Merge "Enable TLS configuration for containerized Galera"
This commit is contained in:
commit
6976b8f650
@ -43,6 +43,14 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
|
||||
resources:
|
||||
|
||||
@ -59,6 +67,10 @@ resources:
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Containerized service MySQL using composable services.
|
||||
@ -79,6 +91,13 @@ outputs:
|
||||
- 4567
|
||||
- 4568
|
||||
- 9200
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
|
||||
get_param: InternalTLSCAFile
|
||||
- {}
|
||||
step_config: ""
|
||||
# BEGIN DOCKER SETTINGS #
|
||||
puppet_config:
|
||||
@ -103,6 +122,20 @@ outputs:
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src-tls/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
optional: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /etc/pki/tls/certs/mysql.crt
|
||||
owner: mysql:mysql
|
||||
perm: '0600'
|
||||
optional: true
|
||||
- path: /etc/pki/tls/private/mysql.key
|
||||
owner: mysql:mysql
|
||||
perm: '0600'
|
||||
optional: true
|
||||
docker_config:
|
||||
step_1:
|
||||
mysql_data_ownership:
|
||||
@ -195,6 +228,8 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/mysql
|
||||
state: directory
|
||||
metadata_settings:
|
||||
get_attr: [MysqlPuppetBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: get bootstrap nodeid
|
||||
tags: common
|
||||
|
Loading…
Reference in New Issue
Block a user