Ales Komarek
8 years ago
2 changed files with 10 additions and 14 deletions
+ 8
- 13
salt/minion/cert.sls
View File
| {%- from "salt/map.jinja" import minion with context %} | {%- from "salt/map.jinja" import minion with context %} | ||||
| {%- if minion.enabled %} | {%- if minion.enabled %} | ||||
| include: | |||||
| - salt.minion.service | |||||
| {%- for cert_name,cert in minion.cert.iteritems() %} | |||||
| {%- for cert_name,cert in minion.get('cert', {}).iteritems() %} | |||||
| {%- set rowloop = loop %} | {%- set rowloop = loop %} | ||||
| ca_dir_{{ cert.authority }}_{{ loop.index }}: | |||||
| file.directory: | |||||
| - name: /etc/pki/cert/{{ cert.authority }} | |||||
| - makedirs: true | |||||
| /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key: | |||||
| /etc/ssl/private/{{ cert.common_name }}.key: | |||||
| x509.private_key_managed: | x509.private_key_managed: | ||||
| - bits: 4096 | - bits: 4096 | ||||
| /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.crt: | |||||
| /etc/ssl/certs/{{ cert.common_name }}.crt: | |||||
| x509.certificate_managed: | x509.certificate_managed: | ||||
| - ca_server: {{ cert.host }} | - ca_server: {{ cert.host }} | ||||
| - signing_policy: {{ cert.authority }}_{{ cert.signing_policy }} | - signing_policy: {{ cert.authority }}_{{ cert.signing_policy }} | ||||
| - public_key: /etc/pki/cert/{{ cert.authority }}/{{ cert.common_name }}.key | |||||
| - public_key: /etc/ssl/private/{{ cert.common_name }}.key | |||||
| - CN: {{ cert.common_name }} | - CN: {{ cert.common_name }} | ||||
| {%- if cert.alternative_names is defined %} | |||||
| - subjectAltName: {{ cert.alternative_names }} | |||||
| {%- endif %} | |||||
| - days_remaining: 30 | - days_remaining: 30 | ||||
| - backup: True | - backup: True | ||||
| ca_cert_{{ cert.authority }}_{{ rowloop.index }}: | ca_cert_{{ cert.authority }}_{{ rowloop.index }}: | ||||
| x509.pem_managed: | x509.pem_managed: | ||||
| - name: /etc/pki/cert/{{ cert.authority }}/ca.crt | |||||
| - name: /etc/ssl/certs/ca-{{ cert.authority }}.crt | |||||
| - text: {{ ca_cert|replace('\n', '') }} | - text: {{ ca_cert|replace('\n', '') }} | ||||
| {%- endif %} | {%- endif %} |
+ 2
- 1
tests/pillar/minion_pki_cert.sls
View File
| signing_policy: cert_server | signing_policy: cert_server | ||||
| authority: Company CA | authority: Company CA | ||||
| common_name: test.server.domain.tld | common_name: test.server.domain.tld | ||||
| alternative_names: DNS:www1.server.domain.tld,DNS:www2.server.domain.tld,IP:1.2.3.4,IP:2.3.4.5 | |||||
| test_client: | test_client: | ||||
| host: minion.with.ca | host: minion.with.ca | ||||
| signing_policy: cert_client | signing_policy: cert_client | ||||
| host: minion.with.ca | host: minion.with.ca | ||||
| signing_policy: ca_edge | signing_policy: ca_edge | ||||
| authority: Company CA | authority: Company CA | ||||
| common_name: test.ca.domain.tld | |||||
| common_name: test.ca.domain.tld |
Loading…