Add ssl suport for opencontrail api service Use ssl termination on haproxy Lb for OC 4.X version. OC API does not support TLS natively in versions <= 4.x Change-Id: Ic78fc33bc938b05ff390aeb0ba1a6d74227117e9 Related-PROD: PROD-29907

commit: 82bc440a5e7a4e5538dae950c5c5b4c955e65310 [log] [tgz]
author: Anton Samoylov <asamoylov@mirantis.com> Fri Jun 07 13:02:32 2019 +0400
committer: Anton Samoylov <asamoylov@mirantis.com> Wed Jul 17 12:18:29 2019 +0000
tree: 4d1553adadac6f0cc075d9630589258828576ba7
parent: db22484be5eb3820feed1e0d39601440ff4e9059 [diff] [blame]
diff --git a/salt/minion/cert/opencontrail/api.yml b/salt/minion/cert/opencontrail/api.yml
new file mode 100644
index 0000000..717fb33
--- /dev/null
+++ b/salt/minion/cert/opencontrail/api.yml

@@ -0,0 +1,17 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        opencontrail_api:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: opencontrail_api
+          signing_policy: cert_server
+          alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
+          key_file: ${_param:opencontrail_api_keyfile}
+          cert_file: ${_param:opencontrail_api_certfile}
+          ca_file: ${_param:opencontrail_api_cafile}
+          all_file: ${_param:opencontrail_api_all_pemfile}
+          user: contrail
+          enabled: true
+          engine: salt
commit	82bc440a5e7a4e5538dae950c5c5b4c955e65310	[log] [tgz]
author	Anton Samoylov <asamoylov@mirantis.com>	Fri Jun 07 13:02:32 2019 +0400
committer	Anton Samoylov <asamoylov@mirantis.com>	Wed Jul 17 12:18:29 2019 +0000
tree	4d1553adadac6f0cc075d9630589258828576ba7
parent	db22484be5eb3820feed1e0d39601440ff4e9059 [diff] [blame]