| 1234567891011121314151617181920212223242526272829303132 |
- {% import 'globals.jinja' as globals -%}
- x509_signing_policies:
- deployment_client:
- - signing_private_key: /data/admin/pki/deployment/ca.key
- - signing_cert: /data/admin/pki/deployment/ca.crt
- - copypath: /data/admin/pki/deployment/issued_certs
- - prepend_cn: True
- - days_valid: 90
- - basicConstraints: "critical CA:false"
- - keyUsage: "critical keyEncipherment"
- - extendedKeyUsage: "clientAuth"
- - subjectKeyIdentifier: hash
- - authorityKeyIdentifier: keyid,issuer:always
- {%- for attr, value in pillar['global']['certificate_attributes']['deployment'].items() %}
- - {{ attr }}: {{ value }}
- {%- endfor %}
- deployment_server:
- - minions: {{ ','.join(globals.admin_hosts) }}
- - signing_private_key: /data/admin/pki/deployment/ca.key
- - signing_cert: /data/admin/pki/deployment/ca.crt
- - copypath: /data/admin/pki/deployment/issued_certs
- - prepend_cn: True
- - days_valid: 90
- - basicConstraints: "critical CA:false"
- - keyUsage: "critical keyEncipherment"
- - extendedKeyUsage: "serverAuth,clientAuth"
- - subjectKeyIdentifier: hash
- - authorityKeyIdentifier: keyid,issuer:always
- {%- for attr, value in pillar['global']['certificate_attributes']['deployment'].items() %}
- - {{ attr }}: {{ value }}
- {%- endfor %}
|
