Eevans has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/342679 )
Change subject: [WIP] Enable cqlsh client encryption
......................................................................
[WIP] Enable cqlsh client encryption
Bug: T111113
Change-Id: I31db5e9183e49f0022ac3230b22ad8a47223aa82
---
M modules/cassandra/manifests/instance.pp
M modules/cassandra/templates/cqlshrc.erb
2 files changed, 14 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/79/342679/1
diff --git a/modules/cassandra/manifests/instance.pp
b/modules/cassandra/manifests/instance.pp
index d130c24..fa207d5 100644
--- a/modules/cassandra/manifests/instance.pp
+++ b/modules/cassandra/manifests/instance.pp
@@ -208,6 +208,14 @@
mode => '0400',
require => File["${config_directory}/tls"],
}
+
+ file { "${config_directory}/tls/rootCa.crt":
+ content => secret("cassandra/${tls_cluster_name}/rootCa.crt"),
+ owner => 'cassandra',
+ group => 'cassandra',
+ mode => '0400',
+ require => File["${config_directory}/tls"],
+ }
}
if $instance_name != 'default' {
diff --git a/modules/cassandra/templates/cqlshrc.erb
b/modules/cassandra/templates/cqlshrc.erb
index 2e881e0..50d16ab 100644
--- a/modules/cassandra/templates/cqlshrc.erb
+++ b/modules/cassandra/templates/cqlshrc.erb
@@ -1,3 +1,9 @@
[authentication]
username = <%= @super_username %>
password = <%= @super_password %>
+
+[connection]
+factory = cqlshlib.ssl.ssl_transport_factory
+
+[ssl]
+certfile = <%= config_directory %>/tls/rootCa.crt
--
To view, visit https://gerrit.wikimedia.org/r/342679
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I31db5e9183e49f0022ac3230b22ad8a47223aa82
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Eevans <eev...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
