salt
/
galera-formula
forked from ExternalMirrors/galera-formula
Watch 1
Star 0
Fork 0
Code Releases 7 Activity
Saltstack Official Galera Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
199 Commits
12 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
galera-formula/galera/_ssl.sls

108 lines
2.5KB
Raw Permalink Blame History 

  1. {%- from "galera/map.jinja" import master, slave with context %}

  2. {%- if master.get('enabled', False) %}

  3.   {%- set service, role = master, 'master' %}

  4. {%-  elif slave.get('enabled', False) %}

  5.   {%- set service, role = slave, 'slave' %}

  6. {%- endif %}

  7. 

  8. {%- if service.get('ssl', {}).get('enabled', False) %}

  9. 

  10. galera_ssl_dir:

  11.   file.directory:

  12.   - name: /etc/mysql/ssl

  13.   - makedirs: true

  14.   - mode: 755

  15.   - require:

  16.     - pkg: galera_packages

  17. 

  18. {%- if service.ssl.cacert_chain is defined %}

  19. mysql_cacertificate:

  20.   file.managed:

  21.     - name: {{ service.ssl.ca_file }}

  22.     - contents_pillar: galera:{{ role }}:ssl:cacert_chain

  23.     - mode: 0444

  24.     - makedirs: true

  25.     - require_in:

  26.       - service: galera_service

  27.       - file: galera_config

  28. {%- else %}

  29. mysql_cacertificate_exists:

  30.   file.exists:

  31.   - name: {{ service.ssl.ca_file }}

  32. mysql_cacertificate:

  33.   file.managed:

  34.   - name: {{ service.ssl.ca_file }}

  35.   - mode: 644

  36.   - create: False

  37.   - require:

  38.     - file: mysql_cacertificate_exists

  39.     - file: galera_ssl_dir

  40.   - require_in:

  41.     - service: galera_service

  42.     - file: galera_config

  43. {%- endif %}

  44. 

  45. {%- if service.ssl.cert is defined %}

  46. mysql_certificate:

  47.   file.managed:

  48.     - name: {{ service.ssl.cert_file }}

  49.     - contents_pillar: galera:{{ role }}:ssl:cert

  50.     - mode: 0444

  51.     - makedirs: true

  52.     - require_in:

  53.       - service: galera_service

  54.       - file: galera_config

  55. {%- else %}

  56. mysql_certificate_exists:

  57.   file.exists:

  58.   - name: {{ service.ssl.cert_file }}

  59. mysql_certificate:

  60.   file.managed:

  61.     - name: {{ service.ssl.cert_file }}

  62.     - mode: 644

  63.     - create: False

  64.     - require:

  65.       - file: mysql_certificate_exists

  66.       - file: galera_ssl_dir

  67.     - require_in:

  68.       - service: galera_service

  69.       - file: galera_config

  70. {%- endif %}

  71. 

  72. {%- if service.ssl.key is defined %}

  73. mysql_server_key:

  74.   file.managed:

  75.     - name: {{ service.ssl.key_file }}

  76.     - contents_pillar: galera:{{ role }}:ssl:key

  77.     - user: root

  78.     - group: mysql

  79.     - mode: 0440

  80.     - makedirs: true

  81.     - require:

  82.       - pkg: galera_packages

  83.       - file: galera_ssl_dir

  84.     - require_in:

  85.       - service: galera_service

  86.       - file: galera_config

  87. {%- else %}

  88. mysql_server_key_exists:

  89.   file.exists:

  90.     - name: {{ service.ssl.key_file }}

  91. mysql_server_key:

  92.   file.managed:

  93.     - name: {{ service.ssl.key_file }}

  94.     - user: root

  95.     - group: mysql

  96.     - mode: 0440

  97.     - create: False

  98.     - require:

  99.       - file: mysql_server_key_exists

  100.       - pkg: galera_packages

  101.       - file: galera_ssl_dir

  102.     - require_in:

  103.        - service: galera_service

  104.        - file: galera_config

  105. {%- endif %}

  106. 

  107. {%- endif %}