kolla-ansible/ansible/roles/octavia-certificates/defaults/main.yml

---
#####################
# Certificate options.
#####################

octavia_certs_work_dir: "{{ node_config }}/octavia-certificates"

# OpenSSL configuration file path.
octavia_certs_openssl_cnf_path: openssl.cnf

# For more info see: https://en.wikipedia.org/wiki/Certificate_signing_request
# Country; The two-letter ISO code for the country where your organization is located
octavia_certs_country: US
# Province, Region, County or State
octavia_certs_state: Oregon
# Business name / Organization
octavia_certs_organization: OpenStack
# Department Name / Organizational Unit
octavia_certs_organizational_unit: Octavia

# Server CA.
octavia_certs_server_ca_expiry: 3650
octavia_certs_server_ca_country: "{{ octavia_certs_country }}"
octavia_certs_server_ca_state: "{{ octavia_certs_state }}"
octavia_certs_server_ca_organization: "{{ octavia_certs_organization }}"
octavia_certs_server_ca_organizational_unit: "{{ octavia_certs_organizational_unit }}"
octavia_certs_server_ca_common_name: server-ca.example.org

# Client CA.
octavia_certs_client_ca_expiry: 3650
octavia_certs_client_ca_country: "{{ octavia_certs_country }}"
octavia_certs_client_ca_state: "{{ octavia_certs_state }}"
octavia_certs_client_ca_organization: "{{ octavia_certs_organization }}"
octavia_certs_client_ca_organizational_unit: "{{ octavia_certs_organizational_unit }}"
octavia_certs_client_ca_common_name: client-ca.example.org

# Client certificate.
octavia_certs_client_expiry: 365
octavia_certs_client_req_country: "{{ octavia_certs_country }}"
octavia_certs_client_req_state: "{{ octavia_certs_state }}"
octavia_certs_client_req_organization: "{{ octavia_certs_organization }}"
octavia_certs_client_req_organizational_unit: "{{ octavia_certs_organizational_unit }}"
# NOTE(yoctozepto): This should ideally be per controller, i.e. controller
# generates its key&CSR and this CA signs it.
octavia_certs_client_req_common_name: client.example.org