Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 8bb7b1c4f0bacb609766df457e05e574439990db^2..8bb7b1c4f0bacb609766df457e05e574439990db / .
commit8bb7b1c4f0bacb609766df457e05e574439990db[log] [tgz]
authorVasyl Saienko <vsaienko@mirantis.com>Wed Dec 05 16:00:13 2018 +0000
committerGerrit Code Review <mail@domain.com>Wed Dec 05 16:00:13 2018 +0000
tree233f2ec697a4a9f6170fa0cd8e2f52aed2830803
parentb8ffadecf5fcc40d3eac89237567c0f4ab84937b [diff]
parent0c27769192f4cc80323c8549b44d272c3ffdb7d1 [diff]
Merge "Disable body caching for openstack services"
diff --git a/barbican/client/init.yml b/barbican/client/init.yml
new file mode 100644
index 0000000..716242d
--- /dev/null
+++ b/barbican/client/init.yml

@@ -0,0 +1,4 @@
+parameters:
+  barbican:
+    client:
+      enabled: True
\ No newline at end of file

diff --git a/barbican/client/v1/init.yml b/barbican/client/v1/init.yml
new file mode 100644
index 0000000..c582343
--- /dev/null
+++ b/barbican/client/v1/init.yml

@@ -0,0 +1,5 @@
+barbican:
+  client:
+    resources:
+      v1:
+        enabled: true
\ No newline at end of file

diff --git a/barbican/client/v1/octavia.yml b/barbican/client/v1/octavia.yml
new file mode 100644
index 0000000..931bef0
--- /dev/null
+++ b/barbican/client/v1/octavia.yml

@@ -0,0 +1,26 @@
+classes:
+- system.barbican.client
+- system.barbican.client.v1
+- system.keystone.client.os_client_config.octavia_identity
+
+parameters:
+  _param:
+    octavia_image_cert_file: '/etc/octavia/certs/image.crt'
+
+  barbican:
+    client:
+      resources:
+        v1:
+          cloud_name: octavia_identity
+          secrets:
+            OctaviaAmphoraSecret:
+              type: certificate
+              algorithm: RSA
+              payload_content_type: application/octet-stream
+              payload_content_encoding: base64
+              payload_path: ${_param:octavia_image_cert_file}
+              encodeb64_payload: true
+          acl:
+            OctaviaAmphoraSecret:
+              octavia:
+                enabled: True

diff --git a/barbican/client/v1/signed_images/octavia.yml b/barbican/client/v1/signed_images/octavia.yml
new file mode 100644
index 0000000..c348674
--- /dev/null
+++ b/barbican/client/v1/signed_images/octavia.yml

@@ -0,0 +1,17 @@
+parameters:
+  _param:
+    octavia_image_cert_key: '/etc/octavia/certs/image.key'
+    amphora_image_name:  "amphora-x64-haproxy"
+
+
+  barbican:
+    client:
+      signed_images:
+        v1:
+          enabled: true
+          images:
+            OctaviaAmphora:
+              secret_name: 'OctaviaAmphoraSecret'
+              cert_key: ${_param:octavia_image_cert_key}
+              name: ${_param:amphora_image_name}
+              cloud_name: octavia_identity
\ No newline at end of file

diff --git a/salt/minion/cert/octavia/image_sign.yml b/salt/minion/cert/octavia/image_sign.yml
new file mode 100644
index 0000000..2e67a02
--- /dev/null
+++ b/salt/minion/cert/octavia/image_sign.yml

@@ -0,0 +1,17 @@
+classes:
+- system.salt.minion.cert.octavia
+parameters:
+  _param:
+    octavia_image_cert_key: /etc/octavia/certs/image.key
+    octavia_image_cert_file: /etc/octavia/certs/image.crt
+  salt:
+    minion:
+      cert:
+        octavia:
+          host: ${_param:octavia_ca_host}
+          authority: octavia_ca
+          common_name: octavia
+          signing_policy: cert_server
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file:  ${_param:octavia_image_cert_key}
+          cert_file: ${_param:octavia_image_cert_file}
\ No newline at end of file