Implement X.509 auth for MySQL and Ironic Related-PROD: PROD-22747 Change-Id: I5fc208d97c09bace1543c88614d8141af70bc02f

commit: 258bf7c2c403621b17151ab84dc9a551e3dc4f98 [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Thu Sep 13 14:23:29 2018 +0300
committer: Oleksandr Shyshko <oshyshko@mirantis.com> Mon Sep 17 12:31:25 2018 +0300
tree: 288ff17cd122323164554ec92b03e65859bdc627
parent: 1a33d962bc34907b316cde3c84ad4ffb9fef8957 [diff] [blame]
diff --git a/README.rst b/README.rst
index 1beb5ac..0efe785 100644
--- a/README.rst
+++ b/README.rst

@@ -103,3 +103,37 @@
         user: openstack
         password: password
         virtual_host: '/openstack'
+
+Enable x509 and ssl communication between Ironic and Galera cluster.
+---------------------
+By default communication between Ironic and Galera is unsecure.
+
+ironic:
+  api:
+    database:
+      x509:
+        enabled: True
+  conductor:
+    database:
+      x509:
+        enabled: True
+
+You able to set custom certificates in pillar:
+
+ironic:
+  api:
+    database:
+      x509:
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
+  conductor:
+    database:
+      x509:
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
+
+You can read more about it here:
+    https://docs.openstack.org/security-guide/databases/database-access-control.html
+
commit	258bf7c2c403621b17151ab84dc9a551e3dc4f98	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Thu Sep 13 14:23:29 2018 +0300
committer	Oleksandr Shyshko <oshyshko@mirantis.com>	Mon Sep 17 12:31:25 2018 +0300
tree	288ff17cd122323164554ec92b03e65859bdc627
parent	1a33d962bc34907b316cde3c84ad4ffb9fef8957 [diff] [blame]