Merge "Fix for mysql ssl certificate permission and owner"
diff --git a/mysql/server/service.sls b/mysql/server/service.sls
index 1ab4167..e276267 100644
--- a/mysql/server/service.sls
+++ b/mysql/server/service.sls
@@ -14,6 +14,7 @@
{%- else %}
- source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.cert.pem
{%- endif %}
+ - mode: 644
- require:
- pkg: mysql_packages
- watch_in:
@@ -26,6 +27,8 @@
{%- else %}
- source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.key.pem
{%- endif %}
+ - user: mysql
+ - mode: 400
- require:
- pkg: mysql_packages
- watch_in:
@@ -40,6 +43,7 @@
{%- else %}
- source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.cert.pem
{%- endif %}
+ - mode: 644
- require:
- pkg: mysql_packages
- watch_in:
@@ -52,6 +56,8 @@
{%- else %}
- source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.key.pem
{%- endif %}
+ - user: mysql
+ - mode: 400
- require:
- pkg: mysql_packages
- watch_in:
@@ -66,6 +72,7 @@
{%- else %}
- source: salt://pki/{{ server.ssl.authority }}/{{ server.ssl.authority }}-chain.cert.pem
{%- endif %}
+ - mode: 644
- require:
- pkg: mysql_packages
- watch_in: