Blame - salt/minion/cert/libvirtd/server.yml - salt-models/reclass-system

blob: 261ce56d642d0e47d62dced4b55487f9220682cb [file] [log] [blame]

Oleksandr Shyshko	a76b974	2018-05-22 18:53:25 +0300	[diff] [blame]	1	parameters:
				2	_param:
				3	libvirtd_server_ssl_key_file: /etc/pki/libvirt/private/serverkey.pem
				4	libvirtd_server_ssl_cert_file: /etc/pki/libvirt/servercert.pem
				5	salt:
				6	minion:
				7	cert:
				8	libvirtd_server:
				9	host: ${_param:salt_minion_ca_host}
				10	authority: ${_param:salt_minion_ca_authority}
Vasyl Saienko	4d34b55	2019-04-01 15:38:12 +0300	[diff] [blame^]	11	# NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
				12	# Set CN without domain name to fit this requirement.
				13	# FQDN is included into alternative names field.
				14	common_name: ${linux:system:name}
Oleksandr Shyshko	a76b974	2018-05-22 18:53:25 +0300	[diff] [blame]	15	signing_policy: cert_server
				16	alternative_names: >
				17	IP:${_param:cluster_local_address},
				18	DNS:${_param:cluster_local_address},
				19	DNS:${linux:system:name},
				20	DNS:${linux:network:fqdn}
				21	key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
				22	key_file: ${_param:libvirtd_server_ssl_key_file}
				23	cert_file: ${_param:libvirtd_server_ssl_cert_file}
Oleksandr Shyshko	9687e23	2018-08-14 15:39:36 +0300	[diff] [blame]	24	ca_file: ${_param:libvirtd_ssl_ca_file}
				25	user: root
				26	group: nova
				27	mode: 640