Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / oslo-templates / e5734136200a809daa594c91c102d6cc8844077f^! / .
commite5734136200a809daa594c91c102d6cc8844077f[log] [tgz]
authorOleksandr Shyshko <oshyshko@mirantis.com>Fri Aug 10 16:20:22 2018 +0300
committerOleksandr Shyshko <oshyshko@mirantis.com>Thu Aug 16 12:20:40 2018 +0300
tree00a74be0b860a1ae047633d90e5c457ee9636a33
parentf7cc76cdf3349aeb4140d1f69128810371e82e5a [diff]
[Queens] Implement X.509 auth for MySQL and Nova

Related-PROD: PROD-19981

Change-Id: I878652b739da009faf49457d3c59765a5e56defa

diff --git a/oslo_templates/files/queens/oslo/_database.conf b/oslo_templates/files/queens/oslo/_database.conf
index 1519a50..28b1fea 100644
--- a/oslo_templates/files/queens/oslo/_database.conf
+++ b/oslo_templates/files/queens/oslo/_database.conf

@@ -16,8 +16,14 @@
 # Deprecated group/name - [DATABASE]/sql_connection
 # Deprecated group/name - [sql]/connection
 #connection = <None>
-connection = {{ _data.engine }}+pymysql://{{ _data.user }}:{{ _data.password }}@{{ _data.host }}/{{ _data.name }}?charset=utf8{%- if _data.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ _data.ssl.cacert_file}}{% endif %}
 
+{%- set connection_x509_ssl_option = '' %}
+{%- if _data.get('x509',{}).get('enabled',False) %}
+  {%- set connection_x509_ssl_option = '&ssl_ca=' ~ _data.x509.get('ca_file') ~ '&ssl_cert=' ~ _data.x509.get('cert_file') ~ '&ssl_key=' ~ _data.x509.get('key_file') %}
+{%- elif _data.get('ssl',{}).get('enabled',False) %}
+  {%- set connection_x509_ssl_option = '&ssl_ca=' ~ _data.ssl.get('cacert_file') %}
+{%- endif %}
+connection = {{ _data.engine }}+pymysql://{{ _data.user }}:{{ _data.password }}@{{ _data.host }}/{{ _data.name }}?charset=utf8{{ connection_x509_ssl_option|string }}
 # The SQLAlchemy connection string to use to connect to the slave
 # database. (string value)
 #slave_connection = <None>