diff options
| author | Slava Semushin <vsemushi@redhat.com> | 2017-03-06 19:45:47 +0100 |
|---|---|---|
| committer | Slava Semushin <vsemushi@redhat.com> | 2017-03-29 15:50:09 +0200 |
| commit | 5ae588b6d6d2898620bb64b48426c6b8da26cc2f (patch) | |
| tree | 40c502661a860a7d3bb87200e068dd6e2ffd6983 /roles/openshift_ca | |
| parent | c5da9d90c4c615a68f6eb2e988b24d6ab680993d (diff) | |
| download | openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.gz openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.bz2 openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.xz openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.zip | |
openshift_ca: add openshift_ca_cert_expire_days and openshift_master_cert_expire_days parameters.
Diffstat (limited to 'roles/openshift_ca')
| -rw-r--r-- | roles/openshift_ca/README.md | 2 | ||||
| -rw-r--r-- | roles/openshift_ca/defaults/main.yml | 3 | ||||
| -rw-r--r-- | roles/openshift_ca/tasks/main.yml | 6 |
3 files changed, 10 insertions, 1 deletions
diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md index 96c9cd5f2..dfbe81c6c 100644 --- a/roles/openshift_ca/README.md +++ b/roles/openshift_ca/README.md @@ -19,6 +19,8 @@ From this role: | openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | | openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | | openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | +| openshift_master_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_ca_cert_expire_days | `1825` (5 years) | Validity of the CA certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | Dependencies ------------ diff --git a/roles/openshift_ca/defaults/main.yml b/roles/openshift_ca/defaults/main.yml new file mode 100644 index 000000000..ecfcc88b3 --- /dev/null +++ b/roles/openshift_ca/defaults/main.yml @@ -0,0 +1,3 @@ +--- +openshift_ca_cert_expire_days: 1825 +openshift_master_cert_expire_days: 730 diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 70c2a9121..3b17d9ed6 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -88,7 +88,7 @@ # This should NOT replace the CA due to --overwrite=false when a CA already exists. - name: Create the master certificates if they do not already exist command: > - {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-master-certs {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} @@ -99,6 +99,10 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_master_cert_expire_days }} + --signer-expire-days={{ openshift_ca_cert_expire_days }} + {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" |