Explorar o código

Allow cert data to be stored in files instead in pillar.

  As cert files or chains are public data anyway, there's no harm on storing
  them in the gitroot hierarchy and thereby reducing the pillar size.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Maximilian Wilhelm %!s(int64=7) %!d(string=hai) anos
pai
achega
3f4d171f0b
Modificáronse 1 ficheiros con 4 adicións e 0 borrados
  1. 4 0
      certs/init.sls

+ 4 - 0
certs/init.sls

@@ -63,7 +63,11 @@ c_rehash:
   {% if pillar_name != None %}
 /etc/ssl/certs/{{ cn }}.cert.pem:
   file.managed:
+    {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
+    - source: salt://certs/certs/{{ cn }}.cert.pem
+    {% else %}
     - contents_pillar: {{ pillar_name }}:cert
+    {% endif %}
     - user: root
     - group: root
     - mode: 644