Merge "Allow overriding mysql_bundle::gcomm_cipher"

deployment/database/mysql-pacemaker-puppet.yaml

@@ -104,6 +104,10 @@ parameters:
     hidden: true
     description: When MysqlGaleraSSTMethod is set to mariabackup, the password
                  of the database user that executes the SST.
+  MysqlGaleraSSLCipher:
+    type: string
+    default: 'AES128-SHA256'
+    description: Symmetric cipher to use.
 
 resources:
   ContainersCommon:
@@ -185,6 +189,7 @@ outputs:
             # starting from pcs-0.10.14-6 enforces validations but this doesn't work when running
             # outside the respective containers. we need to use --force to overcome this.
             tripleo::profile::pacemaker::database::mysql_bundle::force_ocf: true
+            tripleo::profile::pacemaker::database::mysql_bundle::gcomm_cipher: {get_param: MysqlGaleraSSLCipher}
       # BEGIN DOCKER SETTINGS #
       puppet_config:
         config_volume: mysql

releasenotes/notes/mysql_bundle_gcomm_cipher-df7655775d20f4d1.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add support for overriding the default cipher used by galera.
+    This is useful for cases like FIPS where the default 'AES128-SHA256' is
+    not allowed.