ExternalMirrors
/
salt-formula
mirror of https://github.com/salt-formulas/salt-formula-salt
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 7 Wiki Activity
New version of salt-formula from Saltstack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 Commits
26 Branches
Branch: fix/force_symlinks
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fix/force_symlinks'
${ noResults }
salt-formula/salt/minion/ca.sls

61 lines
1.5KB
Raw Permalink Blame History 

  1. {%- from "salt/map.jinja" import minion with context %}

  2. {%- if minion.enabled %}

  3. 

  4. include:

  5. - salt.minion.service

  6. 

  7. {%- for ca_name,ca in minion.ca.iteritems() %}

  8. 

  9. /etc/pki/ca/{{ ca_name }}/certs:

  10.   file.directory:

  11.   - makedirs: true

  12. 

  13. /etc/pki/ca/{{ ca_name }}/ca.key:

  14.   x509.private_key_managed:

  15.   - bits: 4096

  16.   - backup: True

  17.   - require:

  18.     - file: /etc/pki/ca/{{ ca_name }}/certs

  19. 

  20. /etc/pki/ca/{{ ca_name }}/ca.crt:

  21.   x509.certificate_managed:

  22.   - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key

  23.   - CN: "{{ ca.common_name }}"

  24.   {%- if ca.country is defined %}

  25.   - C: {{ ca.country }}

  26.   {%- endif %}

  27.   {%- if ca.state is defined %}

  28.   - ST: {{ ca.state }}

  29.   {%- endif %}

  30.   {%- if ca.locality is defined %}

  31.   - L: {{ ca.locality }}

  32.   {%- endif %}

  33.   {%- if ca.organization is defined %}

  34.   - O: {{ ca.organization }}

  35.   {%- endif %}

  36.   {%- if ca.organization_unit is defined %}

  37.   - OU: {{ ca.organization_unit }}

  38.   {%- endif %}

  39.   - basicConstraints: "critical,CA:TRUE"

  40.   - keyUsage: "critical,cRLSign,keyCertSign"

  41.   - subjectKeyIdentifier: hash

  42.   - authorityKeyIdentifier: keyid,issuer:always

  43.   - days_valid: {{ ca.days_valid.authority }}

  44.   - days_remaining: 0

  45.   - backup: True

  46.   - require:

  47.     - x509: /etc/pki/ca/{{ ca_name }}/ca.key

  48. 

  49. salt_system_ca_mine_send_ca_{{ ca_name }}:

  50.   module.run:

  51.   - name: mine.send

  52.   - func: x509.get_pem_entries

  53.   - kwargs:

  54.       glob_path: /etc/pki/ca/{{ ca_name }}/ca.crt

  55.   - require:

  56.     - x509: /etc/pki/ca/{{ ca_name }}/ca.crt

  57. 

  58. {%- endfor %}

  59. 

  60. {%- endif %}