We do not need client certificate to work with etcd SSL
Change-Id: I0411618dbe241313d5b7ff239c594dc57dc46884
This commit is contained in:
parent
702b56a486
commit
3bb9d71a95
|
@ -32,10 +32,7 @@ SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
|
||||||
PID_FILE = os.path.join(DATADIR, "mysqld.pid")
|
PID_FILE = os.path.join(DATADIR, "mysqld.pid")
|
||||||
HOSTNAME = socket.getfqdn()
|
HOSTNAME = socket.getfqdn()
|
||||||
IPADDR = socket.gethostbyname(HOSTNAME)
|
IPADDR = socket.gethostbyname(HOSTNAME)
|
||||||
|
|
||||||
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
||||||
SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
|
|
||||||
SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'
|
|
||||||
|
|
||||||
MONITOR_PASSWORD = None
|
MONITOR_PASSWORD = None
|
||||||
CLUSTER_NAME = None
|
CLUSTER_NAME = None
|
||||||
|
@ -71,18 +68,15 @@ def get_etcd_client():
|
||||||
|
|
||||||
if ETCD_TLS:
|
if ETCD_TLS:
|
||||||
protocol = 'https'
|
protocol = 'https'
|
||||||
cert = (SERVER_CERT, SERVER_KEY)
|
|
||||||
ca_cert = CA_CERT
|
ca_cert = CA_CERT
|
||||||
else:
|
else:
|
||||||
protocol = 'http'
|
protocol = 'http'
|
||||||
cert = None
|
|
||||||
ca_cert = None
|
ca_cert = None
|
||||||
|
|
||||||
return etcd.Client(host=ETCD_HOST,
|
return etcd.Client(host=ETCD_HOST,
|
||||||
port=ETCD_PORT,
|
port=ETCD_PORT,
|
||||||
allow_reconnect=True,
|
allow_reconnect=True,
|
||||||
protocol=protocol,
|
protocol=protocol,
|
||||||
cert=cert,
|
|
||||||
ca_cert=ca_cert,
|
ca_cert=ca_cert,
|
||||||
read_timeout=2)
|
read_timeout=2)
|
||||||
|
|
||||||
|
|
|
@ -17,10 +17,7 @@ IPADDR = socket.gethostbyname(HOSTNAME)
|
||||||
BACKEND_NAME = "galera-cluster"
|
BACKEND_NAME = "galera-cluster"
|
||||||
SERVER_NAME = "primary"
|
SERVER_NAME = "primary"
|
||||||
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
|
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
|
||||||
|
|
||||||
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
||||||
SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
|
|
||||||
SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'
|
|
||||||
|
|
||||||
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
|
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
|
||||||
LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
|
LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
|
||||||
|
@ -88,18 +85,15 @@ def get_etcd_client():
|
||||||
|
|
||||||
if ETCD_TLS:
|
if ETCD_TLS:
|
||||||
protocol = 'https'
|
protocol = 'https'
|
||||||
cert = (SERVER_CERT, SERVER_KEY)
|
|
||||||
ca_cert = CA_CERT
|
ca_cert = CA_CERT
|
||||||
else:
|
else:
|
||||||
protocol = 'http'
|
protocol = 'http'
|
||||||
cert = None
|
|
||||||
ca_cert = None
|
ca_cert = None
|
||||||
|
|
||||||
return etcd.Client(host=ETCD_HOST,
|
return etcd.Client(host=ETCD_HOST,
|
||||||
port=ETCD_PORT,
|
port=ETCD_PORT,
|
||||||
allow_reconnect=True,
|
allow_reconnect=True,
|
||||||
protocol=protocol,
|
protocol=protocol,
|
||||||
cert=cert,
|
|
||||||
ca_cert=ca_cert,
|
ca_cert=ca_cert,
|
||||||
read_timeout=2)
|
read_timeout=2)
|
||||||
|
|
||||||
|
|
|
@ -26,10 +26,7 @@ GRASTATE_FILE = os.path.join(DATADIR, 'grastate.dat')
|
||||||
SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
|
SST_FLAG = os.path.join(DATADIR, "sst_in_progress")
|
||||||
DHPARAM = os.path.join(DATADIR, "dhparams.pem")
|
DHPARAM = os.path.join(DATADIR, "dhparams.pem")
|
||||||
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
|
GLOBALS_PATH = '/etc/ccp/globals/globals.json'
|
||||||
|
|
||||||
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
CA_CERT = '/opt/ccp/etc/tls/ca.pem'
|
||||||
SERVER_CERT = '/opt/ccp/etc/tls/server-cert.pem'
|
|
||||||
SERVER_KEY = '/opt/ccp/etc/tls/server-key.pem'
|
|
||||||
|
|
||||||
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
|
LOG_DATEFMT = "%Y-%m-%d %H:%M:%S"
|
||||||
LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
|
LOG_FORMAT = "%(asctime)s.%(msecs)03d - %(levelname)s - %(message)s"
|
||||||
|
@ -130,18 +127,15 @@ def get_etcd_client():
|
||||||
|
|
||||||
if ETCD_TLS:
|
if ETCD_TLS:
|
||||||
protocol = 'https'
|
protocol = 'https'
|
||||||
cert = (SERVER_CERT, SERVER_KEY)
|
|
||||||
ca_cert = CA_CERT
|
ca_cert = CA_CERT
|
||||||
else:
|
else:
|
||||||
protocol = 'http'
|
protocol = 'http'
|
||||||
cert = None
|
|
||||||
ca_cert = None
|
ca_cert = None
|
||||||
|
|
||||||
return etcd.Client(host=ETCD_HOST,
|
return etcd.Client(host=ETCD_HOST,
|
||||||
port=ETCD_PORT,
|
port=ETCD_PORT,
|
||||||
allow_reconnect=True,
|
allow_reconnect=True,
|
||||||
protocol=protocol,
|
protocol=protocol,
|
||||||
cert=cert,
|
|
||||||
ca_cert=ca_cert,
|
ca_cert=ca_cert,
|
||||||
read_timeout=2)
|
read_timeout=2)
|
||||||
|
|
||||||
|
@ -746,7 +740,8 @@ def main(ttl):
|
||||||
LOG.info("Recovery is done. Node is ready.")
|
LOG.info("Recovery is done. Node is ready.")
|
||||||
|
|
||||||
wait_for_mysqld(mysqld)
|
wait_for_mysqld(mysqld)
|
||||||
except Exception:
|
except Exception as err:
|
||||||
|
LOG.exception(err)
|
||||||
raise
|
raise
|
||||||
finally:
|
finally:
|
||||||
etcd_deregister_in_path(etcd_client, 'queue')
|
etcd_deregister_in_path(etcd_client, 'queue')
|
||||||
|
|
Loading…
Reference in New Issue