commit a3b6662f2479dfe76ee0ecbd17e0fe30bdf7395b
author Oleksandr Shyshko <oshyshko@mirantis.com> Thu Aug 16 12:51:58 2018 +0300
committer oshyshko <oshyshko@mirantis.com> Tue Aug 21 09:15:05 2018 +0000
tree 48358140f0c31c2cb463e084bf3ccbaae6a6b284
parent b51190ec66e748380ead17b265b73eb9a7c20a39

Added support X.509 auth between MySQL and Nova

Related-PROD: PROD-19981

Change-Id: Ic748072d1eef9a5b9907d21f05e8d62bfda2e3eb

nova/control/cluster.yml

diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 90a2bae..d202987 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -4,6 +4,7 @@
 - service.keepalived.cluster.single
 - system.haproxy.proxy.listen.openstack.nova
 - system.haproxy.proxy.listen.openstack.novnc
+- system.salt.minion.cert.mysql.clients.openstack.nova
 parameters:
   _param:
     nova_vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -12,6 +13,7 @@
     nova_disk_allocation_ratio: 1.0
     metadata_password: metadataPass
     cluster_internal_protocol: 'http'
+    openstack_mysql_x509_enabled: False
   linux:
     system:
       package:
@@ -44,6 +46,8 @@
         name: nova
         user: nova
         password: ${_param:mysql_nova_password}
+        x509:
+          enabled: ${_param:openstack_mysql_x509_enabled}
       identity:
         engine: keystone
         region: ${_param:openstack_region}