Switch gerrit on TLS/HTTPS scheme Change-Id: Iab612994039e8e8527ac14dd9144e8ab0d12db80 Related-Prod: PROD-27542 (PROD:27542)

commit: 5a05161a8d07a2658b57d119eaa49125311fea64 [log] [tgz]
author: Denis Egorenko <degorenko@mirantis.com> Wed Jun 05 15:10:20 2019 +0400
committer: Denis Egorenko <degorenko@mirantis.com> Thu Jun 13 07:49:15 2019 +0000
tree: 85426d11fc8a76474cd61bc5766997ecc1e7c67c
parent: 7e5d0406613c93d3f1f5615937bcd3744bd43134 [diff] [blame]
diff --git a/salt/minion/cert/proxy/drivetrain_ssl.yml b/salt/minion/cert/proxy/drivetrain_ssl.yml
new file mode 100644
index 0000000..ac32e90
--- /dev/null
+++ b/salt/minion/cert/proxy/drivetrain_ssl.yml

@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        gerrit:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: drivetrain
+          signing_policy: cert_server
+          alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, DNS:${_param:cicd_control_address}, IP:${_param:control_vip_address}"
+          key_file: /etc/haproxy/ssl/drivetrain.key
+          cert_file: /etc/haproxy/ssl/drivetrain.crt
+          ca_file: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
+          all_file: /etc/haproxy/ssl/drivetrain.pem
+          user: root
+          group: haproxy
+          mode: 640
+          enabled: true
commit	5a05161a8d07a2658b57d119eaa49125311fea64	[log] [tgz]
author	Denis Egorenko <degorenko@mirantis.com>	Wed Jun 05 15:10:20 2019 +0400
committer	Denis Egorenko <degorenko@mirantis.com>	Thu Jun 13 07:49:15 2019 +0000
tree	85426d11fc8a76474cd61bc5766997ecc1e7c67c
parent	7e5d0406613c93d3f1f5615937bcd3744bd43134 [diff] [blame]