3 files changed, 31 insertions, 0 deletions

diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
new file mode 100644
index 000000000..8b2e61ce8
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
@@ -0,0 +1,12 @@
+parameters:
+  _param:
+    salt_minion_ca_authority: salt_master_ca
+  salt:
+    minion:
+      cert:
+        ceph:
+          host: ${_param:salt_minion_ca_host}
+          signing_policy: cert_server
+          authority: ${_param:salt_minion_ca_authority}
+          common_name: ${_param:cluster_public_host}
+
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
new file mode 100644
index 000000000..664352da9
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.ceph
+parameters:
+  _param:
+    salt_pki_ceph_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
+  salt:
+    minion:
+      cert:
+        ceph:
+          common_name: ceph
+          alternative_names: IP:127.0.0.1,${_param:salt_pki_ceph_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
new file mode 100644
index 000000000..37e4fc5ad
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+  salt:
+    minion:
+      cert:
+        ceph:
+          key_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
+          cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
+          all_file:  /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem