openstack/puppet-openstack-integration
Code Issues Proposed changes

Mysql: Enable SSL

Browse Source 
Change-Id: Ia4276ef65947c36c5d3712859381bd7536018b0c
This commit is contained in:
Takashi Kajinami 2023-03-20 14:18:09 +09:00
parent c25cf05431
commit 3c2a869947
26 changed files with 48 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
manifests/aodh.pp
View File

@ -35,6 +35,7 @@ class openstack_integration::aodh (
'password' => 'aodh', 'password' => 'aodh',
'database' => 'aodh', 'database' => 'aodh',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'aodh': class { 'aodh':

1
manifests/barbican.pp
View File

@ -31,6 +31,7 @@ class openstack_integration::barbican {
'password' => 'barbican', 'password' => 'barbican',
'database' => 'barbican', 'database' => 'barbican',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'barbican::keystone::auth': class { 'barbican::keystone::auth':

1
manifests/cinder.pp
View File

@ -73,6 +73,7 @@ class openstack_integration::cinder (
'password' => 'cinder', 'password' => 'cinder',
'database' => 'cinder', 'database' => 'cinder',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'cinder': class { 'cinder':

6
manifests/config.pp
View File

@ -24,6 +24,8 @@ class openstack_integration::config (
$notify_backend = 'rabbit', $notify_backend = 'rabbit',
) { ) {
include openstack_integration::params
$messaging_default_proto = $rpc_backend $messaging_default_proto = $rpc_backend
$messaging_notify_proto = $notify_backend $messaging_notify_proto = $notify_backend
@ -35,6 +37,9 @@ class openstack_integration::config (
$messaging_default_port = '5671' $messaging_default_port = '5671'
} }
$messaging_notify_port = '5671' $messaging_notify_port = '5671'
$db_extra = {
'ssl_ca' => $::openstack_integration::params::ca_bundle_cert_path,
}
} else { } else {
$proto = 'http' $proto = 'http'
if $rpc_backend == 'amqp' { if $rpc_backend == 'amqp' {
@ -43,6 +48,7 @@ class openstack_integration::config (
$messaging_default_port = '5672' $messaging_default_port = '5672'
} }
$messaging_notify_port = '5672' $messaging_notify_port = '5672'
$db_extra = {}
} }
$rabbit_port = $messaging_notify_port $rabbit_port = $messaging_notify_port

1
manifests/designate.pp
View File

@ -47,6 +47,7 @@ class openstack_integration::designate {
'password' => 'designate', 'password' => 'designate',
'database' => 'designate', 'database' => 'designate',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'designate::coordination': class { 'designate::coordination':

1
manifests/ec2api.pp
View File

@ -36,6 +36,7 @@ class openstack_integration::ec2api {
'password' => 'ec2api', 'password' => 'ec2api',
'database' => 'ec2api', 'database' => 'ec2api',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'ec2api::db::sync': } class { 'ec2api::db::sync': }

1
manifests/glance.pp
View File

@ -107,6 +107,7 @@ class openstack_integration::glance (
'password' => 'glance', 'password' => 'glance',
'database' => 'glance', 'database' => 'glance',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'glance::api': class { 'glance::api':

1
manifests/gnocchi.pp
View File

@ -42,6 +42,7 @@ class openstack_integration::gnocchi (
'password' => 'gnocchi', 'password' => 'gnocchi',
'database' => 'gnocchi', 'database' => 'gnocchi',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'gnocchi': class { 'gnocchi':

1
manifests/heat.pp
View File

@ -53,6 +53,7 @@ class openstack_integration::heat (
'password' => 'heat', 'password' => 'heat',
'database' => 'heat', 'database' => 'heat',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'heat': class { 'heat':

2
manifests/ironic.pp
View File

@ -26,6 +26,7 @@ class openstack_integration::ironic {
'password' => 'ironic', 'password' => 'ironic',
'database' => 'ironic', 'database' => 'ironic',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'ironic': class { 'ironic':
@ -110,6 +111,7 @@ class openstack_integration::ironic {
'password' => 'ironic-inspector', 'password' => 'ironic-inspector',
'database' => 'ironic-inspector', 'database' => 'ironic-inspector',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'ironic::inspector::ironic': class { 'ironic::inspector::ironic':

1
manifests/keystone.pp
View File

@ -57,6 +57,7 @@ class openstack_integration::keystone (
'password' => 'keystone', 'password' => 'keystone',
'database' => 'keystone', 'database' => 'keystone',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'keystone::logging': class { 'keystone::logging':

1
manifests/magnum.pp
View File

@ -69,6 +69,7 @@ class openstack_integration::magnum (
'password' => 'magnum', 'password' => 'magnum',
'database' => 'magnum', 'database' => 'magnum',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }

1
manifests/manila.pp
View File

@ -58,6 +58,7 @@ class openstack_integration::manila (
'password' => 'manila', 'password' => 'manila',
'database' => 'manila', 'database' => 'manila',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'manila': class { 'manila':

1
manifests/mistral.pp
View File

@ -33,6 +33,7 @@ class openstack_integration::mistral {
'password' => 'mistral', 'password' => 'mistral',
'database' => 'mistral', 'database' => 'mistral',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'mistral': class { 'mistral':

1
manifests/murano.pp
View File

@ -61,6 +61,7 @@ class openstack_integration::murano {
'password' => 'murano', 'password' => 'murano',
'database' => 'murano', 'database' => 'murano',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'murano::keystone::authtoken': class { 'murano::keystone::authtoken':

16
manifests/mysql.pp
View File

@ -1,13 +1,27 @@
class openstack_integration::mysql { class openstack_integration::mysql {
include openstack_integration::config include openstack_integration::config
include openstack_integration::params
$mysql_conf_dir = $::openstack_integration::params::mysql_conf_dir
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'mysql':
key_path => "${mysql_conf_dir}/${facts['networking']['fqdn']}.pem",
require => Package['mysql-server'],
notify => Service['mysqld'],
}
}
class { 'mysql::server': class { 'mysql::server':
override_options => { override_options => {
'mysqld' => { 'mysqld' => {
'bind-address' => $::openstack_integration::config::host, 'bind-address' => $::openstack_integration::config::host,
'ssl' => $::openstack_integration::config::ssl,
'ssl-ca' => $::openstack_integration::params::ca_bundle_cert_path,
'ssl-cert' => $::openstack_integration::params::cert_path,
'ssl-key' => "${mysql_conf_dir}/${facts['networking']['fqdn']}.pem",
}, },
}, },
} }
} }

1
manifests/neutron.pp
View File

@ -234,6 +234,7 @@ class openstack_integration::neutron (
'password' => 'neutron', 'password' => 'neutron',
'database' => 'neutron', 'database' => 'neutron',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'neutron::server': class { 'neutron::server':

2
manifests/nova.pp
View File

@ -111,6 +111,7 @@ class openstack_integration::nova (
'password' => 'nova', 'password' => 'nova',
'database' => 'nova', 'database' => 'nova',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
api_database_connection => os_database_connection({ api_database_connection => os_database_connection({
'dialect' => 'mysql+pymysql', 'dialect' => 'mysql+pymysql',
@ -119,6 +120,7 @@ class openstack_integration::nova (
'password' => 'nova', 'password' => 'nova',
'database' => 'nova_api', 'database' => 'nova_api',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'nova': class { 'nova':

1
manifests/octavia.pp
View File

@ -40,6 +40,7 @@ class openstack_integration::octavia (
'password' => 'octavia', 'password' => 'octavia',
'database' => 'octavia', 'database' => 'octavia',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'octavia': class { 'octavia':

2
manifests/params.pp
View File

@ -7,6 +7,7 @@ class openstack_integration::params {
$update_ca_certs_cmd = '/usr/bin/update-ca-trust force-enable && /usr/bin/update-ca-trust extract' $update_ca_certs_cmd = '/usr/bin/update-ca-trust force-enable && /usr/bin/update-ca-trust extract'
$mysql_charset = 'utf8' $mysql_charset = 'utf8'
$mysql_collate = 'utf8_general_ci' $mysql_collate = 'utf8_general_ci'
$mysql_conf_dir = '/etc/my.cnf.d'
} }
'Debian': { 'Debian': {
$ca_bundle_cert_path = '/etc/ssl/certs/puppet_openstack.pem' $ca_bundle_cert_path = '/etc/ssl/certs/puppet_openstack.pem'
@ -14,6 +15,7 @@ class openstack_integration::params {
$update_ca_certs_cmd = '/usr/sbin/update-ca-certificates -f' $update_ca_certs_cmd = '/usr/sbin/update-ca-certificates -f'
$mysql_charset = 'utf8mb3' $mysql_charset = 'utf8mb3'
$mysql_collate = 'utf8mb3_general_ci' $mysql_collate = 'utf8mb3_general_ci'
$mysql_conf_dir = '/etc/mysql'
} }
default: { default: {
fail("Unsupported osfamily: ${facts['os']['family']} operatingsystem") fail("Unsupported osfamily: ${facts['os']['family']} operatingsystem")

1
manifests/placement.pp
View File

@ -48,6 +48,7 @@ class openstack_integration::placement {
'password' => 'placement', 'password' => 'placement',
'database' => 'placement', 'database' => 'placement',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
include placement::db::sync include placement::db::sync

1
manifests/sahara.pp
View File

@ -48,6 +48,7 @@ class openstack_integration::sahara (
'password' => 'sahara', 'password' => 'sahara',
'database' => 'sahara', 'database' => 'sahara',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'sahara': class { 'sahara':

1
manifests/trove.pp
View File

@ -27,6 +27,7 @@ class openstack_integration::trove {
'password' => 'trove', 'password' => 'trove',
'database' => 'trove', 'database' => 'trove',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'trove': class { 'trove':

1
manifests/vitrage.pp
View File

@ -31,6 +31,7 @@ class openstack_integration::vitrage {
'password' => 'vitrage', 'password' => 'vitrage',
'database' => 'vitrage', 'database' => 'vitrage',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }

1
manifests/watcher.pp
View File

@ -29,6 +29,7 @@ class openstack_integration::watcher {
'password' => 'watcher', 'password' => 'watcher',
'database' => 'watcher', 'database' => 'watcher',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class { 'watcher::keystone::auth': class { 'watcher::keystone::auth':

2
manifests/zaqar.pp
View File

@ -38,8 +38,8 @@ class openstack_integration::zaqar {
'password' => 'zaqar', 'password' => 'zaqar',
'database' => 'zaqar', 'database' => 'zaqar',
'charset' => 'utf8', 'charset' => 'utf8',
'extra' => $::openstack_integration::config::db_extra,
}), }),
} }
class {'zaqar::messaging::swift': class {'zaqar::messaging::swift':
auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3", auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3",