added rancher

salt/states/rancher/files/rancher-ca.cnf

@@ -0,0 +1,41 @@
+[ca]
+default_ca                     = CA_default
+
+[CA_default]
+default_bits                   = 2048
+x509_extensions                = v3_ca
+default_days                   = 3650
+default_md                     = default
+policy                         = policy_optional
+copy_extensions                = copy
+unique_subject                 = no
+
+[policy_optional]
+countryName                    = optional
+stateOrProvinceName            = optional
+localityName                   = optional
+organizationName               = optional
+organizationalUnitName         = optional
+commonName                     = optional
+emailAddress                   = optional
+
+###############################################
+
+[req]
+default_bits                   = 2048
+distinguished_name             = req_distinguished_name
+x509_extensions                = v3_ca
+string_mask                    = utf8only
+prompt                         = no
+
+[v3_ca]
+basicConstraints               = critical, CA:true
+nsComment                      = "Rancher CA Certificate"
+nsCertType                     = sslCA
+keyUsage                       = cRLSign, keyCertSign
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid:always,issuer
+
+###############################################
+[ req_distinguished_name ]
+CN                             = Rancher Certificate Authority

salt/states/rancher/files/rancher-proxy.conf.jinja

@@ -0,0 +1,18 @@
+server {
+    listen       443;
+    server_name  rancher.{{ pillar['network']['domain'] }};
+    ssl_certificate     /etc/rancher/ssl/rancher-server.crt;
+    ssl_certificate_key /etc/rancher/ssl/rancher-server.key;
+    location /{ 
+        proxy_pass https://localhost:6443;
+	proxy_ssl_trusted_certificate /etc/rancher/ssl/rancher-server.crt;
+	proxy_ssl_verify off;
+        proxy_set_header Host      $host:$server_port;
+    }
+}
+
+server {
+    listen 80;
+    server_name rancher.{{ pillar['network']['domain'] }};
+    return 301 https://rancher.{{ pillar['network']['domain'] }}$request_uri;
+}

salt/states/rancher/files/rancher-server.cnf.jinja

@@ -0,0 +1,29 @@
+[req]
+default_bits                   = 2048
+distinguished_name             = req_distinguished_name
+x509_extensions                = v3_server_sign
+string_mask                    = utf8only
+prompt                         = no
+req_extensions                 = v3_req
+
+[v3_server_sign]
+basicConstraints               = CA:false
+nsComment                      = "Rancher Server Certificate"
+nsCertType                     = server
+keyUsage                       = digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage               = serverAuth, clientAuth
+subjectKeyIdentifier           = hash
+authorityKeyIdentifier         = keyid,issuer:always
+subjectAltName                 = @alt_names
+
+[v3_req]
+basicConstraints               = CA:false
+keyUsage                       = digitalSignature, keyEncipherment, keyAgreement
+subjectAltName                 = @alt_names
+
+[req_distinguished_name]
+CN                             = rancher.{{ pillar['network']['domain'] }}
+
+[alt_names]
+DNS.0                          = rancher.{{ pillar['network']['domain'] }}
+IP.0                           = {{ pillar['network']['ip'] }}

salt/states/rancher/files/rancher.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Rancher podman container
+Wants=network.target
+
+[Service]
+Restart=on-failure
+ExecStart=/usr/bin/podman start -a rancher
+ExecStop=/usr/bin/podman stop -t 120 rancher
+
+[Install]
+WantedBy=multi-user.target default.target