diff options
Diffstat (limited to 'mcp/reclass/classes/system/salt/minion/cert')
18 files changed, 0 insertions, 223 deletions
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml deleted file mode 100644 index 8b2e61ce8..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml +++ /dev/null @@ -1,12 +0,0 @@ -parameters: - _param: - salt_minion_ca_authority: salt_master_ca - salt: - minion: - cert: - ceph: - host: ${_param:salt_minion_ca_host} - signing_policy: cert_server - authority: ${_param:salt_minion_ca_authority} - common_name: ${_param:cluster_public_host} - diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml deleted file mode 100644 index 664352da9..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml +++ /dev/null @@ -1,11 +0,0 @@ -classes: -- system.salt.minion.cert.ceph -parameters: - _param: - salt_pki_ceph_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host} - salt: - minion: - cert: - ceph: - common_name: ceph - alternative_names: IP:127.0.0.1,${_param:salt_pki_ceph_alt_names} diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml deleted file mode 100644 index 37e4fc5ad..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml +++ /dev/null @@ -1,8 +0,0 @@ -parameters: - salt: - minion: - cert: - ceph: - key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key - cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt - all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml deleted file mode 100644 index 90b41da7f..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml +++ /dev/null @@ -1,18 +0,0 @@ -parameters: - salt: - minion: - cert: - etcd_client: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - common_name: ${linux:system:name} - signing_policy: cert_open - alternative_names: IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn} - extended_key_usage: clientAuth - key_usage: "digitalSignature,nonRepudiation,keyEncipherment" - key_file: /var/lib/etcd/etcd-client.key - cert_file: /var/lib/etcd/etcd-client.crt - all_file: /var/lib/etcd/etcd-client.pem - ca_file: /var/lib/etcd/ca.pem - user: etcd - group: etcd diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml deleted file mode 100644 index ea26a4052..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml +++ /dev/null @@ -1,18 +0,0 @@ -parameters: - salt: - minion: - cert: - etcd_server: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - common_name: ${linux:system:name} - signing_policy: cert_open - alternative_names: IP:127.0.0.1,IP:${_param:cluster_vip_address},IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn} - extended_key_usage: serverAuth,clientAuth - key_usage: "digitalSignature,nonRepudiation,keyEncipherment" - key_file: /var/lib/etcd/etcd-server.key - cert_file: /var/lib/etcd/etcd-server.crt - all_file: /var/lib/etcd/etcd-server.pem - ca_file: /var/lib/etcd/ca.pem - user: etcd - group: etcd diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml deleted file mode 100644 index 06d83c4a1..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml +++ /dev/null @@ -1,13 +0,0 @@ -parameters: - salt: - minion: - cert: - k8s_client: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - key_file: /etc/kubernetes/ssl/kubelet-client.key - cert_file: /etc/kubernetes/ssl/kubelet-client.crt - ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt - common_name: kubelet-client - signing_policy: cert_client - alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml deleted file mode 100644 index 179d534be..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml +++ /dev/null @@ -1,13 +0,0 @@ -parameters: - salt: - minion: - cert: - k8s_client: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - key_file: /etc/kubernetes/ssl/kubelet-client.key - cert_file: /etc/kubernetes/ssl/kubelet-client.crt - ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt - common_name: kubelet-client - signing_policy: cert_client - alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml deleted file mode 100644 index 603d3691d..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml +++ /dev/null @@ -1,13 +0,0 @@ -parameters: - salt: - minion: - cert: - k8s_server: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - common_name: kubernetes-server - key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key - cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt - all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem - signing_policy: cert_server - alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml deleted file mode 100644 index 33637e4a8..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml +++ /dev/null @@ -1,13 +0,0 @@ -parameters: - salt: - minion: - cert: - k8s_server: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - common_name: kubernetes-server - key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key - cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt - all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem - signing_policy: cert_server - alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address} diff --git a/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml b/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml deleted file mode 100644 index 30a0711a1..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml +++ /dev/null @@ -1,13 +0,0 @@ -parameters: - salt: - minion: - cert: - prometheus_server: - host: ${_param:salt_minion_ca_host} - authority: ${_param:salt_minion_ca_authority} - key_file: ${prometheus:server:dir:config}/prometheus-server.key - cert_file: ${prometheus:server:dir:config}/prometheus-server.crt - common_name: prometheus-server - signing_policy: cert_client - alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address} - mode: '0444' diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml deleted file mode 100644 index 5fb5b280a..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml +++ /dev/null @@ -1,15 +0,0 @@ -classes: -- system.salt.minion.cert.proxy -parameters: - salt: - minion: - cert: - proxy: - alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, IP:${_param:control_vip_address}, IP:${_param:single_address}" - key_file: /etc/haproxy/ssl/${_param:cluster_public_host}.key - cert_file: /etc/haproxy/ssl/${_param:cluster_public_host}.crt - all_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem - ca_file: /etc/haproxy/ssl/${_param:salt_minion_ca_authority}-ca.crt - user: root - group: haproxy - mode: 640
\ No newline at end of file diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml deleted file mode 100644 index fac9aa554..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml +++ /dev/null @@ -1,11 +0,0 @@ -parameters: - _param: - salt_minion_ca_authority: salt_master_ca - salt: - minion: - cert: - proxy: - host: ${_param:salt_minion_ca_host} - signing_policy: cert_server - authority: ${_param:salt_minion_ca_authority} - common_name: ${_param:cluster_public_host} diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml deleted file mode 100644 index 627d96bd6..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml +++ /dev/null @@ -1,11 +0,0 @@ -classes: -- system.salt.minion.cert.proxy -parameters: - _param: - salt_pki_proxy_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:proxy.${_param:cluster_public_host},DNS:horizon.${_param:cluster_public_host} - salt: - minion: - cert: - proxy: - common_name: proxy - alternative_names: IP:127.0.0.1,${_param:salt_pki_proxy_alt_names} diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml deleted file mode 100644 index 731aea625..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml +++ /dev/null @@ -1,8 +0,0 @@ -parameters: - salt: - minion: - cert: - proxy: - key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key - cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt - all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml deleted file mode 100644 index 28859cf23..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml +++ /dev/null @@ -1,11 +0,0 @@ -parameters: - _param: - salt_minion_ca_authority: salt_master_ca - salt: - minion: - cert: - swift: - host: ${_param:salt_minion_ca_host} - signing_policy: cert_server - authority: ${_param:salt_minion_ca_authority} - common_name: ${_param:cluster_public_host} diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml deleted file mode 100644 index 5560e1b46..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml +++ /dev/null @@ -1,11 +0,0 @@ -classes: -- system.salt.minion.cert.swift -parameters: - _param: - salt_pki_swift_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host} - salt: - minion: - cert: - swift: - common_name: swift - alternative_names: IP:127.0.0.1,${_param:salt_pki_swift_alt_names} diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml deleted file mode 100644 index 3195e48fc..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml +++ /dev/null @@ -1,8 +0,0 @@ -parameters: - salt: - minion: - cert: - swift: - key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key - cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt - all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem diff --git a/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml b/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml deleted file mode 100644 index 29748958c..000000000 --- a/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml +++ /dev/null @@ -1,16 +0,0 @@ -parameters: - _param: - salt_minion_ca_authority: salt_master_ca - salt_pki_wildcard_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:*.${_param:cluster_public_host},DNS:${_param:cluster_domain},DNS:*.${_param:cluster_domain} - salt: - minion: - cert: - proxy: - host: ${_param:salt_minion_ca_host} - signing_policy: cert_server - authority: ${_param:salt_minion_ca_authority} - common_name: wildcard - alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names} - key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key - cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt - all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem |