From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Mon, 19 Jun 2017 08:46:40 +0000 (+0300)
Subject: Change CRL refresh to run every 2 hours
X-Git-Tag: opnfv-6.0.0~127^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=fabb0b236e1eb21378b0cd214a96681bd2b0ba4a;p=apex-puppet-tripleo.git

Change CRL refresh to run every 2 hours

The default CA issues CRLs for 4 hours by default. So we need to change
these values to reflect this, else we'll get verification issues due to
the CRL having expired before its refreshed.

However, the nextupdate value for the CRLs might not be aligned with the
cron job. And getting this alignment is not entirely trivial. So I opted
for updating every 2 hours to address this.

Change-Id: I732b400462c5cabd7c6c18c007fc9e8c87b700d3
---

diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp
index 59a3681..2454460 100644
--- a/manifests/certmonger/ca/crl.pp
+++ b/manifests/certmonger/ca/crl.pp
@@ -49,7 +49,7 @@
 #   (optional) Defaults to '0'.
 #
 #  [*hour*]
-#   (optional) Defaults to '1'.
+#   (optional) Defaults to '*/2'.
 #
 #  [*monthday*]
 #   (optional) Defaults to '*'.
@@ -78,10 +78,10 @@ class tripleo::certmonger::ca::crl (
   $crl_preprocessed           = '/etc/pki/CA/crl/overcloud-crl.bin',
   $crl_preprocessed_format    = 'DER',
   $minute                     = '0',
-  $hour                       = '1',
+  $hour                       = '*/2',
   $monthday                   = '*',
   $month                      = '*',
-  $weekday                    = '6',
+  $weekday                    = '*',
   $maxdelay                   = 0,
   $reload_cmds                = [],
 ) {