diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-09-21 14:24:43 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-21 14:24:43 -0700 |
| commit | ee8252d536c4204b9e0c4a88d0899297caf39423 (patch) | |
| tree | 9c92bb13a285058e5b20bc76f33cb5d58c91ba9d /roles/etcd/templates | |
| parent | 505764651b3f8279ffe8881e9b26851d1dd14258 (diff) | |
| parent | 99745a04223f2ed8111b5eb4b49d2bcfec9e678f (diff) | |
| download | openshift-ee8252d536c4204b9e0c4a88d0899297caf39423.tar.gz openshift-ee8252d536c4204b9e0c4a88d0899297caf39423.tar.bz2 openshift-ee8252d536c4204b9e0c4a88d0899297caf39423.tar.xz openshift-ee8252d536c4204b9e0c4a88d0899297caf39423.zip | |
Merge pull request #5371 from ingvagabund/consolidate-etcd-certs-roles
Automatic merge from submit-queue
consolidate etcd certs roles
This is a starter for consolidation of all etcd like roles into a single `etcd` action-based role. I have intentionally started with the simplest one to demonstrate the steps needed to make it so and to make the review easy enough for everyone.
Diffstat (limited to 'roles/etcd/templates')
| -rw-r--r-- | roles/etcd/templates/openssl_append.j2 | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/etcd/templates/openssl_append.j2 b/roles/etcd/templates/openssl_append.j2 new file mode 100644 index 000000000..f28316fc2 --- /dev/null +++ b/roles/etcd/templates/openssl_append.j2 @@ -0,0 +1,51 @@ + +[ {{ etcd_req_ext }} ] +basicConstraints = critical,CA:FALSE +keyUsage = digitalSignature,keyEncipherment +subjectAltName = ${ENV::SAN} + +[ {{ etcd_ca_name }} ] +dir = {{ etcd_ca_dir }} +crl_dir = {{ etcd_ca_crl_dir }} +database = {{ etcd_ca_db }} +new_certs_dir = {{ etcd_ca_new_certs_dir }} +certificate = {{ etcd_ca_cert }} +serial = {{ etcd_ca_serial }} +private_key = {{ etcd_ca_key }} +crl_number = {{ etcd_ca_crl_number }} +x509_extensions = {{ etcd_ca_exts_client }} +default_days = {{ etcd_ca_default_days }} +default_md = sha256 +preserve = no +name_opt = ca_default +cert_opt = ca_default +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[ {{ etcd_ca_exts_self }} ] +authorityKeyIdentifier = keyid,issuer +basicConstraints = critical,CA:TRUE,pathlen:0 +keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign +subjectKeyIdentifier = hash + +[ {{ etcd_ca_exts_peer }} ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth,serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ {{ etcd_ca_exts_server }} ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ {{ etcd_ca_exts_client }} ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash |