Global trust for SaltCA, distribute ca.crt
diff --git a/tests/pillar/minion_pki_ca.sls b/tests/pillar/minion_pki_ca.sls
index 453d1f7..935014b 100644
--- a/tests/pillar/minion_pki_ca.sls
+++ b/tests/pillar/minion_pki_ca.sls
@@ -2,8 +2,8 @@
minion:
enabled: true
ca:
- vagrant:
- common_name: Test CA
+ salt-ca-default:
+ common_name: Test CA Default
country: Czech
state: Prague
locality: Zizkov
@@ -23,3 +23,24 @@
ca_intermediate:
type: v3_intermediate_ca
minions: '*'
+ salt-ca-test:
+ common_name: Test CA Testing
+ country: Czech
+ state: Prague
+ locality: Karlin
+ days_valid:
+ authority: 3650
+ certificate: 90
+ signing_policy:
+ cert_server:
+ type: v3_edge_cert_server
+ minions: '*'
+ cert_client:
+ type: v3_edge_cert_client
+ minions: '*'
+ ca_edge:
+ type: v3_edge_ca
+ minions: '*'
+ ca_intermediate:
+ type: v3_intermediate_ca
+ minions: '*'
diff --git a/tests/pillar/minion_pki_cert.sls b/tests/pillar/minion_pki_cert.sls
new file mode 100644
index 0000000..14b0194
--- /dev/null
+++ b/tests/pillar/minion_pki_cert.sls
@@ -0,0 +1,59 @@
+salt:
+ #master:
+ # enabled: true
+ # accept_policy:
+ # open_mode
+ # peer:
+ # '.*':
+ # - x509.sign_remote_certificate
+ minion:
+ enabled: true
+ cert:
+ ceph_cert:
+ alternative_names:
+ IP:127.0.0.1,DNS:salt.ci.local,DNS:ceph.ci.local,DNS:radosgw.ci.local,DNS:swift.ci.local
+ cert_file:
+ /srv/salt/pki/ci/ceph.ci.local.crt
+ common_name:
+ ceph_mon.ci.local
+ key_file:
+ /srv/salt/pki/ci/ceph.ci.local.key
+ country: CZ
+ state: Prague
+ locality: Karlin
+ signing_cert:
+ /etc/pki/ca/salt-ca-test/ca.crt
+ signing_private_key:
+ /etc/pki/ca/salt-ca-test/ca.key
+ # Kitchen-Salt CI trigger `salt-call --local`, below attributes
+ # can't be used as there is no required SaltMaster connectivity
+ authority:
+ salt-ca-test
+ #host:
+ # salt.ci.local
+ #signing_policy:
+ # cert_server
+ proxy_cert:
+ alternative_names:
+ IP:127.0.0.1,DNS:salt.ci.local,DNS:proxy.ci.local
+ cert_file:
+ /srv/salt/pki/ci/prx.ci.local.crt
+ common_name:
+ prx.ci.local
+ key_file:
+ /srv/salt/pki/ci/prx.ci.local.key
+ country: CZ
+ state: Prague
+ locality: Zizkov
+ signing_cert:
+ /etc/pki/ca/salt-ca-default/ca.crt
+ signing_private_key:
+ /etc/pki/ca/salt-ca-default/ca.key
+ # Kitchen-Salt CI trigger `salt-call --local`, below attributes
+ # can't be used as there is no required SaltMaster connectivity
+ authority:
+ salt-ca-default
+ #host:
+ # salt.ci.local
+ #signing_policy:
+ # cert_server
diff --git a/tests/pillar/minion_pki_cert_extended.sls b/tests/pillar/minion_pki_cert_extended.sls
new file mode 100644
index 0000000..f395bf7
--- /dev/null
+++ b/tests/pillar/minion_pki_cert_extended.sls
@@ -0,0 +1,45 @@
+salt:
+ #master:
+ # enabled: true
+ # accept_policy:
+ # open_mode
+ # peer:
+ # .*:
+ # - x509.sign_remote_certificate
+ minion:
+ enabled: true
+ cert:
+ ceph_cert:
+ all_file:
+ /srv/salt/pki/ci/ceph-with-key.ci.local.pem
+ alternative_names:
+ IP:127.0.0.1,DNS:salt.ci.local,DNS:ceph.ci.local,DNS:radosgw.ci.local,DNS:swift.ci.local
+ cert_file:
+ /srv/salt/pki/ci/ceph.ci.local.crt
+ common_name:
+ ceph_mon.ci.local
+ key_file:
+ /srv/salt/pki/ci/ceph.ci.local.key
+ authority:
+ salt-ca-test
+ host:
+ salt.ci.local
+ signing_policy:
+ cert_server
+ proxy_cert:
+ all_file:
+ /srv/salt/pki/ci/prx-with-key.ci.local.pem
+ alternative_names:
+ IP:127.0.0.1,DNS:salt.ci.local,DNS:proxy.ci.local
+ cert_file:
+ /srv/salt/pki/ci/prx.ci.local.crt
+ common_name:
+ prx.ci.local
+ key_file:
+ /srv/salt/pki/ci/prx.ci.local.key
+ authority:
+ salt-ca-default
+ host:
+ salt.ci.local
+ signing_policy:
+ cert_server