ExternalMirrors
/
salt-formula
mirror of https://github.com/salt-formulas/salt-formula-salt
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 7 Wiki Activity
Browse Source

Merge "added chain file for salt api ssl"

pull/56/head
Ales Komarek 7 years ago
parent
601513d333 6303c8ec67
commit
f979fdb2a8
2 changed files with 21 additions and 3 deletions
Unified View Show Diff Stats
  1. +15
    -1
      salt/api.sls
  2. +6
    -2
      salt/files/_api.conf

+ 15
- 1
salt/api.sls View File

- watch_in: - watch_in:
- service: salt_api_service - service: salt_api_service


{%- if api.get('ssl', {}).authority is defined %}

{%- set cert_file = "/etc/ssl/certs/" + api.ssl.get('name', grains.id) + ".crt" %}
{%- set ca_file = "/etc/ssl/certs/ca-" + api.ssl.authority + ".crt" %}

salt_api_init_tls:
cmd.run:
- name: "cat {{ cert_file }} {{ ca_file }} > /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt"
- creates: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt
- watch_in:
- service: salt_api_service

{%- endif %}

salt_api_service: salt_api_service:
service.running: service.running:
- name: salt-api - name: salt-api
- watch: - watch:
- file: /etc/salt/master.d/_api.conf - file: /etc/salt/master.d/_api.conf


{%- endif %}
{%- endif %}

+ 6
- 2
salt/files/_api.conf View File

ssl_crt: /etc/letsencrypt/live/{{ api.ssl.name }}/cert.pem ssl_crt: /etc/letsencrypt/live/{{ api.ssl.name }}/cert.pem
ssl_key: /etc/letsencrypt/live/{{ api.ssl.name }}/privkey.pem ssl_key: /etc/letsencrypt/live/{{ api.ssl.name }}/privkey.pem
{%- elif api.ssl.engine == 'salt' %} {%- elif api.ssl.engine == 'salt' %}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
ssl_crt: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}.crt
ssl_key: /etc/ssl/private/{{ api.ssl.get('name', grains.id) }}.key
{%- if api.ssl.authority is defined %}
ssl_chain: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt
{%- endif %}
{%- else %} {%- else %}
ssl_crt: {{ api.ssl.get('cert_file')|default("/etc/ssl/certs/"+grains.get('fqdn')+".crt") }} ssl_crt: {{ api.ssl.get('cert_file')|default("/etc/ssl/certs/"+grains.get('fqdn')+".crt") }}
ssl_key: {{ api.ssl.get('key_file')|default("/etc/ssl/private/"+grains.get('fqdn')+".key") }} ssl_key: {{ api.ssl.get('key_file')|default("/etc/ssl/private/"+grains.get('fqdn')+".key") }}
{#- {#-
vim: syntax=jinja vim: syntax=jinja
-#} -#}


Write Preview
Loading…
Cancel
Save