Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / mysql / f0ac8a91f21edf5bfe39d98be1bcf8ce07c7268c / . / mysql / server / service.sls
blob: e276267230cbba94d3417a6bd64e613c0e385dff [file] [log] [blame]
Andres Montalban8bd8bab2016-09-22 16:44:16 -0300[diff] [blame]1{%- from "mysql/map.jinja" import server, mysql_connection_args with context %}
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]2
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]3{%- if server.enabled %}
4
5include:
6- mysql.common
7
8{%- if server.ssl.enabled %}
9
10/etc/mysql/server-cert.pem:
11 file.managed:
12 {%- if server.ssl.cert is defined %}
13 - contents_pillar: mysql:server:ssl:cert
14 {%- else %}
15 - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.cert.pem
16 {%- endif %}
Dzmitry Stremkouski21e90302018-10-22 14:18:18 +0200[diff] [blame]17 - mode: 644
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]18 - require:
19 - pkg: mysql_packages
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]20 - watch_in:
21 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]22
23/etc/mysql/server-key.pem:
24 file.managed:
Martin Polreich6ca7c3f2017-08-30 15:07:57 +0200[diff] [blame]25 {%- if server.ssl.key is defined %}
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]26 - contents_pillar: mysql:server:ssl:key
27 {%- else %}
28 - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.certificate }}.key.pem
29 {%- endif %}
Dzmitry Stremkouski21e90302018-10-22 14:18:18 +0200[diff] [blame]30 - user: mysql
31 - mode: 400
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]32 - require:
33 - pkg: mysql_packages
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]34 - watch_in:
35 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]36
37{%- if server.replication.role in ['slave', 'both'] %}
38
39/etc/mysql/client-cert.pem:
40 file.managed:
41 {%- if server.ssl.client_cert is defined %}
42 - contents_pillar: mysql:server:ssl:client_cert
43 {%- else %}
44 - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.cert.pem
45 {%- endif %}
Dzmitry Stremkouski21e90302018-10-22 14:18:18 +0200[diff] [blame]46 - mode: 644
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]47 - require:
48 - pkg: mysql_packages
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]49 - watch_in:
50 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]51
52/etc/mysql/client-key.pem:
53 file.managed:
54 {%- if server.ssl.client_key is defined %}
55 - contents_pillar: mysql:server:ssl:client_key
56 {%- else %}
57 - source: salt://pki/{{ server.ssl.authority }}/certs/{{ server.ssl.client_certificate }}.key.pem
58 {%- endif %}
Dzmitry Stremkouski21e90302018-10-22 14:18:18 +0200[diff] [blame]59 - user: mysql
60 - mode: 400
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]61 - require:
62 - pkg: mysql_packages
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]63 - watch_in:
64 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]65
66{%- endif %}
67
68/etc/mysql/cacert.pem:
69 file.managed:
70 {%- if server.ssl.cacert is defined %}
71 - contents_pillar: mysql:server:ssl:cacert
72 {%- else %}
73 - source: salt://pki/{{ server.ssl.authority }}/{{ server.ssl.authority }}-chain.cert.pem
74 {%- endif %}
Dzmitry Stremkouski21e90302018-10-22 14:18:18 +0200[diff] [blame]75 - mode: 644
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]76 - require:
77 - pkg: mysql_packages
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]78 - watch_in:
79 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]80
81{%- endif %}
82
83
84{%- if server.replication.role in ['master', 'both'] %}
85
86{{ server.replication.user }}:
87 mysql_user.present:
88 - host: '%'
89 - password: {{ server.replication.password }}
Andres Montalban8bd8bab2016-09-22 16:44:16 -0300[diff] [blame]90 - connection_user: {{ mysql_connection_args.user }}
91 - connection_pass: {{ mysql_connection_args.password }}
92 - connection_charset: {{ mysql_connection_args.charset }}
Martin Polreich6ca7c3f2017-08-30 15:07:57 +0200[diff] [blame]93 - watch:
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]94 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]95
96{{ server.replication.user }}_replication_grants:
97 mysql_grants.present:
98 - grant: replication slave
99 - database: '*.*'
100 - user: {{ server.replication.user }}
101 - host: '%'
Andres Montalban8bd8bab2016-09-22 16:44:16 -0300[diff] [blame]102 - connection_user: {{ mysql_connection_args.user }}
103 - connection_pass: {{ mysql_connection_args.password }}
104 - connection_charset: {{ mysql_connection_args.charset }}
Martin Polreich6ca7c3f2017-08-30 15:07:57 +0200[diff] [blame]105 - watch:
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]106 - service: mysql_service
Jakub Pavlikf4396652016-07-11 15:06:33 +0200[diff] [blame]107
108{%- endif %}
109
110{%- if server.replication.role in ['slave', 'both'] %}
111
112{%- if not salt['mysql.get_slave_status'] is defined %}
113
114{%- include "mysql/server/_connect_replication_slave.sls" %}
115
116{%- elif salt['mysql.get_slave_status']() == [] %}
117
118{%- include "mysql/server/_connect_replication_slave.sls" %}
119
120{%- else %}
121
122{%- if salt['mysql.get_slave_status']().get('Slave_SQL_Running', 'No') == 'Yes' and salt['mysql.get_slave_status']().get('Slave_IO_Running', 'No') == 'Yes' %}
123
124{%- else %}
125
126{%- include "mysql/server/_connect_replication_slave.sls" %}
127
128{%- endif %}
129
130{%- endif %}
131
132{%- endif %}
133
Filip Pytloun05784e02016-08-25 12:24:14 +0200[diff] [blame]134{%- endif %}