chaos/salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pki management

Browse Source
This commit is contained in:
do
2020-04-02 16:18:18 +02:00
parent 0a74735ba9
commit 393c48b4cb
7 changed files with 120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
base/pki/ca.sls Normal file
View File

@@ -0,0 +1,51 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
salt-minion:
service.running:
- enable: True
- listen:
- file: /etc/salt/minion.d/signing_policies.conf
/etc/salt/minion.d/signing_policies.conf:
file.managed:
- source: salt://base/pki/signing_policies.conf
/etc/pki/issued_certs:
file.directory
/etc/pki/ca.key:
x509.private_key_managed:
- bits: 4096
- backup: True
- require:
- file: /etc/pki
/etc/pki/ca.crt:
x509.certificate_managed:
- signing_private_key: /etc/pki/ca.key
- CN: tumor.chaos
- C: DE
- ST: Berlin
- L: Berlin
- basicConstraints: "critical CA:true"
- keyUsage: "critical cRLSign, keyCertSign"
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: 3650
- days_remaining: 0
- backup: True
- require:
- file: /etc/pki
- x509: /etc/pki/ca.key
mine.send:
module.run:
- func: x509.get_pem_entries
- kwargs:
glob_path: /etc/pki/ca.crt
- onchanges:
- x509: /etc/pki/ca.crt