Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / barbican / refs/heads/release/2018.2.0 / . / tests / pillar / ssl.sls
blob: b8b1398b3906d9b48817e04813b423d6aaa07781 [file] [log] [blame]
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]1barbican:
2 server:
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]3 enabled: true
4 version: ocata
5 host_href: ''
6 is_proxied: true
7 dogtag_admin_cert:
8 engine: manual
9 key: 'some dogtag key'
10 plugin:
11 simple_crypto:
12 kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY="
13 p11_crypto:
14 library_path: '/usr/lib/libCryptoki2_64.so'
15 login: 'mypassword'
16 mkek_label: 'an_mkek'
17 mkek_length: 32
18 hmac_label: 'my_hmac_label'
19 kmip:
20 username: 'admin'
21 password: 'password'
22 host: localhost
23 port: 5696
24 keyfile: '/path/to/certs/cert.key'
25 certfile: '/path/to/certs/cert.crt'
26 ca_certs: '/path/to/certs/LocalCA.crt'
27 dogtag:
28 pem_path: '/etc/barbican/kra_admin_cert.pem'
29 dogtag_host: localhost
30 dogtag_port: 8443
31 nss_db_path: '/etc/barbican/alias'
32 nss_db_path_ca: '/etc/barbican/alias-ca'
33 nss_password: 'password123'
34 simple_cmc_profile: 'caOtherCert'
35 ca_expiration_time: 1
36 plugin_working_dir: '/etc/barbican/dogtag'
37 store:
38 software:
39 crypto_plugin: simple_crypto
40 store_plugin: store_crypto
41 global_default: True
42 kmip:
43 store_plugin: kmip_plugin
44 dogtag:
45 store_plugin: dogtag_crypto
46 pkcs11:
47 store_plugin: store_crypto
48 crypto_plugin: p11_crypto
49 database:
50 engine: "mysql+pymysql"
51 host: 10.0.106.20
52 port: 3306
53 name: barbican
54 user: barbican
55 password: password
Oleksandr Shyshko6ccbafa2018-09-11 13:04:36 +0300[diff] [blame]56 x509:
57 enabled: True
58 ca_file: /etc/barbican/ssl/mysql/ca-cert.pem
59 key_file: /etc/barbican/ssl/mysql/client-key.pem
60 cert_file: /etc/barbican/ssl/mysql/client-cert.pem
61 cacert: |
62 -----BEGIN CERTIFICATE-----
63 MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
64 -----END CERTIFICATE-----
65 cert: |
66 -----BEGIN CERTIFICATE-----
67 MIIGSjCCBDKgAwIBAgIJAIHRPs2rZbLvMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
68 -----END CERTIFICATE-----
69 key: |
70 -----BEGIN RSA PRIVATE KEY-----
71 MIIJKQIBAAKCAgEAq0m4kOIITliYea07yJnlSRNY0o6NaykiteSfHGauiub4lNQJ
72 -----END RSA PRIVATE KEY-----
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]73 ssl:
74 enabled: True
Oleksandr Shyshko6ccbafa2018-09-11 13:04:36 +0300[diff] [blame]75 cacert_file: /etc/barbican/ssl/mysql/ca-cert.pem
76 cacert: |
77 -----BEGIN CERTIFICATE-----
78 MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
79 -----END CERTIFICATE-----
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]80 bind:
81 address: 10.0.106.20
82 port: 9311
83 admin_port: 9312
84 identity:
85 engine: keystone
86 host: 10.0.106.20
87 port: 35357
88 domain: default
89 tenant: service
90 user: barbican
91 password: password
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]92 message_queue:
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]93 engine: rabbitmq
94 user: openstack
95 password: password
96 virtual_host: '/openstack'
97 members:
98 - host: 10.10.10.10
99 port: 5672
100 - host: 10.10.10.11
101 port: 5672
102 - host: 10.10.10.12
103 port: 5672
Kirill Bespalov95aa8022017-10-31 16:35:06 +0300[diff] [blame]104 port: 5671
105 ssl:
106 # Case #1: specify cacert file and ca cert body explicitly
107 enabled: True
108 cacert_file: /etc/barbican/ssl/rabbitmq_cacert.pem
109 cacert: |
110 -----BEGIN CERTIFICATE-----
111 MIIF0TCCA7mgAwIBAgIJAMHIQpWZYGDTMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
112 BAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0GA1UEBwwGUHJhZ3Vl
113 MREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MTQxMTI2MDdaFw0yNzA4MTIxMTI2
114 MDdaMEoxCzAJBgNVBAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0G
115 A1UEBwwGUHJhZ3VlMREwDwYDVQQKDAhNaXJhbnRpczCCAiIwDQYJKoZIhvcNAQEB
116 BQADggIPADCCAgoCggIBAL596jeUmim5bo0J52vPylX8xZOCaCvW9wlSYbk143dU
117 x7sqlAbPePvN6jj44BrYV01F4rCn9uxuaFLrbjF4rUDp81F0yMqghwyLmlTgJBOq
118 AMNiEtrBUwmenJPuM55IYeO9OFbPeBvZyqKy2IG18GbK35QE85rOgaEfgDIkVeV9
119 yNB8b+yftn3ebRZCceU5lx/o+w2eQkuyloy1F5QC7U2MhGF2ekLX79s8x+LNlbiO
120 EF1D/FWFor3HY9DwNlg7U99mVID2Bj8lPPt4dW8JDMKkghh+S797l3H6RYKHhIvs
121 wi+50ljhk5nHl+qCooGKuGZ2WokrGXWkoDfrrpl//7FFRPwauoU/akDVfoWYffqx
122 jnvlQFkAlI3S5F/vwJGI1JGvPv5p5uRxPJEeMI0Sp9bVrznHGCgaJyY+vIBoZCwS
123 i0t16gsgeezcu44Y65crv4XNOBKOS+KqvMwdzzukOj9YsYwNnlLly0VvTEdxTwwI
124 7NopRglUQrLusjZ5wwe23kf07xVxC98e1LRQzR5oEAUKkDrQzjmXBfcV92GrE3s7
125 1L4dvfXUE1mVxabhBCoS6kO3JQGPK+1LJDIs/F0uVVtOy/oz6mIdV2scCteFRAbm
126 BhfEoVbaYNlUxlNGno2I/HEep4P0DrFPQi0ZmGfvNO6t3EvTSnWcsUL9h55wZ3Pl
127 AgMBAAGjgbkwgbYwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
128 FN2inIsMteL9vxR8Lo0yHI+4KaDGMHoGA1UdIwRzMHGAFN2inIsMteL9vxR8Lo0y
129 HI+4KaDGoU6kTDBKMQswCQYDVQQGEwJjejEXMBUGA1UEAwwOU2FsdCBNYXN0ZXIg
130 Q0ExDzANBgNVBAcMBlByYWd1ZTERMA8GA1UECgwITWlyYW50aXOCCQDByEKVmWBg
131 0zANBgkqhkiG9w0BAQsFAAOCAgEAq8yv5IZWHyZuySpe85GCfdn4VFfSw6O1tdOZ
132 7PnCNGqkLie3D0X5VIymDkEwSGrvRtAKvtRajej/1/T2lNJNzQaqQObMK9UpXMmu
133 g0qjAjYjbYMRS+4V1FJiyxxqyvE//XO+Jznj3jnF6IDnTYJp3tCUswvUYRSpAErP
134 CwtvBLzPhF9t3W+ElcrgM7UNDPRoVlun0q6FH4WAAKuuqXfJaEbe9XrkR+cBlP4O
135 7utdveEREw0cONoFtHM/yVwb9ovaitMEA/b6qH286cJ59zXJbhMe7+n9dFlMnAAh
136 WfayyLzlaOjxicGMPcmUMRh9n8fml7bR3mekL1BGZt451kH3+FSfjPpF3hqVqb3c
137 8LZsCrD10UYUOOQ1zyE8YaeQ6UgNW7LFJlngvNLAZKxRupc0FNGgDTMr8sgdBBeR
138 gH0cp+h4mDusEzYpaPIqci5+UOMelK/SMIYzMtD1ogZp/c9qIGh5nXwRkspHGrtk
139 ay6yizlPyY4QS1dOD/8nhGRbp5OQF1o5ZUtXlnaFHeLK7zl9iddqSvBVUNFdpDz+
140 uVYHAw4O2T7J7ge+gGgmjRPQjW1+O+jFWlSkO+7iFjdIOTZ6tpqYEglh0khgM8b5
141 V0MAVuww51/1DqirRG6Ge/3Sw44eDZID22jjCwLrDH0GSX76cDTe6Bx/WS0Wg7y/
142 /86PB1o=
143 -----END CERTIFICATE-----
Martin Polreichb9481722018-01-22 12:08:23 +0100[diff] [blame]144 cache:
145 members:
146 - host: 10.10.10.10
147 port: 11211
148 - host: 10.10.10.11
149 port: 11211
150 - host: 10.10.10.12
151 port: 11211
Vasyl Saienko88bc10b2018-03-03 04:22:03 +0200[diff] [blame]152apache:
153 server:
154 enabled: true
155 default_mpm: event
156 mpm:
157 prefork:
158 enabled: true
159 servers:
160 start: 5
161 spare:
162 min: 2
163 max: 10
164 max_requests: 0
165 max_clients: 20
166 limit: 20
167 site:
168 barbican:
169 enabled: false
170 available: true
171 type: wsgi
172 name: barbican
173 wsgi:
174 daemon_process: barbican-api
175 processes: 3
176 threads: 10
177 user: barbican
178 group: barbican
179 display_name: '%{GROUP}'
180 script_alias: '/ /usr/bin/barbican-wsgi-api'
181 application_group: '%{GLOBAL}'
182 authorization: 'On'
183 host:
184 address: 127.0.0.1
185 name: 127.0.0.1
186 port: 9311
187 barbican_admin:
188 enabled: false
189 available: true
190 type: wsgi
191 name: barbican_admin
192 wsgi:
193 daemon_process: barbican-api-admin
194 processes: 3
195 threads: 10
196 user: barbican
197 group: barbican
198 display_name: '%{GROUP}'
199 script_alias: '/ /usr/bin/barbican-wsgi-api'
200 application_group: '%{GLOBAL}'
201 authorization: 'On'
202 host:
203 address: 127.0.0.1
204 name: 127.0.0.1
205 port: 9312