Browse Source

Merge "Add DB SSL support"

Jenkins 2 years ago
parent
commit
ab49111358
2 changed files with 5 additions and 2 deletions
  1. 1
    1
      service/files/heat.conf.j2
  2. 4
    1
      service/heat-api.yaml

+ 1
- 1
service/files/heat.conf.j2 View File

@@ -16,7 +16,7 @@ reauthentication_auth_method = trusts
16 16
 endpoint_type = internalURL
17 17
 
18 18
 [database]
19
-connection = mysql+pymysql://{{ heat.db.username }}:{{ heat.db.password }}@{{ address(service.database) }}/{{ heat.db.name }}
19
+connection = mysql+pymysql://{{ heat.db.username }}:{{ heat.db.password }}@{{ address(service.database) }}/{{ heat.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
20 20
 
21 21
 [keystone_authtoken]
22 22
 auth_version = v3

+ 4
- 1
service/heat-api.yaml View File

@@ -13,7 +13,10 @@ service:
13 13
           type: single
14 14
           command:
15 15
             mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ heat.db.name }};
16
-            grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}';"
16
+            create user '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
17
+            {% if percona.tls.enabled %} require ssl {% endif %};
18
+            grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
19
+            {% if percona.tls.enabled %} require ssl {% endif %};"
17 20
         - name: heat-db-sync
18 21
           files:
19 22
             - heat-conf

Loading…
Cancel
Save