From 7b720184e3bc512c0e1a1e89742f5dcf0df0b400 Mon Sep 17 00:00:00 2001 From: "Gupta, Sangeet (sg774j)" Date: Fri, 24 Jul 2020 23:02:09 +0000 Subject: [PATCH] feat(tls): Make openstack services compatible with mariadb with TLS Change database scerets. Change-Id: I068dfcb23d596d4b9bcde1944fb4def010490452 --- cinder/templates/secret-db.yaml | 7 ++++++- glance/templates/secret-db.yaml | 7 ++++++- heat/templates/secret-db.yaml | 7 ++++++- keystone/templates/secret-db.yaml | 7 ++++++- neutron/templates/secret-db.yaml | 7 ++++++- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/cinder/templates/secret-db.yaml b/cinder/templates/secret-db.yaml index 31a94e654c..a5cee90b31 100644 --- a/cinder/templates/secret-db.yaml +++ b/cinder/templates/secret-db.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "cinder" }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} --- apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} {{- end }} {{- end }} diff --git a/glance/templates/secret-db.yaml b/glance/templates/secret-db.yaml index 14527b257b..0a1085d3c4 100644 --- a/glance/templates/secret-db.yaml +++ b/glance/templates/secret-db.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "glance" }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} --- apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} {{- end }} {{- end }} diff --git a/heat/templates/secret-db.yaml b/heat/templates/secret-db.yaml index a1796402ff..ef020d167e 100644 --- a/heat/templates/secret-db.yaml +++ b/heat/templates/secret-db.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "heat" }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} --- apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} {{- end }} {{- end }} diff --git a/keystone/templates/secret-db.yaml b/keystone/templates/secret-db.yaml index 4e61351f04..55ff593715 100644 --- a/keystone/templates/secret-db.yaml +++ b/keystone/templates/secret-db.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "keystone" }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} --- apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} {{- end }} {{- end }} diff --git a/neutron/templates/secret-db.yaml b/neutron/templates/secret-db.yaml index 22786d7e08..47d956fa41 100644 --- a/neutron/templates/secret-db.yaml +++ b/neutron/templates/secret-db.yaml @@ -16,6 +16,7 @@ limitations under the License. {{- $envAll := . }} {{- range $key1, $userClass := tuple "admin" "neutron" }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }} --- apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $secretName }} type: Opaque data: - DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- if $envAll.Values.manifests.certificates }} + DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}} +{{- else }} + DB_CONNECTION: {{ $connection | b64enc -}} +{{- end }} {{- end }} {{- end }}