--- ##################### # Certificate options. ##################### octavia_certs_work_dir: "{{ node_config }}/octavia-certificates" # OpenSSL configuration file path. octavia_certs_openssl_cnf_path: openssl.cnf # For more info see: https://en.wikipedia.org/wiki/Certificate_signing_request # Country; The two-letter ISO code for the country where your organization is located octavia_certs_country: US # Province, Region, County or State octavia_certs_state: Oregon # Business name / Organization octavia_certs_organization: OpenStack # Department Name / Organizational Unit octavia_certs_organizational_unit: Octavia # Server CA. octavia_certs_server_ca_expiry: 3650 octavia_certs_server_ca_country: "{{ octavia_certs_country }}" octavia_certs_server_ca_state: "{{ octavia_certs_state }}" octavia_certs_server_ca_organization: "{{ octavia_certs_organization }}" octavia_certs_server_ca_organizational_unit: "{{ octavia_certs_organizational_unit }}" octavia_certs_server_ca_common_name: server-ca.example.org # Client CA. octavia_certs_client_ca_expiry: 3650 octavia_certs_client_ca_country: "{{ octavia_certs_country }}" octavia_certs_client_ca_state: "{{ octavia_certs_state }}" octavia_certs_client_ca_organization: "{{ octavia_certs_organization }}" octavia_certs_client_ca_organizational_unit: "{{ octavia_certs_organizational_unit }}" octavia_certs_client_ca_common_name: client-ca.example.org # Client certificate. octavia_certs_client_expiry: 365 octavia_certs_client_req_country: "{{ octavia_certs_country }}" octavia_certs_client_req_state: "{{ octavia_certs_state }}" octavia_certs_client_req_organization: "{{ octavia_certs_organization }}" octavia_certs_client_req_organizational_unit: "{{ octavia_certs_organizational_unit }}" # NOTE(yoctozepto): This should ideally be per controller, i.e. controller # generates its key&CSR and this CA signs it. octavia_certs_client_req_common_name: client.example.org # Used with command `kolla-ansible octavia-certificates --check-expiry `. octavia_certs_check_expiry: "no"