Set galera to use TLS for connections by default
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/820857 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/820942 Change-Id: Ied8e6847413bd8ea3dfef1a43fba391884bf659f
This commit is contained in:
parent
fe90f8066c
commit
56b63d9fdb
|
@ -34,6 +34,7 @@ rabbitmq_policies:
|
|||
galera_client_package_state: "{{ package_state }}"
|
||||
galera_address: "{{ internal_lb_vip_address }}"
|
||||
galera_root_user: "admin"
|
||||
galera_use_ssl: True
|
||||
|
||||
## Memcached options
|
||||
memcached_port: 11211
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
MariaDB now uses TLS encryption by default. Certificate will be issued
|
||||
and signed with internal CA using PKI role.
|
||||
Deployers can disable encrypting MariaDB connections by setting
|
||||
``galera_use_ssl: false`` in their user_variables.yml
|
||||
Client certificates could be still provided and they will be distributed
|
||||
with PKI role as well.
|
Loading…
Reference in New Issue