diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-19 11:46:40 +0300 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-26 14:24:26 +0000 |
commit | fabb0b236e1eb21378b0cd214a96681bd2b0ba4a (patch) | |
tree | ae4d51d9a455235911a10a9ff6de2812f578cfd8 /manifests/certmonger | |
parent | 8ca7a1e390ce50ac66a6861dae59bb44fbf0324a (diff) |
Change CRL refresh to run every 2 hours
The default CA issues CRLs for 4 hours by default. So we need to change
these values to reflect this, else we'll get verification issues due to
the CRL having expired before its refreshed.
However, the nextupdate value for the CRLs might not be aligned with the
cron job. And getting this alignment is not entirely trivial. So I opted
for updating every 2 hours to address this.
Change-Id: I732b400462c5cabd7c6c18c007fc9e8c87b700d3
Diffstat (limited to 'manifests/certmonger')
-rw-r--r-- | manifests/certmonger/ca/crl.pp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp index 59a3681..2454460 100644 --- a/manifests/certmonger/ca/crl.pp +++ b/manifests/certmonger/ca/crl.pp @@ -49,7 +49,7 @@ # (optional) Defaults to '0'. # # [*hour*] -# (optional) Defaults to '1'. +# (optional) Defaults to '*/2'. # # [*monthday*] # (optional) Defaults to '*'. @@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl ( $crl_preprocessed = '/etc/pki/CA/crl/overcloud-crl.bin', $crl_preprocessed_format = 'DER', $minute = '0', - $hour = '1', + $hour = '*/2', $monthday = '*', $month = '*', - $weekday = '6', + $weekday = '*', $maxdelay = 0, $reload_cmds = [], ) { |