Make sure mysql_boostrap has the proper TLS certificate and key

Mariadb-10.5.22 enforces TLS during the boostrap step, so let's make sure we have the certificate and key available at this stage. Change-Id: I06405e3b82185c66ee42b10b0c7cbad75326caf2
2023-10-25 11:23:06 +02:00 · 2023-10-25 11:23:06 +02:00 · 8a20da5e72
commit 8a20da5e72
parent 7ab5bf89b1
1 changed files with 9 additions and 0 deletions
--- a/deployment/database/mysql-pacemaker-puppet.yaml
+++ b/deployment/database/mysql-pacemaker-puppet.yaml
@ -301,6 +301,15 @@ outputs:
                  - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json:rw,z
                  - /var/lib/config-data/puppet-generated/mysql:/var/lib/kolla/config_files/src:ro,z
                  - /var/lib/mysql:/var/lib/mysql:rw,z
+                - if:
+                  - {get_param: EnableInternalTLS}
+                  - - list_join:
+                      - ':'
+                      - - {get_param: InternalTLSCAFile}
+                        - {get_param: InternalTLSCAFile}
+                        - 'ro'
+                    - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
+                    - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
            environment:
              KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
              KOLLA_BOOTSTRAP: true