ansible-collections/hcp-ansible
ansible-collections/hcp-ansible
4
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat/openstack-tests #25

Merged
lanson merged 8 commits from feat/openstack-tests into main 2024-10-30 19:21:50 +00:00
Conversation 0 Commits 8 Files Changed 34 +18 -33
1 changed files with 18 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 13ce323b04 - Show all commits

51
playbooks/group_vars/all/hashistack_ca.yml
View File

@ -1,6 +1,6 @@
---
# defaults
hashistack_ca_directory: "/etc/hashistack/certificates"
hashistack_ca_directory: "{{ hashistack_sub_configuration_directories['certificates'] }}"
hashistack_ca_use_cryptography: false
hashistack_ca_action: "noop"
hashistack_ca_domain: example.com
@ -79,41 +79,26 @@ hashistack_ca_leaf_renew_threshold: 30d
############################
hashistack_ca_consul_org_name: "{{ hashistack_ca_root_org_name }}"
hashistack_ca_consul_common_name: "{{ inventory_hostname }}"
hashistack_ca_consul_csr_sans: >-
{%- set sans_list = [
'DNS:' + inventory_hostname,
'DNS:consul.service.consul',
'DNS:localhost',
'IP:' + api_interface_address,
'IP:127.0.0.1'
] -%}
{%- if consul_enable_server -%}
{%- set _ = sans_list.append('DNS:server.' ~ consul_datacenter ~ '.' ~ consul_domain) -%}
{%- endif -%}
{{ sans_list }}
hashistack_ca_consul_csr_sans:
- "DNS:{{ inventory_hostname }}"
- "DNS:consul.service.consul"
- "DNS:localhost"
- "IP:{{ api_interface_address }}"
- "IP:127.0.0.1"
- "{{ 'DNS:server.' ~ consul_datacenter ~ '.' ~ consul_domain if consul_enable_server else omit }}"
###########################
# Nomad Leaf Certificates #
###########################
hashistack_ca_nomad_org_name: "{{ hashistack_ca_root_org_name }}"
hashistack_ca_nomad_common_name: "{{ inventory_hostname }}"
hashistack_ca_nomad_csr_sans: >-
{%- set sans_list = [
'DNS:' + inventory_hostname,
'DNS:localhost',
'IP:' + api_interface_address,
'IP:127.0.0.1'
] -%}
{%- if nomad_enable_server -%}
{%- set _ = sans_list.append('DNS:server.' ~ nomad_region ~ '.nomad') -%}
{%- if (enable_consul | bool) -%}
{%- set _ = sans_list.append('DNS:nomad.service.consul') -%}
{%- endif -%}
{%- endif -%}
{%- if nomad_enable_client -%}
{%- set _ = sans_list.append('DNS:client.' ~ nomad_region ~ '.nomad') -%}
{%- endif -%}
{{ sans_list }}
hashistack_ca_nomad_csr_sans:
- "DNS:{{ inventory_hostname }}"
- "DNS:localhost"
- "IP:{{ api_interface_address }}"
- "IP:127.0.0.1"
- "{{ 'DNS:server.' ~ nomad_region ~ '.nomad' if nomad_enable_server else omit }}"
- "{{ 'DNS:nomad.service.consul' if (nomad_enable_server and enable_consul) else omit }}"
###########################
# Vault Leaf Certificates #
@ -122,9 +107,9 @@ hashistack_ca_vault_org_name: "{{ hashistack_ca_root_org_name }}"
hashistack_ca_vault_common_name: "{{ inventory_hostname }}"
hashistack_ca_vault_csr_sans:
- "DNS:{{ inventory_hostname }}"
- "DNS:active.vault.service.consul"
- "DNS:standby.vault.service.consul"
- "DNS:vault.service.consul"
- "{{ 'DNS:active.vault.service.consul' if enable_consul else omit }}"
- "{{ 'DNS:standby.vault.service.consul' if enable_consul else omit }}"
- "{{ 'DNS:vault.service.consul' if enable_consul else omit }}"
- "DNS:localhost"
- "IP:{{ api_interface_address }}"
- "IP:127.0.0.1"