New version of salt-formula from Saltstack
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

cert.sls 1.0KB

8 lat temu
1234567891011121314151617181920212223242526272829303132333435363738394041
  1. {%- from "salt/map.jinja" import minion with context %}
  2. {%- if minion.enabled %}
  3. include:
  4. - salt.minion.service
  5. {%- for cert_name,cert in minion.cert.iteritems() %}
  6. /etc/pki/cert/{{ cert.authority }}:
  7. file.directory:
  8. - makedirs: true
  9. /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key:
  10. x509.private_key_managed:
  11. - bits: 4096
  12. /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.crt:
  13. x509.certificate_managed:
  14. - ca_server: {{ cert.host }}
  15. - signing_policy: {{ cert.authority }}
  16. - public_key: /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key
  17. - CN: {{ cert.common_name }}
  18. - days_remaining: 30
  19. - backup: True
  20. {%- endfor %}
  21. {#
  22. /usr/local/share/ca-certificates:
  23. file.directory: []
  24. {%- for ca_path,ca in salt['mine.get']('ca', 'x509.get_pem_entries')['ca'].iteritems() %}
  25. /usr/local/share/ca-certificates/{{ ca }}.crt:
  26. x509.pem_managed:
  27. - text: {{ salt['mine.get']('ca', 'x509.get_pem_entries')['ca']['/etc/pki/ca.crt']|replace('\n', '') }}
  28. {%- endfor %}
  29. #}
  30. {%- endif %}