Browse Source

Ensure permissions are correct for mysql dirs

When SSL enabled, /etc/mysq directory is created by salt.minion
state with 700 permissions. It prohibits mysql from reading config
file as normal mode is 755. This patch ensures that mode for
/etc/mysql and /etc/mysql/ssl have correct rights.

Change-Id: Icc2a43e7a56c60d30a716f29f0a9ec28c6549429
Related-Prod: ROD-16782
master
Vasyl Saienko 7 years ago
parent
commit
d5d0984b80
3 changed files with 17 additions and 4 deletions
  1. +13
    -0
      galera/_ssl.sls
  2. +2
    -2
      galera/master.sls
  3. +2
    -2
      galera/slave.sls

+ 13
- 0
galera/_ssl.sls View File

@@ -6,6 +6,15 @@
{%- endif %}

{%- if service.get('ssl', {}).get('enabled', False) %}

galera_ssl_dir:
file.directory:
- name: /etc/mysql/ssl
- makedirs: true
- mode: 755
- require:
- pkg: galera_packages

{%- if service.ssl.cacert_chain is defined %}
mysql_cacertificate:
file.managed:
@@ -27,6 +36,7 @@ mysql_cacertificate:
- create: False
- require:
- file: mysql_cacertificate_exists
- file: galera_ssl_dir
- require_in:
- service: galera_service
- file: galera_config
@@ -53,6 +63,7 @@ mysql_certificate:
- create: False
- require:
- file: mysql_certificate_exists
- file: galera_ssl_dir
- require_in:
- service: galera_service
- file: galera_config
@@ -69,6 +80,7 @@ mysql_server_key:
- makedirs: true
- require:
- pkg: galera_packages
- file: galera_ssl_dir
- require_in:
- service: galera_service
- file: galera_config
@@ -86,6 +98,7 @@ mysql_server_key:
- require:
- file: mysql_server_key_exists
- pkg: galera_packages
- file: galera_ssl_dir
- require_in:
- service: galera_service
- file: galera_config

+ 2
- 2
galera/master.sls View File

@@ -32,9 +32,9 @@ galera_packages:
- refresh: true
- force_yes: True

galera_log_dir:
galera_dirs:
file.directory:
- name: /var/log/mysql
- names: ['/var/log/mysql', '/etc/mysql']
- makedirs: true
- mode: 755
- require:

+ 2
- 2
galera/slave.sls View File

@@ -32,9 +32,9 @@ galera_packages:
- refresh: true
- force_yes: True

galera_log_dir:
galera_dirs:
file.directory:
- name: /var/log/mysql
- names: ['/var/log/mysql', '/etc/mysql']
- makedirs: true
- mode: 755
- require:

Loading…
Cancel
Save