Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / b45dbd9a0e93b9e7ee568cdfa30edbf439dbb277 / . / salt / minion / ca / qemu-vnc_ca.yml
blob: a4583ad3066a47e6fc8da4534a07e9928ecb6e2a [file] [log] [blame]
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]1parameters:
2 _param:
3 qemu_vnc_ca_common_name: QEMU VNC CA
4 qemu_vnc_ca_country: cz
5 qemu_vnc_ca_locality: Prague
6 qemu_vnc_ca_organization: Mirantis
7 qemu_vnc_ca_days_valid_authority: 3650
8 qemu_vnc_ca_days_valid_certificate: 365
9 salt:
10 minion:
11 ca:
12 qemu_vnc_ca:
13 # We recommend using a dedicated certificate authority solely for the VNC service.
14 # This authority may be a child of the master certificate authority used for the OpenStack deployment.
15 # This is because libvirt does not currently have a mechanism to restrict what certificates can be presented by the proxy server.
16 # https://docs.openstack.org/nova/queens/admin/remote-console-access.html
17 common_name: ${_param:qemu_vnc_ca_common_name}
18 country: ${_param:qemu_vnc_ca_country}
19 locality: ${_param:qemu_vnc_ca_locality}
20 organization: ${_param:qemu_vnc_ca_organization}
21 signing_policy:
22 cert_server:
23 type: v3_edge_cert_server
Oleksandr Shyshko2b883732018-07-11 18:00:58 +0300[diff] [blame]24 minions: '*'
Oleksandr Shyshkoab68fe52018-06-15 18:30:14 +0300[diff] [blame]25 cert_client:
26 type: v3_edge_cert_client
27 minions: 'ctl*'
28 days_valid:
29 authority: ${_param:qemu_vnc_ca_days_valid_authority}
30 certificate: ${_param:qemu_vnc_ca_days_valid_certificate}