[CORD-717]
Install a SSL-secured docker registry on head node
Change-Id: I871073238669566b1789039d38b80180e21e6dec
diff --git a/roles/pki-cert/defaults/main.yml b/roles/pki-cert/defaults/main.yml
index e6af770..3ccdd6d 100644
--- a/roles/pki-cert/defaults/main.yml
+++ b/roles/pki-cert/defaults/main.yml
@@ -1,4 +1,4 @@
-
+---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
----
# pki-cert/defaults/main.yml
pki_dir: "{{ playbook_dir }}/pki"
@@ -45,5 +43,23 @@
- "DNS:xos-core.{{ site_suffix }}"
- "DNS:xos-core"
-client_certs: []
+# secure docker registry on head node
+ - cn: "docker-registry.{{ site_suffix }}"
+ subj: "{{ ssl_cert_subj_prefix }}/CN=docker-registry.{{ site_suffix }}"
+ altnames:
+ - "DNS:docker-registry.{{ site_suffix }}"
+ - "DNS:docker-registry"
+ - "DNS:registry.{{ site_suffix }}"
+ - "DNS:registry"
+
+client_certs:
+ - cn: "dockerclient"
+ subj: "{{ ssl_cert_subj_prefix }}/CN=dockerclient"
+ altnames:
+ - "email:dockerclient@{{ site_suffix }}"
+ - cn: "dockerbuildhost"
+ subj: "{{ ssl_cert_subj_prefix }}/CN=dockerbuildhost"
+ altnames:
+ - "email:dockerbuildhost@{{ site_suffix }}"
+