Hello,
thank you, the playbook seems to work well.
However, I don't want to keep track of cert expiry dates and since those certs
are self-signed I'm going to modify the playbook to issue the certs for 30
years (which should exceed the life of the cluster).
To me it seems like there is no reason whatsoever to replace those certs every
2 years. Or am I missing something?
Regards
v
Am 2016-10-11 um 15:46 schrieb Pep Turro Mauri:
On 11 October 2016 at 11:40, v <vekt...@gmx.net <mailto:vekt...@gmx.net>> wrote:
Hello,
our first cluster is nearly 1 year old
Happy birthday! :)
and many certificates on the master are going to expire soon. Is there a
guide on how to update them? What do we need to do to make sure our cluster
doesn't just cease working on the 22nd of October?
There's an ansible playbook that should help here:
https://docs.openshift.org/latest/install_config/redeploying_certificates.html
pep
Regards
v
$ openssl x509 -enddate -noout -in XYZ
/etc/origin/master/admin.crt
notAfter=Oct 22 07:03:34 2016 GMT
/etc/origin/master/ca-bundle.crt
notAfter=Oct 22 07:03:31 2016 GMT
/etc/origin/master/ca.crt
notAfter=Oct 22 07:03:31 2016 GMT
/etc/origin/master/master.etcd-client.crt
notAfter=Oct 22 07:03:33 2016 GMT
/etc/origin/master/master.kubelet-client.crt
notAfter=Oct 22 07:03:33 2016 GMT
/etc/origin/master/openshift-master.crt
notAfter=Oct 22 07:03:32 2016 GMT
/etc/origin/master/openshift-registry.crt
notAfter=Oct 22 07:03:35 2016 GMT
/etc/origin/master/openshift-router.crt
notAfter=Oct 22 07:03:35 2016 GMT
_______________________________________________
users mailing list
users@lists.openshift.redhat.com <mailto:users@lists.openshift.redhat.com>
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
<http://lists.openshift.redhat.com/openshiftmm/listinfo/users>
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users