| salt_minion_ca_authority: salt_master_ca |
| mysql_keystone_client_ssl_key_file: /etc/keystone/ssl/mysql/client-key.pem |
| mysql_keystone_client_ssl_cert_file: /etc/keystone/ssl/mysql/client-cert.pem |
| mysql_keystone_ssl_ca_file: /etc/keystone/ssl/mysql/ca-cert.pem |
| enabled: ${_param:openstack_mysql_x509_enabled} |
| host: ${_param:salt_minion_ca_host} |
| authority: ${_param:salt_minion_ca_authority} |
| common_name: mysql-keystone-client |
| signing_policy: cert_client |
| IP:${_param:cluster_local_address}, |
| DNS:${_param:cluster_local_address}, |
| DNS:${linux:system:name}, |
| DNS:${linux:network:fqdn} |
| key_usage: "digitalSignature,nonRepudiation,keyEncipherment" |
| key_file: ${_param:mysql_keystone_client_ssl_key_file} |
| cert_file: ${_param:mysql_keystone_client_ssl_cert_file} |
| ca_file: ${_param:mysql_keystone_ssl_ca_file} |