Add DB SSL support

Change-Id: I07839931798ef91f0bc5d08805347a9de5bb90f1 Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106
2017-02-09 11:25:08 +00:00 · 2017-02-09 11:25:08 +00:00 · 09edd3ef39
parent e35d1ae32c
commit 09edd3ef39
2 changed files with 5 additions and 2 deletions
--- a/service/files/glance-api.conf.j2
+++ b/service/files/glance-api.conf.j2
@ -16,7 +16,7 @@ show_image_direct_url = true
 show_multiple_locations = true

 [database]
-connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}
+connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}{% if percona.tls.enabled and security.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
 max_retries = -1

 [keystone_authtoken]
--- a/service/glance-api.yaml
+++ b/service/glance-api.yaml
@ -17,7 +17,10 @@ service:
          type: single
          command:
            mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ glance.db.name }};
-            grant all privileges on {{ glance.db.name }}.* to '{{ glance.db.username }}'@'%' identified by '{{ glance.db.password }}';"
+            create user '{{ glance.db.username }}'@'%' identified by '{{ glance.db.password }}'
+            {% if percona.tls.enabled and security.tls.enabled %} require ssl {% endif %};
+            grant all privileges on {{ glance.db.name }}.* to '{{ glance.db.username }}'@'%' identified by '{{ glance.db.password }}'
+            {% if percona.tls.enabled and security.tls.enabled %} require ssl {% endif %};"
        - name: glance-db-sync
          files:
            - glance-api