Add salt master's CA into system CA bundle
Change-Id: I89cec95e87db52fd59a84d57c485d8c938711ef3
diff --git a/salt/minion/cert.sls b/salt/minion/cert.sls
index 4bd9cde..31ffd00 100644
--- a/salt/minion/cert.sls
+++ b/salt/minion/cert.sls
@@ -97,6 +97,27 @@
- watch:
- x509: {{ ca_file }}
+{%- if grains.os_family == 'Debian' %}
+
+salt_ca_certificates_packages:
+ pkg.installed:
+ - name: ca-certificates
+
+{{ ca_file }}_{{ rowloop.index }}_debian_symlink:
+ file.symlink:
+ - name: "/usr/local/share/ca-certificates/ca-{{ cert.authority }}.crt"
+ - target: {{ ca_file }}
+ - watch_in:
+ - cmd: salt_update_certificates
+ - require:
+ - pkg: salt_ca_certificates_packages
+
+salt_update_certificates:
+ cmd.wait:
+ - name: update-ca-certificates
+
+{%- endif %}
+
{%- endif %}
{%- endfor %}