ae739fe4c3
The hiera function is deprecated and does not work with the latest hieradata version 5. It should be replaced by the new lookup function[1]. [1] https://puppet.com/docs/puppet/7/hiera_automatic.html With the lookup function, we can define value type and merge behavior, but these are kept default at this moment to limit scope of this change to just simple replacement. Adding value type might be useful to make sure the value is in expected type (especially when a boolean value is expected), but we will revisit that later. example: lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>]) Change-Id: I4d765dfb7d569942e37d2bbc1d3a382fb9b7a904
50 lines
1.8 KiB
Puppet
50 lines
1.8 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: include_and_check_auth
|
|
#
|
|
# Include an OpenStack MySQL profile and configures it for alternative
|
|
# client authentication like e.g. ed25519
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*module*]
|
|
# (Optional) The puppet module to include
|
|
# Defaults to $title
|
|
#
|
|
# [*mysql_auth_ed25519*]
|
|
# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate
|
|
# a user when connecting to the server
|
|
# Defaults to lookup('mysql_auth_ed25519', undef, undef, false)
|
|
#
|
|
define tripleo::profile::base::database::mysql::include_and_check_auth(
|
|
$module = $title,
|
|
$mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false),
|
|
) {
|
|
include $module
|
|
if ($mysql_auth_ed25519) {
|
|
# currently all openstack puppet modules create MySQL users
|
|
# by hashing their password for the default auth method.
|
|
# If ed25519 auth is enabled, we must hash the password
|
|
# differently; so do it with a collector until all
|
|
# openstack modules support ed25519 auth natively.
|
|
$stripped_module_name = regsubst($module,'^::','')
|
|
$password_key = "${stripped_module_name}::password"
|
|
Openstacklib::Db::Mysql<| tag == $stripped_module_name |> {
|
|
plugin => 'ed25519',
|
|
password_hash => mysql_ed25519_password(lookup($password_key))
|
|
}
|
|
}
|
|
}
|