salt/minion/cert/libvirtd/vnc_server.yml - salt-models/reclass-system - Gitiles

 parameters:
   _param:
     qemu_vnc_server_ssl_key_file: /etc/pki/libvirt-vnc/server-key.pem
     qemu_vnc_server_ssl_cert_file: /etc/pki/libvirt-vnc/server-cert.pem
     qemu_vnc_ssl_ca_file: /etc/pki/libvirt-vnc/ca-cert.pem
     qemu_vnc_ca_authority: qemu_vnc_ca
   salt:
     minion:
       cert:
         qemu_vnc_server:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:qemu_vnc_ca_authority}
           common_name: ${linux:system:name}.${_param:cluster_domain}
           signing_policy: cert_server
           alternative_names: >
             IP:${_param:cluster_local_address},
             DNS:${_param:cluster_local_address},
             DNS:${linux:system:name},
             DNS:${linux:network:fqdn}
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: ${_param:qemu_vnc_server_ssl_key_file}
           cert_file: ${_param:qemu_vnc_server_ssl_cert_file}
           ca_file: ${_param:qemu_vnc_ssl_ca_file}
           user: root
           group: nova
           mode: 640
	parameters:
	_param:
	qemu_vnc_server_ssl_key_file: /etc/pki/libvirt-vnc/server-key.pem
	qemu_vnc_server_ssl_cert_file: /etc/pki/libvirt-vnc/server-cert.pem
	qemu_vnc_ssl_ca_file: /etc/pki/libvirt-vnc/ca-cert.pem
	qemu_vnc_ca_authority: qemu_vnc_ca
	salt:
	minion:
	cert:
	qemu_vnc_server:
	host: ${_param:salt_minion_ca_host}
	authority: ${_param:qemu_vnc_ca_authority}
	common_name: ${linux:system:name}.${_param:cluster_domain}
	signing_policy: cert_server
	alternative_names: >
	IP:${_param:cluster_local_address},
	DNS:${_param:cluster_local_address},
	DNS:${linux:system:name},
	DNS:${linux:network:fqdn}
	key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
	key_file: ${_param:qemu_vnc_server_ssl_key_file}
	cert_file: ${_param:qemu_vnc_server_ssl_cert_file}
	ca_file: ${_param:qemu_vnc_ssl_ca_file}
	user: root
	group: nova
	mode: 640