Saltstack Official Galera Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

ssl.sls 2.0KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. {%- from "galera/map.jinja" import master, slave with context %}
  2. {%- set service = master if pillar.galera.master is defined else slave %}
  3. {%- set role = 'master' if pillar.galera.master is defined else 'slave' %}
  4. {%- if service.get('ssl', {}).get('enabled', False) %}
  5. {%- if service.ssl.cacert_chain is defined %}
  6. mysql_cacertificate:
  7. file.managed:
  8. - name: {{ service.ssl.ca_file }}
  9. - contents_pillar: galera:{{ role }}:ssl:cacert_chain
  10. - mode: 0444
  11. - makedirs: true
  12. - require_in:
  13. - service: galera_service
  14. {%- else %}
  15. mysql_cacertificate_exists:
  16. file.exists:
  17. - name: {{ service.ssl.ca_file }}
  18. mysql_cacertificate:
  19. file.managed:
  20. - name: {{ service.ssl.ca_file }}
  21. - mode: 644
  22. - create: False
  23. - require:
  24. - file: mysql_cacertificate_exists
  25. - require_in:
  26. - service: galera_service
  27. {%- endif %}
  28. {%- if service.ssl.cert is defined %}
  29. mysql_certificate:
  30. file.managed:
  31. - name: {{ service.ssl.cert_file }}
  32. - contents_pillar: galera:{{ role }}:ssl:cert
  33. - mode: 0444
  34. - makedirs: true
  35. - require_in:
  36. - service: galera_service
  37. {%- else %}
  38. mysql_certificate_exists:
  39. file.exists:
  40. - name: {{ service.ssl.cert_file }}
  41. mysql_certificate:
  42. file.managed:
  43. - name: {{ service.ssl.cert_file }}
  44. - mode: 644
  45. - create: False
  46. - require:
  47. - file: mysql_certificate_exists
  48. - require_in:
  49. - service: galera_service
  50. {%- endif %}
  51. {%- if service.ssl.key is defined %}
  52. mysql_server_key:
  53. file.managed:
  54. - name: {{ service.ssl.key_file }}
  55. - contents_pillar: galera:{{ role }}:ssl:key
  56. - user: root
  57. - group: mysql
  58. - mode: 0440
  59. - makedirs: true
  60. - require_in:
  61. - service: galera_service
  62. {%- else %}
  63. mysql_server_key_exists:
  64. file.exists:
  65. - name: {{ service.ssl.key_file }}
  66. mysql_server_key:
  67. file.managed:
  68. - name: {{ service.ssl.key_file }}
  69. - user: root
  70. - group: mysql
  71. - mode: 0440
  72. - create: False
  73. - require:
  74. - file: mysql_server_key_exists
  75. - require_in:
  76. - service: galera_service
  77. {%- endif %}
  78. {%- endif %}