Reusable certificates - store cert under /srv/salt/pki - isolate certs per cluster name - reclass overrides (openstack, wildcard)

commit: 2a75c3b019cc157e0bd74af3876c1bb5dbc1e737 [log] [tgz]
author: Petr Michalec <epcim@apealive.net> Tue Mar 21 13:40:12 2017 +0100
committer: Petr Michalec <epcim@apealive.net> Wed Mar 22 15:08:38 2017 +0100
tree: 55008b7d1566c410f35d7e2fca76e055d8755295
parent: ecd14b0e06a6d63358acafe7ff60c237e27b604c [diff] [blame]
diff --git a/salt/minion/cert/ceph/openstack.yml b/salt/minion/cert/ceph/openstack.yml
new file mode 100644
index 0000000..664352d
--- /dev/null
+++ b/salt/minion/cert/ceph/openstack.yml

@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.ceph
+parameters:
+  _param:
+    salt_pki_ceph_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
+  salt:
+    minion:
+      cert:
+        ceph:
+          common_name: ceph
+          alternative_names: IP:127.0.0.1,${_param:salt_pki_ceph_alt_names}
commit	2a75c3b019cc157e0bd74af3876c1bb5dbc1e737	[log] [tgz]
author	Petr Michalec <epcim@apealive.net>	Tue Mar 21 13:40:12 2017 +0100
committer	Petr Michalec <epcim@apealive.net>	Wed Mar 22 15:08:38 2017 +0100
tree	55008b7d1566c410f35d7e2fca76e055d8755295
parent	ecd14b0e06a6d63358acafe7ff60c237e27b604c [diff] [blame]