diff options
| author | Scott Dodson <sdodson@redhat.com> | 2016-08-03 13:03:46 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-03 13:03:46 -0400 |
| commit | 71bc6b9a67d83c0618ac9a786a6cb0d1abd907da (patch) | |
| tree | d6d4151be2a2e5621559f8584c3c7aa957e386aa /inventory | |
| parent | 723c1fb1d73582cd0209cdc7201231b258161555 (diff) | |
| parent | 4c66a9b62488b5e344f2e65cda6bc2ba3e0f2933 (diff) | |
| download | openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.gz openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.bz2 openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.tar.xz openshift-71bc6b9a67d83c0618ac9a786a6cb0d1abd907da.zip | |
Merge pull request #2049 from abutcher/named-certificates
Named CA Certificates
Diffstat (limited to 'inventory')
| -rw-r--r-- | inventory/byo/hosts.aep.example | 9 | ||||
| -rw-r--r-- | inventory/byo/hosts.origin.example | 9 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 9 |
3 files changed, 21 insertions, 6 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 8d2d95f8f..36e1e8825 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -345,15 +345,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # NOTE: openshift_master_named_certificates is cached on masters and is an # additive fact, meaning that each run with a different set of certificates # will add the newly provided certificates to the cached set of certificates. +# +# An optional CA may be specified for each named certificate. CAs will +# be added to the OpenShift CA bundle which allows for the named +# certificate to be served for internal cluster communication. +# # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. #openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] # # Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] # Session options #openshift_master_session_name=ssn diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index d71ed5727..115ddb824 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -353,15 +353,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # NOTE: openshift_master_named_certificates is cached on masters and is an # additive fact, meaning that each run with a different set of certificates # will add the newly provided certificates to the cached set of certificates. +# +# An optional CA may be specified for each named certificate. CAs will +# be added to the OpenShift CA bundle which allows for the named +# certificate to be served for internal cluster communication. +# # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. #openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] # # Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] # Session options #openshift_master_session_name=ssn diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index ccff97b47..b036165be 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -347,15 +347,20 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # NOTE: openshift_master_named_certificates is cached on masters and is an # additive fact, meaning that each run with a different set of certificates # will add the newly provided certificates to the cached set of certificates. +# +# An optional CA may be specified for each named certificate. CAs will +# be added to the OpenShift CA bundle which allows for the named +# certificate to be served for internal cluster communication. +# # If you would like openshift_master_named_certificates to be overwritten with # the provided value, specify openshift_master_overwrite_named_certificates. #openshift_master_overwrite_named_certificates=true # # Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key"}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] # # Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"]}] +#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] # Session options #openshift_master_session_name=ssn |