
DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
|
||||||
|
DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
|
||||||
|
DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"
|
||||||
|
|
||||||
REDIS_HOST="<%= @redis_host %>"
|
REDIS_HOST="<%= @redis_host %>"
|
||||||
REDIS_PORT=<%= @redis_port %>
|
REDIS_PORT=<%= @redis_port %>
|
||||||
REDIS_DB=<%= @redis_db %>
|
REDIS_DB=<%= @redis_db %>
|
||||||
|
|
Loading…
Reference in New Issue