chaos/salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2025-11-20. You can view files and clone it, but cannot push or open issues or pull requests.
Files
4bc4e384d97e44752831aabf6d366f9c5734042a
salt-master/base/pki/host.sls
do 5a9b09a0bc salt master stuff and CA move
2022-10-24 13:45:40 +02:00

48 lines
1.0 KiB
YAML
Raw Blame History

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
/etc/pki/private.key:
x509.private_key_managed:
- bits: 4096
- backup: True
- require:
- file: /etc/pki
/etc/pki/public.crt:
x509.certificate_managed:
- ca_server: salt.chaos
- signing_policy: host
- public_key: /etc/pki/private.key
- CN: {{ grains['fqdn'] }}
- subjectAltName: 'DNS:{{ grains['fqdn'] }}'
- days_remaining: 5
- backup: True
- require:
- x509: /etc/pki/private.key
{% for cn in salt['pillar.get']('pki:cns',{}) %}
/etc/pki/{{ cn }}.crt:
x509.certificate_managed:
- ca_server: salt.chaos
- signing_policy: host
- public_key: /etc/pki/private.key
- days_remaining: 5
- backup: False
- CN: {{ grains['fqdn'] }}
- subjectAltName: 'DNS:{{ cn }}'
- require:
- x509: /etc/pki/private.key
/etc/pki/chain/{{ cn }}.pem:
file:
- append
- sources:
- /etc/pki/{{ cn }}.crt
- /etc/pki/intca.crt
- require:
- file: /etc/pki/chain
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink