| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 1 | {%- from "mysql/map.jinja" import server with context %} |
| 2 | |
| 3 | mysql_salt_config: |
| 4 | file.managed: |
| 5 | - name: /etc/salt/minion.d/mysql.conf |
| 6 | - template: jinja |
| 7 | - source: salt://mysql/files/salt-minion.conf |
| 8 | - mode: 600 |
| 9 | |
| 10 | {%- if server.enabled %} |
| 11 | |
| 12 | include: |
| 13 | - mysql.common |
| 14 | |
| 15 | {%- if server.ssl.enabled %} |
| 16 | |
| 17 | /etc/mysql/server-cert.pem: |
| 18 | file.managed: |
| 19 | {%- if server.ssl.cert is defined %} |
| 20 | - contents_pillar: mysql:server:ssl:cert |
| 21 | {%- else %} |
| 22 | - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.cert.pem |
| 23 | {%- endif %} |
| 24 | - require: |
| 25 | - pkg: mysql_packages |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 26 | - watch_in: |
| 27 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 28 | |
| 29 | /etc/mysql/server-key.pem: |
| 30 | file.managed: |
| 31 | {%- if server.ssl.cert is defined %} |
| 32 | - contents_pillar: mysql:server:ssl:key |
| 33 | {%- else %} |
| 34 | - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.key.pem |
| 35 | {%- endif %} |
| 36 | - require: |
| 37 | - pkg: mysql_packages |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 38 | - watch_in: |
| 39 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 40 | |
| 41 | {%- if server.replication.role in ['slave', 'both'] %} |
| 42 | |
| 43 | /etc/mysql/client-cert.pem: |
| 44 | file.managed: |
| 45 | {%- if server.ssl.client_cert is defined %} |
| 46 | - contents_pillar: mysql:server:ssl:client_cert |
| 47 | {%- else %} |
| 48 | - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.cert.pem |
| 49 | {%- endif %} |
| 50 | - require: |
| 51 | - pkg: mysql_packages |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 52 | - watch_in: |
| 53 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 54 | |
| 55 | /etc/mysql/client-key.pem: |
| 56 | file.managed: |
| 57 | {%- if server.ssl.client_key is defined %} |
| 58 | - contents_pillar: mysql:server:ssl:client_key |
| 59 | {%- else %} |
| 60 | - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.key.pem |
| 61 | {%- endif %} |
| 62 | - require: |
| 63 | - pkg: mysql_packages |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 64 | - watch_in: |
| 65 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 66 | |
| 67 | {%- endif %} |
| 68 | |
| 69 | /etc/mysql/cacert.pem: |
| 70 | file.managed: |
| 71 | {%- if server.ssl.cacert is defined %} |
| 72 | - contents_pillar: mysql:server:ssl:cacert |
| 73 | {%- else %} |
| 74 | - source: salt://pki/{{ server.ssl.authority }}/{{ server.ssl.authority }}-chain.cert.pem |
| 75 | {%- endif %} |
| 76 | - require: |
| 77 | - pkg: mysql_packages |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 78 | - watch_in: |
| 79 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 80 | |
| 81 | {%- endif %} |
| 82 | |
| 83 | |
| 84 | {%- if server.replication.role in ['master', 'both'] %} |
| 85 | |
| 86 | {{ server.replication.user }}: |
| 87 | mysql_user.present: |
| 88 | - host: '%' |
| 89 | - password: {{ server.replication.password }} |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 90 | - watch_in: |
| 91 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 92 | |
| 93 | {{ server.replication.user }}_replication_grants: |
| 94 | mysql_grants.present: |
| 95 | - grant: replication slave |
| 96 | - database: '*.*' |
| 97 | - user: {{ server.replication.user }} |
| 98 | - host: '%' |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 99 | - watch_in: |
| 100 | - service: mysql_service |
| Jakub Pavlik | f439665 | 2016-07-11 15:06:33 +0200 | [diff] [blame] | 101 | |
| 102 | {%- endif %} |
| 103 | |
| 104 | {%- if server.replication.role in ['slave', 'both'] %} |
| 105 | |
| 106 | {%- if not salt['mysql.get_slave_status'] is defined %} |
| 107 | |
| 108 | {%- include "mysql/server/_connect_replication_slave.sls" %} |
| 109 | |
| 110 | {%- elif salt['mysql.get_slave_status']() == [] %} |
| 111 | |
| 112 | {%- include "mysql/server/_connect_replication_slave.sls" %} |
| 113 | |
| 114 | {%- else %} |
| 115 | |
| 116 | {%- if salt['mysql.get_slave_status']().get('Slave_SQL_Running', 'No') == 'Yes' and salt['mysql.get_slave_status']().get('Slave_IO_Running', 'No') == 'Yes' %} |
| 117 | |
| 118 | {%- else %} |
| 119 | |
| 120 | {%- include "mysql/server/_connect_replication_slave.sls" %} |
| 121 | |
| 122 | {%- endif %} |
| 123 | |
| 124 | {%- endif %} |
| 125 | |
| 126 | {%- endif %} |
| 127 | |
| Filip Pytloun | 05784e0 | 2016-08-25 12:24:14 +0200 | [diff] [blame^] | 128 | {%- endif %} |