Make ssl settings for mysql configurable from soft params.
This patch allows to enable/disable SSL on mysql and rebbit
by setting the following _params:
galera_ssl_enabled
rabbitmq_ssl_enabled
Change-Id: Ia1838578b4c32600ec74ae93257146478d516a85
diff --git a/classes/cluster/virtual-mcp11-aio/openstack/init.yml b/classes/cluster/virtual-mcp11-aio/openstack/init.yml
index a1e4c64..c61fd87 100755
--- a/classes/cluster/virtual-mcp11-aio/openstack/init.yml
+++ b/classes/cluster/virtual-mcp11-aio/openstack/init.yml
@@ -127,6 +127,9 @@
openstack_public_neutron_subnet_allocation_end: 192.168.130.254
barbican_simple_crypto_kek: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=
barbican_integration_enabled: False
+ galera_ssl_enabled: true
+ rabbitmq_ssl_enabled: true
+ rabbitmq_port: 5671 # for non-ssl use 5672
galera:
master:
members: ~
@@ -144,11 +147,11 @@
global_default: True
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
server:
api_workers: 2
@@ -156,21 +159,21 @@
rpc_workers: 2
message_queue:
members: ~
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
gateway:
metadata:
workers: 2
agent_mode: dvr_snat
dvr: True
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
barbican:
@@ -183,41 +186,41 @@
cache:
members: ~
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
controller:
barbican:
enabled: ${_param:barbican_integration_enabled}
vncproxy_url: http://${_param:single_address}:6080
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
cinder:
controller:
barbican:
enabled: ${_param:barbican_integration_enabled}
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
volume:
cache:
members: ~
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
horizon:
server:
secure: False
@@ -227,11 +230,11 @@
zones: ${_param:designate_quota_zones}
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
worker:
enabled: ${_param:designate_worker_enabled}
glance:
@@ -240,26 +243,26 @@
enabled: ${_param:barbican_integration_enabled}
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
keystone:
server:
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}
heat:
server:
database:
ssl:
- enabled: True
+ enabled: ${_param:galera_ssl_enabled}
message_queue:
- port: 5671
+ port: ${_param:rabbitmq_port}
ssl:
- enabled: True
+ enabled: ${_param:rabbitmq_ssl_enabled}