From fabb0b236e1eb21378b0cd214a96681bd2b0ba4a Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 19 Jun 2017 11:46:40 +0300
Subject: Change CRL refresh to run every 2 hours

The default CA issues CRLs for 4 hours by default. So we need to change
these values to reflect this, else we'll get verification issues due to
the CRL having expired before its refreshed.

However, the nextupdate value for the CRLs might not be aligned with the
cron job. And getting this alignment is not entirely trivial. So I opted
for updating every 2 hours to address this.

Change-Id: I732b400462c5cabd7c6c18c007fc9e8c87b700d3
---
 manifests/certmonger/ca/crl.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'manifests')

diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp
index 59a3681..2454460 100644
--- a/manifests/certmonger/ca/crl.pp
+++ b/manifests/certmonger/ca/crl.pp
@@ -49,7 +49,7 @@
 #   (optional) Defaults to '0'.
 #
 #  [*hour*]
-#   (optional) Defaults to '1'.
+#   (optional) Defaults to '*/2'.
 #
 #  [*monthday*]
 #   (optional) Defaults to '*'.
@@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl (
   $crl_preprocessed           = '/etc/pki/CA/crl/overcloud-crl.bin',
   $crl_preprocessed_format    = 'DER',
   $minute                     = '0',
-  $hour                       = '1',
+  $hour                       = '*/2',
   $monthday                   = '*',
   $month                      = '*',
-  $weekday                    = '6',
+  $weekday                    = '*',
   $maxdelay                   = 0,
   $reload_cmds                = [],
 ) {
-- 
cgit 1.2.3-korg