Merge "MySQL: Use conditional instead of nested stack for TLS-specific bits"
This commit is contained in:
commit
3cce9cfa07
@ -12,7 +12,6 @@ resource_registry:
|
||||
OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
|
||||
|
||||
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
|
||||
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
|
||||
|
||||
# We use apache as a TLS proxy
|
||||
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
|
||||
|
@ -143,7 +143,6 @@ resource_registry:
|
||||
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
|
||||
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
|
||||
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
|
||||
OS::TripleO::Services::MySQLTLS: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronBgpvpnApi: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
|
||||
|
@ -1,47 +0,0 @@
|
||||
heat_template_version: ocata
|
||||
|
||||
description: >
|
||||
MySQL configurations for using TLS via certmonger.
|
||||
|
||||
parameters:
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
# The following parameters are not needed by the template but are
|
||||
# required to pass the pep8 tests
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: MySQL configurations for using TLS via certmonger.
|
||||
value:
|
||||
service_name: mysql_internal_tls_certmonger
|
||||
config_settings:
|
||||
generate_service_certificates: true
|
||||
tripleo::profile::base::database::mysql::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/mysql.crt'
|
||||
service_key: '/etc/pki/tls/private/mysql.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "mysql/%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
metadata_settings:
|
||||
- service: mysql
|
||||
network: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
type: vip
|
@ -42,13 +42,13 @@ parameters:
|
||||
description: The password for the nova db account
|
||||
type: string
|
||||
hidden: true
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
resources:
|
||||
conditions:
|
||||
|
||||
MySQLTLS:
|
||||
type: OS::TripleO::Services::MySQLTLS
|
||||
properties:
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -57,7 +57,6 @@ outputs:
|
||||
service_name: mysql
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [MySQLTLS, role_data, config_settings]
|
||||
-
|
||||
# The Galera package should work in cluster and
|
||||
# non-cluster modes based on the config file.
|
||||
@ -102,10 +101,30 @@ outputs:
|
||||
{get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
tripleo::profile::base::database::mysql::generate_dropin_file_limit:
|
||||
{get_param: MysqlIncreaseFileLimit}
|
||||
- generate_service_certificates: true
|
||||
tripleo::profile::base::database::mysql::certificate_specs:
|
||||
service_certificate: '/etc/pki/tls/certs/mysql.crt'
|
||||
service_key: '/etc/pki/tls/private/mysql.key'
|
||||
hostname:
|
||||
str_replace:
|
||||
template: "%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
principal:
|
||||
str_replace:
|
||||
template: "mysql/%{hiera('cloud_name_NETWORK')}"
|
||||
params:
|
||||
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::database::mysql
|
||||
metadata_settings:
|
||||
get_attr: [MySQLTLS, role_data, metadata_settings]
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- service: mysql
|
||||
network: {get_param: [ServiceNetMap, MysqlNetwork]}
|
||||
type: vip
|
||||
- null
|
||||
upgrade_tasks:
|
||||
- name: Check for galera root password
|
||||
tags: step0
|
||||
|
Loading…
Reference in New Issue
Block a user