Kaynağa Gözat

Allow cert data to be stored in files instead in pillar.

  As cert files or chains are public data anyway, there's no harm on storing
  them in the gitroot hierarchy and thereby reducing the pillar size.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Maximilian Wilhelm 7 yıl önce
ebeveyn
işleme
3f4d171f0b
1 değiştirilmiş dosya ile 4 ekleme ve 0 silme
  1. 4 0
      certs/init.sls

+ 4 - 0
certs/init.sls

@@ -63,7 +63,11 @@ c_rehash:
   {% if pillar_name != None %}
 /etc/ssl/certs/{{ cn }}.cert.pem:
   file.managed:
+    {% if salt['pillar.get'](pillar_name ~ ':cert') == "file" %}
+    - source: salt://certs/certs/{{ cn }}.cert.pem
+    {% else %}
     - contents_pillar: {{ pillar_name }}:cert
+    {% endif %}
     - user: root
     - group: root
     - mode: 644