Browse Source

Allow to set SSL options for mysql user

This patch allows to set grant SSL options for user.

Change-Id: I700ed0634c549590f1cf207a3852996fc65e5d14
Related-Prod: PROD-17049
master
Vasyl Saienko 7 years ago
parent
commit
79f6906372
2 changed files with 23 additions and 2 deletions
  1. +18
    -0
      README.rst
  2. +5
    -2
      galera/server.sls

+ 18
- 0
README.rst View File

@@ -101,6 +101,24 @@ Additional mysql users:
- grants:
- all privileges

Additional mysql SSL grants:

.. code-block:: yaml

mysql:
server:
users:
- name: clustercheck
password: clustercheck
database: '*.*'
grants: PROCESS
ssl_option:
- SSL: True
- X509: True
- SUBJECT: <subject>
- ISSUER: <issuer>
- CIPHER: <cipher>

Additional check params:
========================


+ 5
- 2
galera/server.sls View File

@@ -38,6 +38,7 @@ mysql_grants_{{ user.name }}_{{ database_name }}_{{ user.host }}:
- database: '{{ database_name }}.*'
- user: '{{ user.name }}'
- host: '{{ user.host }}'
- ssl_option: {{ user.get('ssl_option', False) }}
#- connection_user: {{ connection.user }}
#- connection_pass: {{ connection.password }}
#- connection_charset: {{ connection.charset }}
@@ -58,7 +59,7 @@ mysql_grants_{{ user.name }}_{{ database_name }}_{{ user.host }}:
- defaults:
database_name: {{ database_name }}
database: {{ database }}
- require:
- require:
- file: mysql_dirs
- mysql_database: mysql_database_{{ database_name }}

@@ -92,7 +93,7 @@ mysql_user_{{ user.name }}_{{ host }}:
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
{%- if 'grants' in user %}
mysql_user_{{ user.name }}_{{ host }}_grants:
mysql_grants.present:
@@ -102,6 +103,7 @@ mysql_user_{{ user.name }}_{{ host }}_grants:
- grant_option: {{ user['grant_option'] | default(False) }}
- user: {{ user.name }}
- host: '{{ host }}'
- ssl_option: {{ user.get('ssl_option', False) }}
#- connection_user: {{ connection.user }}
#- connection_pass: {{ connection.password }}
#- connection_charset: {{ connection.charset }}
@@ -122,6 +124,7 @@ mysql_user_{{ user.name }}_{{ host }}_grants_db_{{ db.database }}_{{ loop.index0
- grant_option: {{ db['grant_option'] | default(False) }}
- user: {{ user.name }}
- host: '{{ host }}'
- ssl_option: {{ db.get('ssl_option', False) }}
#- connection_user: {{ connection.user }}
#- connection_pass: {{ connection.password }}
#- connection_charset: {{ connection.charset }}

Loading…
Cancel
Save