Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 5fd047ee460b8db0347e6f0c8fc59709b5af764d / . / salt / minion / ca / qemu-vnc_ca.yml
blob: d787fb2bda19535ac57e97c4487782fb3eb89152 [file] [log] [blame]
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]1parameters:
2 _param:
3 qemu_vnc_ca_common_name: QEMU VNC CA
4 qemu_vnc_ca_country: cz
5 qemu_vnc_ca_locality: Prague
6 qemu_vnc_ca_organization: Mirantis
7 qemu_vnc_ca_days_valid_authority: 3650
8 qemu_vnc_ca_days_valid_certificate: 365
Oleksandr Shyshkoe66f7d72019-06-24 13:28:51 +0300[diff] [blame]9 qemu_vnc_ca_signing_policy_cert_client_minions: 'ctl*'
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]10 salt:
11 minion:
12 ca:
13 qemu_vnc_ca:
14 # We recommend using a dedicated certificate authority solely for the VNC service.
15 # This authority may be a child of the master certificate authority used for the OpenStack deployment.
16 # This is because libvirt does not currently have a mechanism to restrict what certificates can be presented by the proxy server.
17 # https://docs.openstack.org/nova/queens/admin/remote-console-access.html
18 common_name: ${_param:qemu_vnc_ca_common_name}
19 country: ${_param:qemu_vnc_ca_country}
20 locality: ${_param:qemu_vnc_ca_locality}
21 organization: ${_param:qemu_vnc_ca_organization}
22 signing_policy:
23 cert_server:
24 type: v3_edge_cert_server
Oleksandr Shyshko2b883732018-07-11 18:00:58 +0300[diff] [blame]25 minions: '*'
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]26 cert_client:
27 type: v3_edge_cert_client
Oleksandr Shyshkoe66f7d72019-06-24 13:28:51 +0300[diff] [blame]28 minions: ${_param:qemu_vnc_ca_signing_policy_cert_client_minions}
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]29 days_valid:
30 authority: ${_param:qemu_vnc_ca_days_valid_authority}
31 certificate: ${_param:qemu_vnc_ca_days_valid_certificate}