summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorMartin Eggen <meggen@redhat.com>2017-03-08 16:37:43 +0100
committerMartin Eggen <meggen@redhat.com>2017-03-09 14:41:27 +0100
commit91065cc31b9025c44c3b4a9cfcddac4711898e82 (patch)
tree7e6a1d085d5ceb70deaf665d032ea1c609def332 /roles
parentb551ba3afbe6bf2b4888bd62dc0f5a837edadb67 (diff)
downloadopenshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.gz
openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.bz2
openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.tar.xz
openshift-91065cc31b9025c44c3b4a9cfcddac4711898e82.zip
Allow overriding minTLSVersion and cipherSuites
Add parameters to allow overriding minTLSVersion and cipherSuites in master and node servingInfo config stanzas.
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j218
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j29
2 files changed, 27 insertions, 0 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index aec48386e..938ac2a12 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -35,6 +35,15 @@ assetConfig:
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
{% if openshift_master_ha | bool %}
{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
@@ -256,5 +265,14 @@ servingInfo:
{% endfor %}
{% endfor %}
{% endif %}
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
volumeConfig:
dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index d3c3feb68..f2f929232 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -40,6 +40,15 @@ servingInfo:
certFile: server.crt
clientCA: ca.crt
keyFile: server.key
+{% if openshift_node_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_node_min_tls_version }}
+{% endif %}
+{% if openshift_node_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_node_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
proxyArguments:
proxy-mode: