| libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem |
| libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem |
| host: ${_param:salt_minion_ca_host} |
| authority: ${_param:salt_minion_ca_authority} |
| # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars |
| # Set CN without domain name to fit this requirement. |
| # FQDN is included into alternative names field. |
| common_name: ${linux:system:name} |
| signing_policy: cert_client |
| IP:${_param:cluster_local_address}, |
| DNS:${_param:cluster_local_address}, |
| DNS:${linux:system:name}, |
| DNS:${linux:network:fqdn} |
| key_usage: "digitalSignature,nonRepudiation,keyEncipherment" |
| key_file: ${_param:libvirtd_client_ssl_key_file} |
| cert_file: ${_param:libvirtd_client_ssl_cert_file} |
| ca_file: ${_param:libvirtd_ssl_ca_file} |