diff options
author | OpenShift Bot <eparis+openshiftbot@redhat.com> | 2017-03-29 15:31:42 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-29 15:31:42 -0500 |
commit | 6f0c06028dae9b277de409f7bc7eebca5c9bd29e (patch) | |
tree | 108af18675c3d7c2d5c1856ba0d96c3d9976f5ec /roles/openshift_ca | |
parent | 403b5c5545b9b07e7a4416e5a63609512ddaa224 (diff) | |
parent | 638e4198f80e6e2705c7a5e865e7d39112d1f42a (diff) | |
download | openshift-6f0c06028dae9b277de409f7bc7eebca5c9bd29e.tar.gz openshift-6f0c06028dae9b277de409f7bc7eebca5c9bd29e.tar.bz2 openshift-6f0c06028dae9b277de409f7bc7eebca5c9bd29e.tar.xz openshift-6f0c06028dae9b277de409f7bc7eebca5c9bd29e.zip |
Merge pull request #3581 from php-coder/set_cert_expiration_date
Merged by openshift-bot
Diffstat (limited to 'roles/openshift_ca')
-rw-r--r-- | roles/openshift_ca/README.md | 2 | ||||
-rw-r--r-- | roles/openshift_ca/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_ca/tasks/main.yml | 6 |
3 files changed, 10 insertions, 1 deletions
diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md index 96c9cd5f2..dfbe81c6c 100644 --- a/roles/openshift_ca/README.md +++ b/roles/openshift_ca/README.md @@ -19,6 +19,8 @@ From this role: | openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | | openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | | openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | +| openshift_master_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_ca_cert_expire_days | `1825` (5 years) | Validity of the CA certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | Dependencies ------------ diff --git a/roles/openshift_ca/defaults/main.yml b/roles/openshift_ca/defaults/main.yml new file mode 100644 index 000000000..ecfcc88b3 --- /dev/null +++ b/roles/openshift_ca/defaults/main.yml @@ -0,0 +1,3 @@ +--- +openshift_ca_cert_expire_days: 1825 +openshift_master_cert_expire_days: 730 diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 70c2a9121..3b17d9ed6 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -88,7 +88,7 @@ # This should NOT replace the CA due to --overwrite=false when a CA already exists. - name: Create the master certificates if they do not already exist command: > - {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-master-certs {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} @@ -99,6 +99,10 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_master_cert_expire_days }} + --signer-expire-days={{ openshift_ca_cert_expire_days }} + {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" |