瀏覽代碼

Merge "added chain file for salt api ssl"

pull/56/head
Ales Komarek 7 年之前
父節點
當前提交
f979fdb2a8
共有 2 個文件被更改,包括 21 次插入3 次删除
  1. +15
    -1
      salt/api.sls
  2. +6
    -2
      salt/files/_api.conf

+ 15
- 1
salt/api.sls 查看文件

@@ -15,6 +15,20 @@ salt_api_packages:
- watch_in:
- service: salt_api_service

{%- if api.get('ssl', {}).authority is defined %}

{%- set cert_file = "/etc/ssl/certs/" + api.ssl.get('name', grains.id) + ".crt" %}
{%- set ca_file = "/etc/ssl/certs/ca-" + api.ssl.authority + ".crt" %}

salt_api_init_tls:
cmd.run:
- name: "cat {{ cert_file }} {{ ca_file }} > /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt"
- creates: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt
- watch_in:
- service: salt_api_service

{%- endif %}

salt_api_service:
service.running:
- name: salt-api
@@ -23,4 +37,4 @@ salt_api_service:
- watch:
- file: /etc/salt/master.d/_api.conf

{%- endif %}
{%- endif %}

+ 6
- 2
salt/files/_api.conf 查看文件

@@ -9,8 +9,11 @@ rest_cherrypy:
ssl_crt: /etc/letsencrypt/live/{{ api.ssl.name }}/cert.pem
ssl_key: /etc/letsencrypt/live/{{ api.ssl.name }}/privkey.pem
{%- elif api.ssl.engine == 'salt' %}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
ssl_crt: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}.crt
ssl_key: /etc/ssl/private/{{ api.ssl.get('name', grains.id) }}.key
{%- if api.ssl.authority is defined %}
ssl_chain: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt
{%- endif %}
{%- else %}
ssl_crt: {{ api.ssl.get('cert_file')|default("/etc/ssl/certs/"+grains.get('fqdn')+".crt") }}
ssl_key: {{ api.ssl.get('key_file')|default("/etc/ssl/private/"+grains.get('fqdn')+".key") }}
@@ -25,3 +28,4 @@ rest_cherrypy:
{#-
vim: syntax=jinja
-#}


Loading…
取消
儲存