openstack/kolla-ansible
Code Issues Proposed changes
a1eec2498a
kolla-ansible/ansible/roles/octavia-certificates/tasks/check_expiry.yml
Matt Crees d9451f49f3 Add support for checking Octavia cert expiration 
Adds a flag ``kolla-ansible octavia-certificates --check-expiry <days>``
to the ``octavia-certificates`` command to check if the certificates
will expire within a given number of days.

Change-Id: I869b8afd85fe282d823ecf3593aa22f94a61b2a0
2023-04-27 15:22:12 +01:00

25 lines
871 B
YAML
Raw Blame History

---
- name: Gather information on certificates
community.crypto.x509_certificate_info:
path: "{{ node_custom_config }}/octavia/{{ item }}"
valid_at:
point_1: "+{{ octavia_certs_expiry_limit | int }}d"
register: cert_info
delegate_to: localhost
with_items:
- "server_ca.cert.pem"
- "client_ca.cert.pem"
- "client.cert-and-key.pem"
- name: Check whether certificates are valid within {{ octavia_certs_expiry_limit }} days
assert:
that:
- item.valid_at.point_1
fail_msg: "{{ item.item }} will expire within {{ octavia_certs_expiry_limit }} days, on {{ item.not_after }}"
success_msg: "{{ item.item }} will not expire within {{ octavia_certs_expiry_limit }} days. It expires on {{ item.not_after }}"
quiet: True
loop: "{{ cert_info.results }}"
loop_control:
label: "{{ item.item }}"
delegate_to: localhost
View Git Blame Copy Permalink