continue on etcd_certs

commit: 9d4f4956dbcfed41286d26bc1637edc60f9b5b10 [log] [tgz]
author: Tomáš Kukrál <tomkukral@users.noreply.github.com> Tue Mar 07 11:10:11 2017 +0100
committer: Tomáš Kukrál <tomkukral@users.noreply.github.com> Tue Mar 07 11:13:15 2017 +0100
tree: 92cd8eefe88f7bd77b60b35cfe5ce620b34273b2
parent: 453d7649e7727ec262943ae93572b22585e2c4fb [diff]
diff --git a/salt/minion/ca/salt_master.yml b/salt/minion/ca/salt_master.yml
index 3e42db5..87cd6e6 100644
--- a/salt/minion/ca/salt_master.yml
+++ b/salt/minion/ca/salt_master.yml

@@ -21,6 +21,9 @@
             cert_client:
               type: v3_edge_cert_client
               minions: '*'
+            cert_open:
+              type: v3_edge_cert_open
+              minions: '*'
           days_valid:
             authority: ${_param:salt_minion_ca_days_valid_authority}
             certificate: ${_param:salt_minion_ca_days_valid_certificate}

diff --git a/salt/minion/cert/etcd_client.yml b/salt/minion/cert/etcd_client.yml
new file mode 100644
index 0000000..90b41da
--- /dev/null
+++ b/salt/minion/cert/etcd_client.yml

@@ -0,0 +1,18 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        etcd_client:
+          host: ${_param:salt_minion_ca_host}
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+          key_file: /var/lib/etcd/etcd-client.key
+          cert_file: /var/lib/etcd/etcd-client.crt
+          all_file: /var/lib/etcd/etcd-client.pem
+          ca_file: /var/lib/etcd/ca.pem
+          user: etcd
+          group: etcd

diff --git a/salt/minion/cert/etcd_server.yml b/salt/minion/cert/etcd_server.yml
index bd2fc8b..ea26a40 100644
--- a/salt/minion/cert/etcd_server.yml
+++ b/salt/minion/cert/etcd_server.yml

@@ -5,10 +5,11 @@
         etcd_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
-          common_name: ${_param:cluster_local_address}
-          signing_policy: etcd_server
-          alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
-          extendedKeyUsage: clientAuth, serverAuth
+          common_name: ${linux:system:name}
+          signing_policy: cert_open
+          alternative_names: IP:127.0.0.1,IP:${_param:cluster_vip_address},IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+          extended_key_usage: serverAuth,clientAuth
+          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: /var/lib/etcd/etcd-server.key
           cert_file: /var/lib/etcd/etcd-server.crt
           all_file: /var/lib/etcd/etcd-server.pem
commit	9d4f4956dbcfed41286d26bc1637edc60f9b5b10	[log] [tgz]
author	Tomáš Kukrál <tomkukral@users.noreply.github.com>	Tue Mar 07 11:10:11 2017 +0100
committer	Tomáš Kukrál <tomkukral@users.noreply.github.com>	Tue Mar 07 11:13:15 2017 +0100
tree	92cd8eefe88f7bd77b60b35cfe5ce620b34273b2
parent	453d7649e7727ec262943ae93572b22585e2c4fb [diff]