parameters:
  salt:
    minion:
      cert:
        etcd_server:
          host: ${_param:salt_minion_ca_host}
          authority: ${_param:salt_minion_ca_authority}
          common_name: ${linux:system:name}
          signing_policy: cert_open
          alternative_names: IP:127.0.0.1,IP:${_param:cluster_vip_address},IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
          extended_key_usage: serverAuth,clientAuth
          key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
          key_file: /var/lib/etcd/etcd-server.key
          cert_file: /var/lib/etcd/etcd-server.crt
          all_file: /var/lib/etcd/etcd-server.pem
          ca_file: /var/lib/etcd/ca.pem
          user: etcd
          group: etcd