ExternalMirrors
/
galera-formula
Mirror von https://github.com/salt-formulas/salt-formula-galera
Beobachten 1
Favorisieren 0
Fork 1
Code Issues 0 Releases 7 Wiki Aktivität
Quellcode durchsuchen

Remove separate galera.ssl state 

This patch removes separate state galera.ssl as it was previously
wrongly introduced. Instead include ssl tasks to master/slave when
ssl is enabled.
This fixes missing requirements when applying separate states.
Ensure that mysql package is installed before changing group
ownership for ssl files to mysql, as group will be added by mysql
packages.

Fix ssl inital configuration. SSL settings are not applied during
service reload, we have to add them during initial galera cluster
start.

Change-Id: Iff9a268000c3e5e722cc6e197cfd223ec1015f73
Related-Prod: PROD-16695
master
Vasyl Saienko vor 7 Jahren
Ursprung
8cca9cc94e
Commit
c0a5071814
5 geänderte Dateien mit 31 neuen und 4 gelöschten Zeilen
Gesamtansicht Diff-Statistik anzeigen
  1. +14
    -3
      galera/_ssl.sls
  2. +7
    -0
      galera/files/my.cnf.init
  3. +0
    -1
      galera/init.sls
  4. +5
    -0
      galera/master.sls
  5. +5
    -0
      galera/slave.sls

galera/ssl.sls → galera/_ssl.sls Datei anzeigen

{%- from "galera/map.jinja" import master, slave with context %} {%- from "galera/map.jinja" import master, slave with context %}

{%- set service = master if pillar.galera.master is defined else slave %}
{%- set role = 'master' if pillar.galera.master is defined else 'slave' %}
{%- if master.get('enabled', False) %}
{%- set service, role = master, 'master' %}
{%- elif slave.get('enabled', False) %}
{%- set service, role = slave, 'slave' %}
{%- endif %}


{%- if service.get('ssl', {}).get('enabled', False) %} {%- if service.get('ssl', {}).get('enabled', False) %}
{%- if service.ssl.cacert_chain is defined %} {%- if service.ssl.cacert_chain is defined %}
- makedirs: true - makedirs: true
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- else %} {%- else %}
mysql_cacertificate_exists: mysql_cacertificate_exists:
file.exists: file.exists:
- file: mysql_cacertificate_exists - file: mysql_cacertificate_exists
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- endif %} {%- endif %}


{%- if service.ssl.cert is defined %} {%- if service.ssl.cert is defined %}
- makedirs: true - makedirs: true
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- else %} {%- else %}
mysql_certificate_exists: mysql_certificate_exists:
file.exists: file.exists:
- file: mysql_certificate_exists - file: mysql_certificate_exists
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- endif %} {%- endif %}


{%- if service.ssl.key is defined %} {%- if service.ssl.key is defined %}
- group: mysql - group: mysql
- mode: 0440 - mode: 0440
- makedirs: true - makedirs: true
- require:
- pkg: galera_packages
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- else %} {%- else %}
mysql_server_key_exists: mysql_server_key_exists:
file.exists: file.exists:
- create: False - create: False
- require: - require:
- file: mysql_server_key_exists - file: mysql_server_key_exists
- pkg: galera_packages
- require_in: - require_in:
- service: galera_service - service: galera_service
- file: galera_config
{%- endif %} {%- endif %}


{%- endif %} {%- endif %}

+ 7
- 0
galera/files/my.cnf.init Datei anzeigen

wsrep_provider_options="gcache.size = 256M" wsrep_provider_options="gcache.size = 256M"
wsrep_provider_options="gmcast.listen_addr = tcp://{{ service.bind.address }}:4567" wsrep_provider_options="gmcast.listen_addr = tcp://{{ service.bind.address }}:4567"


{% if service.get('ssl', {}).get('enabled', False) %}
wsrep_provider_options="socket.ssl=yes;socket.ssl_key={{ service.ssl.key_file }};socket.ssl_cert={{ service.ssl.cert_file }};socket.ssl_ca={{ service.ssl.ca_file }}"
ssl-ca={{ service.ssl.ca_file }}
ssl-cert={{ service.ssl.cert_file }}
ssl-key={{ service.ssl.key_file }}
{% endif %}

[xtrabackup] [xtrabackup]
parallel=4 parallel=4



+ 0
- 1
galera/init.sls Datei anzeigen



{%- if pillar.galera is defined %} {%- if pillar.galera is defined %}
include: include:
- galera.ssl
{%- if pillar.galera.master is defined %} {%- if pillar.galera.master is defined %}
- galera.master - galera.master
{%- endif %} {%- endif %}

+ 5
- 0
galera/master.sls Datei anzeigen

{%- from "galera/map.jinja" import master with context %} {%- from "galera/map.jinja" import master with context %}
{%- if master.get('enabled', False) %} {%- if master.get('enabled', False) %}


{%- if master.get('ssl', {}).get('enabled', False) %}
include:
- galera._ssl
{%- endif %}

{%- if grains.os_family == 'RedHat' %} {%- if grains.os_family == 'RedHat' %}
xtrabackup_repo: xtrabackup_repo:
pkg.installed: pkg.installed:

+ 5
- 0
galera/slave.sls Datei anzeigen

{%- from "galera/map.jinja" import slave with context %} {%- from "galera/map.jinja" import slave with context %}
{%- if slave.get('enabled', False) %} {%- if slave.get('enabled', False) %}


{%- if slave.get('ssl', {}).get('enabled', False) %}
include:
- galera._ssl
{%- endif %}

{%- if grains.os_family == 'RedHat' %} {%- if grains.os_family == 'RedHat' %}
xtrabackup_repo: xtrabackup_repo:
pkg.installed: pkg.installed:

Verfassen Vorschau
Laden…
Abbrechen
Speichern