ソースを参照

Merge "Use forward dependency for ca_file instead of reverse one"

pr/fix/minion_dependencis
Filip Pytloun 7年前
コミット
bc5fce96cb
1個のファイルの変更8行の追加8行の削除
  1. +8
    -8
      salt/minion/cert.sls

+ 8
- 8
salt/minion/cert.sls ファイルの表示



{%- if minion.cert is defined %} {%- if minion.cert is defined %}


{%- set created_ca_files = [] %}

{%- for cert_name,cert in minion.get('cert', {}).iteritems() %} {%- for cert_name,cert in minion.get('cert', {}).iteritems() %}
{%- set rowloop = loop %} {%- set rowloop = loop %}


- watch: - watch:
- x509: {{ cert_file }} - x509: {{ cert_file }}


{%- if cert.host is defined %}
{%- if cert.host is defined and ca_file not in created_ca_files %}
{%- for ca_path,ca_cert in salt['mine.get'](cert.host, 'x509.get_pem_entries').get(cert.host, {}).iteritems() %} {%- for ca_path,ca_cert in salt['mine.get'](cert.host, 'x509.get_pem_entries').get(cert.host, {}).iteritems() %}


{%- if '/etc/pki/ca/'+cert.authority in ca_path %} {%- if '/etc/pki/ca/'+cert.authority in ca_path %}


{{ ca_file }}_{{ rowloop.index }}:
{{ ca_file }}:
x509.pem_managed: x509.pem_managed:
- name: {{ ca_file }} - name: {{ ca_file }}
- text: {{ ca_cert|replace('\n', '') }} - text: {{ ca_cert|replace('\n', '') }}
- watch: - watch:
- x509: {{ cert_file }} - x509: {{ cert_file }}
{%- if cert.all_file is defined %}
- watch_in:
- cmd: salt_minion_cert_{{ cert_name }}_all
{%- endif %}


{{ ca_file }}_cert_permissions_{{ rowloop.index }}:
{{ ca_file }}_cert_permissions:
file.managed: file.managed:
- name: {{ ca_file }} - name: {{ ca_file }}
- mode: 0644 - mode: 0644
- watch: - watch:
- x509: {{ ca_file }} - x509: {{ ca_file }}


{{ ca_file }}_{{ rowloop.index }}_local_trusted_symlink:
{{ ca_file }}_local_trusted_symlink:
file.symlink: file.symlink:
- name: "{{ cacerts_dir }}/ca-{{ cert.authority }}.crt" - name: "{{ cacerts_dir }}/ca-{{ cert.authority }}.crt"
- target: {{ ca_file }} - target: {{ ca_file }}
{%- endif %} {%- endif %}


{%- endfor %} {%- endfor %}
{%- do created_ca_files.append(ca_file) %}
{%- endif %} {%- endif %}


{%- if cert.all_file is defined %} {%- if cert.all_file is defined %}
- watch: - watch:
- x509: {{ key_file }} - x509: {{ key_file }}
- x509: {{ cert_file }} - x509: {{ cert_file }}
- x509: {{ ca_file }}


{{ cert.all_file }}_cert_permissions: {{ cert.all_file }}_cert_permissions:
file.managed: file.managed:

読み込み中…
キャンセル
保存