summaryrefslogtreecommitdiffstats
path: root/inventory
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-08-11 17:37:16 -0400
committerGitHub <noreply@github.com>2016-08-11 17:37:16 -0400
commit2fcfbb350a888dfeb82913f2e043bf2fea760cd6 (patch)
treedd8141baaae3cff0dd4f048f6e2d2c959dcd8799 /inventory
parentcac26a48c10aac5ce2b27b31c3d5567f978bb72d (diff)
parent3bd5ae21adbc1d5b3e5063408e30bb5adb14ba53 (diff)
downloadopenshift-2fcfbb350a888dfeb82913f2e043bf2fea760cd6.tar.gz
openshift-2fcfbb350a888dfeb82913f2e043bf2fea760cd6.tar.bz2
openshift-2fcfbb350a888dfeb82913f2e043bf2fea760cd6.tar.xz
openshift-2fcfbb350a888dfeb82913f2e043bf2fea760cd6.zip
Merge pull request #1142 from abutcher/new-certs-who-dis
Support for redeploying certificates
Diffstat (limited to 'inventory')
-rw-r--r--inventory/byo/hosts.origin.example17
-rw-r--r--inventory/byo/hosts.ose.example16
2 files changed, 30 insertions, 3 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index fd6699ac1..8e7883f3b 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -343,7 +343,6 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
#osm_cluster_network_cidr=10.1.0.0/16
#openshift_portal_net=172.30.0.0/16
-
# Configure number of bits to allocate to each host’s subnet e.g. 8
# would mean a /24 network on the host.
#osm_host_subnet_length=8
@@ -355,7 +354,21 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# set RPM version for debugging purposes
#openshift_pkg_version=-1.1
-# Configure custom named certificates
+# Configure custom ca certificate
+#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'}
+#
+# NOTE: CA certificate will not be replaced with existing clusters.
+# This option may only be specified when creating a new cluster or
+# when redeploying cluster certificates with the redeploy-certificates
+# playbook. If replacing the CA certificate in an existing cluster
+# with a custom ca certificate, the following variable must also be
+# set.
+#openshift_certificates_redeploy_ca=true
+
+# Configure custom named certificates (SNI certificates)
+#
+# https://docs.openshift.org/latest/install_config/certificate_customization.html
+#
# NOTE: openshift_master_named_certificates is cached on masters and is an
# additive fact, meaning that each run with a different set of certificates
# will add the newly provided certificates to the cached set of certificates.
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 323e385c0..7e3d68e92 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -349,7 +349,21 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
# set RPM version for debugging purposes
#openshift_pkg_version=-3.1.0.0
-# Configure custom named certificates
+# Configure custom ca certificate
+#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'}
+#
+# NOTE: CA certificate will not be replaced with existing clusters.
+# This option may only be specified when creating a new cluster or
+# when redeploying cluster certificates with the redeploy-certificates
+# playbook. If replacing the CA certificate in an existing cluster
+# with a custom ca certificate, the following variable must also be
+# set.
+#openshift_certificates_redeploy_ca=true
+
+# Configure custom named certificates (SNI certificates)
+#
+# https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html
+#
# NOTE: openshift_master_named_certificates is cached on masters and is an
# additive fact, meaning that each run with a different set of certificates
# will add the newly provided certificates to the cached set of certificates.