ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: enable certificate renewal for nomad and vault in hashistack_ca

Browse Source 
Until now this role was not able to renew nomad and vault leaf certificates,
tho the code to do so was present. It can now do it.
This commit is contained in:
Bertrand Lanson 2024-11-10 15:43:44 +01:00
parent fe886edd5f
commit 03f58b49ac
Signed by: lanson
SSH Key Fingerprint: SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/hashistack_ca/defaults/main.yml
View File

@ -3,7 +3,7 @@
hashistack_ca_directory: "/etc/hashistack/certificates" hashistack_ca_directory: "/etc/hashistack/certificates"
hashistack_ca_use_cryptography: false hashistack_ca_use_cryptography: false
hashistack_ca_action: "noop" hashistack_ca_action: "noop"
hashistack_ca_domain: example.com hashistack_ca_domain: "*"
hashistack_ca_directory_owner: root hashistack_ca_directory_owner: root
############################## ##############################

12
roles/hashistack_ca/tasks/main.yml
View File

@ -45,3 +45,15 @@
when: when:
- hashistack_ca_renew_leaf - hashistack_ca_renew_leaf
- "('consul_servers' in group_names) or ('consul_agents' in group_names)" - "('consul_servers' in group_names) or ('consul_agents' in group_names)"
- name: "Nomad leaf certificates | Import renew_nomad.yml"
ansible.builtin.include_tasks: renew/renew_nomad.yml
when:
- hashistack_ca_renew_leaf
- "('nomad_servers' in group_names) or ('nomad_clients' in group_names)"
- name: "Vault leaf certificates | Import renew_vault.yml"
ansible.builtin.include_tasks: renew/renew_vault.yml
when:
- hashistack_ca_renew_leaf
- "'vault_servers' in group_names"