`cert_client` minion `signing_policy` list for VNC CA cert is un-hardcoded * It needed because a service engineer is able to set arbitrary hostname for control nodes. It allows to set arbitrary hostname pattern where nova_novncproxy service placement. Change-Id: I0f7188de505d7d212a9ad0649771f955bec59d12 Related-PROD: PROD-30917 (cherry picked from commit 888c07e08a68312727d1ca62122b6cd2ae7fcefd)

commit: e66f7d7274d8eb6f93779275e4fe5ac07cba3aad [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Mon Jun 24 13:28:51 2019 +0300
committer: oshyshko <oshyshko@mirantis.com> Fri Jul 05 14:21:14 2019 +0000
tree: 1bc6a9850c87e8998b6d438edaab9998ab70cd3a
parent: 05584f89eb3f974596cd628dce31f67b39752962 [diff] [blame]
diff --git a/salt/minion/ca/qemu-vnc_ca.yml b/salt/minion/ca/qemu-vnc_ca.yml
index a4583ad..d787fb2 100644
--- a/salt/minion/ca/qemu-vnc_ca.yml
+++ b/salt/minion/ca/qemu-vnc_ca.yml

@@ -6,6 +6,7 @@
     qemu_vnc_ca_organization: Mirantis
     qemu_vnc_ca_days_valid_authority: 3650
     qemu_vnc_ca_days_valid_certificate: 365
+    qemu_vnc_ca_signing_policy_cert_client_minions: 'ctl*'
   salt:
     minion:
       ca:
@@ -24,7 +25,7 @@
               minions: '*'
             cert_client:
               type: v3_edge_cert_client
-              minions: 'ctl*'
+              minions: ${_param:qemu_vnc_ca_signing_policy_cert_client_minions}
           days_valid:
             authority: ${_param:qemu_vnc_ca_days_valid_authority}
             certificate: ${_param:qemu_vnc_ca_days_valid_certificate}
commit	e66f7d7274d8eb6f93779275e4fe5ac07cba3aad	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Mon Jun 24 13:28:51 2019 +0300
committer	oshyshko <oshyshko@mirantis.com>	Fri Jul 05 14:21:14 2019 +0000
tree	1bc6a9850c87e8998b6d438edaab9998ab70cd3a
parent	05584f89eb3f974596cd628dce31f67b39752962 [diff] [blame]