summaryrefslogtreecommitdiffstats
path: root/roles/etcd_common/defaults
diff options
context:
space:
mode:
authorJason DeTiberus <jdetiber@redhat.com>2015-10-16 11:28:42 -0400
committerJason DeTiberus <jdetiber@redhat.com>2015-11-02 21:57:43 -0500
commit02a6d993509ac395165c504dba7b92c4f2eb907c (patch)
tree0ad5c437407025500cf7aef56386e8005dcda6cd /roles/etcd_common/defaults
parentfcbb48362afb6e9ed196d7833940877bbc0296ae (diff)
downloadopenshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.gz
openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.bz2
openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.tar.xz
openshift-02a6d993509ac395165c504dba7b92c4f2eb907c.zip
Fix etcd cert generation when etcd_interface is defined
- Refactor certificate generation to properly accept overrides of etcd_interface per host and set the certificate SANS and peer URLs properly. - Add sanity checking to user-set values of etcd_interface to provide a better error message
Diffstat (limited to 'roles/etcd_common/defaults')
-rw-r--r--roles/etcd_common/defaults/main.yml30
1 files changed, 30 insertions, 0 deletions
diff --git a/roles/etcd_common/defaults/main.yml b/roles/etcd_common/defaults/main.yml
new file mode 100644
index 000000000..96f4b63af
--- /dev/null
+++ b/roles/etcd_common/defaults/main.yml
@@ -0,0 +1,30 @@
+---
+etcd_peers_group: etcd
+
+# etcd server vars
+etcd_conf_dir: /etc/etcd
+etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt"
+etcd_cert_file: "{{ etcd_conf_dir }}/server.crt"
+etcd_key_file: "{{ etcd_conf_dir }}/server.key"
+etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt"
+etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt"
+etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key"
+
+# etcd ca vars
+etcd_ca_dir: "{{ etcd_conf_dir}}/ca"
+etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs"
+etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt"
+etcd_ca_key: "{{ etcd_ca_dir }}/ca.key"
+etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf"
+etcd_ca_name: etcd_ca
+etcd_req_ext: etcd_v3_req
+etcd_ca_exts_peer: etcd_v3_ca_peer
+etcd_ca_exts_server: etcd_v3_ca_server
+etcd_ca_exts_self: etcd_v3_ca_self
+etcd_ca_exts_client: etcd_v3_ca_client
+etcd_ca_crl_dir: "{{ etcd_ca_dir }}/crl"
+etcd_ca_new_certs_dir: "{{ etcd_ca_dir }}/certs"
+etcd_ca_db: "{{ etcd_ca_dir }}/index.txt"
+etcd_ca_serial: "{{ etcd_ca_dir }}/serial"
+etcd_ca_crl_number: "{{ etcd_ca_dir }}/crlnumber"
+etcd_ca_default_days: 365