Adding an ability to set ciphers for galera

Change-Id: I4993f997ce3440317a286c8298ded0e96806d5bd

README.rst

        slave or master:
          ssl:
           enabled: True
-
+          ciphers:
+            DHE-RSA-AES128-SHA:
+              enabled: True
+            DHE-RSA-AES256-SHA:
+              enabled: True
+            EDH-RSA-DES-CBC3-SHA:
+              name: EDH-RSA-DES-CBC3-SHA
+              enabled: True
+            AES128-SHA:AES256-SHA:
+              name: AES128-SHA:AES256-SHA
+              enabled: True
+            DES-CBC3-SHA:
+              enabled: True
           # path
           cert_file: /etc/mysql/ssl/cert.pem
           key_file: /etc/mysql/ssl/key.pem

galera/files/my.cnf

 
 {% if service.get('ssl', {}).get('enabled', False) %}
 wsrep_provider_options="socket.ssl=yes;socket.ssl_key={{ service.ssl.key_file }};socket.ssl_cert={{ service.ssl.cert_file }};socket.ssl_ca={{ service.ssl.ca_file }}"
+{%- if service.ssl.ciphers is defined %}
+{%- set _ciphers = [] %}
+{%- for cipher_name, cipher in service.ssl.get('ciphers', {}).iteritems() %}
+{%- if cipher.get('enabled', False) %}
+{%- if cipher.name is defined %}
+{%- do _ciphers.append(cipher.name) %}
+{%- else %}
+{%- do _ciphers.append(cipher_name) %}
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+ssl_cipher={{ ':'.join(_ciphers) }}
+{%- endif %}
 ssl-ca={{ service.ssl.ca_file }}
 ssl-cert={{ service.ssl.cert_file }}
 ssl-key={{ service.ssl.key_file }}

tests/pillar/master_cluster.sls

       key_file: /etc/mysql/ssl/key.pem
       cert_file: /etc/mysql/ssl/cert.pem
       ca_file: /etc/mysql/ssl/ca.pem
+      ciphers:
+        DHE-RSA-AES128-SHA:
+          enabled: True
+        DHE-RSA-AES256-SHA:
+          name: DHE-RSA-AES256-SHA
+          enabled: True
+        EDH-RSA-DES-CBC3-SHA:
+          name: EDH-RSA-DES-CBC3-SHA
+          enabled: True
+        AES128-SHA:AES256-SHA:
+          enabled: True
+        DES-CBC3-SHA:
+          enabled: True
   clustercheck:
     enabled: True
     user: clustercheck