openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter.

roles/openshift_hosted/README.md

@@ -26,6 +26,7 @@ From this role:
 | openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on.                                                                             |
 | openshift_hosted_registry_replicas    | Number of nodes matching selector        | The number of replicas to configure.                                                                                     |
 | openshift_hosted_registry_selector    | region=infra                             | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. |
+| openshift_hosted_registry_cert_expire_days | `730` (2 years)                     | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later.                             |
 
 Dependencies
 ------------

roles/openshift_hosted/defaults/main.yml

@@ -28,3 +28,4 @@ openshift_hosted_routers:
 
 
 openshift_hosted_router_certificates: {}
+openshift_hosted_registry_cert_expire_days: 730

roles/openshift_hosted/tasks/registry/secure.yml

@@ -57,6 +57,7 @@
     - "{{ docker_registry_route_hostname }}"
     cert: "{{ openshift_master_config_dir }}/registry.crt"
     key: "{{ openshift_master_config_dir }}/registry.key"
+    expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}"
   register: server_cert_out
 
 - name: Create the secret for the registry certificates