Browse Source

app/docker: TLS file modes

master
Sean Johnson 3 years ago
parent
commit
bf0ce392b1
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG Key ID: 9FA15B87469EA850
  1. 3
      app/docker/init.sls
  2. 38
      app/docker/tls.sls

3
app/docker/init.sls

@ -8,3 +8,6 @@ include:
- docker
- app.docker.pip_docker
- app.docker.config
{% if salt.pillar.get("docker:config:tlsverify", false) %}
- app.docker.tls
{% endif %}

38
app/docker/tls.sls

@ -0,0 +1,38 @@
---
{% set ssl_dir = salt.file.dirname(
salt.pillar.get("docker:config:tlscacert") or
salt.pillar.get("docker:config:tlscert") or
salt.pillar.get("docker:config:tlskey")
) %}
{% set cert_file = salt.pillar.get("docker:config:tlscert") %}
{% set ca_file = salt.pillar.get("docker:config:tlscacert") %}
{% set key_file = salt.pillar.get("docker:config:tlskey") %}
{{ ssl_dir }}:
file.directory:
- user: root
- group: docker
- dir_mode: 0750
- file_mode: 0660
{{ cert_file }}:
file.managed:
- user: root
- group: docker
- mode: 0660
- onlyif: "test -f {{ cert_file }}"
{{ key_file }}:
file.managed:
- user: root
- group: docker
- mode: 0660
- onlyif: "test -f {{ key_file }}"
{{ ca_file }}:
file.managed:
- user: root
- group: docker
- mode: 0660
- onlyif: "test -f {{ ca_file }}"
Loading…
Cancel
Save