Consolidate etcd certs roles

This is a part of the etcd_ like role consolidationi into an action-based role. As part of the consilidation some roles have been removed and some replaced by include_role module. Resulting in reorder and shift of role dependencies from a role into a play.
author: Jan Chaloupka <jchaloup@redhat.com> 2017-09-14 12:10:15 +0200
committer: Jan Chaloupka <jchaloup@redhat.com> 2017-09-18 20:16:24 +0200
commit: 99745a04223f2ed8111b5eb4b49d2bcfec9e678f (patch)
tree: 978e10f97d6e223866523e507ece55b6ff796df9 /roles/etcd/templates
parent: 74d245fbab25d91a989fc7263ae3e8827267510c (diff)
download: openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.gz
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.bz2
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.xz
openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/roles/etcd/templates/openssl_append.j2 b/roles/etcd/templates/openssl_append.j2
new file mode 100644
index 000000000..f28316fc2
--- /dev/null
+++ b/roles/etcd/templates/openssl_append.j2
@@ -0,0 +1,51 @@
+
+[ {{ etcd_req_ext }} ]
+basicConstraints = critical,CA:FALSE
+keyUsage         = digitalSignature,keyEncipherment
+subjectAltName   = ${ENV::SAN}
+
+[ {{ etcd_ca_name }} ]
+dir             = {{ etcd_ca_dir }}
+crl_dir         = {{ etcd_ca_crl_dir }}
+database        = {{ etcd_ca_db }}
+new_certs_dir   = {{ etcd_ca_new_certs_dir }}
+certificate     = {{ etcd_ca_cert }}
+serial          = {{ etcd_ca_serial }}
+private_key     = {{ etcd_ca_key }}
+crl_number      = {{ etcd_ca_crl_number }}
+x509_extensions = {{ etcd_ca_exts_client }}
+default_days    = {{ etcd_ca_default_days }}
+default_md      = sha256
+preserve        = no
+name_opt        = ca_default
+cert_opt        = ca_default
+policy          = policy_anything
+unique_subject  = no
+copy_extensions = copy
+
+[ {{ etcd_ca_exts_self }} ]
+authorityKeyIdentifier = keyid,issuer
+basicConstraints       = critical,CA:TRUE,pathlen:0
+keyUsage               = critical,digitalSignature,keyEncipherment,keyCertSign
+subjectKeyIdentifier   = hash
+
+[ {{ etcd_ca_exts_peer }} ]
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints       = critical,CA:FALSE
+extendedKeyUsage       = clientAuth,serverAuth
+keyUsage               = digitalSignature,keyEncipherment
+subjectKeyIdentifier   = hash
+
+[ {{ etcd_ca_exts_server }} ]
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints       = critical,CA:FALSE
+extendedKeyUsage       = serverAuth
+keyUsage               = digitalSignature,keyEncipherment
+subjectKeyIdentifier   = hash
+
+[ {{ etcd_ca_exts_client }} ]
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints       = critical,CA:FALSE
+extendedKeyUsage       = clientAuth
+keyUsage               = digitalSignature,keyEncipherment
+subjectKeyIdentifier   = hash
author	Jan Chaloupka <jchaloup@redhat.com>	2017-09-14 12:10:15 +0200
committer	Jan Chaloupka <jchaloup@redhat.com>	2017-09-18 20:16:24 +0200
commit	99745a04223f2ed8111b5eb4b49d2bcfec9e678f (patch)
tree	978e10f97d6e223866523e507ece55b6ff796df9 /roles/etcd/templates
parent	74d245fbab25d91a989fc7263ae3e8827267510c (diff)
download	openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.gz openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.bz2 openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.xz openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.zip