ansible-galaxy/consul
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/consul.git synced 2025-04-05 13:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

support forced custom ips and names in cert

Browse Source
This commit is contained in:
ace 2023-10-09 03:04:30 +03:00
parent b78385ad12
commit ec2e1c36d2
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tasks/cacert.yaml
View File

@ -88,6 +88,16 @@
consul_server_subject_alt_ips_all_ipv4: "{{ groups[consul_server_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
- name: Generate consul server subject_alt_ips from consul_cacert_force_append_ips
set_fact:
consul_server_subject_alt_ips_force_append: "{{ consul_cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
when: consul_cacert_force_append_ips is defined
- name: Generate consul server subject_alt_names from consul_cacert_force_append_names
set_fact:
consul_server_subject_alt_names_force_append: "{{ consul_cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
when: consul_cacert_force_append_names is defined
- name: Generate consul agent subject_alt_ips from ansible_host
set_fact:
consul_agent_subject_alt_ips_from_ansible_host: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_host']) | map('regex_replace', '^', 'IP:') | list }}"
@ -105,15 +115,15 @@
consul_agent_subject_alt_ips_all_ipv4: "{{ groups[consul_agent_group] | default([]) | map('extract', hostvars, ['ansible_all_ipv4_addresses']) | flatten | map('regex_replace', '^', 'IP:') | list }}"
when: hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] is defined
- name: Generate consul agent subject_alt_ips from cacert_force_append_ips
- name: Generate consul agent subject_alt_ips from consul_cacert_force_append_ips
set_fact:
consul_agent_subject_alt_ips_force_append: "{{ cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
when: cacert_force_append_ips is defined
consul_agent_subject_alt_ips_force_append: "{{ consul_cacert_force_append_ips | map('regex_replace', '^', 'IP:') | list }}"
when: consul_cacert_force_append_ips is defined
- name: Generate consul agent subject_alt_names from cacert_force_append_names
- name: Generate consul agent subject_alt_names from consul_cacert_force_append_names
set_fact:
consul_agent_subject_alt_names_force_append: "{{ cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
when: cacert_force_append_names is defined
consul_agent_subject_alt_names_force_append: "{{ consul_cacert_force_append_names | map('regex_replace', '^', 'DNS:') | list }}"
when: consul_cacert_force_append_names is defined
- name: Generate consul agent subject_alt_names
set_fact:
@ -124,7 +134,7 @@
path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.csr"
privatekey_path: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
common_name: "{{ consul_self_signed_cert_name }}"
subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_server_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_force_append | default([]) + consul_agent_subject_alt_names_force_append | default([])}}"
subject_alt_name: "{{ consul_server_subject_alt_ips | default([]) + consul_server_subject_alt_names | default([]) + consul_agent_subject_alt_ips | default([]) + consul_agent_subject_alt_names | default([]) + consul_server_subject_alt_ips_from_ansible_host | default([]) + consul_server_subject_alt_ips_all_ipv4 | default([]) + consul_server_subject_alt_ips_force_append | default([]) + consul_server_subject_alt_names_force_append | default([]) + consul_agent_subject_alt_ips_from_ansible_host | default([]) + consul_agent_subject_alt_ips_all_ipv4 | default([]) + consul_agent_subject_alt_ips_force_append | default([]) + consul_agent_subject_alt_names_force_append | default([]) }}"
owner: consul
group: consul
register: consul_csr