You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.6 KiB
46 lines
1.6 KiB
2 years ago
|
- name: set combined cert info
|
||
|
|
set_fact:
|
||
|
|
combined: "{{ cert | combine(common | d({}), recursive=true) }}"
|
||
|
|
|
||
|
|
|
||
|
|
- name: clear san list
|
||
|
|
set_fact:
|
||
|
|
san_list: "{{ [] }}"
|
||
|
|
|
||
|
|
|
||
|
|
- block:
|
||
|
|
- name: build san list
|
||
|
|
set_fact:
|
||
|
|
san_list: "{{ (san_list | d([])) + ['DNS:' ~ (item.fqdn | d((item.hostname | d(host_name)) ~ '.' ~ (item.tld | d(host_tld))))] }}"
|
||
|
|
loop: "{{ cert.hosts }}"
|
||
|
|
when: (cert.hosts is defined) and (cert.hosts | type_debug == 'list')
|
||
|
|
|
||
|
|
|
||
|
|
- name: generate certificate through external ns
|
||
|
|
include_role:
|
||
|
|
name: ca
|
||
|
|
vars:
|
||
|
|
function: certs
|
||
|
|
ca_options:
|
||
|
|
mode: '0400'
|
||
|
|
owner: "{{ combined.owner | d(None) }}"
|
||
|
|
group: "{{ combined.group | d(None) }}"
|
||
|
|
concat_inter: yes
|
||
|
|
preset: web
|
||
|
|
acme: yes
|
||
|
|
ocsp_must_staple: "{{ combined.stapling | d(false) }}"
|
||
|
|
notify: "{{ combined.notify | d(None) }}"
|
||
|
|
ca_certs:
|
||
|
|
- type: "{{ 'ecc384' if (combined.ecc | d(false) == true) else 'rsa2048' }}"
|
||
|
|
cert: "{{ cert.cert }}"
|
||
|
|
key: "{{ cert.key }}"
|
||
|
|
cn: "{% if cert.hosts is defined and cert.hosts | type_debug == 'list' -%}\
|
||
|
|
{{ cert.hosts[0].fqdn | d((cert.hosts[0].hostname | d(host_name)) ~ '.' ~ (cert.hosts[0].tld | d(host_tld))) }}\
|
||
|
|
{%- else -%}\
|
||
|
|
{{ combined.fqdn | d((combined.hostname | d(host_name)) ~ '.' ~ (combined.tld | d(host_tld))) }}\
|
||
|
|
{%- endif -%}"
|
||
|
|
san: "{% if san_list | length > 0 -%}\
|
||
|
|
{{ san_list }}\
|
||
|
|
{%- else -%}\
|
||
|
|
{{ 'DNS:' ~ (combined.fqdn | d((combined.hostname | d(host_name)) ~ '.' ~ (combined.tld | d(host_tld)))) }}\
|
||
|
|
{%- endif -%}"
|