Moving tls flag from percona to db group
Change-Id: I2ff95f7a1cbb14cb1cd9e35677f95c30a4523340
This commit is contained in:
parent
05282a410d
commit
8d6629fe3c
@ -4,6 +4,8 @@ configs:
|
|||||||
db:
|
db:
|
||||||
root_password: "password"
|
root_password: "password"
|
||||||
max_timeout: 60
|
max_timeout: 60
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
percona:
|
percona:
|
||||||
cluster_name: "k8scluster"
|
cluster_name: "k8scluster"
|
||||||
xtrabackup_password: "password"
|
xtrabackup_password: "password"
|
||||||
@ -16,8 +18,6 @@ configs:
|
|||||||
node: null
|
node: null
|
||||||
port:
|
port:
|
||||||
cont: 3306
|
cont: 3306
|
||||||
tls:
|
|
||||||
enabled: true
|
|
||||||
url:
|
url:
|
||||||
percona:
|
percona:
|
||||||
debian:
|
debian:
|
||||||
|
@ -35,9 +35,9 @@ wsrep_provider = /usr/lib/galera3/libgalera_smm.so
|
|||||||
wsrep_cluster_name = {{ percona.cluster_name }}
|
wsrep_cluster_name = {{ percona.cluster_name }}
|
||||||
wsrep_sst_method = xtrabackup-v2
|
wsrep_sst_method = xtrabackup-v2
|
||||||
wsrep_sst_auth = "xtrabackup:{{ percona.xtrabackup_password }}"
|
wsrep_sst_auth = "xtrabackup:{{ percona.xtrabackup_password }}"
|
||||||
wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if percona.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}
|
wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if db.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}
|
||||||
|
|
||||||
{% if percona.tls.enabled %}
|
{% if db.tls.enabled %}
|
||||||
ssl-ca = /opt/ccp/etc/tls/ca.pem
|
ssl-ca = /opt/ccp/etc/tls/ca.pem
|
||||||
ssl-cert = /opt/ccp/etc/tls/server-cert.pem
|
ssl-cert = /opt/ccp/etc/tls/server-cert.pem
|
||||||
ssl-key = /opt/ccp/etc/tls/server-key.pem
|
ssl-key = /opt/ccp/etc/tls/server-key.pem
|
||||||
|
@ -15,7 +15,7 @@ service:
|
|||||||
daemon:
|
daemon:
|
||||||
files:
|
files:
|
||||||
- galera-checker
|
- galera-checker
|
||||||
# {% if percona.tls.enabled %}
|
# {% if db.tls.enabled %}
|
||||||
- ca.pem
|
- ca.pem
|
||||||
- server-key.pem
|
- server-key.pem
|
||||||
- server-cert.pem
|
- server-cert.pem
|
||||||
@ -36,7 +36,7 @@ service:
|
|||||||
files:
|
files:
|
||||||
- haproxy-conf
|
- haproxy-conf
|
||||||
- haproxy_entrypoint
|
- haproxy_entrypoint
|
||||||
# {% if percona.tls.enabled %}
|
# {% if db.tls.enabled %}
|
||||||
- ca.pem
|
- ca.pem
|
||||||
- server-key.pem
|
- server-key.pem
|
||||||
- server-cert.pem
|
- server-cert.pem
|
||||||
@ -79,7 +79,7 @@ service:
|
|||||||
- entrypoint
|
- entrypoint
|
||||||
- mycnf
|
- mycnf
|
||||||
- galera-checker
|
- galera-checker
|
||||||
# {% if percona.tls.enabled %}
|
# {% if db.tls.enabled %}
|
||||||
- ca.pem
|
- ca.pem
|
||||||
- server-key.pem
|
- server-key.pem
|
||||||
- server-cert.pem
|
- server-cert.pem
|
||||||
@ -107,7 +107,7 @@ files:
|
|||||||
path: /opt/ccp/bin/haproxy_entrypoint.py
|
path: /opt/ccp/bin/haproxy_entrypoint.py
|
||||||
content: haproxy_entrypoint.py
|
content: haproxy_entrypoint.py
|
||||||
perm: "0755"
|
perm: "0755"
|
||||||
# {% if percona.tls.enabled %}
|
# {% if db.tls.enabled %}
|
||||||
ca.pem:
|
ca.pem:
|
||||||
path: /opt/ccp/etc/tls/ca.pem
|
path: /opt/ccp/etc/tls/ca.pem
|
||||||
content: ca.pem.j2
|
content: ca.pem.j2
|
||||||
|
Loading…
Reference in New Issue
Block a user