Enable and use salt_api proxy by default
* Use nginx as proxy
* Misc: define defaults for
salt_master_host
infra_config_address
reclass_config_master
jenkins_salt_api_url
* Pass certs dir for jenkins docker slaves
Related: PROD-27641(PROD:27641)
Related: PROD-30528(PROD:30528)
Change-Id: I5fac90101131a8d8d4fa7857982f18c855e0771c
diff --git a/nginx/server/proxy/salt_api.yml b/nginx/server/proxy/salt_api.yml
new file mode 100644
index 0000000..f559ef4
--- /dev/null
+++ b/nginx/server/proxy/salt_api.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ nginx_proxy_salt_api_proxy_port: ${_param:salt_master_api_port}
+ nginx_proxy_ssl:
+ enabled: true
+ authority: ${_param:salt_minion_ca_authority}
+ engine: salt
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:salt_api:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:salt_api:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:salt_api:common_name}-chain-with-key.pem
+ ca_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:salt_api:common_name}-ca.pem
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_salt_api:
+ enabled: true
+ type: nginx_proxy
+ name: salt_api
+ proxy:
+ host: ${_param:infra_config_hostname}.${_param:cluster_domain}
+ port: ${_param:nginx_proxy_salt_api_proxy_port}
+ protocol: ${_param:nginx_proxy_salt_api_proxy_protocol}
+ host:
+ name: ${_param:infra_config_hostname}.${_param:cluster_domain}
+ port: ${_param:nginx_proxy_salt_api_site_port}
+ protocol: ${_param:nginx_proxy_salt_api_site_protocol}
+ ssl: ${_param:nginx_proxy_ssl}