Merge "Move cockroach image to defaults"
diff --git a/defaults/init.yml b/defaults/init.yml
index dc5cc49..31218b4 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -34,5 +34,6 @@
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
# Make sure this global variable is defined everywhere, where used it is already set on cluster level
cluster_public_host: '127.0.0.1'
diff --git a/horizon/server/iptables.yml b/horizon/server/iptables.yml
index d28bce7..4836feb 100644
--- a/horizon/server/iptables.yml
+++ b/horizon/server/iptables.yml
@@ -6,24 +6,13 @@
chains:
OUTPUT:
ruleset:
- 10:
+ 100:
+ action: NAME_RESOLUTION
+ 1000:
rule: -m owner --uid-owner horizon
action: HORIZON_ACCESS_RULES
HORIZON_ACCESS_RULES:
ruleset:
- 10:
- rule: -o lo
- action: ACCEPT
-# Slots 11-99 are reserved for the traffic that can be accepted based on its
-# destination, e.g targeted to / via public interface "outside"
-#
-# Slots 100-999 are reserved for the traffic that should be filtered
-# depending on its target port - this is all traffic that goes through internal
-# interfaces. At least you should override 'rule' for slot 100 to specify
-# internal interface on which the traffic should be filtered.
-#
-# These rules should be added / altered somewhere else where it is known what
-# interfaces are public / private.
100:
# Allow publicURL endpoint(s)
rule: -p tcp --dst ${_param:cluster_public_host}
@@ -32,10 +21,37 @@
# Allow internalURL endpoint(s)
rule: -p tcp --dst ${_param:openstack_control_address}
action: HORIZON_OPENSTACK_ENDPOINTS
- 120:
+ 200:
+ # Allow memcached on localhost
+ rule: -o lo
action: HORIZON_MEMCACHED_ENDPOINTS
- 1000:
+ 201:
+ # Allow memchached on other hosts
+ # This rule should be altered (not here) if required to allow
+ # only specific hosts.
+ action: HORIZON_MEMCACHED_ENDPOINTS
+ 500:
+ # Disable any other local traffic
+ rule: -o lo
action: REJECT
+ 501:
+ # 501-503 disable private networks
+ rule: --dst 10.0.0.0/16
+ action: REJECT
+ 502:
+ rule: --dst 172.16.0.0/12
+ action: REJECT
+ 503:
+ rule: --dst 192.168.0.0/16
+ action: REJECT
+ 504:
+ # Disable APIPA
+ rule: --dst 169.254.0.0/16
+ action: REJECT
+ 1000:
+ # Accept any other traffic
+ # It should be external traffic only
+ action: ACCEPT
HORIZON_OPENSTACK_ENDPOINTS:
ruleset:
10:
@@ -69,3 +85,10 @@
action: ACCEPT
1000:
action: RETURN
+ NAME_RESOLUTION:
+ ruleset:
+ 10:
+ rule: -p udp --dport 53
+ action: ACCEPT
+ 1000:
+ action: RETURN
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index ded78c7..76c1e9a 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -116,6 +116,11 @@
kubernetes_telegraf_agent_quiet: false
kubernetes_telegraf_agent_omit_hostname: false
+ linux:
+ system:
+ kernel:
+ sysctl:
+ net.ipv4.ip_forward: 1
docker:
host:
pkgs:
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index eb38c44..8ee4d41 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: kmn01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
salt:
diff --git a/salt/minion/cert/libvirtd/init.yml b/salt/minion/cert/libvirtd/init.yml
index 735312e..ae1de7d 100644
--- a/salt/minion/cert/libvirtd/init.yml
+++ b/salt/minion/cert/libvirtd/init.yml
@@ -4,6 +4,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
libvirtd_ssl_ca_file: /etc/pki/CA/cacert.pem
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index cf60c12..ae35ff2 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -3,7 +3,6 @@
qemu_vnc_server_ssl_key_file: /etc/pki/libvirt-vnc/server-key.pem
qemu_vnc_server_ssl_cert_file: /etc/pki/libvirt-vnc/server-cert.pem
qemu_vnc_ssl_ca_file: /etc/pki/libvirt-vnc/ca-cert.pem
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
qemu_vnc_ca_authority: qemu_vnc_ca
salt:
minion:
diff --git a/salt/minion/cert/mysql/clients/openstack/aodh.yml b/salt/minion/cert/mysql/clients/openstack/aodh.yml
index ee1dccc..6febf4d 100644
--- a/salt/minion/cert/mysql/clients/openstack/aodh.yml
+++ b/salt/minion/cert/mysql/clients/openstack/aodh.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_aodh_client_ssl_key_file: /etc/aodh/ssl/mysql/client-key.pem
mysql_aodh_client_ssl_cert_file: /etc/aodh/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/barbican.yml b/salt/minion/cert/mysql/clients/openstack/barbican.yml
index c6476d3..75397d5 100644
--- a/salt/minion/cert/mysql/clients/openstack/barbican.yml
+++ b/salt/minion/cert/mysql/clients/openstack/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_barbican_client_ssl_key_file: /etc/barbican/ssl/mysql/client-key.pem
mysql_barbican_client_ssl_cert_file: /etc/barbican/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
index 475132a..603b822 100644
--- a/salt/minion/cert/mysql/clients/openstack/cinder.yml
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_cinder_client_ssl_key_file: /etc/cinder/ssl/mysql/client-key.pem
mysql_cinder_client_ssl_cert_file: /etc/cinder/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/designate.yml b/salt/minion/cert/mysql/clients/openstack/designate.yml
index 7910dfb..8572004 100644
--- a/salt/minion/cert/mysql/clients/openstack/designate.yml
+++ b/salt/minion/cert/mysql/clients/openstack/designate.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_designate_client_ssl_key_file: /etc/designate/ssl/mysql/client-key.pem
mysql_designate_client_ssl_cert_file: /etc/designate/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/glance.yml b/salt/minion/cert/mysql/clients/openstack/glance.yml
index 436ac64..56b596d 100644
--- a/salt/minion/cert/mysql/clients/openstack/glance.yml
+++ b/salt/minion/cert/mysql/clients/openstack/glance.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_glance_client_ssl_key_file: /etc/glance/ssl/mysql/client-key.pem
mysql_glance_client_ssl_cert_file: /etc/glance/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
index f6f7497..8183a6f 100644
--- a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
+++ b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_gnocchi_client_ssl_key_file: /etc/gnocchi/ssl/mysql/client-key.pem
mysql_gnocchi_client_ssl_cert_file: /etc/gnocchi/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/heat.yml b/salt/minion/cert/mysql/clients/openstack/heat.yml
index f338de7..3e7b3e3 100644
--- a/salt/minion/cert/mysql/clients/openstack/heat.yml
+++ b/salt/minion/cert/mysql/clients/openstack/heat.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_heat_client_ssl_key_file: /etc/heat/ssl/mysql/client-key.pem
mysql_heat_client_ssl_cert_file: /etc/heat/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/ironic.yml b/salt/minion/cert/mysql/clients/openstack/ironic.yml
index d43dc86..899739c 100644
--- a/salt/minion/cert/mysql/clients/openstack/ironic.yml
+++ b/salt/minion/cert/mysql/clients/openstack/ironic.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_ironic_client_ssl_key_file: /etc/ironic/ssl/mysql/client-key.pem
mysql_ironic_client_ssl_cert_file: /etc/ironic/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/keystone.yml b/salt/minion/cert/mysql/clients/openstack/keystone.yml
index 69b100b..938ac76 100644
--- a/salt/minion/cert/mysql/clients/openstack/keystone.yml
+++ b/salt/minion/cert/mysql/clients/openstack/keystone.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_keystone_client_ssl_key_file: /etc/keystone/ssl/mysql/client-key.pem
mysql_keystone_client_ssl_cert_file: /etc/keystone/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/manila.yml b/salt/minion/cert/mysql/clients/openstack/manila.yml
index 700c3cb..600f42d 100644
--- a/salt/minion/cert/mysql/clients/openstack/manila.yml
+++ b/salt/minion/cert/mysql/clients/openstack/manila.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_manila_client_ssl_key_file: /etc/manila/ssl/mysql/client-key.pem
mysql_manila_client_ssl_cert_file: /etc/manila/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/neutron.yml b/salt/minion/cert/mysql/clients/openstack/neutron.yml
index 8bca247..40c9a87 100644
--- a/salt/minion/cert/mysql/clients/openstack/neutron.yml
+++ b/salt/minion/cert/mysql/clients/openstack/neutron.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_neutron_client_ssl_key_file: /etc/neutron/ssl/mysql/client-key.pem
mysql_neutron_client_ssl_cert_file: /etc/neutron/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
index 7aa67d6..536a406 100644
--- a/salt/minion/cert/mysql/clients/openstack/nova.yml
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_nova_client_ssl_key_file: /etc/nova/ssl/mysql/client-key.pem
mysql_nova_client_ssl_cert_file: /etc/nova/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/panko.yml b/salt/minion/cert/mysql/clients/openstack/panko.yml
index ea7c450..bb1060c 100644
--- a/salt/minion/cert/mysql/clients/openstack/panko.yml
+++ b/salt/minion/cert/mysql/clients/openstack/panko.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_panko_client_ssl_key_file: /etc/panko/ssl/mysql/client-key.pem
mysql_panko_client_ssl_cert_file: /etc/panko/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/init.yml b/salt/minion/cert/mysql/init.yml
index a1c480f..6198ade 100644
--- a/salt/minion/cert/mysql/init.yml
+++ b/salt/minion/cert/mysql/init.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
salt:
minion:
diff --git a/salt/minion/cert/opencontrail/xmpp.yml b/salt/minion/cert/opencontrail/xmpp.yml
index b142c59..2c3b86e 100644
--- a/salt/minion/cert/opencontrail/xmpp.yml
+++ b/salt/minion/cert/opencontrail/xmpp.yml
@@ -1,7 +1,6 @@
parameters:
_param:
salt_minion_ca_authority: salt_master_ca
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt:
minion:
cert:
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
index 3f6af63..0a0a945 100644
--- a/salt/minion/cert/openstack_api.yml
+++ b/salt/minion/cert/openstack_api.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: ${linux:network:fqdn}
salt_minion_ca_authority: salt_master_ca
openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
index 4f56674..38e0410 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_aodh_client_ssl_key_file: /etc/aodh/ssl/rabbitmq/client-key.pem
rabbitmq_aodh_client_ssl_cert_file: /etc/aodh/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
index 11c8b22..b2c81ff 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_barbican_client_ssl_key_file: /etc/barbican/ssl/rabbitmq/client-key.pem
rabbitmq_barbican_client_ssl_cert_file: /etc/barbican/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
index 315e9f0..e07695c 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_ceilometer_client_ssl_key_file: /etc/ceilometer/ssl/rabbitmq/client-key.pem
rabbitmq_ceilometer_client_ssl_cert_file: /etc/ceilometer/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
index 9129ca8..fe6d86d 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_cinder_client_ssl_key_file: /etc/cinder/ssl/rabbitmq/client-key.pem
rabbitmq_cinder_client_ssl_cert_file: /etc/cinder/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
index 973215f..fa5dd47 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_designate_client_ssl_key_file: /etc/designate/ssl/rabbitmq/client-key.pem
rabbitmq_designate_client_ssl_cert_file: /etc/designate/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
index e4ad7d4..44859fc 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_glance_client_ssl_key_file: /etc/glance/ssl/rabbitmq/client-key.pem
rabbitmq_glance_client_ssl_cert_file: /etc/glance/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
index f95f7d2..1a23d11 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_heat_client_ssl_key_file: /etc/heat/ssl/rabbitmq/client-key.pem
rabbitmq_heat_client_ssl_cert_file: /etc/heat/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
index 007faf2..387fa13 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_ironic_client_ssl_key_file: /etc/ironic/ssl/rabbitmq/client-key.pem
rabbitmq_ironic_client_ssl_cert_file: /etc/ironic/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
index 4226118..d79be8f 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_keystone_client_ssl_key_file: /etc/keystone/ssl/rabbitmq/client-key.pem
rabbitmq_keystone_client_ssl_cert_file: /etc/keystone/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
index 787273c..498b793 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_manila_client_ssl_key_file: /etc/manila/ssl/rabbitmq/client-key.pem
rabbitmq_manila_client_ssl_cert_file: /etc/manila/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
index 955506f..3eec675 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_neutron_client_ssl_key_file: /etc/neutron/ssl/rabbitmq/client-key.pem
rabbitmq_neutron_client_ssl_cert_file: /etc/neutron/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
index dfacb00..7936b38 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_nova_client_ssl_key_file: /etc/nova/ssl/rabbitmq/client-key.pem
rabbitmq_nova_client_ssl_cert_file: /etc/nova/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq_server.yml b/salt/minion/cert/rabbitmq_server.yml
index 78520e2..b0b3cd8 100644
--- a/salt/minion/cert/rabbitmq_server.yml
+++ b/salt/minion/cert/rabbitmq_server.yml
@@ -1,7 +1,6 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
salt:
diff --git a/salt/minion/cert/vnc/init.yml b/salt/minion/cert/vnc/init.yml
index 6f7f6ee..df62302 100644
--- a/salt/minion/cert/vnc/init.yml
+++ b/salt/minion/cert/vnc/init.yml
@@ -1,4 +1,3 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
qemu_vnc_ca_authority: qemu_vnc_ca