From 6257b3d3857aaadb53fc932c5b6bc4b91cb3bf78 Mon Sep 17 00:00:00 2001
From: Theo Chatzimichos <tampakrap@opensuse.org>
Date: Sep 11 2017 12:24:06 +0000
Subject: Add login role to daffy


use tls_certreq allow instead of "demand" that we have on all the other
machines, because daffy connects to the ldap server in provo, which is a
cluster address and has certificate mismatch

https://progress.opensuse.org/issues/25154

---

diff --git a/pillar/id/daffy_infra_opensuse_org.sls b/pillar/id/daffy_infra_opensuse_org.sls
index 2b4e48f..fb1c8c4 100644
--- a/pillar/id/daffy_infra_opensuse_org.sls
+++ b/pillar/id/daffy_infra_opensuse_org.sls
@@ -1,5 +1,7 @@
 grains:
   city: nuremberg
   country: de
+  role:
+    - login
   salt_cluster: opensuse
   virt_cluster: atreju
diff --git a/pillar/role/login.sls b/pillar/role/login.sls
new file mode 100644
index 0000000..d000511
--- /dev/null
+++ b/pillar/role/login.sls
@@ -0,0 +1,2 @@
+openldap:
+  tls_reqcert: allow
diff --git a/salt/role/login.sls b/salt/role/login.sls
new file mode 100644
index 0000000..792d600
--- /dev/null
+++ b/salt/role/login.sls
@@ -0,0 +1 @@
+#