Blame - salt/minion/cert/libvirtd/vnc_server.yml - salt-models/reclass-system

blob: 2929869cc2e6f19438d099ae238b3eaecd2d9979 [file] [log] [blame]

Oleksandr Shyshko	ab68fe5	2018-06-15 18:30:14 +0300	[diff] [blame]	1	parameters:
				2	_param:
				3	qemu_vnc_server_ssl_key_file: /etc/pki/libvirt-vnc/server-key.pem
				4	qemu_vnc_server_ssl_cert_file: /etc/pki/libvirt-vnc/server-cert.pem
				5	qemu_vnc_ssl_ca_file: /etc/pki/libvirt-vnc/ca-cert.pem
Oleksandr Shyshko	ab68fe5	2018-06-15 18:30:14 +0300	[diff] [blame]	6	qemu_vnc_ca_authority: qemu_vnc_ca
				7	salt:
				8	minion:
				9	cert:
				10	qemu_vnc_server:
				11	host: ${_param:salt_minion_ca_host}
				12	authority: ${_param:qemu_vnc_ca_authority}
Vasyl Saienko	c464b3b	2019-04-01 15:38:12 +0300	[diff] [blame]	13	# NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
				14	# Set CN without domain name to fit this requirement.
				15	# FQDN is included into alternative names field.
				16	common_name: ${linux:system:name}
Oleksandr Shyshko	ab68fe5	2018-06-15 18:30:14 +0300	[diff] [blame]	17	signing_policy: cert_server
				18	alternative_names: >
				19	IP:${_param:cluster_local_address},
				20	DNS:${_param:cluster_local_address},
				21	DNS:${linux:system:name},
				22	DNS:${linux:network:fqdn}
				23	key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
				24	key_file: ${_param:qemu_vnc_server_ssl_key_file}
				25	cert_file: ${_param:qemu_vnc_server_ssl_cert_file}
				26	ca_file: ${_param:qemu_vnc_ssl_ca_file}
Oleksandr Shyshko	58b608b	2018-10-02 12:43:29 +0300	[diff] [blame]	27	user: root
				28	group: nova
Oleksandr Shyshko	ab68fe5	2018-06-15 18:30:14 +0300	[diff] [blame]	29	mode: 640