galera/_ssl.sls - salt-formulas/galera - Gitiles

 {%- from "galera/map.jinja" import master, slave with context %}
 {%- if master.get('enabled', False) %}
   {%- set service, role = master, 'master' %}
 {%-  elif slave.get('enabled', False) %}
   {%- set service, role = slave, 'slave' %}
 {%- endif %}

 {%- if service.get('ssl', {}).get('enabled', False) %}

 galera_ssl_dir:
   file.directory:
   - name: /etc/mysql/ssl
   - makedirs: true
   - mode: 755
   - require:
     - pkg: galera_packages

 {%- if service.ssl.cacert_chain is defined %}
 mysql_cacertificate:
   file.managed:
     - name: {{ service.ssl.ca_file }}
     - contents_pillar: galera:{{ role }}:ssl:cacert_chain
     - mode: 0444
     - makedirs: true
     - require_in:
       - service: galera_service
       - file: galera_config
 {%- else %}
 mysql_cacertificate_exists:
   file.exists:
   - name: {{ service.ssl.ca_file }}
 mysql_cacertificate:
   file.managed:
   - name: {{ service.ssl.ca_file }}
   - mode: 644
   - create: False
   - require:
     - file: mysql_cacertificate_exists
     - file: galera_ssl_dir
   - require_in:
     - service: galera_service
     - file: galera_config
 {%- endif %}

 {%- if service.ssl.cert is defined %}
 mysql_certificate:
   file.managed:
     - name: {{ service.ssl.cert_file }}
     - contents_pillar: galera:{{ role }}:ssl:cert
     - mode: 0444
     - makedirs: true
     - require_in:
       - service: galera_service
       - file: galera_config
 {%- else %}
 mysql_certificate_exists:
   file.exists:
   - name: {{ service.ssl.cert_file }}
 mysql_certificate:
   file.managed:
     - name: {{ service.ssl.cert_file }}
     - mode: 644
     - create: False
     - require:
       - file: mysql_certificate_exists
       - file: galera_ssl_dir
     - require_in:
       - service: galera_service
       - file: galera_config
 {%- endif %}

 {%- if service.ssl.key is defined %}
 mysql_server_key:
   file.managed:
     - name: {{ service.ssl.key_file }}
     - contents_pillar: galera:{{ role }}:ssl:key
     - user: root
     - group: mysql
     - mode: 0440
     - makedirs: true
     - require:
       - pkg: galera_packages
       - file: galera_ssl_dir
     - require_in:
       - service: galera_service
       - file: galera_config
 {%- else %}
 mysql_server_key_exists:
   file.exists:
     - name: {{ service.ssl.key_file }}
 mysql_server_key:
   file.managed:
     - name: {{ service.ssl.key_file }}
     - user: root
     - group: mysql
     - mode: 0440
     - create: False
     - require:
       - file: mysql_server_key_exists
       - pkg: galera_packages
       - file: galera_ssl_dir
     - require_in:
        - service: galera_service
        - file: galera_config
 {%- endif %}

 {%- endif %}
	{%- from "galera/map.jinja" import master, slave with context %}
	{%- if master.get('enabled', False) %}
	{%- set service, role = master, 'master' %}
	{%- elif slave.get('enabled', False) %}
	{%- set service, role = slave, 'slave' %}
	{%- endif %}

	{%- if service.get('ssl', {}).get('enabled', False) %}

	galera_ssl_dir:
	file.directory:
	- name: /etc/mysql/ssl
	- makedirs: true
	- mode: 755
	- require:
	- pkg: galera_packages

	{%- if service.ssl.cacert_chain is defined %}
	mysql_cacertificate:
	file.managed:
	- name: {{ service.ssl.ca_file }}
	- contents_pillar: galera:{{ role }}:ssl:cacert_chain
	- mode: 0444
	- makedirs: true
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- else %}
	mysql_cacertificate_exists:
	file.exists:
	- name: {{ service.ssl.ca_file }}
	mysql_cacertificate:
	file.managed:
	- name: {{ service.ssl.ca_file }}
	- mode: 644
	- create: False
	- require:
	- file: mysql_cacertificate_exists
	- file: galera_ssl_dir
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- endif %}

	{%- if service.ssl.cert is defined %}
	mysql_certificate:
	file.managed:
	- name: {{ service.ssl.cert_file }}
	- contents_pillar: galera:{{ role }}:ssl:cert
	- mode: 0444
	- makedirs: true
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- else %}
	mysql_certificate_exists:
	file.exists:
	- name: {{ service.ssl.cert_file }}
	mysql_certificate:
	file.managed:
	- name: {{ service.ssl.cert_file }}
	- mode: 644
	- create: False
	- require:
	- file: mysql_certificate_exists
	- file: galera_ssl_dir
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- endif %}

	{%- if service.ssl.key is defined %}
	mysql_server_key:
	file.managed:
	- name: {{ service.ssl.key_file }}
	- contents_pillar: galera:{{ role }}:ssl:key
	- user: root
	- group: mysql
	- mode: 0440
	- makedirs: true
	- require:
	- pkg: galera_packages
	- file: galera_ssl_dir
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- else %}
	mysql_server_key_exists:
	file.exists:
	- name: {{ service.ssl.key_file }}
	mysql_server_key:
	file.managed:
	- name: {{ service.ssl.key_file }}
	- user: root
	- group: mysql
	- mode: 0440
	- create: False
	- require:
	- file: mysql_server_key_exists
	- pkg: galera_packages
	- file: galera_ssl_dir
	- require_in:
	- service: galera_service
	- file: galera_config
	{%- endif %}

	{%- endif %}