Merge "Enable and use salt_api proxy by default"
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
index dd4f2cd..fdd95a5 100644
--- a/nginx/server/proxy/ssl.yml
+++ b/nginx/server/proxy/ssl.yml
@@ -8,10 +8,6 @@
dhparam:
enabled: True
numbits: 2048
- ecdh_curve:
- secp521r1:
- name: 'secp521r1'
- enabled: True
prefer_server_ciphers: "on"
protocols:
TLSv1:
diff --git a/salt/minion/cert/ceph/rgw.yml b/salt/minion/cert/ceph/rgw.yml
new file mode 100644
index 0000000..23b0414
--- /dev/null
+++ b/salt/minion/cert/ceph/rgw.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ ceph_rgw_cert_key_file: "/etc/ssl/private/ceph_rgw_key.key"
+ ceph_rgw_cert_cert_file: "/etc/ssl/certs/ceph_rgw.crt"
+ ceph_rgw_cert_all_file: "/etc/ssl/certs/ceph_rgw_all.crt"
+ salt:
+ minion:
+ cert:
+ ceph:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ceph_rgw
+ alternative_names: DNS:${_param:ceph_rgw_hostname}.${_param:cluster_domain},IP:${_param:cluster_vip_address}
+ key_file: ${_param:ceph_rgw_cert_key_file}
+ cert_file: ${_param:ceph_rgw_cert_cert_file}
+ all_file: ${_param:ceph_rgw_cert_all_file}