Merge "[REFACTOR] Implement X.509 auth for MySQL and Cinder"
diff --git a/README.rst b/README.rst
index 2d599ab..3a081dc 100644
--- a/README.rst
+++ b/README.rst
@@ -767,30 +767,31 @@
 ---------------------
 By default communication between Cinder and Galera is unsecure.
 
-You able to set custom certificates in pillar:
-controller:
-  database:
-    x509:
-      enabled: True
+cinder:
+  volume:
+    database:
+      x509:
+        enabled: True
+  controller:
+    database:
+      x509:
+        enabled: True
 
-volume:
-  database:
-    x509:
-      enabled: True
+You able to set custom certificates in pillar:
 
 cinder:
   controller:
     database:
       x509:
-        cacert (certificate content)
-        cert (certificate content)
-        key (certificate content)
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
   volume:
     database:
       x509:
-        cacert (certificate content)
-        cert (certificate content)
-        key (certificate content)
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
 
 You can read more about it here:
     https://docs.openstack.org/security-guide/databases/database-access-control.html
diff --git a/cinder/_ssl/controller-mysql.sls b/cinder/_ssl/controller_mysql.sls
similarity index 97%
rename from cinder/_ssl/controller-mysql.sls
rename to cinder/_ssl/controller_mysql.sls
index 9a542e8..06dc0cb 100644
--- a/cinder/_ssl/controller-mysql.sls
+++ b/cinder/_ssl/controller_mysql.sls
@@ -2,7 +2,7 @@
 
 cinder_controller_ssl_mysql:
   test.show_notification:
-    - text: "Running cinder._ssl.controller-mysql"
+    - text: "Running cinder._ssl.controller_mysql"
 
 {%- if controller.database.get('x509',{}).get('enabled',False) %}
 
diff --git a/cinder/_ssl/volume-mysql.sls b/cinder/_ssl/volume_mysql.sls
similarity index 97%
rename from cinder/_ssl/volume-mysql.sls
rename to cinder/_ssl/volume_mysql.sls
index 3038217..5bd6e4b 100644
--- a/cinder/_ssl/volume-mysql.sls
+++ b/cinder/_ssl/volume_mysql.sls
@@ -2,7 +2,7 @@
 
 cinder_volume_ssl_mysql:
   test.show_notification:
-    - text: "Running cinder._ssl.volume-mysql"
+    - text: "Running cinder._ssl.volume_mysql"
 
 {%- if volume.database.get('x509',{}).get('enabled',False) %}
 
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 2492a43..8dffd36 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -7,7 +7,7 @@
   - apache
   {%- endif %}
   - cinder.db.offline_sync
-  - cinder._ssl.controller-mysql
+  - cinder._ssl.controller_mysql
 
 {%- set user = controller %}
 {%- include "cinder/user.sls" %}
@@ -20,6 +20,7 @@
   pkg.installed:
   - names: {{ controller.pkgs }}
   - require_in:
+    - sls: cinder._ssl.controller_mysql
     - sls: cinder.db.offline_sync
 
 /etc/cinder/cinder.conf:
@@ -31,7 +32,7 @@
   - group: cinder
   - require:
     - pkg: cinder_controller_packages
-    - sls: cinder._ssl.controller-mysql
+    - sls: cinder._ssl.controller_mysql
   - require_in:
     - sls: cinder.db.offline_sync
 
@@ -43,7 +44,7 @@
   - group: cinder
   - require:
     - pkg: cinder_controller_packages
-    - sls: cinder._ssl.controller-mysql
+    - sls: cinder._ssl.controller_mysql
   - require_in:
     - sls: cinder.db.offline_sync
 
@@ -99,7 +100,7 @@
         _data: {{ controller.logging }}
     - require:
       - pkg: cinder_controller_packages
-      - sls: cinder._ssl.controller-mysql
+      - sls: cinder._ssl.controller_mysql
     - require_in:
       - sls: cinder.db.offline_sync
 {%- if controller.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
@@ -228,7 +229,7 @@
     - pkg: cinder_controller_packages
     - service: cinder_api_service_dead
     - sls: cinder.db.offline_sync
-    - sls: cinder._ssl.controller-mysql
+    - sls: cinder._ssl.controller_mysql
   - watch:
     {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
     - file: rabbitmq_ca_cinder_controller
@@ -250,7 +251,7 @@
   - require:
     - pkg: cinder_controller_packages
     - sls: cinder.db.offline_sync
-    - sls: cinder._ssl.controller-mysql
+    - sls: cinder._ssl.controller_mysql
   - watch:
     {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
     - file: rabbitmq_ca_cinder_controller
@@ -282,7 +283,7 @@
   - require:
     - pkg: cinder_controller_packages
     - sls: cinder.db.offline_sync
-    - sls: cinder._ssl.controller-mysql
+    - sls: cinder._ssl.controller_mysql
   - watch:
     {%- if controller.message_queue.get('ssl',{}).get('enabled', False) %}
     - file: rabbitmq_ca_cinder_controller
diff --git a/cinder/volume.sls b/cinder/volume.sls
index fd94860..b8b26de 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -3,7 +3,7 @@
 {%- if volume.enabled %}
 
 include:
-  - cinder._ssl.volume-mysql
+  - cinder._ssl.volume_mysql
 
 {%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
 {%- set user = volume %}
@@ -13,6 +13,8 @@
 cinder_volume_packages:
   pkg.installed:
   - names: {{ volume.pkgs }}
+  - require_in:
+    - sls: cinder._ssl.volume_mysql
 
 /var/lock/cinder:
   file.directory:
@@ -50,7 +52,7 @@
   - user: root
   - group: cinder
   - require:
-    - sls: cinder._ssl.volume-mysql
+    - sls: cinder._ssl.volume_mysql
     - pkg: cinder_volume_packages
 
 /etc/cinder/api-paste.ini:
@@ -80,7 +82,7 @@
   - onlyif: /bin/false
   {%- endif %}
   - require:
-    - sls: cinder._ssl.volume-mysql
+    - sls: cinder._ssl.volume_mysql
   - watch:
     {%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
     - file: rabbitmq_ca_cinder_volume
@@ -159,7 +161,7 @@
   - onlyif: /bin/false
   {%- endif %}
   - require:
-    - sls: cinder._ssl.volume-mysql
+    - sls: cinder._ssl.volume_mysql
   - watch:
     {%- if volume.message_queue.get('ssl',{}).get('enabled', False) %}
     - file: rabbitmq_ca_cinder_volume