heat_template_version: ocata

description: >
  MySQL configurations for using TLS via certmonger.

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  # The following parameters are not needed by the template but are
  # required to pass the pep8 tests
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json

outputs:
  role_data:
    description: MySQL configurations for using TLS via certmonger.
    value:
      service_name: mysql_internal_tls_certmonger
      config_settings:
        generate_service_certificates: true
        tripleo::profile::base::database::mysql::certificate_specs:
          service_certificate: '/etc/pki/tls/certs/mysql.crt'
          service_key: '/etc/pki/tls/private/mysql.key'
          hostname:
            str_replace:
              template: "%{hiera('cloud_name_NETWORK')}"
              params:
                NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
          principal:
            str_replace:
              template: "mysql/%{hiera('cloud_name_NETWORK')}"
              params:
                NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
      metadata_settings:
        - service: mysql
          network: {get_param: [ServiceNetMap, MysqlNetwork]}
          type: vip