| parameters: | |
| _param: | |
| salt_minion_ca_authority: salt_master_ca | |
| mysql_barbican_client_ssl_key_file: /etc/barbican/ssl/mysql/client-key.pem | |
| mysql_barbican_client_ssl_cert_file: /etc/barbican/ssl/mysql/client-cert.pem | |
| mysql_barbican_ssl_ca_file: /etc/barbican/ssl/mysql/ca-cert.pem | |
| salt: | |
| minion: | |
| cert: | |
| mysql-barbican-client: | |
| enabled: ${_param:openstack_mysql_x509_enabled} | |
| host: ${_param:salt_minion_ca_host} | |
| authority: ${_param:salt_minion_ca_authority} | |
| common_name: mysql-barbican-client | |
| signing_policy: cert_client | |
| alternative_names: > | |
| IP:${_param:cluster_local_address}, | |
| DNS:${_param:cluster_local_address}, | |
| DNS:${linux:system:name}, | |
| DNS:${linux:network:fqdn} | |
| key_usage: "digitalSignature,nonRepudiation,keyEncipherment" | |
| key_file: ${_param:mysql_barbican_client_ssl_key_file} | |
| cert_file: ${_param:mysql_barbican_client_ssl_cert_file} | |
| ca_file: ${_param:mysql_barbican_ssl_ca_file} | |
| user: barbican | |
| group: barbican | |
| mode: 640 |