From e5a549f1d8cdf4e29d6fbf0b3abdbab568641e89 Mon Sep 17 00:00:00 2001
From: Jimmy McCrory <jimmy.mccrory@gmail.com>
Date: Mon, 18 Dec 2017 15:09:33 -0800
Subject: [PATCH] Use SSL database connections with nova-manage

When Galera SSL is enabled, use SSL encrypted database connections with
nova-manage commands where a connection string is provided.

Change-Id: I7019b966b475c09a4e3218461941c1112ae28028
(cherry picked from commit 740a26e7eacbb5975d041b1f9aa7424a1cc9526c)
---
 tasks/nova_db_setup.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/nova_db_setup.yml b/tasks/nova_db_setup.yml
index 0ab315d2..f99ea839 100644
--- a/tasks/nova_db_setup.yml
+++ b/tasks/nova_db_setup.yml
@@ -24,7 +24,7 @@
 - name: Create the cell0 mapping entry in the nova API DB
   command: >-
     {{ nova_bin }}/nova-manage cell_v2 map_cell0
-      --database_connection mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_cell0_database }}?charset=utf8
+      --database_connection mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_cell0_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %}
   become: yes
   become_user: "{{ nova_system_user_name }}"
   changed_when: false