From 27d01257d4fbbd94cd26fa4942d584e59aab277d Mon Sep 17 00:00:00 2001 From: Andrey Pavlov Date: Mon, 20 Feb 2017 14:17:05 +0000 Subject: [PATCH] Moving tls flag from percona to db group Change-Id: I340cc97226f706810f0be762b7af8b7b1a5b1632 Depends-On: I2ff95f7a1cbb14cb1cd9e35677f95c30a4523340 --- service/files/backup.sh.j2 | 2 +- service/files/glance-api.conf.j2 | 2 +- service/files/glance-registry.conf.j2 | 2 +- service/glance-api.yaml | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/service/files/backup.sh.j2 b/service/files/backup.sh.j2 index af75d1f..1f57758 100644 --- a/service/files/backup.sh.j2 +++ b/service/files/backup.sh.j2 @@ -1,6 +1,6 @@ #!/bin/bash -ex set -o pipefail BACKUP_FILE="/var/ccp/backup/glance/backup-$(date "+%Y%m%d%H%M%S").sql" -mysqldump {% if percona.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address(service.database) }} \ +mysqldump {% if db.tls.enabled %} --ssl-mode REQUIRED {% endif %} -h {{ address(service.database) }} \ -u {{ glance.db.username }} -p{{ glance.db.password }} \ --single-transaction {{ glance.db.name }} > "${BACKUP_FILE}" diff --git a/service/files/glance-api.conf.j2 b/service/files/glance-api.conf.j2 index 46ea986..f5ecd28 100644 --- a/service/files/glance-api.conf.j2 +++ b/service/files/glance-api.conf.j2 @@ -16,7 +16,7 @@ show_image_direct_url = true show_multiple_locations = true [database] -connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %} +connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}{% if db.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %} max_retries = -1 {{ keystone_authtoken.keystone_authtoken(glance.user, glance.password) }} diff --git a/service/files/glance-registry.conf.j2 b/service/files/glance-registry.conf.j2 index 39922d3..92104cd 100644 --- a/service/files/glance-registry.conf.j2 +++ b/service/files/glance-registry.conf.j2 @@ -9,7 +9,7 @@ bind_host = {{ network_topology["private"]["address"] }} bind_port = {{ glance.registry_port.cont }} [database] -connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %} +connection = mysql+pymysql://{{ glance.db.username }}:{{ glance.db.password }}@{{ address(service.database) }}/{{ glance.db.name }}{% if db.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %} max_retries = -1 {{ keystone_authtoken.keystone_authtoken(glance.user, glance.password) }} diff --git a/service/glance-api.yaml b/service/glance-api.yaml index c7d24b0..adf6a39 100644 --- a/service/glance-api.yaml +++ b/service/glance-api.yaml @@ -18,9 +18,9 @@ service: command: mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ glance.db.name }}; create user '{{ glance.db.username }}'@'%' identified by '{{ glance.db.password }}' - {% if percona.tls.enabled %} require ssl {% endif %}; + {% if db.tls.enabled %} require ssl {% endif %}; grant all privileges on {{ glance.db.name }}.* to '{{ glance.db.username }}'@'%' identified by '{{ glance.db.password }}' - {% if percona.tls.enabled %} require ssl {% endif %};" + {% if db.tls.enabled %} require ssl {% endif %};" - name: glance-db-sync files: - glance-api @@ -69,6 +69,8 @@ service: - glance-swift-conf # {% endif %} command: glance-api + dependencies: + - memcached # {% if glance.bootstrap.enable %} post: - name: glance-cirros-image-upload