summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/system/salt/minion/cert/proxy
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/reclass/classes/system/salt/minion/cert/proxy')
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml15
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml8
4 files changed, 45 insertions, 0 deletions
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
new file mode 100644
index 000000000..5fb5b280a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
@@ -0,0 +1,15 @@
+classes:
+- system.salt.minion.cert.proxy
+parameters:
+ salt:
+ minion:
+ cert:
+ proxy:
+ alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, IP:${_param:control_vip_address}, IP:${_param:single_address}"
+ key_file: /etc/haproxy/ssl/${_param:cluster_public_host}.key
+ cert_file: /etc/haproxy/ssl/${_param:cluster_public_host}.crt
+ all_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem
+ ca_file: /etc/haproxy/ssl/${_param:salt_minion_ca_authority}-ca.crt
+ user: root
+ group: haproxy
+ mode: 640 \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
new file mode 100644
index 000000000..fac9aa554
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ proxy:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${_param:cluster_public_host}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
new file mode 100644
index 000000000..627d96bd6
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.proxy
+parameters:
+ _param:
+ salt_pki_proxy_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:proxy.${_param:cluster_public_host},DNS:horizon.${_param:cluster_public_host}
+ salt:
+ minion:
+ cert:
+ proxy:
+ common_name: proxy
+ alternative_names: IP:127.0.0.1,${_param:salt_pki_proxy_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
new file mode 100644
index 000000000..731aea625
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ proxy:
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem