Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 0dd0c68048c5e1af415b2558b1ae990d243ce615 / . / nova / compute / libvirt / ssl / init.yml
blob: 6e29e07ca82289505772556517276bbb9157c305 [file] [log] [blame]
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]1classes:
2- system.salt.minion.cert.libvirtd
3parameters:
Vasyl Saienkof89a75a2018-10-02 20:21:17 +0300[diff] [blame]4 _param:
5 nova_compute_libvirt_allowed_dn_list:
6 all:
7 enabled: true
Vasyl Saienko4d34b552019-04-01 15:38:12 +0300[diff] [blame]8 value: '*CN=cmp*'
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]9 nova:
10 compute:
11 libvirt:
Oleksandr Shyshko9687e232018-08-14 15:39:36 +0300[diff] [blame]12 uri: qemu+tls://${linux:system:name}.${_param:cluster_domain}/system
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]13 tls:
14 enabled: True
15 key_file: ${_param:libvirtd_server_ssl_key_file}
16 cert_file: ${_param:libvirtd_server_ssl_cert_file}
17 ca_file: ${_param:libvirtd_ssl_ca_file}
Vasyl Saienkof89a75a2018-10-02 20:21:17 +0300[diff] [blame]18 allowed_dn_list: ${_param:nova_compute_libvirt_allowed_dn_list}
Dmitry Teselkin0dd0c682019-04-18 16:52:17 +0300[diff] [blame^]19 priority: "SECURE256:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-CIPHER-ALL:+AES-256-GCM:+AES-256-CBC:-MAC-ALL:+AEAD:+SHA384"
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]20 client:
21 key_file: ${_param:libvirtd_client_ssl_key_file}
22 cert_file: ${_param:libvirtd_client_ssl_cert_file}