Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 97ef5a5)
mysql: Only set certificate specs if TLS everywhere is enabled
authorJuan Antonio Osorio Robles <jaosorior@redhat.com>
Wed, 1 Nov 2017 16:12:57 +0000 (18:12 +0200)
committerEmilien Macchi <emilien@redhat.com>
Sat, 4 Nov 2017 05:23:07 +0000 (05:23 +0000)
The conditional was missing.

Change-Id: Ie2617dd9dba1c49f37e82448b6bf229d127ed46a
Closes-Bug: #1729384
(cherry picked from commit 410e062aa0d91b99c4493fac6940499cc02e4288)

puppet/services/database/mysql.yaml patch | blob | history

diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index abbe7a2..02c51fe 100644 (file)
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -113,30 +113,34 @@ outputs:
               {get_param: [ServiceNetMap, MysqlNetwork]}
             tripleo::profile::base::database::mysql::generate_dropin_file_limit:
               {get_param: MysqlIncreaseFileLimit}
-          - generate_service_certificates: true
-            tripleo::profile::base::database::mysql::certificate_specs:
-              service_certificate: '/etc/pki/tls/certs/mysql.crt'
-              service_key: '/etc/pki/tls/private/mysql.key'
-              hostname:
-                str_replace:
-                  template: "%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              dnsnames:
-                - str_replace:
+          - if:
+            - internal_tls_enabled
+            -
+              generate_service_certificates: true
+              tripleo::profile::base::database::mysql::certificate_specs:
+                service_certificate: '/etc/pki/tls/certs/mysql.crt'
+                service_key: '/etc/pki/tls/private/mysql.key'
+                hostname:
+                  str_replace:
                     template: "%{hiera('cloud_name_NETWORK')}"
                     params:
                       NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-                - str_replace:
-                    template:
-                      "%{hiera('fqdn_$NETWORK')}"
+                dnsnames:
+                  - str_replace:
+                      template: "%{hiera('cloud_name_NETWORK')}"
+                      params:
+                        NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                  - str_replace:
+                      template:
+                        "%{hiera('fqdn_$NETWORK')}"
+                      params:
+                        $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                principal:
+                  str_replace:
+                    template: "mysql/%{hiera('cloud_name_NETWORK')}"
                     params:
-                      $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
-              principal:
-                str_replace:
-                  template: "mysql/%{hiera('cloud_name_NETWORK')}"
-                  params:
-                    NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+                      NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+            - {}
       step_config: |
         include ::tripleo::profile::base::database::mysql
       metadata_settings: