Bertrand Lanson
6c564815dc
Some checks failed
development / Check commit compliance (push) Successful in 39s
test / Retrieve Credentials (pull_request) Successful in 40s
pull-requests-open / Check commit compliance (pull_request) Successful in 6s
test / end_to_end_consul (consul_default, debian11) (pull_request) Successful in 1m36s
test / end_to_end_consul (consul_default, debian12) (pull_request) Successful in 1m37s
test / end_to_end_consul (consul_default, ubuntu2004) (pull_request) Successful in 2m19s
test / end_to_end_consul (consul_default, ubuntu2204) (pull_request) Successful in 1m17s
test / end_to_end_consul (consul_default, ubuntu2404) (pull_request) Successful in 1m16s
test / end_to_end_consul (consul_with_acl_enabled, debian11) (pull_request) Successful in 1m24s
test / end_to_end_consul (consul_with_acl_enabled, ubuntu2004) (pull_request) Successful in 1m32s
test / end_to_end_consul (consul_with_acl_enabled, debian12) (pull_request) Successful in 1m44s
test / end_to_end_consul (consul_with_acl_enabled, ubuntu2204) (pull_request) Successful in 1m30s
test / end_to_end_consul (consul_with_acl_enabled, ubuntu2404) (pull_request) Successful in 1m18s
test / end_to_end_vault (vault_default, debian11) (pull_request) Successful in 1m19s
test / end_to_end_vault (vault_default, debian12) (pull_request) Successful in 1m31s
test / end_to_end_vault (vault_default, ubuntu2004) (pull_request) Successful in 1m24s
test / end_to_end_vault (vault_default, ubuntu2204) (pull_request) Successful in 1m21s
test / end_to_end_vault (vault_default, ubuntu2404) (pull_request) Successful in 1m40s
test / end_to_end_vault (vault_with_raft_enabled, debian12) (pull_request) Successful in 1m25s
test / end_to_end_vault (vault_with_raft_enabled, debian11) (pull_request) Successful in 1m42s
test / end_to_end_vault (vault_with_raft_enabled, ubuntu2004) (pull_request) Successful in 1m28s
test / end_to_end_vault (vault_with_raft_enabled, ubuntu2204) (pull_request) Successful in 1m29s
test / end_to_end_vault (vault_with_raft_enabled, ubuntu2404) (pull_request) Successful in 1m36s
test / end_to_end_nomad (nomad_default, debian11) (pull_request) Successful in 1m9s
test / end_to_end_nomad (nomad_default, debian12) (pull_request) Successful in 1m9s
test / end_to_end_nomad (nomad_default, ubuntu2004) (pull_request) Successful in 1m14s
test / end_to_end_nomad (nomad_default, ubuntu2204) (pull_request) Successful in 1m16s
test / end_to_end_nomad (nomad_with_acl_enabled, debian11) (pull_request) Successful in 1m8s
test / end_to_end_nomad (nomad_default, ubuntu2404) (pull_request) Successful in 1m36s
test / end_to_end_nomad (nomad_with_acl_enabled, debian12) (pull_request) Successful in 1m10s
test / end_to_end_nomad (nomad_with_acl_enabled, ubuntu2004) (pull_request) Successful in 1m18s
test / end_to_end_nomad (nomad_with_acl_enabled, ubuntu2404) (pull_request) Successful in 1m17s
test / end_to_end_nomad (nomad_with_acl_enabled, ubuntu2204) (pull_request) Successful in 1m33s
build-deploy / Bump version and create changelog with commitizen (push) Has been cancelled
110 lines
3.3 KiB
YAML
110 lines
3.3 KiB
YAML
---
|
|
# defaults file for hashistack_ca
|
|
hashistack_ca_directory: "/etc/hashistack/certificates"
|
|
hashistack_ca_use_cryptography: false
|
|
hashistack_ca_action: "noop"
|
|
hashistack_ca_domain: example.com
|
|
hashistack_ca_directory_owner: root
|
|
|
|
##############################
|
|
# Root Certificate Authority #
|
|
##############################
|
|
hashistack_ca_root_org_name: EDNZ Cloud
|
|
hashistack_ca_root_country: FR
|
|
hashistack_ca_root_locality: Paris
|
|
hashistack_ca_root_common_name: "{{ hashistack_ca_domain }} Root CA"
|
|
hashistack_ca_root_email:
|
|
hashistack_ca_root_key_usage:
|
|
- keyCertSign
|
|
- cRLSign
|
|
hashistack_ca_root_key_usage_critical: true
|
|
hashistack_ca_root_basic_constraints:
|
|
- CA:TRUE
|
|
hashistack_ca_root_basic_constraints_critical: true
|
|
|
|
# Optional fields
|
|
hashistack_ca_root_state_or_province_name:
|
|
hashistack_ca_root_email_address:
|
|
|
|
# Validity
|
|
hashistack_ca_root_valid_for: 1825d
|
|
hashistack_ca_root_renew_threshold: 180d
|
|
|
|
######################################
|
|
# Intermediate Certificate Authority #
|
|
######################################
|
|
hashistack_ca_intermediate_org_name: EDNZ Cloud Intermediate
|
|
hashistack_ca_intermediate_country: FR
|
|
hashistack_ca_intermediate_locality: Paris
|
|
hashistack_ca_intermediate_common_name: "{{ hashistack_ca_domain }} Intermediate CA"
|
|
hashistack_ca_intermediate_email:
|
|
hashistack_ca_intermediate_key_usage:
|
|
- keyCertSign
|
|
- cRLSign
|
|
hashistack_ca_intermediate_key_usage_critical: true
|
|
hashistack_ca_intermediate_basic_constraints:
|
|
- CA:TRUE
|
|
- pathlen:0
|
|
hashistack_ca_intermediate_basic_constraints_critical: true
|
|
|
|
# Optional fields
|
|
hashistack_ca_intermediate_state_or_province_name:
|
|
hashistack_ca_intermediate_email_address:
|
|
|
|
# Validity
|
|
hashistack_ca_intermediate_valid_for: 365d
|
|
hashistack_ca_intermediate_renew_threshold: 90d
|
|
|
|
# Name Constraints
|
|
hashistack_ca_intermediate_name_constraints_permitted:
|
|
- "DNS:.{{ hashistack_ca_domain }}"
|
|
- DNS:.nomad
|
|
- DNS:.consul
|
|
- DNS:localhost
|
|
- IP:192.168.0.0/16
|
|
- IP:172.16.0.0/16
|
|
- IP:10.0.0.0/8
|
|
- IP:127.0.0.0/8
|
|
hashistack_ca_intermediate_name_constraints_critical: "{{ (hashistack_ca_intermediate_name_constraints_permitted is defined and hashistack_ca_intermediate_name_constraints_permitted | length > 0) }}"
|
|
|
|
#####################
|
|
# Leaf certificates #
|
|
#####################
|
|
|
|
hashistack_ca_leaf_valid_for: 90d
|
|
hashistack_ca_leaf_renew_threshold: 30d
|
|
|
|
############################
|
|
# Consul Leaf Certificates #
|
|
############################
|
|
hashistack_ca_consul_org_name: "{{ hashistack_ca_root_org_name }}"
|
|
hashistack_ca_consul_common_name: "{{ inventory_hostname }}"
|
|
hashistack_ca_consul_csr_sans:
|
|
- "DNS:consul.service.consul"
|
|
- "DNS:localhost"
|
|
- "IP:127.0.0.1"
|
|
|
|
###########################
|
|
# Nomad Leaf Certificates #
|
|
###########################
|
|
hashistack_ca_nomad_org_name: "{{ hashistack_ca_root_org_name }}"
|
|
hashistack_ca_nomad_common_name: "{{ inventory_hostname }}"
|
|
hashistack_ca_nomad_csr_sans:
|
|
- DNS:server.global.nomad
|
|
- DNS:client.global.nomad
|
|
- "DNS:nomad.service.consul"
|
|
- "DNS:localhost"
|
|
- "IP:127.0.0.1"
|
|
|
|
###########################
|
|
# Vault Leaf Certificates #
|
|
###########################
|
|
hashistack_ca_vault_org_name: "{{ hashistack_ca_root_org_name }}"
|
|
hashistack_ca_vault_common_name: "{{ inventory_hostname }}"
|
|
hashistack_ca_vault_csr_sans:
|
|
- "DNS:vault.service.consul"
|
|
- "DNS:active.vault.service.consul"
|
|
- "DNS:standby.vault.service.consul"
|
|
- "DNS:localhost"
|
|
- "IP:127.0.0.1"
|