Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / galera / 585ed4bb5165c5f00db717109ee9aba2d52fa049^! / . / metadata / service / ssl / master.yml
commit585ed4bb5165c5f00db717109ee9aba2d52fa049[log] [tgz]
authorDzmitry Stremkouski <dstremkouski@mirantis.com>Sun Apr 22 11:23:54 2018 +0200
committerDzmitry Stremkouski <dstremkouski@mirantis.com>Mon Apr 23 17:20:58 2018 +0200
tree3e6dc7bffac17ac1c1d075fd27fa60ed752c5848
parentbafff1b94d5b17f4cbdc362b3faef42024ba8b54 [diff] [blame]
Splitting slave/master roles for ssl

Issue:

  1) Multiple pipelines failure due to ssl class include:
  Once service.galera.ssl class being included,

    galera:
      master:

  pillar appears on slave nodes, which results to deploy failures.

  2) Test pillars lacks of ssl hashes

Fix:

  1) Split class into two separate classes.
  Now it is possible to include them separately in infra/conf.yml:

  openstack_database_node01:
    params:
      linux_system_codename: xenial
    classes:
    - cluster.${_param:cluster_name}.openstack.database_init
    - cluster.${_param:cluster_name}.openstack.database.ssl.master
  openstack_database_node02:
    params:
      linux_system_codename: xenial
    classes:
    - cluster.${_param:cluster_name}.openstack.database.ssl.slave

  Further usage of service.galera.ssl class should be deprecated.

  2) Adding ssl hashes to test pillars

Change-Id: I2df8b3c0da018e53cf7e97e24d3b1b9b49d3f75e

diff --git a/metadata/service/ssl/master.yml b/metadata/service/ssl/master.yml
new file mode 100644
index 0000000..178403f
--- /dev/null
+++ b/metadata/service/ssl/master.yml

@@ -0,0 +1,12 @@
+parameters:
+  _param:
+    mysql_ssl_key_file: /etc/mysql/ssl/key.pem
+    mysql_ssl_cert_file: /etc/mysql/ssl/cert.pem
+    mysql_ssl_ca_file: /etc/mysql/ssl/ca.pem
+  galera:
+    master:
+      ssl:
+        enabled: True
+        key_file: ${_param:mysql_ssl_key_file}
+        cert_file: ${_param:mysql_ssl_cert_file}
+        ca_file: ${_param:mysql_ssl_ca_file}