Add frontend database TLS for Keystone
This patch enables internal TLS database connection for Keystone. Change-Id: I816d051e933a560629d9b9c95362f668abe4ade7
This commit is contained in:
parent
f76833b49a
commit
66a2f5830c
@ -239,3 +239,6 @@ keystone_federation_oidc_scopes: "openid email profile"
|
|||||||
|
|
||||||
# OIDC caching
|
# OIDC caching
|
||||||
keystone_oidc_enable_memcached: "{{ enable_memcached }}"
|
keystone_oidc_enable_memcached: "{{ enable_memcached }}"
|
||||||
|
|
||||||
|
# Database
|
||||||
|
keystone_database_enable_tls_internal: "{{ database_enable_tls_internal | bool }}"
|
||||||
|
@ -16,7 +16,7 @@ policy_file = {{ keystone_policy_file }}
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
|
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}{{ '?ssl_ca=' ~ openstack_cacert if keystone_database_enable_tls_internal | bool }}
|
||||||
connection_recycle_time = {{ database_connection_recycle_time }}
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
||||||
max_pool_size = {{ database_max_pool_size }}
|
max_pool_size = {{ database_max_pool_size }}
|
||||||
max_retries = -1
|
max_retries = -1
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Implements TLS between Keystone and ProxySQL
|
Loading…
x
Reference in New Issue
Block a user