Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@tbielawa

tbielawa/check-certs.yaml

Last active January 9, 2017 17:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tbielawa/05e3c4c24295b8180cecd00d31680ee0 to your computer and use it in GitHub Desktop.
Save tbielawa/05e3c4c24295b8180cecd00d31680ee0 to your computer and use it in GitHub Desktop.
Download ZIP
BZ1389264 - Check embedded
Raw
check-certs.yaml
---
- name: Check cert expirys
hosts: nodes:masters:etcd
become: yes
gather_facts: no
vars:
openshift_certificate_expiry_show_all: yes
openshift_certificate_expiry_generate_html_report: yes
openshift_certificate_expiry_warning_days: 1500
openshift_certificate_expiry_save_json_results: yes
roles:
- role: openshift_certificate_expiry
Raw
check-results.json
{
"data": {
"m01.example.com": {
"etcd": [
{
"cert_cn": "CN:172.30.0.1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:m01.example.com, DNS:openshift, DNS:openshift.default, DNS:openshift.default.svc, DNS:openshift.default.svc.cluster.local, DNS:172.30.0.1, DNS:192.168.124.148, IP Address:172.30.0.1, IP Address:192.168.124.148",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:03",
"health": "warning",
"path": "/etc/origin/master/etcd.server.crt"
}
],
"kubeconfigs": [
{
"cert_cn": "O:system:nodes, CN:system:node:m01.example.com",
"days_remaining": 730,
"expiry": "2019-01-09 17:03:28",
"health": "warning",
"path": "/etc/origin/node/system:node:m01.example.com.kubeconfig"
},
{
"cert_cn": "O:system:cluster-admins, CN:system:admin",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:03",
"health": "warning",
"path": "/etc/origin/master/admin.kubeconfig"
},
{
"cert_cn": "O:system:masters, CN:system:openshift-master",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:02",
"health": "warning",
"path": "/etc/origin/master/openshift-master.kubeconfig"
},
{
"cert_cn": "O:system:routers, CN:system:openshift-router",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:03",
"health": "warning",
"path": "/etc/origin/master/openshift-router.kubeconfig"
},
{
"cert_cn": "O:system:registries, CN:system:openshift-registry",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:03",
"health": "warning",
"path": "/etc/origin/master/openshift-registry.kubeconfig"
}
],
"meta": {
"checked_at_time": "2017-01-09 12:15:26.525559",
"show_all": "True",
"warn_before_date": "2021-02-17 12:15:26.525559",
"warning_days": 1500
},
"ocp_certs": [
{
"cert_cn": "CN:172.30.0.1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:m01.example.com, DNS:openshift, DNS:openshift.default, DNS:openshift.default.svc, DNS:openshift.default.svc.cluster.local, DNS:172.30.0.1, DNS:192.168.124.148, IP Address:172.30.0.1, IP Address:192.168.124.148",
"days_remaining": 730,
"expiry": "2019-01-09 17:00:02",
"health": "warning",
"path": "/etc/origin/master/master.server.crt"
},
{
"cert_cn": "CN:192.168.124.148, DNS:m01.example.com, DNS:192.168.124.148, IP Address:192.168.124.148",
"days_remaining": 730,
"expiry": "2019-01-09 17:03:29",
"health": "warning",
"path": "/etc/origin/node/server.crt"
},
{
"cert_cn": "CN:openshift-signer@1483981200",
"days_remaining": 1825,
"expiry": "2022-01-08 17:00:01",
"health": "ok",
"path": "/etc/origin/master/ca.crt"
},
{
"cert_cn": "CN:openshift-signer@1483981200",
"days_remaining": 1825,
"expiry": "2022-01-08 17:00:01",
"health": "ok",
"path": "/etc/origin/node/ca.crt"
}
],
"registry": [
{
"cert_cn": "CN:172.30.242.251, DNS:docker-registry-default.router.default.svc.cluster.local, DNS:docker-registry.default.svc.cluster.local, DNS:172.30.242.251, IP Address:172.30.242.251",
"days_remaining": 730,
"expiry": "2019-01-09 17:05:54",
"health": "warning",
"path": "/api/v1/namespaces/default/secrets/registry-certificates"
}
],
"router": [
{
"cert_cn": "CN:router.default.svc, DNS:router.default.svc, DNS:router.default.svc.cluster.local",
"days_remaining": 730,
"expiry": "2019-01-09 17:05:46",
"health": "warning",
"path": "/api/v1/namespaces/default/secrets/router-certs"
}
]
},
"n01.example.com": {
"etcd": [],
"kubeconfigs": [
{
"cert_cn": "O:system:nodes, CN:system:node:n01.example.com",
"days_remaining": 730,
"expiry": "2019-01-09 17:03:28",
"health": "warning",
"path": "/etc/origin/node/system:node:n01.example.com.kubeconfig"
}
],
"meta": {
"checked_at_time": "2017-01-09 12:15:26.490373",
"show_all": "True",
"warn_before_date": "2021-02-17 12:15:26.490373",
"warning_days": 1500
},
"ocp_certs": [
{
"cert_cn": "CN:192.168.124.11, DNS:n01.example.com, DNS:192.168.124.11, IP Address:192.168.124.11",
"days_remaining": 730,
"expiry": "2019-01-09 17:03:29",
"health": "warning",
"path": "/etc/origin/node/server.crt"
},
{
"cert_cn": "CN:openshift-signer@1483981200",
"days_remaining": 1825,
"expiry": "2022-01-08 17:00:01",
"health": "ok",
"path": "/etc/origin/node/ca.crt"
}
],
"registry": [],
"router": []
}
},
"summary": {
"expired": 0,
"ok": 3,
"total": 15,
"warning": 12
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment