Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / galera / d5d0984b80e32bc56a4d0280b232e40e854723ac^! / .
commitd5d0984b80e32bc56a4d0280b232e40e854723ac[log] [tgz]
authorVasyl Saienko <vsaienko@mirantis.com>Thu Jan 04 17:29:47 2018 +0200
committerVasyl Saienko <vsaienko@mirantis.com>Thu Jan 04 17:29:59 2018 +0200
tree162df8f330da6b5f4539334aae0dc6e9f4ba866e
parentc0a5071814da8bbce259939b523e1af596ba3d82 [diff]
Ensure permissions are correct for mysql dirs

When SSL enabled, /etc/mysq directory is created by salt.minion
state with 700 permissions. It prohibits mysql from reading config
file as normal mode is 755. This patch ensures that mode for
/etc/mysql and /etc/mysql/ssl have correct rights.

Change-Id: Icc2a43e7a56c60d30a716f29f0a9ec28c6549429
Related-Prod: ROD-16782

diff --git a/galera/_ssl.sls b/galera/_ssl.sls
index 2daf44a..e6ddd42 100644
--- a/galera/_ssl.sls
+++ b/galera/_ssl.sls

@@ -6,6 +6,15 @@
 {%- endif %}
 
 {%- if service.get('ssl', {}).get('enabled', False) %}
+
+galera_ssl_dir:
+  file.directory:
+  - name: /etc/mysql/ssl
+  - makedirs: true
+  - mode: 755
+  - require:
+    - pkg: galera_packages
+
 {%- if service.ssl.cacert_chain is defined %}
 mysql_cacertificate:
   file.managed:
@@ -27,6 +36,7 @@
   - create: False
   - require:
     - file: mysql_cacertificate_exists
+    - file: galera_ssl_dir
   - require_in:
     - service: galera_service
     - file: galera_config
@@ -53,6 +63,7 @@
     - create: False
     - require:
       - file: mysql_certificate_exists
+      - file: galera_ssl_dir
     - require_in:
       - service: galera_service
       - file: galera_config
@@ -69,6 +80,7 @@
     - makedirs: true
     - require:
       - pkg: galera_packages
+      - file: galera_ssl_dir
     - require_in:
       - service: galera_service
       - file: galera_config
@@ -86,6 +98,7 @@
     - require:
       - file: mysql_server_key_exists
       - pkg: galera_packages
+      - file: galera_ssl_dir
     - require_in:
        - service: galera_service
        - file: galera_config

diff --git a/galera/master.sls b/galera/master.sls
index 28c211e..871124d 100644
--- a/galera/master.sls
+++ b/galera/master.sls

@@ -32,9 +32,9 @@
   - refresh: true
   - force_yes: True
 
-galera_log_dir:
+galera_dirs:
   file.directory:
-  - name: /var/log/mysql
+  - names: ['/var/log/mysql', '/etc/mysql']
   - makedirs: true
   - mode: 755
   - require:

diff --git a/galera/slave.sls b/galera/slave.sls
index 92bf324..6d9f0d3 100644
--- a/galera/slave.sls
+++ b/galera/slave.sls

@@ -32,9 +32,9 @@
   - refresh: true
   - force_yes: True
 
-galera_log_dir:
+galera_dirs:
   file.directory:
-  - name: /var/log/mysql
+  - names: ['/var/log/mysql', '/etc/mysql']
   - makedirs: true
   - mode: 755
   - require: