Re: Cluster-Birthday: 1 year old, many certificates expiring - how to update?

Wed, 12 Oct 2016 05:39:12 -0700 

Hello,

thank you, the playbook seems to work well.

However, I don't want to keep track of cert expiry dates and since those certs 
are self-signed I'm going to modify the playbook to issue the certs for 30 
years (which should exceed the life of the cluster).

To me it seems like there is no reason whatsoever to replace those certs every 
2 years. Or am I missing something?

Regards
v


Am 2016-10-11 um 15:46 schrieb Pep Turro Mauri:



On 11 October 2016 at 11:40, v <vekt...@gmx.net <mailto:vekt...@gmx.net>> wrote:

    Hello,
our first cluster is nearly 1 year old 

Happy birthday! :)

    and many certificates on the master are going to expire soon. Is there a 
guide on how to update them? What do we need to do to make sure our cluster 
doesn't just cease working on the 22nd of October?


There's an ansible playbook that should help here: 
https://docs.openshift.org/latest/install_config/redeploying_certificates.html

pep


    Regards
    v

    $ openssl x509 -enddate -noout -in XYZ

    /etc/origin/master/admin.crt
    notAfter=Oct 22 07:03:34 2016 GMT

    /etc/origin/master/ca-bundle.crt
    notAfter=Oct 22 07:03:31 2016 GMT

    /etc/origin/master/ca.crt
    notAfter=Oct 22 07:03:31 2016 GMT

    /etc/origin/master/master.etcd-client.crt
    notAfter=Oct 22 07:03:33 2016 GMT

    /etc/origin/master/master.kubelet-client.crt
    notAfter=Oct 22 07:03:33 2016 GMT

    /etc/origin/master/openshift-master.crt
    notAfter=Oct 22 07:03:32 2016 GMT

    /etc/origin/master/openshift-registry.crt
    notAfter=Oct 22 07:03:35 2016 GMT

    /etc/origin/master/openshift-router.crt
    notAfter=Oct 22 07:03:35 2016 GMT

    _______________________________________________
    users mailing list
    users@lists.openshift.redhat.com <mailto:users@lists.openshift.redhat.com>
    http://lists.openshift.redhat.com/openshiftmm/listinfo/users 
<http://lists.openshift.redhat.com/openshiftmm/listinfo/users>




_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to