From a6daf4ece3f05600ad66fea55c5220d07a71cef1 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Wed, 24 May 2017 12:44:05 +0400 Subject: [mcp] Bring in reclass system salt models Change-Id: I1a865b7524f3a5242544e60e6b36b1092721c58b Signed-off-by: Michael Polenchuk --- .../classes/system/salt/minion/cert/proxy/cicd.yml | 15 +++++++++++++++ .../classes/system/salt/minion/cert/proxy/init.yml | 11 +++++++++++ .../classes/system/salt/minion/cert/proxy/openstack.yml | 11 +++++++++++ mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml | 8 ++++++++ 4 files changed, 45 insertions(+) create mode 100644 mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml create mode 100644 mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml create mode 100644 mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml create mode 100644 mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml (limited to 'mcp/reclass/classes/system/salt/minion/cert/proxy') diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml new file mode 100644 index 000000000..5fb5b280a --- /dev/null +++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml @@ -0,0 +1,15 @@ +classes: +- system.salt.minion.cert.proxy +parameters: + salt: + minion: + cert: + proxy: + alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, IP:${_param:control_vip_address}, IP:${_param:single_address}" + key_file: /etc/haproxy/ssl/${_param:cluster_public_host}.key + cert_file: /etc/haproxy/ssl/${_param:cluster_public_host}.crt + all_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem + ca_file: /etc/haproxy/ssl/${_param:salt_minion_ca_authority}-ca.crt + user: root + group: haproxy + mode: 640 \ No newline at end of file diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml new file mode 100644 index 000000000..fac9aa554 --- /dev/null +++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml @@ -0,0 +1,11 @@ +parameters: + _param: + salt_minion_ca_authority: salt_master_ca + salt: + minion: + cert: + proxy: + host: ${_param:salt_minion_ca_host} + signing_policy: cert_server + authority: ${_param:salt_minion_ca_authority} + common_name: ${_param:cluster_public_host} diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml new file mode 100644 index 000000000..627d96bd6 --- /dev/null +++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml @@ -0,0 +1,11 @@ +classes: +- system.salt.minion.cert.proxy +parameters: + _param: + salt_pki_proxy_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:proxy.${_param:cluster_public_host},DNS:horizon.${_param:cluster_public_host} + salt: + minion: + cert: + proxy: + common_name: proxy + alternative_names: IP:127.0.0.1,${_param:salt_pki_proxy_alt_names} diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml new file mode 100644 index 000000000..731aea625 --- /dev/null +++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml @@ -0,0 +1,8 @@ +parameters: + salt: + minion: + cert: + proxy: + key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key + cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt + all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem -- cgit 1.2.3-korg