Code Review / apex-puppet-tripleo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 0aad414)
Force MySQL users to use SSL if internal TLS is enabled
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 27 Jan 2017 15:42:18 +0000 (17:42 +0200)
committerJuan Antonio Osorio Robles <jaosorior@redhat.com>
Mon, 26 Jun 2017 11:27:21 +0000 (11:27 +0000)
This forces the MySQL users to use SSL when connecting to MySQL.

bp tls-via-certmonger

Depends-On: I24e4c195a31109835739e78a6b53d36f661f9fd0
Change-Id: I98856955132b680a159144204da1d5b400fe9794

manifests/profile/base/database/mysql.pp patch | blob | history

diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp
index 8eb6079..ef5f05d 100644 (file)
--- a/manifests/profile/base/database/mysql.pp
+++ b/manifests/profile/base/database/mysql.pp
@@ -95,6 +95,9 @@ class tripleo::profile::base::database::mysql (
   if $enable_internal_tls {
     $tls_certfile = $certificate_specs['service_certificate']
     $tls_keyfile = $certificate_specs['service_key']
+
+    # Force users/grants created to use TLS connections
+    Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] }
   } else {
     $tls_certfile = undef
     $tls_keyfile = undef