FAQ
Hi,

am trying to create SSL CA and Cert/Keys within a SLS formula but am
failing to pass the first argument to the command/function, i've tried a
couple variations of the below but no luck :

rabbitmq_ssl_dir:
   file.directory:
   - name: '/etc/rabbitmq/ssl'
   - user: root
   - group: root
   - mode: 755
   - makedirs: True

rabbitmq_create_ca:
   tls.create_ca:
     - 'rabbitmq-ca'



or

rabbitmq_create_ca:
   tls.create_ca:
     'rabbitmq-ca'

or

rabbitmq_create_ca:
   tls.create_ca:
     - ca_name: 'rabbitmq-ca'

or

rabbitmq_create_ca:
   tls.create_ca:
     - name: 'rabbitmq-ca'


Anyone got any pointers ?

Thanks!
Alex

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Valentin Bud at Jul 6, 2014 at 12:17 pm
    Hello Alex,

    I use the following states to create a CA.

    salt/minion/ca/init.sls
    --

    include:
       - python-openssl

    salt-minion_ca_config:
       file:
         - managed
         - name: /etc/salt/minion.d/ca.conf
         - source: salt://salt/minion/ca/ca.conf
         - template: jinja
         - user: root
         - group: root
         - mode: 600
         - require:
           - pkg: python-openssl

    salt/minion/ca/ca.conf
    --

    ca.cert_base_path: '/etc/pki'

    certificates/ca
    --

    include:
       - python-openssl
       - salt.minion.ca

    certificates_ca:
       module:
         - run
         - name: tls.create_ca
         - bits: 2048
         - ca_name: caname
         - days: 3650
         - CN: Root CA
         - C: RO
         - ST: Timis
         - L: Timisoara
         - O: Org
         - OU: Org Trust Network
         - emailAddress: pki@org.ro
         - require:
           - pkg: python-openssl

    Looking at the above made me realise it needs improvements,
    like storing vars in pillar and maybe others.

    Maybe it helps. I know I have read the docs a couple of time to
    get to this at the time of writing the states.

    There's no tls state, you need to use the module state to run
    modules inside states.

    Best,
    Valentin

    On Sun, Jul 6, 2014 at 1:55 PM, Alex Leonhardt wrote:

    Hi,

    am trying to create SSL CA and Cert/Keys within a SLS formula but am
    failing to pass the first argument to the command/function, i've tried a
    couple variations of the below but no luck :

    rabbitmq_ssl_dir:
    file.directory:
    - name: '/etc/rabbitmq/ssl'
    - user: root
    - group: root
    - mode: 755
    - makedirs: True

    rabbitmq_create_ca:
    tls.create_ca:
    - 'rabbitmq-ca'



    or

    rabbitmq_create_ca:
    tls.create_ca:
    'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - ca_name: 'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - name: 'rabbitmq-ca'


    Anyone got any pointers ?

    Thanks!
    Alex

    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.


    --
    Valentin Bud
    http://databus.pro | valentin@databus.pro

    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Alex Leonhardt at Jul 6, 2014 at 1:14 pm
    Great thanks Valentin, I'll have a go :)

    Cheers!
    Alex

    On 6 July 2014 13:17, Valentin Bud wrote:

    Hello Alex,

    I use the following states to create a CA.

    salt/minion/ca/init.sls
    --

    include:
    - python-openssl

    salt-minion_ca_config:
    file:
    - managed
    - name: /etc/salt/minion.d/ca.conf
    - source: salt://salt/minion/ca/ca.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 600
    - require:
    - pkg: python-openssl

    salt/minion/ca/ca.conf
    --

    ca.cert_base_path: '/etc/pki'

    certificates/ca
    --

    include:
    - python-openssl
    - salt.minion.ca

    certificates_ca:
    module:
    - run
    - name: tls.create_ca
    - bits: 2048
    - ca_name: caname
    - days: 3650
    - CN: Root CA
    - C: RO
    - ST: Timis
    - L: Timisoara
    - O: Org
    - OU: Org Trust Network
    - emailAddress: pki@org.ro
    - require:
    - pkg: python-openssl

    Looking at the above made me realise it needs improvements,
    like storing vars in pillar and maybe others.

    Maybe it helps. I know I have read the docs a couple of time to
    get to this at the time of writing the states.

    There's no tls state, you need to use the module state to run
    modules inside states.

    Best,
    Valentin

    On Sun, Jul 6, 2014 at 1:55 PM, Alex Leonhardt wrote:

    Hi,

    am trying to create SSL CA and Cert/Keys within a SLS formula but am
    failing to pass the first argument to the command/function, i've tried a
    couple variations of the below but no luck :

    rabbitmq_ssl_dir:
    file.directory:
    - name: '/etc/rabbitmq/ssl'
    - user: root
    - group: root
    - mode: 755
    - makedirs: True

    rabbitmq_create_ca:
    tls.create_ca:
    - 'rabbitmq-ca'



    or

    rabbitmq_create_ca:
    tls.create_ca:
    'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - ca_name: 'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - name: 'rabbitmq-ca'


    Anyone got any pointers ?

    Thanks!
    Alex

    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.


    --
    Valentin Bud
    http://databus.pro | valentin@databus.pro

    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Daniel Jagszent at Jul 7, 2014 at 11:45 pm
    Hi Alex,

    maybe this thread
    https://groups.google.com/forum/#!topic/salt-users/D1WRJPaE284 will
    help. In it there are two ways sketched out to securly distribute
    certificates, private keys and the CA certificate to the minons.

    Alex Leonhardt wrote:
    Great thanks Valentin, I'll have a go :)

    Cheers!
    Alex


    On 6 July 2014 13:17, Valentin Bud wrote:

    Hello Alex,

    I use the following states to create a CA.

    salt/minion/ca/init.sls
    --

    include:
    - python-openssl

    salt-minion_ca_config:
    file:
    - managed
    - name: /etc/salt/minion.d/ca.conf
    - source: salt://salt/minion/ca/ca.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 600
    - require:
    - pkg: python-openssl

    salt/minion/ca/ca.conf
    --

    ca.cert_base_path: '/etc/pki'

    certificates/ca
    --

    include:
    - python-openssl
    - salt.minion.ca <http://salt.minion.ca>

    certificates_ca:
    module:
    - run
    - name: tls.create_ca
    - bits: 2048
    - ca_name: caname
    - days: 3650
    - CN: Root CA
    - C: RO
    - ST: Timis
    - L: Timisoara
    - O: Org
    - OU: Org Trust Network
    - emailAddress: pki@org.ro - require:
    - pkg: python-openssl

    Looking at the above made me realise it needs improvements,
    like storing vars in pillar and maybe others.

    Maybe it helps. I know I have read the docs a couple of time to
    get to this at the time of writing the states.

    There's no tls state, you need to use the module state to run
    modules inside states.

    Best,
    Valentin


    On Sun, Jul 6, 2014 at 1:55 PM, Alex Leonhardt
    wrote:

    Hi,

    am trying to create SSL CA and Cert/Keys within a SLS formula
    but am failing to pass the first argument to the
    command/function, i've tried a couple variations of the below
    but no luck :

    rabbitmq_ssl_dir:
    file.directory:
    - name: '/etc/rabbitmq/ssl'
    - user: root
    - group: root
    - mode: 755
    - makedirs: True

    rabbitmq_create_ca:
    tls.create_ca:
    - 'rabbitmq-ca'




    or

    rabbitmq_create_ca:
    tls.create_ca:
    'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - ca_name: 'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - name: 'rabbitmq-ca'


    Anyone got any pointers ?

    Thanks!
    Alex

    --
    You received this message because you are subscribed to the
    Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from
    it, send an email to salt-users+unsubscribe@googlegroups.com
    For more options, visit https://groups.google.com/d/optout.




    --
    Valentin Bud
    http://databus.pro | valentin@databus.pro
    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it,
    send an email to salt-users+unsubscribe@googlegroups.com
    For more options, visit https://groups.google.com/d/optout.


    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to salt-users+unsubscribe@googlegroups.com
    For more options, visit https://groups.google.com/d/optout.
  • Alex Leonhardt at Jul 8, 2014 at 6:18 am
    Thanks a lot Daniel, that's brilliant! Ext pillars are probably sufficient
    for me :) .. Thanks!
    Alex
      On 8 Jul 2014 00:45, "Daniel Jagszent" wrote:

    Hi Alex,

    maybe this thread
    https://groups.google.com/forum/#!topic/salt-users/D1WRJPaE284 will help.
    In it there are two ways sketched out to securly distribute certificates,
    private keys and the CA certificate to the minons.

    Alex Leonhardt wrote:

    Great thanks Valentin, I'll have a go :)

    Cheers!
    Alex

    On 6 July 2014 13:17, Valentin Bud wrote:

    Hello Alex,

    I use the following states to create a CA.

    salt/minion/ca/init.sls
    --

    include:
    - python-openssl

    salt-minion_ca_config:
    file:
    - managed
    - name: /etc/salt/minion.d/ca.conf
    - source: salt://salt/minion/ca/ca.conf
    - template: jinja
    - user: root
    - group: root
    - mode: 600
    - require:
    - pkg: python-openssl

    salt/minion/ca/ca.conf
    --

    ca.cert_base_path: '/etc/pki'

    certificates/ca
    --

    include:
    - python-openssl
    - salt.minion.ca

    certificates_ca:
    module:
    - run
    - name: tls.create_ca
    - bits: 2048
    - ca_name: caname
    - days: 3650
    - CN: Root CA
    - C: RO
    - ST: Timis
    - L: Timisoara
    - O: Org
    - OU: Org Trust Network
    - emailAddress: pki@org.ro
    - require:
    - pkg: python-openssl

    Looking at the above made me realise it needs improvements,
    like storing vars in pillar and maybe others.

    Maybe it helps. I know I have read the docs a couple of time to
    get to this at the time of writing the states.

    There's no tls state, you need to use the module state to run
    modules inside states.

    Best,
    Valentin


    On Sun, Jul 6, 2014 at 1:55 PM, Alex Leonhardt <aleonhardt.py@gmail.com>
    wrote:
    Hi,

    am trying to create SSL CA and Cert/Keys within a SLS formula but am
    failing to pass the first argument to the command/function, i've tried a
    couple variations of the below but no luck :

    rabbitmq_ssl_dir:
    file.directory:
    - name: '/etc/rabbitmq/ssl'
    - user: root
    - group: root
    - mode: 755
    - makedirs: True

    rabbitmq_create_ca:
    tls.create_ca:
    - 'rabbitmq-ca'



    or

    rabbitmq_create_ca:
    tls.create_ca:
    'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - ca_name: 'rabbitmq-ca'

    or

    rabbitmq_create_ca:
    tls.create_ca:
    - name: 'rabbitmq-ca'


    Anyone got any pointers ?

    Thanks!
    Alex

    --
    You received this message because you are subscribed to the Google
    Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.


    --
    Valentin Bud
    http://databus.pro | valentin@databus.pro
    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups
    "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupsalt-users @
postedJul 6, '14 at 10:55a
activeJul 8, '14 at 6:18a
posts5
users3

People

Translate

site design / logo © 2022 Grokbase