Mysql: Enable SSL
Change-Id: Ia4276ef65947c36c5d3712859381bd7536018b0c
This commit is contained in:
parent
c25cf05431
commit
3c2a869947
@ -35,6 +35,7 @@ class openstack_integration::aodh (
|
|||||||
'password' => 'aodh',
|
'password' => 'aodh',
|
||||||
'database' => 'aodh',
|
'database' => 'aodh',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'aodh':
|
class { 'aodh':
|
||||||
|
@ -31,6 +31,7 @@ class openstack_integration::barbican {
|
|||||||
'password' => 'barbican',
|
'password' => 'barbican',
|
||||||
'database' => 'barbican',
|
'database' => 'barbican',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'barbican::keystone::auth':
|
class { 'barbican::keystone::auth':
|
||||||
|
@ -73,6 +73,7 @@ class openstack_integration::cinder (
|
|||||||
'password' => 'cinder',
|
'password' => 'cinder',
|
||||||
'database' => 'cinder',
|
'database' => 'cinder',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'cinder':
|
class { 'cinder':
|
||||||
|
@ -24,6 +24,8 @@ class openstack_integration::config (
|
|||||||
$notify_backend = 'rabbit',
|
$notify_backend = 'rabbit',
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
include openstack_integration::params
|
||||||
|
|
||||||
$messaging_default_proto = $rpc_backend
|
$messaging_default_proto = $rpc_backend
|
||||||
$messaging_notify_proto = $notify_backend
|
$messaging_notify_proto = $notify_backend
|
||||||
|
|
||||||
@ -35,6 +37,9 @@ class openstack_integration::config (
|
|||||||
$messaging_default_port = '5671'
|
$messaging_default_port = '5671'
|
||||||
}
|
}
|
||||||
$messaging_notify_port = '5671'
|
$messaging_notify_port = '5671'
|
||||||
|
$db_extra = {
|
||||||
|
'ssl_ca' => $::openstack_integration::params::ca_bundle_cert_path,
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$proto = 'http'
|
$proto = 'http'
|
||||||
if $rpc_backend == 'amqp' {
|
if $rpc_backend == 'amqp' {
|
||||||
@ -43,6 +48,7 @@ class openstack_integration::config (
|
|||||||
$messaging_default_port = '5672'
|
$messaging_default_port = '5672'
|
||||||
}
|
}
|
||||||
$messaging_notify_port = '5672'
|
$messaging_notify_port = '5672'
|
||||||
|
$db_extra = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
$rabbit_port = $messaging_notify_port
|
$rabbit_port = $messaging_notify_port
|
||||||
|
@ -47,6 +47,7 @@ class openstack_integration::designate {
|
|||||||
'password' => 'designate',
|
'password' => 'designate',
|
||||||
'database' => 'designate',
|
'database' => 'designate',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'designate::coordination':
|
class { 'designate::coordination':
|
||||||
|
@ -36,6 +36,7 @@ class openstack_integration::ec2api {
|
|||||||
'password' => 'ec2api',
|
'password' => 'ec2api',
|
||||||
'database' => 'ec2api',
|
'database' => 'ec2api',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'ec2api::db::sync': }
|
class { 'ec2api::db::sync': }
|
||||||
|
@ -107,6 +107,7 @@ class openstack_integration::glance (
|
|||||||
'password' => 'glance',
|
'password' => 'glance',
|
||||||
'database' => 'glance',
|
'database' => 'glance',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'glance::api':
|
class { 'glance::api':
|
||||||
|
@ -42,6 +42,7 @@ class openstack_integration::gnocchi (
|
|||||||
'password' => 'gnocchi',
|
'password' => 'gnocchi',
|
||||||
'database' => 'gnocchi',
|
'database' => 'gnocchi',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'gnocchi':
|
class { 'gnocchi':
|
||||||
|
@ -53,6 +53,7 @@ class openstack_integration::heat (
|
|||||||
'password' => 'heat',
|
'password' => 'heat',
|
||||||
'database' => 'heat',
|
'database' => 'heat',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'heat':
|
class { 'heat':
|
||||||
|
@ -26,6 +26,7 @@ class openstack_integration::ironic {
|
|||||||
'password' => 'ironic',
|
'password' => 'ironic',
|
||||||
'database' => 'ironic',
|
'database' => 'ironic',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'ironic':
|
class { 'ironic':
|
||||||
@ -110,6 +111,7 @@ class openstack_integration::ironic {
|
|||||||
'password' => 'ironic-inspector',
|
'password' => 'ironic-inspector',
|
||||||
'database' => 'ironic-inspector',
|
'database' => 'ironic-inspector',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'ironic::inspector::ironic':
|
class { 'ironic::inspector::ironic':
|
||||||
|
@ -57,6 +57,7 @@ class openstack_integration::keystone (
|
|||||||
'password' => 'keystone',
|
'password' => 'keystone',
|
||||||
'database' => 'keystone',
|
'database' => 'keystone',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'keystone::logging':
|
class { 'keystone::logging':
|
||||||
|
@ -69,6 +69,7 @@ class openstack_integration::magnum (
|
|||||||
'password' => 'magnum',
|
'password' => 'magnum',
|
||||||
'database' => 'magnum',
|
'database' => 'magnum',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,6 +58,7 @@ class openstack_integration::manila (
|
|||||||
'password' => 'manila',
|
'password' => 'manila',
|
||||||
'database' => 'manila',
|
'database' => 'manila',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'manila':
|
class { 'manila':
|
||||||
|
@ -33,6 +33,7 @@ class openstack_integration::mistral {
|
|||||||
'password' => 'mistral',
|
'password' => 'mistral',
|
||||||
'database' => 'mistral',
|
'database' => 'mistral',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'mistral':
|
class { 'mistral':
|
||||||
|
@ -61,6 +61,7 @@ class openstack_integration::murano {
|
|||||||
'password' => 'murano',
|
'password' => 'murano',
|
||||||
'database' => 'murano',
|
'database' => 'murano',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'murano::keystone::authtoken':
|
class { 'murano::keystone::authtoken':
|
||||||
|
@ -1,13 +1,27 @@
|
|||||||
class openstack_integration::mysql {
|
class openstack_integration::mysql {
|
||||||
|
|
||||||
include openstack_integration::config
|
include openstack_integration::config
|
||||||
|
include openstack_integration::params
|
||||||
|
|
||||||
|
$mysql_conf_dir = $::openstack_integration::params::mysql_conf_dir
|
||||||
|
|
||||||
|
if $::openstack_integration::config::ssl {
|
||||||
|
openstack_integration::ssl_key { 'mysql':
|
||||||
|
key_path => "${mysql_conf_dir}/${facts['networking']['fqdn']}.pem",
|
||||||
|
require => Package['mysql-server'],
|
||||||
|
notify => Service['mysqld'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
class { 'mysql::server':
|
class { 'mysql::server':
|
||||||
override_options => {
|
override_options => {
|
||||||
'mysqld' => {
|
'mysqld' => {
|
||||||
'bind-address' => $::openstack_integration::config::host,
|
'bind-address' => $::openstack_integration::config::host,
|
||||||
|
'ssl' => $::openstack_integration::config::ssl,
|
||||||
|
'ssl-ca' => $::openstack_integration::params::ca_bundle_cert_path,
|
||||||
|
'ssl-cert' => $::openstack_integration::params::cert_path,
|
||||||
|
'ssl-key' => "${mysql_conf_dir}/${facts['networking']['fqdn']}.pem",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -234,6 +234,7 @@ class openstack_integration::neutron (
|
|||||||
'password' => 'neutron',
|
'password' => 'neutron',
|
||||||
'database' => 'neutron',
|
'database' => 'neutron',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'neutron::server':
|
class { 'neutron::server':
|
||||||
|
@ -111,6 +111,7 @@ class openstack_integration::nova (
|
|||||||
'password' => 'nova',
|
'password' => 'nova',
|
||||||
'database' => 'nova',
|
'database' => 'nova',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
api_database_connection => os_database_connection({
|
api_database_connection => os_database_connection({
|
||||||
'dialect' => 'mysql+pymysql',
|
'dialect' => 'mysql+pymysql',
|
||||||
@ -119,6 +120,7 @@ class openstack_integration::nova (
|
|||||||
'password' => 'nova',
|
'password' => 'nova',
|
||||||
'database' => 'nova_api',
|
'database' => 'nova_api',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'nova':
|
class { 'nova':
|
||||||
|
@ -40,6 +40,7 @@ class openstack_integration::octavia (
|
|||||||
'password' => 'octavia',
|
'password' => 'octavia',
|
||||||
'database' => 'octavia',
|
'database' => 'octavia',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'octavia':
|
class { 'octavia':
|
||||||
|
@ -7,6 +7,7 @@ class openstack_integration::params {
|
|||||||
$update_ca_certs_cmd = '/usr/bin/update-ca-trust force-enable && /usr/bin/update-ca-trust extract'
|
$update_ca_certs_cmd = '/usr/bin/update-ca-trust force-enable && /usr/bin/update-ca-trust extract'
|
||||||
$mysql_charset = 'utf8'
|
$mysql_charset = 'utf8'
|
||||||
$mysql_collate = 'utf8_general_ci'
|
$mysql_collate = 'utf8_general_ci'
|
||||||
|
$mysql_conf_dir = '/etc/my.cnf.d'
|
||||||
}
|
}
|
||||||
'Debian': {
|
'Debian': {
|
||||||
$ca_bundle_cert_path = '/etc/ssl/certs/puppet_openstack.pem'
|
$ca_bundle_cert_path = '/etc/ssl/certs/puppet_openstack.pem'
|
||||||
@ -14,6 +15,7 @@ class openstack_integration::params {
|
|||||||
$update_ca_certs_cmd = '/usr/sbin/update-ca-certificates -f'
|
$update_ca_certs_cmd = '/usr/sbin/update-ca-certificates -f'
|
||||||
$mysql_charset = 'utf8mb3'
|
$mysql_charset = 'utf8mb3'
|
||||||
$mysql_collate = 'utf8mb3_general_ci'
|
$mysql_collate = 'utf8mb3_general_ci'
|
||||||
|
$mysql_conf_dir = '/etc/mysql'
|
||||||
}
|
}
|
||||||
default: {
|
default: {
|
||||||
fail("Unsupported osfamily: ${facts['os']['family']} operatingsystem")
|
fail("Unsupported osfamily: ${facts['os']['family']} operatingsystem")
|
||||||
|
@ -48,6 +48,7 @@ class openstack_integration::placement {
|
|||||||
'password' => 'placement',
|
'password' => 'placement',
|
||||||
'database' => 'placement',
|
'database' => 'placement',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
include placement::db::sync
|
include placement::db::sync
|
||||||
|
@ -48,6 +48,7 @@ class openstack_integration::sahara (
|
|||||||
'password' => 'sahara',
|
'password' => 'sahara',
|
||||||
'database' => 'sahara',
|
'database' => 'sahara',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'sahara':
|
class { 'sahara':
|
||||||
|
@ -27,6 +27,7 @@ class openstack_integration::trove {
|
|||||||
'password' => 'trove',
|
'password' => 'trove',
|
||||||
'database' => 'trove',
|
'database' => 'trove',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'trove':
|
class { 'trove':
|
||||||
|
@ -31,6 +31,7 @@ class openstack_integration::vitrage {
|
|||||||
'password' => 'vitrage',
|
'password' => 'vitrage',
|
||||||
'database' => 'vitrage',
|
'database' => 'vitrage',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,6 +29,7 @@ class openstack_integration::watcher {
|
|||||||
'password' => 'watcher',
|
'password' => 'watcher',
|
||||||
'database' => 'watcher',
|
'database' => 'watcher',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
class { 'watcher::keystone::auth':
|
class { 'watcher::keystone::auth':
|
||||||
|
@ -38,8 +38,8 @@ class openstack_integration::zaqar {
|
|||||||
'password' => 'zaqar',
|
'password' => 'zaqar',
|
||||||
'database' => 'zaqar',
|
'database' => 'zaqar',
|
||||||
'charset' => 'utf8',
|
'charset' => 'utf8',
|
||||||
|
'extra' => $::openstack_integration::config::db_extra,
|
||||||
}),
|
}),
|
||||||
|
|
||||||
}
|
}
|
||||||
class {'zaqar::messaging::swift':
|
class {'zaqar::messaging::swift':
|
||||||
auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3",
|
auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3",
|
||||||
|
Loading…
Reference in New Issue
Block a user