Browse Source

Add salt master's CA into system CA bundle

Change-Id: I89cec95e87db52fd59a84d57c485d8c938711ef3
pull/36/head
Filip Pytloun 7 years ago
parent
commit
1fde6eac8d
1 changed files with 21 additions and 0 deletions
  1. +21
    -0
      salt/minion/cert.sls

+ 21
- 0
salt/minion/cert.sls View File

@@ -97,6 +97,27 @@ salt_minion_cert_{{ cert_name }}_dirs:
- watch:
- x509: {{ ca_file }}

{%- if grains.os_family == 'Debian' %}

salt_ca_certificates_packages:
pkg.installed:
- name: ca-certificates

{{ ca_file }}_{{ rowloop.index }}_debian_symlink:
file.symlink:
- name: "/usr/local/share/ca-certificates/ca-{{ cert.authority }}.crt"
- target: {{ ca_file }}
- watch_in:
- cmd: salt_update_certificates
- require:
- pkg: salt_ca_certificates_packages

salt_update_certificates:
cmd.wait:
- name: update-ca-certificates

{%- endif %}

{%- endif %}

{%- endfor %}

Loading…
Cancel
Save