Eevans has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/342679 )
Change subject: [WIP] Enable cqlsh client encryption ...................................................................... [WIP] Enable cqlsh client encryption Bug: T111113 Change-Id: I31db5e9183e49f0022ac3230b22ad8a47223aa82 --- M modules/cassandra/manifests/instance.pp M modules/cassandra/templates/cqlshrc.erb 2 files changed, 14 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/79/342679/1 diff --git a/modules/cassandra/manifests/instance.pp b/modules/cassandra/manifests/instance.pp index d130c24..fa207d5 100644 --- a/modules/cassandra/manifests/instance.pp +++ b/modules/cassandra/manifests/instance.pp @@ -208,6 +208,14 @@ mode => '0400', require => File["${config_directory}/tls"], } + + file { "${config_directory}/tls/rootCa.crt": + content => secret("cassandra/${tls_cluster_name}/rootCa.crt"), + owner => 'cassandra', + group => 'cassandra', + mode => '0400', + require => File["${config_directory}/tls"], + } } if $instance_name != 'default' { diff --git a/modules/cassandra/templates/cqlshrc.erb b/modules/cassandra/templates/cqlshrc.erb index 2e881e0..50d16ab 100644 --- a/modules/cassandra/templates/cqlshrc.erb +++ b/modules/cassandra/templates/cqlshrc.erb @@ -1,3 +1,9 @@ [authentication] username = <%= @super_username %> password = <%= @super_password %> + +[connection] +factory = cqlshlib.ssl.ssl_transport_factory + +[ssl] +certfile = <%= config_directory %>/tls/rootCa.crt -- To view, visit https://gerrit.wikimedia.org/r/342679 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31db5e9183e49f0022ac3230b22ad8a47223aa82 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Eevans <eev...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits