Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / barbican / 88bc10bc022945400be35b5677627787f874b6fb / . / tests / pillar / ssl.sls
blob: f3799df31ea4325964370a28b0c81146e48a8b65 [file] [log] [blame]
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]1barbican:
2 server:
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]3 enabled: true
4 version: ocata
5 host_href: ''
6 is_proxied: true
7 dogtag_admin_cert:
8 engine: manual
9 key: 'some dogtag key'
10 plugin:
11 simple_crypto:
12 kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
13 p11_crypto:
14 library_path: '/usr/lib/libCryptoki2_64.so'
15 login: 'mypassword'
16 mkek_label: 'an_mkek'
17 mkek_length: 32
18 hmac_label: 'my_hmac_label'
19 kmip:
20 username: 'admin'
21 password: 'password'
22 host: localhost
23 port: 5696
24 keyfile: '/path/to/certs/cert.key'
25 certfile: '/path/to/certs/cert.crt'
26 ca_certs: '/path/to/certs/LocalCA.crt'
27 dogtag:
28 pem_path: '/etc/barbican/kra_admin_cert.pem'
29 dogtag_host: localhost
30 dogtag_port: 8443
31 nss_db_path: '/etc/barbican/alias'
32 nss_db_path_ca: '/etc/barbican/alias-ca'
33 nss_password: 'password123'
34 simple_cmc_profile: 'caOtherCert'
35 ca_expiration_time: 1
36 plugin_working_dir: '/etc/barbican/dogtag'
37 store:
38 software:
39 crypto_plugin: simple_crypto
40 store_plugin: store_crypto
41 global_default: True
42 kmip:
43 store_plugin: kmip_plugin
44 dogtag:
45 store_plugin: dogtag_crypto
46 pkcs11:
47 store_plugin: store_crypto
48 crypto_plugin: p11_crypto
49 database:
50 engine: "mysql+pymysql"
51 host: 10.0.106.20
52 port: 3306
53 name: barbican
54 user: barbican
55 password: password
56 ssl:
57 enabled: True
58 bind:
59 address: 10.0.106.20
60 port: 9311
61 admin_port: 9312
62 identity:
63 engine: keystone
64 host: 10.0.106.20
65 port: 35357
66 domain: default
67 tenant: service
68 user: barbican
69 password: password
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]70 message_queue:
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]71 engine: rabbitmq
72 user: openstack
73 password: password
74 virtual_host: '/openstack'
75 members:
76 - host: 10.10.10.10
77 port: 5672
78 - host: 10.10.10.11
79 port: 5672
80 - host: 10.10.10.12
81 port: 5672
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]82 port: 5671
83 ssl:
84 # Case #1: specify cacert file and ca cert body explicitly
85 enabled: True
86 cacert_file: /etc/barbican/ssl/rabbitmq_cacert.pem
87 cacert: |
88 -----BEGIN CERTIFICATE-----
89 MIIF0TCCA7mgAwIBAgIJAMHIQpWZYGDTMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
90 BAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0GA1UEBwwGUHJhZ3Vl
91 MREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MTQxMTI2MDdaFw0yNzA4MTIxMTI2
92 MDdaMEoxCzAJBgNVBAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0G
93 A1UEBwwGUHJhZ3VlMREwDwYDVQQKDAhNaXJhbnRpczCCAiIwDQYJKoZIhvcNAQEB
94 BQADggIPADCCAgoCggIBAL596jeUmim5bo0J52vPylX8xZOCaCvW9wlSYbk143dU
95 x7sqlAbPePvN6jj44BrYV01F4rCn9uxuaFLrbjF4rUDp81F0yMqghwyLmlTgJBOq
96 AMNiEtrBUwmenJPuM55IYeO9OFbPeBvZyqKy2IG18GbK35QE85rOgaEfgDIkVeV9
97 yNB8b+yftn3ebRZCceU5lx/o+w2eQkuyloy1F5QC7U2MhGF2ekLX79s8x+LNlbiO
98 EF1D/FWFor3HY9DwNlg7U99mVID2Bj8lPPt4dW8JDMKkghh+S797l3H6RYKHhIvs
99 wi+50ljhk5nHl+qCooGKuGZ2WokrGXWkoDfrrpl//7FFRPwauoU/akDVfoWYffqx
100 jnvlQFkAlI3S5F/vwJGI1JGvPv5p5uRxPJEeMI0Sp9bVrznHGCgaJyY+vIBoZCwS
101 i0t16gsgeezcu44Y65crv4XNOBKOS+KqvMwdzzukOj9YsYwNnlLly0VvTEdxTwwI
102 7NopRglUQrLusjZ5wwe23kf07xVxC98e1LRQzR5oEAUKkDrQzjmXBfcV92GrE3s7
103 1L4dvfXUE1mVxabhBCoS6kO3JQGPK+1LJDIs/F0uVVtOy/oz6mIdV2scCteFRAbm
104 BhfEoVbaYNlUxlNGno2I/HEep4P0DrFPQi0ZmGfvNO6t3EvTSnWcsUL9h55wZ3Pl
105 AgMBAAGjgbkwgbYwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
106 FN2inIsMteL9vxR8Lo0yHI+4KaDGMHoGA1UdIwRzMHGAFN2inIsMteL9vxR8Lo0y
107 HI+4KaDGoU6kTDBKMQswCQYDVQQGEwJjejEXMBUGA1UEAwwOU2FsdCBNYXN0ZXIg
108 Q0ExDzANBgNVBAcMBlByYWd1ZTERMA8GA1UECgwITWlyYW50aXOCCQDByEKVmWBg
109 0zANBgkqhkiG9w0BAQsFAAOCAgEAq8yv5IZWHyZuySpe85GCfdn4VFfSw6O1tdOZ
110 7PnCNGqkLie3D0X5VIymDkEwSGrvRtAKvtRajej/1/T2lNJNzQaqQObMK9UpXMmu
111 g0qjAjYjbYMRS+4V1FJiyxxqyvE//XO+Jznj3jnF6IDnTYJp3tCUswvUYRSpAErP
112 CwtvBLzPhF9t3W+ElcrgM7UNDPRoVlun0q6FH4WAAKuuqXfJaEbe9XrkR+cBlP4O
113 7utdveEREw0cONoFtHM/yVwb9ovaitMEA/b6qH286cJ59zXJbhMe7+n9dFlMnAAh
114 WfayyLzlaOjxicGMPcmUMRh9n8fml7bR3mekL1BGZt451kH3+FSfjPpF3hqVqb3c
115 8LZsCrD10UYUOOQ1zyE8YaeQ6UgNW7LFJlngvNLAZKxRupc0FNGgDTMr8sgdBBeR
116 gH0cp+h4mDusEzYpaPIqci5+UOMelK/SMIYzMtD1ogZp/c9qIGh5nXwRkspHGrtk
117 ay6yizlPyY4QS1dOD/8nhGRbp5OQF1o5ZUtXlnaFHeLK7zl9iddqSvBVUNFdpDz+
118 uVYHAw4O2T7J7ge+gGgmjRPQjW1+O+jFWlSkO+7iFjdIOTZ6tpqYEglh0khgM8b5
119 V0MAVuww51/1DqirRG6Ge/3Sw44eDZID22jjCwLrDH0GSX76cDTe6Bx/WS0Wg7y/
120 /86PB1o=
121 -----END CERTIFICATE-----
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]122 cache:
123 members:
124 - host: 10.10.10.10
125 port: 11211
126 - host: 10.10.10.11
127 port: 11211
128 - host: 10.10.10.12
129 port: 11211
Vasyl Saienko88bc10b2018-03-03 04:22:03 +0200[diff] [blame^]130apache:
131 server:
132 enabled: true
133 default_mpm: event
134 mpm:
135 prefork:
136 enabled: true
137 servers:
138 start: 5
139 spare:
140 min: 2
141 max: 10
142 max_requests: 0
143 max_clients: 20
144 limit: 20
145 site:
146 barbican:
147 enabled: false
148 available: true
149 type: wsgi
150 name: barbican
151 wsgi:
152 daemon_process: barbican-api
153 processes: 3
154 threads: 10
155 user: barbican
156 group: barbican
157 display_name: '%{GROUP}'
158 script_alias: '/ /usr/bin/barbican-wsgi-api'
159 application_group: '%{GLOBAL}'
160 authorization: 'On'
161 host:
162 address: 127.0.0.1
163 name: 127.0.0.1
164 port: 9311
165 barbican_admin:
166 enabled: false
167 available: true
168 type: wsgi
169 name: barbican_admin
170 wsgi:
171 daemon_process: barbican-api-admin
172 processes: 3
173 threads: 10
174 user: barbican
175 group: barbican
176 display_name: '%{GROUP}'
177 script_alias: '/ /usr/bin/barbican-wsgi-api'
178 application_group: '%{GLOBAL}'
179 authorization: 'On'
180 host:
181 address: 127.0.0.1
182 name: 127.0.0.1
183 port: 9312