Merge "Adding var for cvp-shaker image"
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index d9be1a5..4523183 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -5,7 +5,7 @@
nova_compute_libvirt_allowed_dn_list:
all:
enabled: true
- value: '*CN=cmp*.${_param:cluster_domain}*'
+ value: '*CN=cmp*'
nova:
compute:
libvirt:
diff --git a/openssh/server/team/members/kalmog.yml b/openssh/server/team/members/kalmog.yml
new file mode 100644
index 0000000..d4f7ceb
--- /dev/null
+++ b/openssh/server/team/members/kalmog.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ kalmog:
+ enabled: true
+ name: kalmog
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Karen Almog
+ home: /home/kalmog
+ email: kalmog@mirantis.com
+ openssh:
+ server:
+ user:
+ kalmog:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbyRCfyI5STokPerwEDC1DQobZTxbg60bST87dc4Wnm3PY7qciGUgLR5CLR3olxsG+OyqbloXg/YZPh/rlDPZMuanxdpZOz1CRPUfF7s/+sISDOVkA2HOfGWOa8+f2SIHUM5PDgCim9hJ7SkKN3OGdBZS/DM8byjx7hDh6vd/KnoJR8M2plzr/xWkz1TwgL/S8mvB1HcnfWcGH+JatweMTSBNW0f/qwI5V2pRFyjKlSjZdDJzORMT4mbTveyZfbJP6nJe0cNrZDmKqa9kcjjxUGtLpEi+8HRLavBhet5DHrgBAzlXL5WR3H3ESSeee9I7rqhIW/zhcG3xmE7tJh9+z7ZZghhQq1iqvjgtmEXplC1CnhTkEDdtB39FrWDpJYOZb6/pP3bHTHxhSwxg1kCX1nYN+ugUOKB6UKYK9HP1teagd4bQ4dY5QCEs70av/cDdLWQxagGGDIgcHV9gR8T+MHazmhBFSzxk/eVkxo9ype2EbbIdQjUFclzGiImY1kpPx00k1XgwCIILuePJD84qizwLfAsb73r+UG4I5XWdhgCDa1VD3rOOgihQ7x2bciWgWyXzWG8O1kmBMZ92YjMpVQqlCpJVqhT2DJOR+eqYzuSaaYYnhRL2eb45kYaJVK/XzoJlDj4cVwdJzoNEFrrQkoxLHTkcf2vTYqTYjKZeIJw==
+ user: ${linux:system:user:kalmog}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 65e3cb1..9c74edb 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -25,6 +25,7 @@
- system.openssh.server.team.members.isviridov
- system.openssh.server.team.members.cdodda
- system.openssh.server.team.members.lmendes
+- system.openssh.server.team.members.kalmog
parameters:
_param:
linux_system_user_sudo: true
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index 31c1b32..d7af492 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -8,7 +8,10 @@
libvirtd_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_client
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index b091d86..261ce56 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -8,7 +8,10 @@
libvirtd_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index ae35ff2..2929869 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -10,7 +10,10 @@
qemu_vnc_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},