Merge "Add opecontrail.upgade.verify state"
diff --git a/opencontrail/files/3.0/contrail-control.conf b/opencontrail/files/3.0/contrail-control.conf
index ef85dc4..cfcc314 100644
--- a/opencontrail/files/3.0/contrail-control.conf
+++ b/opencontrail/files/3.0/contrail-control.conf
@@ -25,7 +25,12 @@
log_level=SYS_NOTICE
log_local=1
# test_mode=0
-# xmpp_server_port=5269
+{%- if pillar.get('salt', {}).get('minion', {}).get('cert', {}).opencontrail_xmpp is defined %}
+xmpp_auth_enable=true
+xmpp_server_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('cert_file', '/etc/contrail/ssl/certs/server.pem') }}
+xmpp_server_key={{ pillar.salt.minion.cert.opencontrail_xmpp.get('key_file', '/etc/contrail/ssl/private/server-privkey.pem') }}
+xmpp_ca_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('ca_file', '/etc/contrail/ssl/certs/ca-cert.pem') }}
+{%- endif %}
[DISCOVERY]
# port=5998
diff --git a/opencontrail/files/3.0/contrail-vrouter-agent.conf b/opencontrail/files/3.0/contrail-vrouter-agent.conf
index e0104b5..b7e861e 100644
--- a/opencontrail/files/3.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/3.0/contrail-vrouter-agent.conf
@@ -91,6 +91,13 @@
gateway_mode={{ compute.gateway_mode }}
{%- endif %}
+{%- if pillar.get('salt', {}).get('minion', {}).get('cert', {}).opencontrail_xmpp is defined %}
+xmpp_auth_enable=true
+xmpp_server_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('cert_file', '/etc/contrail/ssl/certs/server.pem') }}
+xmpp_server_key={{ pillar.salt.minion.cert.opencontrail_xmpp.get('key_file', '/etc/contrail/ssl/private/server-privkey.pem') }}
+xmpp_ca_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('ca_file', '/etc/contrail/ssl/certs/ca-cert.pem') }}
+{%- endif %}
+
[DISCOVERY]
# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
# mandatory. Else this section is optional
diff --git a/opencontrail/files/4.0/contrail-control.conf b/opencontrail/files/4.0/contrail-control.conf
index 23a39f6..19bf68b 100644
--- a/opencontrail/files/4.0/contrail-control.conf
+++ b/opencontrail/files/4.0/contrail-control.conf
@@ -27,11 +27,12 @@
log_level=SYS_NOTICE
log_local=1
# test_mode=0
-# xmpp_server_port=5269
-# xmpp_auth_enable=0
-# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem
-# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem
-# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+{%- if pillar.get('salt', {}).get('minion', {}).get('cert', {}).opencontrail_xmpp is defined %}
+xmpp_auth_enable=true
+xmpp_server_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('cert_file', '/etc/contrail/ssl/certs/server.pem') }}
+xmpp_server_key={{ pillar.salt.minion.cert.opencontrail_xmpp.get('key_file', '/etc/contrail/ssl/private/server-privkey.pem') }}
+xmpp_ca_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('ca_file', '/etc/contrail/ssl/certs/ca-cert.pem') }}
+{%- endif %}
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
diff --git a/opencontrail/files/4.0/contrail-vrouter-agent.conf b/opencontrail/files/4.0/contrail-vrouter-agent.conf
index e4ad418..c4a16aa 100644
--- a/opencontrail/files/4.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/4.0/contrail-vrouter-agent.conf
@@ -88,11 +88,12 @@
# sandesh_send_rate_limit=
# Enable/Disable SSL based XMPP Authentication
-# xmpp_auth_enable=false
-# xmpp_dns_auth_enable=false
-# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem
-# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem
-# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem
+{%- if pillar.get('salt', {}).get('minion', {}).get('cert', {}).opencontrail_xmpp is defined %}
+xmpp_auth_enable=true
+xmpp_server_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('cert_file', '/etc/contrail/ssl/certs/server.pem') }}
+xmpp_server_key={{ pillar.salt.minion.cert.opencontrail_xmpp.get('key_file', '/etc/contrail/ssl/private/server-privkey.pem') }}
+xmpp_ca_cert={{ pillar.salt.minion.cert.opencontrail_xmpp.get('ca_file', '/etc/contrail/ssl/certs/ca-cert.pem') }}
+{%- endif %}
# Gateway mode : can be server/ vcpe (default is none)
# gateway_mode=