commit 176ac2e8a47350ebe97bb10f5e61d29edfeb3b7e
author Martin Polreich <mpolreich@mirantis.com> Thu Oct 25 09:01:51 2018 +0000
committer Gerrit Code Review <mail@domain.com> Thu Oct 25 09:01:51 2018 +0000
tree f55e56068653de37edfe9390dc6dce78dd6e47bf
parent f2c0e9fc8ba9aca1339efebdff9941a039613163
parent 6a33c4221516da20a18fe149dab36b5122cc65e2

Merge "Add fluentd configuration for MySQL error.log"

.travis.yml

diff --git a/.travis.yml b/.travis.yml
index 61dbf39..740f827 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,7 +12,8 @@
     gem 'test-kitchen'
     gem 'kitchen-docker'
     gem 'kitchen-inspec'
-    gem 'inspec'
+    gem 'inspec', '<3.0.0'
+    #Version was frozen, because of issues in the version of inspec >3.0.0 -- see https://mirantis.jira.com/browse/PROD-24324 for more info
     gem 'kitchen-salt', :git => 'https://github.com/salt-formulas/kitchen-salt.git'
   - bundle install
 

README.rst

diff --git a/README.rst b/README.rst
index b6be8e5..6221894 100644
--- a/README.rst
+++ b/README.rst
@@ -70,7 +70,19 @@
        slave or master:
          ssl:
           enabled: True
-
+          ciphers:
+            DHE-RSA-AES128-SHA:
+              enabled: True
+            DHE-RSA-AES256-SHA:
+              enabled: True
+            EDH-RSA-DES-CBC3-SHA:
+              name: EDH-RSA-DES-CBC3-SHA
+              enabled: True
+            AES128-SHA:AES256-SHA:
+              name: AES128-SHA:AES256-SHA
+              enabled: True
+            DES-CBC3-SHA:
+              enabled: True
           # path
           cert_file: /etc/mysql/ssl/cert.pem
           key_file: /etc/mysql/ssl/key.pem

galera/files/my.cnf

diff --git a/galera/files/my.cnf b/galera/files/my.cnf
index ede65c1..16af533 100644
--- a/galera/files/my.cnf
+++ b/galera/files/my.cnf
@@ -61,7 +61,11 @@
 innodb_doublewrite=0
 innodb_autoinc_lock_mode=2
 innodb_locks_unsafe_for_binlog=1
+{%- if service.members|length > 1 %}
 wsrep_cluster_address="gcomm://{% for member in service.members %}{{ member.host}}:4567{% if not loop.last %},{% endif %}{% endfor %}/?pc.wait_prim=no"
+{%- else %}
+wsrep_cluster_address="gcomm://"
+{%- endif %}
 wsrep_provider={{ service.wsrep_provider }}
 wsrep_cluster_name="openstack"
 
@@ -74,6 +78,19 @@
 
 {% if service.get('ssl', {}).get('enabled', False) %}
 wsrep_provider_options="socket.ssl=yes;socket.ssl_key={{ service.ssl.key_file }};socket.ssl_cert={{ service.ssl.cert_file }};socket.ssl_ca={{ service.ssl.ca_file }}"
+{%- if service.ssl.ciphers is defined %}
+{%- set _ciphers = [] %}
+{%- for cipher_name, cipher in service.ssl.get('ciphers', {}).iteritems() %}
+{%- if cipher.get('enabled', False) %}
+{%- if cipher.name is defined %}
+{%- do _ciphers.append(cipher.name) %}
+{%- else %}
+{%- do _ciphers.append(cipher_name) %}
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+ssl_cipher={{ ':'.join(_ciphers) }}
+{%- endif %}
 ssl-ca={{ service.ssl.ca_file }}
 ssl-cert={{ service.ssl.cert_file }}
 ssl-key={{ service.ssl.key_file }}

tests/pillar/master_cluster.sls

diff --git a/tests/pillar/master_cluster.sls b/tests/pillar/master_cluster.sls
index 0dc88c9..66bd3ef 100644
--- a/tests/pillar/master_cluster.sls
+++ b/tests/pillar/master_cluster.sls
@@ -159,6 +159,19 @@
       key_file: /etc/mysql/ssl/key.pem
       cert_file: /etc/mysql/ssl/cert.pem
       ca_file: /etc/mysql/ssl/ca.pem
+      ciphers:
+        DHE-RSA-AES128-SHA:
+          enabled: True
+        DHE-RSA-AES256-SHA:
+          name: DHE-RSA-AES256-SHA
+          enabled: True
+        EDH-RSA-DES-CBC3-SHA:
+          name: EDH-RSA-DES-CBC3-SHA
+          enabled: True
+        AES128-SHA:AES256-SHA:
+          enabled: True
+        DES-CBC3-SHA:
+          enabled: True
   clustercheck:
     enabled: True
     user: clustercheck