diff options
author | Jason DeTiberus <jdetiber@redhat.com> | 2015-10-16 11:28:42 -0400 |
---|---|---|
committer | Jason DeTiberus <jdetiber@redhat.com> | 2015-11-02 21:57:43 -0500 |
commit | 02a6d993509ac395165c504dba7b92c4f2eb907c (patch) | |
tree | 0ad5c437407025500cf7aef56386e8005dcda6cd /roles/etcd_common/defaults | |
parent | fcbb48362afb6e9ed196d7833940877bbc0296ae (diff) | |
download | openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.gz openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.bz2 openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.xz openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.zip |
Fix etcd cert generation when etcd_interface is defined
- Refactor certificate generation to properly accept overrides of etcd_interface
per host and set the certificate SANS and peer URLs properly.
- Add sanity checking to user-set values of etcd_interface to provide a better
error message
Diffstat (limited to 'roles/etcd_common/defaults')
-rw-r--r-- | roles/etcd_common/defaults/main.yml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml new file mode 100644 index 000000000..96f4b63af --- /dev/null +++ b/roles/etcd_common/defaults/main.yml @@ -0,0 +1,30 @@ +--- +etcd_peers_group: etcd + +# etcd server vars +etcd_conf_dir: /etc/etcd +etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" +etcd_key_file: "{{ etcd_conf_dir }}/server.key" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key" + +# etcd ca vars +etcd_ca_dir: "{{ etcd_conf_dir}}/ca" +etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs" +etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt" +etcd_ca_key: "{{ etcd_ca_dir }}/ca.key" +etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf" +etcd_ca_name: etcd_ca +etcd_req_ext: etcd_v3_req +etcd_ca_exts_peer: etcd_v3_ca_peer +etcd_ca_exts_server: etcd_v3_ca_server +etcd_ca_exts_self: etcd_v3_ca_self +etcd_ca_exts_client: etcd_v3_ca_client +etcd_ca_crl_dir: "{{ etcd_ca_dir }}/crl" +etcd_ca_new_certs_dir: "{{ etcd_ca_dir }}/certs" +etcd_ca_db: "{{ etcd_ca_dir }}/index.txt" +etcd_ca_serial: "{{ etcd_ca_dir }}/serial" +etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber" +etcd_ca_default_days: 365 |