0

I have create mysql user using SaltStack but it does not include SSL.

My salt code:

{{ pillar['mysql_user'] }}:
  mysql_user.present:
    - host: "{{ mysql_bind_address }}"
    - password: "{{ pillar['db_password'] }}"
    - connection_user: root
    - connection_pass: "{{ pillar['mysql_root_password'] }}"
    - connection_charset: utf8
  mysql_grants.present:
    - grant: TRIGGER, INSERT, UPDATE, DELETE
    - database: mydatabase.*
    - user: {{ pillar['mysql_user'] }}
    - host: "{{ mysql_bind_address }}"
    - ssl_option:
      - SSL: True

It creates normal mysql user but it does not require SSL for login.

Is there anything else I need to do or this is bug in salt and I cannot use salt for this?

Thank you

iWizard
  • 398
  • 2
  • 10
  • 26
  • I think this is a bug in mysql, I found this post: http://www.chriscalender.com/tag/require-ssl/ – iWizard Jun 23 '17 at 10:04

1 Answers1

0

Looks like a bug in salt.

If you run it with a different order when the user doesn't exist yet, then REQUIRE SSL is correctly applied:

my_user@my_host:
  mysql_grants.present:
    - grant: USAGE
    - database: '*.*'
    - user: my_user
    - host: my_host
    - ssl_option:
      - SSL: true
  mysql_user.present:
    - name: my_user
    - host: my_host
    - password: my_password
    - connection_user: root
    - connection_pass: my_password
    - connection_host: localhost
    - connection_unix_socket: /var/run/mysqld/mysqld.sock
    - connection_charset: utf8
ProT-0-TypE
  • 491
  • 4
  • 8