Browse Source
Adding an ability to set ciphers for galera
Change-Id: I4993f997ce3440317a286c8298ded0e96806d5bdmaster
Dzmitry Stremkouski
6 years ago
3 changed files with 39 additions and 1 deletions
+ 13
- 1
README.rst
View File
| @@ -70,7 +70,19 @@ Enable TLS support: | |||
| slave or master: | |||
| ssl: | |||
| enabled: True | |||
| ciphers: | |||
| DHE-RSA-AES128-SHA: | |||
| enabled: True | |||
| DHE-RSA-AES256-SHA: | |||
| enabled: True | |||
| EDH-RSA-DES-CBC3-SHA: | |||
| name: EDH-RSA-DES-CBC3-SHA | |||
| enabled: True | |||
| AES128-SHA:AES256-SHA: | |||
| name: AES128-SHA:AES256-SHA | |||
| enabled: True | |||
| DES-CBC3-SHA: | |||
| enabled: True | |||
| # path | |||
| cert_file: /etc/mysql/ssl/cert.pem | |||
| key_file: /etc/mysql/ssl/key.pem | |||
+ 13
- 0
galera/files/my.cnf
View File
| @@ -78,6 +78,19 @@ wsrep_provider_options="gmcast.listen_addr = tcp://{{ service.bind.address }}:45 | |||
| {% if service.get('ssl', {}).get('enabled', False) %} | |||
| wsrep_provider_options="socket.ssl=yes;socket.ssl_key={{ service.ssl.key_file }};socket.ssl_cert={{ service.ssl.cert_file }};socket.ssl_ca={{ service.ssl.ca_file }}" | |||
| {%- if service.ssl.ciphers is defined %} | |||
| {%- set _ciphers = [] %} | |||
| {%- for cipher_name, cipher in service.ssl.get('ciphers', {}).iteritems() %} | |||
| {%- if cipher.get('enabled', False) %} | |||
| {%- if cipher.name is defined %} | |||
| {%- do _ciphers.append(cipher.name) %} | |||
| {%- else %} | |||
| {%- do _ciphers.append(cipher_name) %} | |||
| {%- endif %} | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| ssl_cipher={{ ':'.join(_ciphers) }} | |||
| {%- endif %} | |||
| ssl-ca={{ service.ssl.ca_file }} | |||
| ssl-cert={{ service.ssl.cert_file }} | |||
| ssl-key={{ service.ssl.key_file }} | |||
+ 13
- 0
tests/pillar/master_cluster.sls
View File
| @@ -159,6 +159,19 @@ galera: | |||
| key_file: /etc/mysql/ssl/key.pem | |||
| cert_file: /etc/mysql/ssl/cert.pem | |||
| ca_file: /etc/mysql/ssl/ca.pem | |||
| ciphers: | |||
| DHE-RSA-AES128-SHA: | |||
| enabled: True | |||
| DHE-RSA-AES256-SHA: | |||
| name: DHE-RSA-AES256-SHA | |||
| enabled: True | |||
| EDH-RSA-DES-CBC3-SHA: | |||
| name: EDH-RSA-DES-CBC3-SHA | |||
| enabled: True | |||
| AES128-SHA:AES256-SHA: | |||
| enabled: True | |||
| DES-CBC3-SHA: | |||
| enabled: True | |||
| clustercheck: | |||
| enabled: True | |||
| user: clustercheck | |||
Loading…