Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 20fb2fe9390dc5056fbfac24f190fbf6e3ce30f5 / . / salt / minion / cert / libvirtd / client.yml
blob: d7af4925c2f08eb3b004fead0d3a1050241cb21c [file] [log] [blame]
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]1parameters:
2 _param:
3 libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem
4 libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem
5 salt:
6 minion:
7 cert:
8 libvirtd_client:
9 host: ${_param:salt_minion_ca_host}
10 authority: ${_param:salt_minion_ca_authority}
Vasyl Saienko4d34b552019-04-01 15:38:12 +0300[diff] [blame]11 # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
12 # Set CN without domain name to fit this requirement.
13 # FQDN is included into alternative names field.
14 common_name: ${linux:system:name}
Oleksandr Shyshkoa76b9742018-05-22 18:53:25 +0300[diff] [blame]15 signing_policy: cert_client
16 alternative_names: >
17 IP:${_param:cluster_local_address},
18 DNS:${_param:cluster_local_address},
19 DNS:${linux:system:name},
20 DNS:${linux:network:fqdn}
21 key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
22 key_file: ${_param:libvirtd_client_ssl_key_file}
23 cert_file: ${_param:libvirtd_client_ssl_cert_file}
Oleksandr Shyshko9687e232018-08-14 15:39:36 +0300[diff] [blame]24 ca_file: ${_param:libvirtd_ssl_ca_file}
25 user: root
26 group: nova
27 mode: 640