[REFACTOR] Implement X.509 auth for MySQL and Glance Change-Id: I098b27d3cc9e55c26eeef3342708661ff007edef Related-PROD: PROD-22745

commit: 75e3d6889b403556a6e5ed3b81860af4b8e91d1e [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Fri Sep 07 14:07:57 2018 +0300
committer: Oleksandr Shyshko <oshyshko@mirantis.com> Fri Sep 07 14:07:57 2018 +0300
tree: 8bf51968dd89d977e5c87e7bb0742821d5eae7fd
parent: 553deba43b4651a6cb6037e5c347cc31b582a0ea [diff]
diff --git a/README.rst b/README.rst
index e9c2d30..8c0652a 100644
--- a/README.rst
+++ b/README.rst

@@ -423,6 +423,29 @@
           ossyslog:
             enabled: true
 
+Enable x509 and ssl communication between Glance and Galera cluster.
+---------------------
+By default communication between Glance and Galera is unsecure.
+
+glance:
+  server:
+    database:
+      x509:
+        enabled: True
+
+You able to set custom certificates in pillar:
+
+glance:
+  server:
+    database:
+      x509:
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
+
+You can read more about it here:
+    https://docs.openstack.org/security-guide/databases/database-access-control.html
+
 Usage
 =====
 

diff --git a/glance/server.sls b/glance/server.sls
index 214acff..b33e922 100644
--- a/glance/server.sls
+++ b/glance/server.sls

@@ -11,6 +11,7 @@
   - names: {{ server.pkgs }}
   - require_in:
     - sls: glance.db.offline_sync
+    - sls: glance._ssl.mysql
 
 {%- if not salt['user.info']('glance') %}
 glance_user:
commit	75e3d6889b403556a6e5ed3b81860af4b8e91d1e	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Fri Sep 07 14:07:57 2018 +0300
committer	Oleksandr Shyshko <oshyshko@mirantis.com>	Fri Sep 07 14:07:57 2018 +0300
tree	8bf51968dd89d977e5c87e7bb0742821d5eae7fd
parent	553deba43b4651a6cb6037e5c347cc31b582a0ea [diff]