Browse Source
Add retry for x509.certificate_managed state
Fixes: PROD-21792 (PROD:21792) Change-Id: Iff22ba927c74a9cb3bd8726253106ebdbb20fe32pull/73/head
Martin Polreich
6 years ago
2 changed files with 38 additions and 26 deletions
+ 32
- 26
salt/minion/ca.sls
View File
| @@ -46,32 +46,38 @@ salt_minion_cert_{{ ca_name }}_dirs: | |||
| {{ ca_file }}: | |||
| x509.certificate_managed: | |||
| - signing_private_key: {{ ca_key_file }} | |||
| - CN: "{{ ca.common_name }}" | |||
| {%- if ca.country is defined %} | |||
| - C: {{ ca.country }} | |||
| {%- endif %} | |||
| {%- if ca.state is defined %} | |||
| - ST: {{ ca.state }} | |||
| {%- endif %} | |||
| {%- if ca.locality is defined %} | |||
| - L: {{ ca.locality }} | |||
| {%- endif %} | |||
| {%- if ca.organization is defined %} | |||
| - O: {{ ca.organization }} | |||
| {%- endif %} | |||
| {%- if ca.organization_unit is defined %} | |||
| - OU: {{ ca.organization_unit }} | |||
| {%- endif %} | |||
| - basicConstraints: "critical,CA:TRUE" | |||
| - keyUsage: {{ ca_key_usage }} | |||
| - subjectKeyIdentifier: hash | |||
| - authorityKeyIdentifier: keyid,issuer:always | |||
| - days_valid: {{ ca.days_valid.authority }} | |||
| - days_remaining: 0 | |||
| - backup: True | |||
| - require: | |||
| - x509: {{ ca_key_file }} | |||
| - signing_private_key: {{ ca_key_file }} | |||
| - CN: "{{ ca.common_name }}" | |||
| {%- if ca.country is defined %} | |||
| - C: {{ ca.country }} | |||
| {%- endif %} | |||
| {%- if ca.state is defined %} | |||
| - ST: {{ ca.state }} | |||
| {%- endif %} | |||
| {%- if ca.locality is defined %} | |||
| - L: {{ ca.locality }} | |||
| {%- endif %} | |||
| {%- if ca.organization is defined %} | |||
| - O: {{ ca.organization }} | |||
| {%- endif %} | |||
| {%- if ca.organization_unit is defined %} | |||
| - OU: {{ ca.organization_unit }} | |||
| {%- endif %} | |||
| - basicConstraints: "critical,CA:TRUE" | |||
| - keyUsage: {{ ca_key_usage }} | |||
| - subjectKeyIdentifier: hash | |||
| - authorityKeyIdentifier: keyid,issuer:always | |||
| - days_valid: {{ ca.days_valid.authority }} | |||
| - days_remaining: 0 | |||
| - backup: True | |||
| - require: | |||
| - x509: {{ ca_key_file }} | |||
| {%- if grains['saltversioninfo'][0] >= 2017 %} | |||
| - retry: | |||
| attepmts: 5 | |||
| until: True | |||
| interval: 60 | |||
| {%- endif %} | |||
| # TODO: Squash this with the previous state after switch to Salt version >= 2016.11.2 | |||
| {{ ca_name }}_cert_permissions: | |||
+ 6
- 0
salt/minion/cert.sls
View File
| @@ -91,6 +91,12 @@ salt_minion_cert_{{ cert_name }}_dirs: | |||
| - watch_in: | |||
| - cmd: salt_minion_cert_{{ cert_name }}_all | |||
| {%- endif %} | |||
| {%- if grains['saltversioninfo'][0] >= 2017 %} | |||
| - retry: | |||
| attepmts: 5 | |||
| until: True | |||
| interval: 60 | |||
| {%- endif %} | |||
| # TODO: Squash this with the previous state after switch to Salt version >= 2016.11.2 | |||
| {{ cert_file }}_cert_permissions: | |||
Loading…