ansible-roles/renew_nomad_certificates
ansible-roles/renew_nomad_certificates
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

add a bit more customization to the custom config
All checks were successful
test / Linting (push) Successful in 9s
Details
test / Molecule tests (default, debian11) (push) Successful in 1m5s
Details
test / Molecule tests (default, debian12) (push) Successful in 1m7s
Details
test / Molecule tests (default, ubuntu2004) (push) Successful in 1m16s
Details
test / Molecule tests (with_custom_config, debian11) (push) Successful in 1m5s
Details
test / Molecule tests (default, ubuntu2204) (push) Successful in 1m12s
Details
test / Molecule tests (with_custom_config, debian12) (push) Successful in 1m7s
Details
test / Molecule tests (with_custom_config, ubuntu2004) (push) Successful in 1m13s
Details
test / Molecule tests (with_custom_config, ubuntu2204) (push) Successful in 1m9s
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2023-07-03 19:46:36 +02:00
parent 3cddca0888
commit 14698f95d6
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
molecule/with_custom_config/group_vars/all.yml
View File

@ -10,7 +10,7 @@ renew_nomad_certificates_ca_dest: /opt/nomad/tls/ca.pem
renew_nomad_certificates_cert_dest: /opt/nomad/tls/cert.pem renew_nomad_certificates_cert_dest: /opt/nomad/tls/cert.pem
renew_nomad_certificates_key_dest: /opt/nomad/tls/key.pem renew_nomad_certificates_key_dest: /opt/nomad/tls/key.pem
renew_nomad_certificates_info: renew_nomad_certificates_info:
issuer_path: pki/issue/your-issuer issuer_path: pki/issue/your-ca-int
common_name: nomad01.example.com common_name: nomad01.example.com
ttl: 90d ttl: 90d
is_server: true is_server: true

6
molecule/with_custom_config/verify.yml
View File

@ -78,7 +78,7 @@
- name: "Verify file /etc/consul-template.d/nomad/templates/nomad_ca.pem.tpl" - name: "Verify file /etc/consul-template.d/nomad/templates/nomad_ca.pem.tpl"
vars: vars:
nomad_ca_file: | nomad_ca_file: |
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }} {% raw %}{{ with secret "pki/issue/your-ca-int" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }}
{{ .Data.issuing_ca }} {{ .Data.issuing_ca }}
{{ end }}{% endraw %} {{ end }}{% endraw %}
ansible.builtin.assert: ansible.builtin.assert:
@ -94,7 +94,7 @@
- name: "Verify file /etc/consul-template.d/nomad/templates/nomad_cert.pem.tpl" - name: "Verify file /etc/consul-template.d/nomad/templates/nomad_cert.pem.tpl"
vars: vars:
nomad_cert_file: | nomad_cert_file: |
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }} {% raw %}{{ with secret "pki/issue/your-ca-int" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }}
{{ .Data.certificate }} {{ .Data.certificate }}
{{ .Data.issuing_ca }} {{ .Data.issuing_ca }}
{{ end }}{% endraw %} {{ end }}{% endraw %}
@ -111,7 +111,7 @@
- name: "Verify file /etc/consul-template.d/nomad/templates/nomad_key.pem.tpl" - name: "Verify file /etc/consul-template.d/nomad/templates/nomad_key.pem.tpl"
vars: vars:
nomad_key_file: | nomad_key_file: |
{% raw %}{{ with secret "pki/issue/your-issuer" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }} {% raw %}{{ with secret "pki/issue/your-ca-int" "common_name=nomad01.example.com" "ttl=90d" "alt_names=localhost,server.dc1.nomad,client.dc1.nomad,nomad.service.nomad" "ip_sans=127.0.0.1" }}
{{ .Data.private_key }} {{ .Data.private_key }}
{{ end }}{% endraw %} {{ end }}{% endraw %}
ansible.builtin.assert: ansible.builtin.assert: