Merge "[REFACTOR] Implement X.509 auth for MySQL and Nova"
diff --git a/README.rst b/README.rst
index 2424232..1fa5f8c 100644
--- a/README.rst
+++ b/README.rst
@@ -1064,19 +1064,21 @@
---------------------
By default communication between Nova and Galera is unsecure.
+nova:
+ controller:
+ database:
+ x509:
+ enabled: True
+
You able to set custom certificates in pillar:
-controller:
- database:
- x509:
- enabled: True
nova:
controller:
database:
x509:
- cacert (certificate content)
- cert (certificate content)
- key (certificate content)
+ cacert: (certificate content)
+ cert: (certificate content)
+ key: (certificate content)
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
diff --git a/nova/controller.sls b/nova/controller.sls
index 0251163..2b5d515 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -60,6 +60,7 @@
- system: True
- require_in:
- pkg: nova_controller_packages
+ - sls: nova._ssl.mysql
{%- if controller.version not in ["juno", "kilo", "liberty", "mitaka", "newton"] %}
- pkg: nova_placement_package
{%- endif %}