commit 370356a93361fb84929e6d1a8e114b3817931788
author Ales Komarek <ales.komarek@tcpcloud.eu> Sat Apr 09 10:06:49 2016 +0200
committer Ales Komarek <ales.komarek@tcpcloud.eu> Sat Apr 09 10:06:49 2016 +0200
tree 843560fc17e57021c50ebb8361d37831188cd171
parent 9a9abb366b28ad7f24c42806576cc98580d2dc4d

PKI client cert paths

salt/minion/cert.sls

diff --git a/salt/minion/cert.sls b/salt/minion/cert.sls
index ebc97df..65958f7 100644
--- a/salt/minion/cert.sls
+++ b/salt/minion/cert.sls
@@ -1,27 +1,22 @@
 {%- from "salt/map.jinja" import minion with context %}
 {%- if minion.enabled %}
 
-include:
-- salt.minion.service
-
-{%- for cert_name,cert in minion.cert.iteritems() %}
+{%- for cert_name,cert in minion.get('cert', {}).iteritems() %}
 {%- set rowloop = loop %}
 
-ca_dir_{{ cert.authority }}_{{ loop.index }}:
-  file.directory:
-  - name: /etc/pki/cert/{{ cert.authority }}
-  - makedirs: true
-
-/etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key:
+/etc/ssl/private/{{ cert.common_name }}.key:
   x509.private_key_managed:
   - bits: 4096
 
-/etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.crt:
+/etc/ssl/certs/{{ cert.common_name }}.crt:
   x509.certificate_managed:
   - ca_server: {{ cert.host }}
   - signing_policy: {{ cert.authority }}_{{ cert.signing_policy }}
-  - public_key: /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key
+  - public_key: /etc/ssl/private/{{ cert.common_name }}.key
   - CN: {{ cert.common_name }}
+  {%- if cert.alternative_names is defined %}
+  - subjectAltName: {{ cert.alternative_names }}
+  {%- endif %}
   - days_remaining: 30
   - backup: True
 
@@ -31,7 +26,7 @@
 
 ca_cert_{{ cert.authority }}_{{ rowloop.index }}:
   x509.pem_managed:
-  - name: /etc/pki/cert/{{ cert.authority }}/ca.crt
+  - name: /etc/ssl/certs/ca-{{ cert.authority }}.crt
   - text: {{ ca_cert|replace('\n', '') }}
 
 {%- endif %}

tests/pillar/minion_pki_cert.sls

diff --git a/tests/pillar/minion_pki_cert.sls b/tests/pillar/minion_pki_cert.sls
index 2059810..028742f 100644
--- a/tests/pillar/minion_pki_cert.sls
+++ b/tests/pillar/minion_pki_cert.sls
@@ -7,6 +7,7 @@
         signing_policy: cert_server
         authority: Company CA
         common_name: test.server.domain.tld
+        alternative_names: DNS:www1.server.domain.tld,DNS:www2.server.domain.tld,IP:1.2.3.4,IP:2.3.4.5
       test_client:
         host: minion.with.ca
         signing_policy: cert_client
@@ -16,4 +17,4 @@
         host: minion.with.ca
         signing_policy: ca_edge
         authority: Company CA
-        common_name: test.ca.domain.tld
+        common_name: test.ca.domain.tld
\ No newline at end of file