Allow to set ssl grant options when creating galera databases
This patch allows to configure SSL grant options when creating
galera databases by specifying mysql_{service}_ssl_option param.
Change-Id: I6c7d82f62d20388033f608c1b4ca0269249807da
Related-Prod: PROD-17049
diff --git a/galera/server/database/aodh.yml b/galera/server/database/aodh.yml
index f5095d2..c7cdfdc 100644
--- a/galera/server/database/aodh.yml
+++ b/galera/server/database/aodh.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_aodh_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_aodh_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_aodh_ssl_option}
- name: aodh
password: ${_param:mysql_aodh_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_aodh_ssl_option}
diff --git a/galera/server/database/barbican.yml b/galera/server/database/barbican.yml
index 4759439..a292660 100644
--- a/galera/server/database/barbican.yml
+++ b/galera/server/database/barbican.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_barbican_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_barbican_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_barbican_ssl_option}
- name: barbican
password: ${_param:mysql_barbican_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_barbican_ssl_option}
diff --git a/galera/server/database/ceilometer.yml b/galera/server/database/ceilometer.yml
index b33c8f9..08a7f8b 100644
--- a/galera/server/database/ceilometer.yml
+++ b/galera/server/database/ceilometer.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_ceilometer_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_ceilometer_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_ceilometer_ssl_option}
- name: ceilometer
password: ${_param:mysql_ceilometer_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_ceilometer_ssl_option}
diff --git a/galera/server/database/cinder.yml b/galera/server/database/cinder.yml
index 08b6ddb..6478cb8 100644
--- a/galera/server/database/cinder.yml
+++ b/galera/server/database/cinder.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_cinder_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_cinder_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_cinder_ssl_option}
- name: cinder
password: ${_param:mysql_cinder_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_cinder_ssl_option}
diff --git a/galera/server/database/designate.yml b/galera/server/database/designate.yml
index 107e3ae..43a76f9 100644
--- a/galera/server/database/designate.yml
+++ b/galera/server/database/designate.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_designate_ssl_option: []
mysql:
server:
database:
@@ -9,10 +11,12 @@
password: ${_param:mysql_designate_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
- name: designate
password: ${_param:mysql_designate_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
designate_pool_manager:
encoding: utf8
users:
@@ -20,7 +24,9 @@
password: ${_param:mysql_designate_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
- name: designate
password: ${_param:mysql_designate_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
diff --git a/galera/server/database/glance.yml b/galera/server/database/glance.yml
index 7e5e443..7af81d8 100644
--- a/galera/server/database/glance.yml
+++ b/galera/server/database/glance.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_glance_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_glance_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_glance_ssl_option}
- name: glance
password: ${_param:mysql_glance_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_glance_ssl_option}
diff --git a/galera/server/database/grafana.yml b/galera/server/database/grafana.yml
index fa4742e..3bfee87 100644
--- a/galera/server/database/grafana.yml
+++ b/galera/server/database/grafana.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_grafana_ssl_option: []
mysql:
server:
database:
@@ -9,8 +11,10 @@
password: ${_param:mysql_grafana_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_grafana_ssl_option}
- name: grafana
password: ${_param:mysql_grafana_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_grafana_ssl_option}
diff --git a/galera/server/database/graphite.yml b/galera/server/database/graphite.yml
index 8ba6efd..595c16b 100644
--- a/galera/server/database/graphite.yml
+++ b/galera/server/database/graphite.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_graphite_ssl_option: []
mysql:
server:
database:
@@ -9,3 +11,4 @@
password: '${_param:mysql_graphite_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_graphite_ssl_option}
diff --git a/galera/server/database/heat.yml b/galera/server/database/heat.yml
index 0d716d8..31b3968 100644
--- a/galera/server/database/heat.yml
+++ b/galera/server/database/heat.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_heat_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_heat_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_heat_ssl_option}
- name: heat
password: ${_param:mysql_heat_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_heat_ssl_option}
diff --git a/galera/server/database/ironic.yml b/galera/server/database/ironic.yml
index 8cb14a3..a478aeb 100644
--- a/galera/server/database/ironic.yml
+++ b/galera/server/database/ironic.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_ironic_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_ironic_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_ironic_ssl_option}
- name: ironic
password: ${_param:mysql_ironic_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_ironic_ssl_option}
diff --git a/galera/server/database/keystone.yml b/galera/server/database/keystone.yml
index fc2c5eb..d6483cd 100644
--- a/galera/server/database/keystone.yml
+++ b/galera/server/database/keystone.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_keystone_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_keystone_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_keystone_ssl_option}
- name: keystone
password: ${_param:mysql_keystone_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_keystone_ssl_option}
diff --git a/galera/server/database/neutron.yml b/galera/server/database/neutron.yml
index 58dd012..b5ee606 100644
--- a/galera/server/database/neutron.yml
+++ b/galera/server/database/neutron.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_neutron_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: '${_param:mysql_neutron_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_neutron_ssl_option}
- name: 'neutron'
password: '${_param:mysql_neutron_password}'
host: '${_param:cluster_local_address}'
rights: 'all'
+ ssl_option: ${_param:mysql_neutron_ssl_option}
diff --git a/galera/server/database/nova.yml b/galera/server/database/nova.yml
index 86d4821..d2ffc4a 100644
--- a/galera/server/database/nova.yml
+++ b/galera/server/database/nova.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_nova_ssl_option: []
mysql:
server:
database:
@@ -9,10 +11,12 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
nova_api:
encoding: utf8
users:
@@ -20,10 +24,12 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
nova_cell0:
encoding: utf8
users:
@@ -31,7 +37,9 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
diff --git a/galera/server/database/octavia.yml b/galera/server/database/octavia.yml
index dfefb9c..7b4eaaf 100644
--- a/galera/server/database/octavia.yml
+++ b/galera/server/database/octavia.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_octavia_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: '${_param:mysql_octavia_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_octavia_ssl_option}
- name: 'octavia'
password: '${_param:mysql_octavia_password}'
host: '${_param:cluster_local_address}'
rights: 'all'
+ ssl_option: ${_param:mysql_octavia_ssl_option}
diff --git a/galera/server/database/panko.yml b/galera/server/database/panko.yml
index 7a3ed63..c4c455a 100644
--- a/galera/server/database/panko.yml
+++ b/galera/server/database/panko.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_panko_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_panko_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_panko_ssl_option}
- name: panko
password: ${_param:mysql_panko_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_panko_ssl_option}