aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/system/salt/minion/cert
diff options
context:
space:
mode:
authorMichael Polenchuk <mpolenchuk@mirantis.com>2017-05-26 12:12:15 +0400
committerMichael Polenchuk <mpolenchuk@mirantis.com>2017-05-26 14:27:47 +0400
commitf85c84133c2f8d6aec3c707cfb92cb03db543bd6 (patch)
tree00ed2d88b364ad39366a8fa6f7f0a27d89d1a283 /mcp/reclass/classes/system/salt/minion/cert
parent27d968bc35ef4f622acd171ada778a4e0f4c76fb (diff)
[mcp] Replace reclass system models with submodule
Change-Id: Id693f7b0f3542d605b0f71601f3bd21eb882c7ba Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Diffstat (limited to 'mcp/reclass/classes/system/salt/minion/cert')
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml12
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml18
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml18
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml15
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/init.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml16
18 files changed, 0 insertions, 223 deletions
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
deleted file mode 100644
index 8b2e61ce8..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-parameters:
- _param:
- salt_minion_ca_authority: salt_master_ca
- salt:
- minion:
- cert:
- ceph:
- host: ${_param:salt_minion_ca_host}
- signing_policy: cert_server
- authority: ${_param:salt_minion_ca_authority}
- common_name: ${_param:cluster_public_host}
-
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
deleted file mode 100644
index 664352da9..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-classes:
-- system.salt.minion.cert.ceph
-parameters:
- _param:
- salt_pki_ceph_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
- salt:
- minion:
- cert:
- ceph:
- common_name: ceph
- alternative_names: IP:127.0.0.1,${_param:salt_pki_ceph_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
deleted file mode 100644
index 37e4fc5ad..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- ceph:
- key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml
deleted file mode 100644
index 90b41da7f..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- etcd_client:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}
- signing_policy: cert_open
- alternative_names: IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
- extended_key_usage: clientAuth
- key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
- key_file: /var/lib/etcd/etcd-client.key
- cert_file: /var/lib/etcd/etcd-client.crt
- all_file: /var/lib/etcd/etcd-client.pem
- ca_file: /var/lib/etcd/ca.pem
- user: etcd
- group: etcd
diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml
deleted file mode 100644
index ea26a4052..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- etcd_server:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}
- signing_policy: cert_open
- alternative_names: IP:127.0.0.1,IP:${_param:cluster_vip_address},IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
- extended_key_usage: serverAuth,clientAuth
- key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
- key_file: /var/lib/etcd/etcd-server.key
- cert_file: /var/lib/etcd/etcd-server.crt
- all_file: /var/lib/etcd/etcd-server.pem
- ca_file: /var/lib/etcd/ca.pem
- user: etcd
- group: etcd
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml
deleted file mode 100644
index 06d83c4a1..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- k8s_client:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kubelet-client.key
- cert_file: /etc/kubernetes/ssl/kubelet-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
- signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address} \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml
deleted file mode 100644
index 179d534be..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- k8s_client:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kubelet-client.key
- cert_file: /etc/kubernetes/ssl/kubelet-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
- signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address} \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml
deleted file mode 100644
index 603d3691d..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- k8s_server:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- common_name: kubernetes-server
- key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
- cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
- all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
- signing_policy: cert_server
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml
deleted file mode 100644
index 33637e4a8..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- k8s_server:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- common_name: kubernetes-server
- key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
- cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
- all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
- signing_policy: cert_server
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml b/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml
deleted file mode 100644
index 30a0711a1..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- prometheus_server:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: ${prometheus:server:dir:config}/prometheus-server.key
- cert_file: ${prometheus:server:dir:config}/prometheus-server.crt
- common_name: prometheus-server
- signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
- mode: '0444'
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
deleted file mode 100644
index 5fb5b280a..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-classes:
-- system.salt.minion.cert.proxy
-parameters:
- salt:
- minion:
- cert:
- proxy:
- alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, IP:${_param:control_vip_address}, IP:${_param:single_address}"
- key_file: /etc/haproxy/ssl/${_param:cluster_public_host}.key
- cert_file: /etc/haproxy/ssl/${_param:cluster_public_host}.crt
- all_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem
- ca_file: /etc/haproxy/ssl/${_param:salt_minion_ca_authority}-ca.crt
- user: root
- group: haproxy
- mode: 640 \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
deleted file mode 100644
index fac9aa554..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-parameters:
- _param:
- salt_minion_ca_authority: salt_master_ca
- salt:
- minion:
- cert:
- proxy:
- host: ${_param:salt_minion_ca_host}
- signing_policy: cert_server
- authority: ${_param:salt_minion_ca_authority}
- common_name: ${_param:cluster_public_host}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
deleted file mode 100644
index 627d96bd6..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-classes:
-- system.salt.minion.cert.proxy
-parameters:
- _param:
- salt_pki_proxy_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:proxy.${_param:cluster_public_host},DNS:horizon.${_param:cluster_public_host}
- salt:
- minion:
- cert:
- proxy:
- common_name: proxy
- alternative_names: IP:127.0.0.1,${_param:salt_pki_proxy_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
deleted file mode 100644
index 731aea625..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- proxy:
- key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml
deleted file mode 100644
index 28859cf23..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-parameters:
- _param:
- salt_minion_ca_authority: salt_master_ca
- salt:
- minion:
- cert:
- swift:
- host: ${_param:salt_minion_ca_host}
- signing_policy: cert_server
- authority: ${_param:salt_minion_ca_authority}
- common_name: ${_param:cluster_public_host}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml
deleted file mode 100644
index 5560e1b46..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-classes:
-- system.salt.minion.cert.swift
-parameters:
- _param:
- salt_pki_swift_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
- salt:
- minion:
- cert:
- swift:
- common_name: swift
- alternative_names: IP:127.0.0.1,${_param:salt_pki_swift_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml
deleted file mode 100644
index 3195e48fc..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-parameters:
- salt:
- minion:
- cert:
- swift:
- key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml b/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml
deleted file mode 100644
index 29748958c..000000000
--- a/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-parameters:
- _param:
- salt_minion_ca_authority: salt_master_ca
- salt_pki_wildcard_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:*.${_param:cluster_public_host},DNS:${_param:cluster_domain},DNS:*.${_param:cluster_domain}
- salt:
- minion:
- cert:
- proxy:
- host: ${_param:salt_minion_ca_host}
- signing_policy: cert_server
- authority: ${_param:salt_minion_ca_authority}
- common_name: wildcard
- alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names}
- key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem