openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter.

author: Slava Semushin <vsemushi@redhat.com> 2017-03-08 17:43:04 +0100
committer: Slava Semushin <vsemushi@redhat.com> 2017-03-29 15:50:09 +0200
commit: cf7eef7c36dcc614a2198a0ce123bd7b6e990f21 (patch)
tree: 585710bfb99ec89cf1586305f2794ea1f0960854 /roles/openshift_hosted
parent: f2f67133c5a8c68c2a7a28b146f7cb9786ba48d0 (diff)
download: openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.gz
openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.bz2
openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.xz
openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.zip
3 files changed, 3 insertions, 0 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md
index 328f800bf..6d576df71 100644
--- a/roles/openshift_hosted/README.md
+++ b/roles/openshift_hosted/README.md
@@ -26,6 +26,7 @@ From this role:
 | openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on.                                                                             |
 | openshift_hosted_registry_replicas    | Number of nodes matching selector        | The number of replicas to configure.                                                                                     |
 | openshift_hosted_registry_selector    | region=infra                             | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. |
+| openshift_hosted_registry_cert_expire_days | `730` (2 years)                     | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later.                             |
 
 Dependencies
 ------------
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 32bcd8d08..d73f339f7 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -28,3 +28,4 @@ openshift_hosted_routers:
 
 
 openshift_hosted_router_certificates: {}
+openshift_hosted_registry_cert_expire_days: 730
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index f9ea2ebeb..8a159bf73 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -57,6 +57,7 @@
     - "{{ docker_registry_route_hostname }}"
     cert: "{{ openshift_master_config_dir }}/registry.crt"
     key: "{{ openshift_master_config_dir }}/registry.key"
+    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}"
   register: server_cert_out
 
 - name: Create the secret for the registry certificates
author	Slava Semushin <vsemushi@redhat.com>	2017-03-08 17:43:04 +0100
committer	Slava Semushin <vsemushi@redhat.com>	2017-03-29 15:50:09 +0200
commit	cf7eef7c36dcc614a2198a0ce123bd7b6e990f21 (patch)
tree	585710bfb99ec89cf1586305f2794ea1f0960854 /roles/openshift_hosted
parent	f2f67133c5a8c68c2a7a28b146f7cb9786ba48d0 (diff)
download	openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.gz openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.bz2 openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.tar.xz openshift-cf7eef7c36dcc614a2198a0ce123bd7b6e990f21.zip