summaryrefslogtreecommitdiffstats
path: root/roles/openshift_ca/tasks
diff options
context:
space:
mode:
authorSlava Semushin <vsemushi@redhat.com>2017-03-06 19:45:47 +0100
committerSlava Semushin <vsemushi@redhat.com>2017-03-29 15:50:09 +0200
commit5ae588b6d6d2898620bb64b48426c6b8da26cc2f (patch)
tree40c502661a860a7d3bb87200e068dd6e2ffd6983 /roles/openshift_ca/tasks
parentc5da9d90c4c615a68f6eb2e988b24d6ab680993d (diff)
downloadopenshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.gz
openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.bz2
openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.tar.xz
openshift-5ae588b6d6d2898620bb64b48426c6b8da26cc2f.zip
openshift_ca: add openshift_ca_cert_expire_days and openshift_master_cert_expire_days parameters.
Diffstat (limited to 'roles/openshift_ca/tasks')
-rw-r--r--roles/openshift_ca/tasks/main.yml6
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 70c2a9121..3b17d9ed6 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -88,7 +88,7 @@
# This should NOT replace the CA due to --overwrite=false when a CA already exists.
- name: Create the master certificates if they do not already exist
command: >
- {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs
+ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-master-certs
{% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
--certificate-authority {{ named_ca_certificate }}
{% endfor %}
@@ -99,6 +99,10 @@
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_ca_config_dir }}
+ {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %}
+ --expire-days={{ openshift_master_cert_expire_days }}
+ --signer-expire-days={{ openshift_ca_cert_expire_days }}
+ {% endif %}
--overwrite=false
when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool
delegate_to: "{{ openshift_ca_host }}"