d23433aca3
This patch ads an ability to receive TLS connections to ProxySQL. Certificates and variable lookups are added in order for TLS to be enabled by <project_name>_database_internal_tls_enable. Note that in order for this to work, mysql connection strings need to have TLS enabled, which can be added in separate per-service patches Change-Id: I2c06ce5e138f52259c1725dae37f25c1b00d1e6b
32 lines
1.1 KiB
Django/Jinja
32 lines
1.1 KiB
Django/Jinja
# This configuration file is used to configure proxysql users,
|
|
# in our case we just define default_hostgroup and the mysql galera
|
|
# cluster group where user is routed to.
|
|
#
|
|
# This is used especially when services are creating databases, users
|
|
# and connects via user 'root_shard_SHARD_ID', so ProxySQL know
|
|
# where to route this query.
|
|
#
|
|
# Table mysql_users defines MySQL users that clients can use to connect to
|
|
# ProxySQL, and then used to connect to backends.
|
|
#
|
|
# ProxySQL Admin> SHOW CREATE TABLE mysql_users\G
|
|
#
|
|
# https://proxysql.com/documentation/main-runtime/#mysql_users
|
|
|
|
mysql_users:
|
|
{% for user in proxysql_project_database_shard['users'] %}
|
|
{% if user['shard_id'] is defined %}
|
|
{% set WRITER_GROUP = user['shard_id'] | int * 10 %}
|
|
{% endif %}
|
|
- username: "{{ user['user'] }}"
|
|
password: "{{ user['password'] }}"
|
|
{% if user['shard_id'] is defined %}
|
|
default_hostgroup: {{ WRITER_GROUP }}
|
|
{% endif %}
|
|
transaction_persistent: 1
|
|
active: 1
|
|
{% if database_enable_tls_internal | bool and proxysql_project_database_internal_tls_enable | bool %}
|
|
use_ssl: 1
|
|
{% endif %}
|
|
{% endfor %}
|