[REFACTOR] Implement X.509 auth for MySQL and Heat Change-Id: I8bde2d8cbfba400c18b042282842a8053624aa38 Related-PROD: PROD-22736

commit: 17b3e8e8cce1d8e602e1c6ca82d0a88390a6838e [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Fri Sep 07 13:55:28 2018 +0300
committer: Oleksandr Shyshko <oshyshko@mirantis.com> Fri Sep 07 13:55:28 2018 +0300
tree: c2372b7a8a7a563b7f86fcfa705314b204ffff5a
parent: 188c5074604f6fbf94df8c5f28604996ccd576c1 [diff]
diff --git a/README.rst b/README.rst
index 8ad30f3..6af9401 100644
--- a/README.rst
+++ b/README.rst

@@ -253,19 +253,21 @@
 ---------------------
 By default communication between Heat and Galera is unsecure.
 
+heat:
+  server:
+    database:
+      x509:
+        enabled: True
+
 You able to set custom certificates in pillar:
-server:
-  database:
-    x509:
-      enabled: True
 
 heat:
   server:
     database:
       x509:
-        cacert (certificate content)
-        cert (certificate content)
-        key (certificate content)
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
 
 You can read more about it here:
     https://docs.openstack.org/security-guide/databases/database-access-control.html

diff --git a/heat/server.sls b/heat/server.sls
index d169e9f..3323fe0 100644
--- a/heat/server.sls
+++ b/heat/server.sls

@@ -10,6 +10,7 @@
   pkg.installed:
   - names: {{ server.pkgs }}
   - require_in:
+    - sls: heat._ssl.mysql
     - sls: heat.db.offline_sync
 
 /etc/heat/heat.conf:
commit	17b3e8e8cce1d8e602e1c6ca82d0a88390a6838e	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Fri Sep 07 13:55:28 2018 +0300
committer	Oleksandr Shyshko <oshyshko@mirantis.com>	Fri Sep 07 13:55:28 2018 +0300
tree	c2372b7a8a7a563b7f86fcfa705314b204ffff5a
parent	188c5074604f6fbf94df8c5f28604996ccd576c1 [diff]