Add SSL encryption to galera
Change-Id: I9e6d9ee439cab734eba02320d58ccfcd73e23106
This commit is contained in:
parent
100c479844
commit
fe6986e57e
1
service/files/ca.pem.j2
Normal file
1
service/files/ca.pem.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ security.tls.ca_cert }}
|
@ -15,6 +15,8 @@ configs:
|
||||
node: null
|
||||
port:
|
||||
cont: 3306
|
||||
tls:
|
||||
enabled: false
|
||||
url:
|
||||
percona:
|
||||
debian:
|
||||
|
@ -31,4 +31,16 @@ wsrep_provider = /usr/lib/galera3/libgalera_smm.so
|
||||
wsrep_cluster_name = {{ percona.cluster_name }}
|
||||
wsrep_sst_method = xtrabackup-v2
|
||||
wsrep_sst_auth = "xtrabackup:{{ percona.xtrabackup_password }}"
|
||||
wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes"
|
||||
wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if percona.tls.enabled and security.tls.enabled %},socket.ssl=yes;socket.ssl_key=/etc/mysql/certs/server-key.pem;socket.ssl_cert=/etc/mysql/certs/server-cert.pem;socket.ssl_ca=/etc/mysql/certs/ca.pem"{% endif %}
|
||||
|
||||
{% if percona.tls.enabled and security.tls.enabled %}
|
||||
ssl-ca = /etc/mysql/certs/ca.pem
|
||||
ssl-cert = /etc/mysql/certs/server-cert.pem
|
||||
ssl-key = /etc/mysql/certs/server-key.pem
|
||||
|
||||
[sst]
|
||||
encrypt = 4
|
||||
ssl-ca = /etc/mysql/certs/ca.pem
|
||||
ssl-cert = /etc/mysql/certs/server-cert.pem
|
||||
ssl-key = /etc/mysql/certs/server-key.pem
|
||||
{% endif %}
|
||||
|
1
service/files/server-cert.pem.j2
Normal file
1
service/files/server-cert.pem.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ security.tls.server_cert }}
|
1
service/files/server-key.pem.j2
Normal file
1
service/files/server-key.pem.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ security.tls.server_key }}
|
@ -63,6 +63,11 @@ service:
|
||||
- entrypoint
|
||||
- mycnf
|
||||
- galera-checker
|
||||
# {% if percona.tls.enabled %}
|
||||
- ca.pem
|
||||
- server-key.pem
|
||||
- server-cert.pem
|
||||
# {% endif %}
|
||||
dependencies:
|
||||
- etcd
|
||||
command: /opt/ccp/bin/entrypoint.py
|
||||
@ -86,3 +91,17 @@ files:
|
||||
path: /opt/ccp/bin/haproxy_entrypoint.py
|
||||
content: haproxy_entrypoint.py
|
||||
perm: "0755"
|
||||
# {% if percona.tls.enabled %}
|
||||
ca.pem:
|
||||
path: /etc/mysql/certs/ca.pem
|
||||
content: ca.pem.j2
|
||||
perm: "0400"
|
||||
server-key.pem:
|
||||
path: /etc/mysql/certs/server-key.pem
|
||||
content: server-key.pem.j2
|
||||
perm: "0400"
|
||||
server-cert.pem:
|
||||
path: /etc/mysql/certs/server-cert.pem
|
||||
content: server-cert.pem.j2
|
||||
perm: "0400"
|
||||
# {% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user