Blame - salt/minion/cert/libvirtd/client.yml - salt-models/reclass-system

blob: d7af4925c2f08eb3b004fead0d3a1050241cb21c [file] [log] [blame]

Oleksandr Shyshko	a76b974	2018-05-22 18:53:25 +0300	[diff] [blame]	1	parameters:
				2	_param:
				3	libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem
				4	libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem
				5	salt:
				6	minion:
				7	cert:
				8	libvirtd_client:
				9	host: ${_param:salt_minion_ca_host}
				10	authority: ${_param:salt_minion_ca_authority}
Vasyl Saienko	4d34b55	2019-04-01 15:38:12 +0300	[diff] [blame]	11	# NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
				12	# Set CN without domain name to fit this requirement.
				13	# FQDN is included into alternative names field.
				14	common_name: ${linux:system:name}
Oleksandr Shyshko	a76b974	2018-05-22 18:53:25 +0300	[diff] [blame]	15	signing_policy: cert_client
				16	alternative_names: >
				17	IP:${_param:cluster_local_address},
				18	DNS:${_param:cluster_local_address},
				19	DNS:${linux:system:name},
				20	DNS:${linux:network:fqdn}
				21	key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
				22	key_file: ${_param:libvirtd_client_ssl_key_file}
				23	cert_file: ${_param:libvirtd_client_ssl_cert_file}
Oleksandr Shyshko	9687e23	2018-08-14 15:39:36 +0300	[diff] [blame]	24	ca_file: ${_param:libvirtd_ssl_ca_file}
				25	user: root
				26	group: nova
				27	mode: 640