summaryrefslogtreecommitdiffstats
path: root/roles/etcd_ca/templates
diff options
context:
space:
mode:
authorJan Chaloupka <jchaloup@redhat.com>2017-09-14 12:10:15 +0200
committerJan Chaloupka <jchaloup@redhat.com>2017-09-18 20:16:24 +0200
commit99745a04223f2ed8111b5eb4b49d2bcfec9e678f (patch)
tree978e10f97d6e223866523e507ece55b6ff796df9 /roles/etcd_ca/templates
parent74d245fbab25d91a989fc7263ae3e8827267510c (diff)
downloadopenshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.gz
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.bz2
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.xz
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.zip
Consolidate etcd certs roles
This is a part of the etcd_ like role consolidationi into an action-based role. As part of the consilidation some roles have been removed and some replaced by include_role module. Resulting in reorder and shift of role dependencies from a role into a play.
Diffstat (limited to 'roles/etcd_ca/templates')
-rw-r--r--roles/etcd_ca/templates/openssl_append.j251
1 files changed, 0 insertions, 51 deletions
diff --git a/roles/etcd_ca/templates/openssl_append.j2 b/roles/etcd_ca/templates/openssl_append.j2
deleted file mode 100644
index f28316fc2..000000000
--- a/roles/etcd_ca/templates/openssl_append.j2
+++ /dev/null
@@ -1,51 +0,0 @@
-
-[ {{ etcd_req_ext }} ]
-basicConstraints = critical,CA:FALSE
-keyUsage = digitalSignature,keyEncipherment
-subjectAltName = ${ENV::SAN}
-
-[ {{ etcd_ca_name }} ]
-dir = {{ etcd_ca_dir }}
-crl_dir = {{ etcd_ca_crl_dir }}
-database = {{ etcd_ca_db }}
-new_certs_dir = {{ etcd_ca_new_certs_dir }}
-certificate = {{ etcd_ca_cert }}
-serial = {{ etcd_ca_serial }}
-private_key = {{ etcd_ca_key }}
-crl_number = {{ etcd_ca_crl_number }}
-x509_extensions = {{ etcd_ca_exts_client }}
-default_days = {{ etcd_ca_default_days }}
-default_md = sha256
-preserve = no
-name_opt = ca_default
-cert_opt = ca_default
-policy = policy_anything
-unique_subject = no
-copy_extensions = copy
-
-[ {{ etcd_ca_exts_self }} ]
-authorityKeyIdentifier = keyid,issuer
-basicConstraints = critical,CA:TRUE,pathlen:0
-keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign
-subjectKeyIdentifier = hash
-
-[ {{ etcd_ca_exts_peer }} ]
-authorityKeyIdentifier = keyid,issuer:always
-basicConstraints = critical,CA:FALSE
-extendedKeyUsage = clientAuth,serverAuth
-keyUsage = digitalSignature,keyEncipherment
-subjectKeyIdentifier = hash
-
-[ {{ etcd_ca_exts_server }} ]
-authorityKeyIdentifier = keyid,issuer:always
-basicConstraints = critical,CA:FALSE
-extendedKeyUsage = serverAuth
-keyUsage = digitalSignature,keyEncipherment
-subjectKeyIdentifier = hash
-
-[ {{ etcd_ca_exts_client }} ]
-authorityKeyIdentifier = keyid,issuer:always
-basicConstraints = critical,CA:FALSE
-extendedKeyUsage = clientAuth
-keyUsage = digitalSignature,keyEncipherment
-subjectKeyIdentifier = hash