intca in /etc/pki and multiple CNS

2021-02-11 23:12:37 +01:00
parent 20b4ef9d72
commit db72f1aabf
2 changed files with 19 additions and 4 deletions
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -15,7 +15,22 @@
    - signing_policy: host
    - public_key: /etc/pki/private.key
    - CN: {{ grains['fqdn'] }} 
-    - days_remaining: 30
+    - days_remaining: 90
    - backup: True
    - require:
      - x509: /etc/pki/private.key
+      
+{% for cn in salt['pillar.get']('pki:cns',{}) %}
+
+/etc/pki/{{ cn }}.crt:
+  x509.certificate_managed:
+    - ca_server: tumor.chaos 
+    - signing_policy: host
+    - public_key: /etc/pki/private.key
+    - CN: {{ cn }} 
+    - days_remaining: 90
+    - backup: False
+    - require:
+      - x509: /etc/pki/private.key
+{% endfor %}
+