Fix on mysql ssl certs

* added code to ensure that directory /etc/mysql-client-ssl exists before to create the certs * fixed typo on .env Change-Id: I89640b2d25b274bcc7205b6665c9930d695a003d
2019-02-14 22:50:00 -03:00 · 2019-02-14 22:50:00 -03:00 · 6336b6cdc7
commit 6336b6cdc7
parent 7b6fd76dd1
2 changed files with 15 additions and 1 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -336,35 +336,49 @@ class openstackid (
  # mysql ssl connection configuration
  if($mysql_ssl_enabled) {

+    file { '/etc/mysql-client-ssl':
+      ensure => 'directory',
+      owner  => 'root',
+      group  => 'www-data',
+      mode   => '0775',
+    }
+
    if $mysql_ssl_ca_file_contents != '' {
      file { $mysql_ssl_ca_file:
+        ensure  =>  file,
        owner   => 'root',
        group   => 'www-data',
        mode    => '0640',
        content => $mysql_ssl_ca_file_contents,
        notify  => Class['::apache::service'],
        before  => Apache::Vhost::Custom[$vhost_name],
+        require => File['/etc/mysql-client-ssl'],
      }
    }

    if $mysql_ssl_client_key_file_contents != '' {
      file { $mysql_ssl_client_key_file:
+        ensure  =>  file,
        owner   => 'root',
        group   => 'www-data',
        mode    => '0640',
        content => $mysql_ssl_client_key_file_contents,
        notify  => Class['::apache::service'],
        before  => Apache::Vhost::Custom[$vhost_name],
+        require => File['/etc/mysql-client-ssl'],
      }
    }
+
    if $mysql_ssl_client_cert_file_contents != '' {
      file { $mysql_ssl_client_cert_file:
+        ensure  =>  file,
        owner   => 'root',
        group   => 'www-data',
        mode    => '0640',
        content => $mysql_ssl_client_cert_file_contents,
        notify  => Class['::apache::service'],
        before  => Apache::Vhost::Custom[$vhost_name],
+        require => File['/etc/mysql-client-ssl'],
      }
    }
  }
--- a/templates/.env.erb
+++ b/templates/.env.erb
@ -21,7 +21,7 @@ SS_DB_PASSWORD="<%= @ss_mysql_password %>"
 DB_USE_SSL=<%= @mysql_ssl_enabled %>
 DB_MYSQL_ATTR_SSL_CA="<%= @mysql_ssl_ca_file %>"
 DB_MYSQL_ATTR_SSL_KEY="<%= @mysql_ssl_client_key_file %>"
-DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert %>"
+DB_MYSQL_ATTR_SSL_CERT="<%= @mysql_ssl_client_cert_file %>"
 DB_MYSQL_ATTR_SSL_CIPHER="<%= @mysql_ssl_cypher %>"

 REDIS_HOST="<%= @redis_host %>"