New version of salt-formula from Saltstack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
1234567891011121314151617181920212223242526272829303132333435363738
  1. {%- from "salt/map.jinja" import minion with context %}
  2. {%- if minion.enabled %}
  3. {%- for cert_name,cert in minion.get('cert', {}).iteritems() %}
  4. {%- set rowloop = loop %}
  5. /etc/ssl/private/{{ cert.common_name }}.key:
  6. x509.private_key_managed:
  7. - bits: 4096
  8. /etc/ssl/certs/{{ cert.common_name }}.crt:
  9. x509.certificate_managed:
  10. - ca_server: {{ cert.host }}
  11. - signing_policy: {{ cert.authority }}_{{ cert.signing_policy }}
  12. - public_key: /etc/ssl/private/{{ cert.common_name }}.key
  13. - CN: {{ cert.common_name }}
  14. {%- if cert.alternative_names is defined %}
  15. - subjectAltName: {{ cert.alternative_names }}
  16. {%- endif %}
  17. - days_remaining: 30
  18. - backup: True
  19. {%- for ca_path,ca_cert in salt['mine.get'](cert.host, 'x509.get_pem_entries')[cert.host].iteritems() %}
  20. {%- if '/etc/pki/ca/'+cert.authority in ca_path %}
  21. ca_cert_{{ cert.authority }}_{{ rowloop.index }}:
  22. x509.pem_managed:
  23. - name: /etc/ssl/certs/ca-{{ cert.authority }}.crt
  24. - text: {{ ca_cert|replace('\n', '') }}
  25. {%- endif %}
  26. {%- endfor %}
  27. {%- endfor %}
  28. {%- endif %}