roles/pki-cert/defaults/main.yml - platform-install - Gitiles

 ---
 # Copyright 2017-present Open Networking Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # pki-cert/defaults/main.yml

 pki_dir: "{{ playbook_dir }}/pki"

 # client/server cert parameters
 cert_size: 2048
 cert_digest: "sha256"
 cert_days: 365

 # site names
 site_name: placeholder-sitename
 site_humanname: "Placeholder Site HumanName"
 site_suffix: "{{ site_name }}.test"

 # Default subject prefix
 ssl_cert_subj_prefix: "/C=US/ST=California/L=Menlo Park/O=ON.Lab/OU={{ site_humanname }} Deployment"

 # lists of certificates to create
 server_certs:
   - cn: "keystone.{{ site_suffix }}"
     subj: "{{ ssl_cert_subj_prefix }}/CN=keystone.{{ site_suffix }}"
     altnames:
       - "DNS:keystone.{{ site_suffix }}"
       - "DNS:keystone"
   - cn: "xos-core.{{ site_suffix }}"
     subj: "{{ ssl_cert_subj_prefix }}/CN=xos-core.{{ site_suffix }}"
     altnames:
       - "DNS:xos-core.{{ site_suffix }}"
       - "DNS:xos-core"

 # secure docker registry on head node
   - cn: "docker-registry.{{ site_suffix }}"
     subj: "{{ ssl_cert_subj_prefix }}/CN=docker-registry.{{ site_suffix }}"
     altnames:
       - "DNS:docker-registry.{{ site_suffix }}"
       - "DNS:docker-registry"
       - "DNS:registry.{{ site_suffix }}"
       - "DNS:registry"

 client_certs:
   - cn: "dockerclient"
     subj: "{{ ssl_cert_subj_prefix }}/CN=dockerclient"
     altnames:
       - "email:dockerclient@{{ site_suffix }}"
   - cn: "dockerbuildhost"
     subj: "{{ ssl_cert_subj_prefix }}/CN=dockerbuildhost"
     altnames:
       - "email:dockerbuildhost@{{ site_suffix }}"
	---
	# Copyright 2017-present Open Networking Foundation
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# pki-cert/defaults/main.yml

	pki_dir: "{{ playbook_dir }}/pki"

	# client/server cert parameters
	cert_size: 2048
	cert_digest: "sha256"
	cert_days: 365

	# site names
	site_name: placeholder-sitename
	site_humanname: "Placeholder Site HumanName"
	site_suffix: "{{ site_name }}.test"

	# Default subject prefix
	ssl_cert_subj_prefix: "/C=US/ST=California/L=Menlo Park/O=ON.Lab/OU={{ site_humanname }} Deployment"

	# lists of certificates to create
	server_certs:
	- cn: "keystone.{{ site_suffix }}"
	subj: "{{ ssl_cert_subj_prefix }}/CN=keystone.{{ site_suffix }}"
	altnames:
	- "DNS:keystone.{{ site_suffix }}"
	- "DNS:keystone"
	- cn: "xos-core.{{ site_suffix }}"
	subj: "{{ ssl_cert_subj_prefix }}/CN=xos-core.{{ site_suffix }}"
	altnames:
	- "DNS:xos-core.{{ site_suffix }}"
	- "DNS:xos-core"

	# secure docker registry on head node
	- cn: "docker-registry.{{ site_suffix }}"
	subj: "{{ ssl_cert_subj_prefix }}/CN=docker-registry.{{ site_suffix }}"
	altnames:
	- "DNS:docker-registry.{{ site_suffix }}"
	- "DNS:docker-registry"
	- "DNS:registry.{{ site_suffix }}"
	- "DNS:registry"

	client_certs:
	- cn: "dockerclient"
	subj: "{{ ssl_cert_subj_prefix }}/CN=dockerclient"
	altnames:
	- "email:dockerclient@{{ site_suffix }}"
	- cn: "dockerbuildhost"
	subj: "{{ ssl_cert_subj_prefix }}/CN=dockerbuildhost"
	altnames:
	- "email:dockerbuildhost@{{ site_suffix }}"